10930 files changed, 435534 insertions, 41849 deletions

diff --git a/AUTHORS.md b/AUTHORS.md
index 288768d..ef05732 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -3,11 +3,20 @@ reports and various comments. This list may be incomplete, I received
 a lot of mail...
 
 # Maintainers
+* Marek Michałkiewicz <marekm72@gmail.com> (1995-2000)
 * Tomasz KÅ‚oczko <kloczek@pld.org.pl> (2000-2007)
 * Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
 * Serge E. Hallyn <serge@hallyn.com> (2014-now)
 * Christian Brauner <christian@brauner.io> (2019-now)
 * Iker Pedrosa <ipedrosa@redhat.com> (2022-now)
+* Alejandro Colomar <alx@kernel.org> (2023-now) (4.14 stable)
+
+To verify signatures on releases, use the following keys under keys/ :
+
+* Serge Hallyn: keys/66D0387DB85D320F8408166DB175CFA98F192AF2.asc
+* Christian Brauner: keys/4880B8C9BD0E5106FC070F4F7B3C391EFEA93624.asc
+* Iker Pedrosa: keys/4E80EF49C7987B6DE2F81F5005079C6C3A653E57.asc
+* Alejandro Colomar: keys/A9348594CE31283A826FBDD8D57633D441E25BB5.asc
 
 # Authors and contributors
 * Adam Rudnicki <adam@v-lo.krakow.pl>
diff --git a/ChangeLog b/ChangeLog
index cee7dfd..3c96dde 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9558,7 +9558,7 @@
 	* NEWS: release date corrected.
 
 	* NEWS, src/su.c:
-	fixed set enviroment too early when using PAM, so move it to !USE_PAM
+	fixed set environment too early when using PAM, so move it to !USE_PAM
 	(patch submitted by Mike Frysinger <vapier@gentoo.org>).
 
 2006-07-30  Tomasz KÅ‚oczko  <kloczek@pld.org.pl>
@@ -10245,7 +10245,7 @@
 	* NEWS: cleanups.
 
 	* autogen.sh:
-	by default in development enviroment use CFLAGS="-O2 -Wall".
+	by default in development environment use CFLAGS="-O2 -Wall".
 
 	* src/chgpasswd.c (main): remove two unused variables (newgr and now).
 
@@ -11654,7 +11654,7 @@
 	in OPTIONS section). Describe -a and -k options.
 
 	* NEWS, src/su.c:
-	fixed twice copy enviroment which causes auth problems (bug was introduced in 4.0.12;
+	fixed twice copy environment which causes auth problems (bug was introduced in 4.0.12;
 	fix by Nicolas François <nicolas.francois@centraliens.net>).
 
 	* src/passwd.c, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/nn.po, po/pl.po, po/pt.po, po/pt_BR.po, po/ro.po, po/ru.po, po/sk.po, po/sq.po, po/sv.po, po/tl.po, po/tr.po, po/uk.po, po/vi.po, po/zh_CN.po, po/zh_TW.po, po/bs.po, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/es.po, po/eu.po, po/fi.po, po/fr.po, po/he.po, po/id.po, po/it.po:
@@ -12584,7 +12584,7 @@
 	http://bugs.debian.org/48002
 
 	* src/login.c, NEWS:
-	fixed loggin of username on succesful login (was using the normal username,
+	fixed loggin of username on successful login (was using the normal username,
 	when it should have used pam_user) http://bugs.debian.org/47819
 
 2005-06-02  Tomasz KÅ‚oczko  <kloczek@pld.org.pl>
@@ -13029,7 +13029,7 @@
 	* man/pl/usermod.8: finish sync with english version.
 
 	* man/hu/login.1, man/pl/login.1, NEWS, man/Attic/login.1, man/de/login.1:
-	removed fragment about abilities pass enviroment variables in login prompt.
+	removed fragment about abilities pass environment variables in login prompt.
 
 	* man/Attic/gpasswd.1, man/Attic/newgrp.1:
 	fixes by Nicolas Nicolas François <nicolas.francois@centraliens.net> (not all
@@ -13508,7 +13508,7 @@
 	removed not used translations.
 
 	* NEWS, src/su.c:
-	fix adding of pam_env env variables to enviroment (Martin Schlemmer <azarah@nosferatu.za.org>).
+	fix adding of pam_env env variables to environment (Martin Schlemmer <azarah@nosferatu.za.org>).
 
 	* NEWS, configure.in:
 	fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables which was allways
@@ -13605,7 +13605,7 @@
 
 	* NEWS, src/su.c:
 	add pam_open_session() support. If builded without PAM support
-	propagate $DISPLAY and $XAUTHORITY enviroment variables.
+	propagate $DISPLAY and $XAUTHORITY environment variables.
 	Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
 
 2004-10-23  Tomasz KÅ‚oczko  <kloczek@pld.org.pl>
diff --git a/Makefile.am b/Makefile.am
index 630e2aa..22bbd56 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,15 +1,18 @@
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = NEWS README TODO shadow.spec.in
+EXTRA_DIST = NEWS README
 
-SUBDIRS = libmisc lib
+SUBDIRS = lib
 
 if ENABLE_SUBIDS
 SUBDIRS += libsubid
 endif
 
-SUBDIRS += src po contrib doc etc
+SUBDIRS += src po contrib doc etc tests/unit
 
 if ENABLE_REGENERATE_MAN
 SUBDIRS += man
 endif
+
+CLEANFILES = man/8.out man/po/remove-potcdate.* man/*/login.defs.d man/*/*.mo
+EXTRA_DIST = tests/
diff --git a/Makefile.in b/Makefile.in
index f4de2e3..66aa6b1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -108,7 +108,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES = man/po/Makefile shadow.spec
+CONFIG_CLEAN_FILES = man/po/Makefile
 CONFIG_CLEAN_VPATH_FILES =
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -163,12 +163,11 @@ am__define_uniq_tagged_files = \
   unique=`for i in $$list; do \
     if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
   done | $(am__uniquify_input)`
-DIST_SUBDIRS = libmisc lib libsubid src po contrib doc etc man
+DIST_SUBDIRS = lib libsubid src po contrib doc etc tests/unit man
 am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
-	$(srcdir)/shadow.spec.in $(top_srcdir)/man/po/Makefile.in \
-	ABOUT-NLS AUTHORS.md COPYING ChangeLog NEWS README TODO \
-	compile config.guess config.rpath config.sub install-sh \
-	ltmain.sh missing
+	$(top_srcdir)/man/po/Makefile.in ABOUT-NLS AUTHORS.md COPYING \
+	ChangeLog NEWS README compile config.guess config.rpath \
+	config.sub install-sh ltmain.sh missing
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
@@ -224,6 +223,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -242,6 +243,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -257,9 +259,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -275,6 +283,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -283,6 +292,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -305,6 +316,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -376,9 +390,10 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = NEWS README TODO shadow.spec.in
-SUBDIRS = libmisc lib $(am__append_1) src po contrib doc etc \
+EXTRA_DIST = tests/
+SUBDIRS = lib $(am__append_1) src po contrib doc etc tests/unit \
 	$(am__append_2)
+CLEANFILES = man/8.out man/po/remove-potcdate.* man/*/login.defs.d man/*/*.mo
 all: config.h
 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
 
@@ -433,8 +448,6 @@ distclean-hdr:
 	-rm -f config.h stamp-h1
 man/po/Makefile: $(top_builddir)/config.status $(top_srcdir)/man/po/Makefile.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
-shadow.spec: $(top_builddir)/config.status $(srcdir)/shadow.spec.in
-	cd $(top_builddir) && $(SHELL) ./config.status $@
 
 mostlyclean-libtool:
 	-rm -f *.lo
@@ -773,6 +786,7 @@ install-strip:
 mostlyclean-generic:
 
 clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
 
 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
diff --git a/NEWS b/NEWS
index 7cfd1b7..4b2cd99 100644
--- a/NEWS
+++ b/NEWS
@@ -696,7 +696,7 @@ shadow-4.0.18 -> shadow-4.0.18.1					03-08-2006
 shadow-4.0.17 -> shadow-4.0.18						01-08-2006
 
 *** general:
-- su: fixed set enviroment too early when using PAM, so move it to !USE_PAM
+- su: fixed set environment too early when using PAM, so move it to !USE_PAM
   (patch submitted by Mike Frysinger <vapier@gentoo.org>),
 - groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed
   http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920)
@@ -855,7 +855,7 @@ shadow-4.0.14 -> shadow-4.0.15						13-03-2006
 - su: move exit() outside libmisc/shell.c::shell() for handle shell() errors
   on higher level (now is better visable where some programs exit with 126
   and 127 exit codes); added new shell() parameter (char *const envp[])
-  which allow fix preserving enviroment in su on using -p, (patch by
+  which allow fix preserving environment in su on using -p, (patch by
   Alexander Gattin <xrgtn@yandex.ru>),
 - su: added handle -c,--command option for GNU su compliance (merge
   437_su_-c_option Debian patch),
@@ -966,7 +966,7 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
   to example described in ident(1) man page (modern compilers like latest GCC
   removes not used functions by global optimization).
   So "ident /usr/bin/passwd" will show again some useable informations
-- su: fixed twice copy enviroment which causes auth problems
+- su: fixed twice copy environment which causes auth problems
   (bug was introduced in 4.0.12; fix by Nicolas François <nicolas.francois@centraliens.net>),
 - chage: differentiate the different failure causes by the exit value
   This will permit to adduser Debian script to detect if chage failed because the
@@ -1133,7 +1133,7 @@ shadow-4.0.9 -> shadow-4.0.10						28-06-2005
   http://bugs.debian.org/53702
 - login: check for hushed login and pass PAM_SILENT if true,
   http://bugs.debian.org/48002
-- login: fixed username on succesful login (was using the normal username,
+- login: fixed username on successful login (was using the normal username,
   when it should have used pam_user) http://bugs.debian.org/47819
 - remove using SHADOWPWD #define so now shadow is always built with shadow
   password support,
@@ -1212,7 +1212,7 @@ shadow-4.0.7 -> shadow-4.0.8						26-04-2005
   (without gshadow) doesn't permit to use newgrp,
 - newgrp(1): newgrp uses /bin/sh (not bash),
 - faillog(8): updated after rewritten faillog command for use getopt_long(),
-- login(1): removed fragment about abilities pass enviroment variables in login prompt,
+- login(1): removed fragment about abilities pass environment variables in login prompt,
 - gshadow(5): new file (by Nicolas Nicolas François <nicolas.francois@centraliens.net>),
 - usermod(8): fixed #302388 Debian bug: added separated -o option description,
 
@@ -1242,7 +1242,7 @@ shadow-4.0.6 -> shadow-4.0.7						26-01-2005
 
 shadow-4.0.5 -> shadow-4.0.6						08-11-2004
 
-- su: fixed adding of pam_env env variables to enviroment
+- su: fixed adding of pam_env env variables to environment
   (Martin Schlemmer <azarah@nosferatu.za.org>),
 - autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables
   which was always empty (Gregorio Guidi <g.guidi@sns.it>),
@@ -1275,7 +1275,7 @@ shadow-4.0.4.1 -> shadow-4.0.5						27-10-2004
   including symlinks placed into /etc/skel/public_html for example.
   http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819
 - su: add pam_open_session() support. If built without PAM support
-  propagate $DISPLAY and $XAUTHORITY enviroment variables.
+  propagate $DISPLAY and $XAUTHORITY environment variables.
   Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
 - applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn
   Torkelsson <Bjorn.Torkelsson@hpc2n.umu.se>: add support for PAM account
diff --git a/README b/README
index 3c035ef..1f79c8f 100644
--- a/README
+++ b/README
@@ -17,6 +17,12 @@ are used for managing group accounts.
 * [Issue tracker](https://github.com/shadow-maint/shadow/issues)
 * [Releases](https://github.com/shadow-maint/shadow/releases)
 
+## Code
+
+The main development branch is at [https://github.com/shadow-maint/shadow.git](https://github.com/shadow-maint/shadow)
+
+See [STABLE.md](https://github.com/shadow-maint/shadow/blob/master/STABLE.md) for a list of supported stable branches.
+
 ## Contacts
 There are several ways to contact us:
 * [the general discussion mailing list](
@@ -31,6 +37,11 @@ There are several ways to contact us:
   https://alioth-lists-archive.debian.net/pipermail/pkg-shadow-commits/),
   only used for historical purposes
 
+## Contributions
+
+Contributions are welcome. Follow the
+[guidelines](doc/contributions/introduction.md) before posting any patches.
+
 ## Authors and maintainers
 Authors and maintainers are listed in [AUTHORS.md](
 https://github.com/shadow-maint/shadow/blob/master/AUTHORS.md).
diff --git a/TODO b/TODO
deleted file mode 100644
index 8783ccd..0000000
--- a/TODO
+++ /dev/null
@@ -1,127 +0,0 @@
- * Create a common usage function that'd take the array of
-   long options and an array of descriptions and output that so things would
-   be standardized across the utils.
-   Usage strings should be normalized and split first.
-   Investigate optparse.
-
-
-/etc/default/useradd
- * GROUP=1000 should accept a group name.
-
-Check when RLOGIN is enabled if ruserok() exists
-
-Move selinux_file_context out of libmisc/copydir.c
-
-Review hardcoded root account?
-
-review all call to strto
-
-libmisc/cleanup_user.c
-	cleanup needed (cleanup_report_add_user* not used)
-
-
-libxcrypt support
- * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch
-
-implement getlong, getulong.
-	avoid atoi, atol, atoul, strtol, strtoul, ...
-
-manpages: comment the RLOGIN parts
-
-Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by
-comma_to_list()
-
-Revert the modified files if all files could not be changed.
-  * or warn and indicate which files were modified and which were not.
-  * check the order the files are modified.
-
-report nscd_flush_cache failures?
-call nscd from the programs or from lib (commonio?)
-
-PAM: check if a non-interactive conversation function could be used to set
-the password in chpasswd and newusers
-
-WITH_SELINUX
-  - review all tools to check that the strategies are consistent
-
-chage, chfn, chsh: same change needed as in passwd.
-  - probably need moving check_selinux_access to a separate file.
-
-testsuite
- - newgrp
-   - test with unknown user's GID
-
-newusers
- - add logging to SYSLOG & AUDIT
- - use CREATE_HOME
- - Add a -Z option (see useradd / usermod)
-
-Document when/where option appeared, document whether an option is standard
-or not.
-
-Check all the expiry semantics
-
-ALL:
-- move base passwd/shadow/group/gshadow operation to module for allow write
-  different backend modules for db, NIS, LDAP and others. Default backend it
-  will be goot if will be chosen depending on /etc/nsswitch.conf and allow
-  override this by -r <repository> options (where the <repository> can be
-  file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
-  passwd have old piece of code with handling -r option and it will be good
-  finish this and propagate on other shadow tools for allow operate on other
-  user databases by well known tools.
-- Protect against signals. Register do_cleanups in a signal handler.
-
-- login.defs
-  - generate depending on configuration
-
-- useradd:
-  - add handle create user mail spool in maildir format.
-  - Add support for -k in -D mode
-  - Add support for -K in -D mode
-  - Add option to create or not the mail spool (and set the default in -D
-    mode)
-  - Change -l to reset the entry if an entry was already there
-  - set the mask in mkdir?
-
-- userdel:
-  - add backup option for the removal of user resources,
-  - user_busy: check that the user is not running any processes.
-  - missing "deleting group" FAILED
-  - home dir removed, but userdel may fail and may leave the user
-    => warning needed
-
-- usermod
-  - add an option equivalent to useradd's -l (only when uid is changed)
-  - the mode of new home directories should be set according to the
-    original mode. Does copy_tree does this?
-  - user renamed, order is not kept in /etc/group (see
-    47_usermod-l_no_shadow_file). This is a problem when the first user is
-    considered as the admin.
-  - see mail "user ID change" on  April, 15
-    + fix call to chown (combination of -m and -u/-g)
-    + add tests
-
-- passwd:
-  - check combination of options (e.g. -u/-l)
-  - when -u refuse to unlock because it would create an empty password, it
-    should not display "Password changed."
-    exit instead?
-
-- newgrp: check the USE_PAM section.
-
-- pwck
-  - Add check to move passwd passwords to shadow if there is a shadow
-    entry (with a password).
-  - Add check to move passwd passwords to shadow if there is a shadow
-    file.
-  - Support an alternative /etc/tcb directory as second parameter.
-  - add options -g / -G to specify alternative group / gshadow files
-
-- su
-  - add a login.defs configuration parameter to add variables to keep in
-    the environment with "su -l" (TERM/TERMCOLOR/...)
-
-- vipw
-  - set ACLs and XATTRs on the temporary file (and backups?)
-  - vipw + selinux -> use lib/selinux.c
diff --git a/aclocal.m4 b/aclocal.m4
index ea764bc..3aa89a3 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -20,6 +20,1261 @@ You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically 'autoreconf'.])])
 
+# ltdl.m4 - Configure ltdl for the target system. -*-Autoconf-*-
+#
+#   Copyright (C) 1999-2008, 2011-2019, 2021-2022 Free Software
+#   Foundation, Inc.
+#   Written by Thomas Tanner, 1999
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 21 LTDL_INIT
+
+# LT_CONFIG_LTDL_DIR(DIRECTORY, [LTDL-MODE])
+# ------------------------------------------
+# DIRECTORY contains the libltdl sources.  It is okay to call this
+# function multiple times, as long as the same DIRECTORY is always given.
+AC_DEFUN([LT_CONFIG_LTDL_DIR],
+[AC_BEFORE([$0], [LTDL_INIT])
+_$0($*)
+])# LT_CONFIG_LTDL_DIR
+
+# We break this out into a separate macro, so that we can call it safely
+# internally without being caught accidentally by the sed scan in libtoolize.
+m4_defun([_LT_CONFIG_LTDL_DIR],
+[dnl remove trailing slashes
+m4_pushdef([_ARG_DIR], m4_bpatsubst([$1], [/*$]))
+m4_case(_LTDL_DIR,
+	[], [dnl only set lt_ltdl_dir if _ARG_DIR is not simply '.'
+	     m4_if(_ARG_DIR, [.],
+	             [],
+		 [m4_define([_LTDL_DIR], _ARG_DIR)
+	          _LT_SHELL_INIT([lt_ltdl_dir=']_ARG_DIR['])])],
+    [m4_if(_ARG_DIR, _LTDL_DIR,
+	    [],
+	[m4_fatal([multiple libltdl directories: ']_LTDL_DIR[', ']_ARG_DIR['])])])
+m4_popdef([_ARG_DIR])
+])# _LT_CONFIG_LTDL_DIR
+
+# Initialise:
+m4_define([_LTDL_DIR], [])
+
+
+# _LT_BUILD_PREFIX
+# ----------------
+# If Autoconf is new enough, expand to '$(top_build_prefix)', otherwise
+# to '$(top_builddir)/'.
+m4_define([_LT_BUILD_PREFIX],
+[m4_ifdef([AC_AUTOCONF_VERSION],
+   [m4_if(m4_version_compare(m4_defn([AC_AUTOCONF_VERSION]), [2.62]),
+	  [-1], [m4_ifdef([_AC_HAVE_TOP_BUILD_PREFIX],
+			  [$(top_build_prefix)],
+			  [$(top_builddir)/])],
+	  [$(top_build_prefix)])],
+   [$(top_builddir)/])[]dnl
+])
+
+
+# LTDL_CONVENIENCE
+# ----------------
+# sets LIBLTDL to the link flags for the libltdl convenience library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-convenience to the configure arguments.  Note that
+# AC_CONFIG_SUBDIRS is not called here.  LIBLTDL will be prefixed with
+# '$(top_build_prefix)' if available, otherwise with '$(top_builddir)/',
+# and LTDLINCL will be prefixed with '$(top_srcdir)/' (note the single
+# quotes!).  If your package is not flat and you're not using automake,
+# define top_build_prefix, top_builddir, and top_srcdir appropriately
+# in your Makefiles.
+AC_DEFUN([LTDL_CONVENIENCE],
+[AC_BEFORE([$0], [LTDL_INIT])dnl
+dnl Although the argument is deprecated and no longer documented,
+dnl LTDL_CONVENIENCE used to take a DIRECTORY orgument, if we have one
+dnl here make sure it is the same as any other declaration of libltdl's
+dnl location!  This also ensures lt_ltdl_dir is set when configure.ac is
+dnl not yet using an explicit LT_CONFIG_LTDL_DIR.
+m4_ifval([$1], [_LT_CONFIG_LTDL_DIR([$1])])dnl
+_$0()
+])# LTDL_CONVENIENCE
+
+# AC_LIBLTDL_CONVENIENCE accepted a directory argument in older libtools,
+# now we have LT_CONFIG_LTDL_DIR:
+AU_DEFUN([AC_LIBLTDL_CONVENIENCE],
+[_LT_CONFIG_LTDL_DIR([m4_default([$1], [libltdl])])
+_LTDL_CONVENIENCE])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBLTDL_CONVENIENCE], [])
+
+
+# _LTDL_CONVENIENCE
+# -----------------
+# Code shared by LTDL_CONVENIENCE and LTDL_INIT([convenience]).
+m4_defun([_LTDL_CONVENIENCE],
+[case $enable_ltdl_convenience in
+  no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+  "") enable_ltdl_convenience=yes
+      ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+esac
+LIBLTDL='_LT_BUILD_PREFIX'"${lt_ltdl_dir+$lt_ltdl_dir/}libltdlc.la"
+LTDLDEPS=$LIBLTDL
+LTDLINCL='-I$(top_srcdir)'"${lt_ltdl_dir+/$lt_ltdl_dir}"
+
+AC_SUBST([LIBLTDL])
+AC_SUBST([LTDLDEPS])
+AC_SUBST([LTDLINCL])
+
+# For backwards non-gettext consistent compatibility...
+INCLTDL=$LTDLINCL
+AC_SUBST([INCLTDL])
+])# _LTDL_CONVENIENCE
+
+
+# LTDL_INSTALLABLE
+# ----------------
+# sets LIBLTDL to the link flags for the libltdl installable library
+# and LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-install to the configure arguments.  Note that
+# AC_CONFIG_SUBDIRS is not called from here.  If an installed libltdl
+# is not found, LIBLTDL will be prefixed with '$(top_build_prefix)' if
+# available, otherwise with '$(top_builddir)/', and LTDLINCL will be
+# prefixed with '$(top_srcdir)/' (note the single quotes!).  If your
+# package is not flat and you're not using automake, define top_build_prefix,
+# top_builddir, and top_srcdir appropriately in your Makefiles.
+# In the future, this macro may have to be called after LT_INIT.
+AC_DEFUN([LTDL_INSTALLABLE],
+[AC_BEFORE([$0], [LTDL_INIT])dnl
+dnl Although the argument is deprecated and no longer documented,
+dnl LTDL_INSTALLABLE used to take a DIRECTORY orgument, if we have one
+dnl here make sure it is the same as any other declaration of libltdl's
+dnl location!  This also ensures lt_ltdl_dir is set when configure.ac is
+dnl not yet using an explicit LT_CONFIG_LTDL_DIR.
+m4_ifval([$1], [_LT_CONFIG_LTDL_DIR([$1])])dnl
+_$0()
+])# LTDL_INSTALLABLE
+
+# AC_LIBLTDL_INSTALLABLE accepted a directory argument in older libtools,
+# now we have LT_CONFIG_LTDL_DIR:
+AU_DEFUN([AC_LIBLTDL_INSTALLABLE],
+[_LT_CONFIG_LTDL_DIR([m4_default([$1], [libltdl])])
+_LTDL_INSTALLABLE])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBLTDL_INSTALLABLE], [])
+
+
+# _LTDL_INSTALLABLE
+# -----------------
+# Code shared by LTDL_INSTALLABLE and LTDL_INIT([installable]).
+m4_defun([_LTDL_INSTALLABLE],
+[if test -f "$prefix/lib/libltdl.la"; then
+  lt_save_LDFLAGS=$LDFLAGS
+  LDFLAGS="-L$prefix/lib $LDFLAGS"
+  AC_CHECK_LIB([ltdl], [lt_dlinit], [lt_lib_ltdl=yes])
+  LDFLAGS=$lt_save_LDFLAGS
+  if test yes = "${lt_lib_ltdl-no}"; then
+    if test yes != "$enable_ltdl_install"; then
+      # Don't overwrite $prefix/lib/libltdl.la without --enable-ltdl-install
+      AC_MSG_WARN([not overwriting libltdl at $prefix, force with '--enable-ltdl-install'])
+      enable_ltdl_install=no
+    fi
+  elif test no = "$enable_ltdl_install"; then
+    AC_MSG_WARN([libltdl not installed, but installation disabled])
+  fi
+fi
+
+# If configure.ac declared an installable ltdl, and the user didn't override
+# with --disable-ltdl-install, we will install the shipped libltdl.
+case $enable_ltdl_install in
+  no) ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+      LIBLTDL=-lltdl
+      LTDLDEPS=
+      LTDLINCL=
+      ;;
+  *)  enable_ltdl_install=yes
+      ac_configure_args="$ac_configure_args --enable-ltdl-install"
+      LIBLTDL='_LT_BUILD_PREFIX'"${lt_ltdl_dir+$lt_ltdl_dir/}libltdl.la"
+      LTDLDEPS=$LIBLTDL
+      LTDLINCL='-I$(top_srcdir)'"${lt_ltdl_dir+/$lt_ltdl_dir}"
+      ;;
+esac
+
+AC_SUBST([LIBLTDL])
+AC_SUBST([LTDLDEPS])
+AC_SUBST([LTDLINCL])
+
+# For backwards non-gettext consistent compatibility...
+INCLTDL=$LTDLINCL
+AC_SUBST([INCLTDL])
+])# LTDL_INSTALLABLE
+
+
+# _LTDL_MODE_DISPATCH
+# -------------------
+m4_define([_LTDL_MODE_DISPATCH],
+[dnl If _LTDL_DIR is '.', then we are configuring libltdl itself:
+m4_if(_LTDL_DIR, [],
+	[],
+    dnl if _LTDL_MODE was not set already, the default value is 'subproject':
+    [m4_case(m4_default(_LTDL_MODE, [subproject]),
+	  [subproject], [AC_CONFIG_SUBDIRS(_LTDL_DIR)
+			  _LT_SHELL_INIT([lt_dlopen_dir=$lt_ltdl_dir])],
+	  [nonrecursive], [_LT_SHELL_INIT([lt_dlopen_dir=$lt_ltdl_dir; lt_libobj_prefix=$lt_ltdl_dir/])],
+	  [recursive], [],
+	[m4_fatal([unknown libltdl mode: ]_LTDL_MODE)])])dnl
+dnl Be careful not to expand twice:
+m4_define([$0], [])
+])# _LTDL_MODE_DISPATCH
+
+
+# _LT_LIBOBJ(MODULE_NAME)
+# -----------------------
+# Like AC_LIBOBJ, except that MODULE_NAME goes into _LT_LIBOBJS instead
+# of into LIBOBJS.
+AC_DEFUN([_LT_LIBOBJ], [
+  m4_pattern_allow([^_LT_LIBOBJS$])
+  _LT_LIBOBJS="$_LT_LIBOBJS $1.$ac_objext"
+])# _LT_LIBOBJS
+
+
+# LTDL_INIT([OPTIONS])
+# --------------------
+# Clients of libltdl can use this macro to allow the installer to
+# choose between a shipped copy of the ltdl sources or a preinstalled
+# version of the library.  If the shipped ltdl sources are not in a
+# subdirectory named libltdl, the directory name must be given by
+# LT_CONFIG_LTDL_DIR.
+AC_DEFUN([LTDL_INIT],
+[dnl Parse OPTIONS
+_LT_SET_OPTIONS([$0], [$1])
+
+dnl We need to keep our own list of libobjs separate from our parent project,
+dnl and the easiest way to do that is redefine the AC_LIBOBJs macro while
+dnl we look for our own LIBOBJs.
+m4_pushdef([AC_LIBOBJ], m4_defn([_LT_LIBOBJ]))
+m4_pushdef([AC_LIBSOURCES])
+
+dnl If not otherwise defined, default to the 1.5.x compatible subproject mode:
+m4_if(_LTDL_MODE, [],
+        [m4_define([_LTDL_MODE], m4_default([$2], [subproject]))
+        m4_if([-1], [m4_bregexp(_LTDL_MODE, [\(subproject\|\(non\)?recursive\)])],
+                [m4_fatal([unknown libltdl mode: ]_LTDL_MODE)])])
+
+AC_ARG_WITH([included_ltdl],
+    [AS_HELP_STRING([--with-included-ltdl],
+                    [use the GNU ltdl sources included here])])
+
+if test yes != "$with_included_ltdl"; then
+  # We are not being forced to use the included libltdl sources, so
+  # decide whether there is a useful installed version we can use.
+  AC_CHECK_HEADER([ltdl.h],
+      [AC_CHECK_DECL([lt_dlinterface_register],
+	   [AC_CHECK_LIB([ltdl], [lt_dladvise_preload],
+	       [with_included_ltdl=no],
+	       [with_included_ltdl=yes])],
+	   [with_included_ltdl=yes],
+	   [AC_INCLUDES_DEFAULT
+	    #include <ltdl.h>])],
+      [with_included_ltdl=yes],
+      [AC_INCLUDES_DEFAULT]
+  )
+fi
+
+dnl If neither LT_CONFIG_LTDL_DIR, LTDL_CONVENIENCE nor LTDL_INSTALLABLE
+dnl was called yet, then for old times' sake, we assume libltdl is in an
+dnl eponymous directory:
+AC_PROVIDE_IFELSE([LT_CONFIG_LTDL_DIR], [], [_LT_CONFIG_LTDL_DIR([libltdl])])
+
+AC_ARG_WITH([ltdl_include],
+    [AS_HELP_STRING([--with-ltdl-include=DIR],
+                    [use the ltdl headers installed in DIR])])
+
+if test -n "$with_ltdl_include"; then
+  if test -f "$with_ltdl_include/ltdl.h"; then :
+  else
+    AC_MSG_ERROR([invalid ltdl include directory: '$with_ltdl_include'])
+  fi
+else
+  with_ltdl_include=no
+fi
+
+AC_ARG_WITH([ltdl_lib],
+    [AS_HELP_STRING([--with-ltdl-lib=DIR],
+                    [use the libltdl.la installed in DIR])])
+
+if test -n "$with_ltdl_lib"; then
+  if test -f "$with_ltdl_lib/libltdl.la"; then :
+  else
+    AC_MSG_ERROR([invalid ltdl library directory: '$with_ltdl_lib'])
+  fi
+else
+  with_ltdl_lib=no
+fi
+
+case ,$with_included_ltdl,$with_ltdl_include,$with_ltdl_lib, in
+  ,yes,no,no,)
+	m4_case(m4_default(_LTDL_TYPE, [convenience]),
+	    [convenience], [_LTDL_CONVENIENCE],
+	    [installable], [_LTDL_INSTALLABLE],
+	  [m4_fatal([unknown libltdl build type: ]_LTDL_TYPE)])
+	;;
+  ,no,no,no,)
+	# If the included ltdl is not to be used, then use the
+	# preinstalled libltdl we found.
+	AC_DEFINE([HAVE_LTDL], [1],
+	  [Define this if a modern libltdl is already installed])
+	LIBLTDL=-lltdl
+	LTDLDEPS=
+	LTDLINCL=
+	;;
+  ,no*,no,*)
+	AC_MSG_ERROR(['--with-ltdl-include' and '--with-ltdl-lib' options must be used together])
+	;;
+  *)	with_included_ltdl=no
+	LIBLTDL="-L$with_ltdl_lib -lltdl"
+	LTDLDEPS=
+	LTDLINCL=-I$with_ltdl_include
+	;;
+esac
+INCLTDL=$LTDLINCL
+
+# Report our decision...
+AC_MSG_CHECKING([where to find libltdl headers])
+AC_MSG_RESULT([$LTDLINCL])
+AC_MSG_CHECKING([where to find libltdl library])
+AC_MSG_RESULT([$LIBLTDL])
+
+_LTDL_SETUP
+
+dnl restore autoconf definition.
+m4_popdef([AC_LIBOBJ])
+m4_popdef([AC_LIBSOURCES])
+
+AC_CONFIG_COMMANDS_PRE([
+    _ltdl_libobjs=
+    _ltdl_ltlibobjs=
+    if test -n "$_LT_LIBOBJS"; then
+      # Remove the extension.
+      _lt_sed_drop_objext='s/\.o$//;s/\.obj$//'
+      for i in `for i in $_LT_LIBOBJS; do echo "$i"; done | $SED "$_lt_sed_drop_objext" | sort -u`; do
+        _ltdl_libobjs="$_ltdl_libobjs $lt_libobj_prefix$i.$ac_objext"
+        _ltdl_ltlibobjs="$_ltdl_ltlibobjs $lt_libobj_prefix$i.lo"
+      done
+    fi
+    AC_SUBST([ltdl_LIBOBJS], [$_ltdl_libobjs])
+    AC_SUBST([ltdl_LTLIBOBJS], [$_ltdl_ltlibobjs])
+])
+
+# Only expand once:
+m4_define([LTDL_INIT])
+])# LTDL_INIT
+
+# Old names:
+AU_DEFUN([AC_LIB_LTDL], [LTDL_INIT($@)])
+AU_DEFUN([AC_WITH_LTDL], [LTDL_INIT($@)])
+AU_DEFUN([LT_WITH_LTDL], [LTDL_INIT($@)])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIB_LTDL], [])
+dnl AC_DEFUN([AC_WITH_LTDL], [])
+dnl AC_DEFUN([LT_WITH_LTDL], [])
+
+
+# _LTDL_SETUP
+# -----------
+# Perform all the checks necessary for compilation of the ltdl objects
+#  -- including compiler checks and header checks.  This is a public
+# interface  mainly for the benefit of libltdl's own configure.ac, most
+# other users should call LTDL_INIT instead.
+AC_DEFUN([_LTDL_SETUP],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_SYS_MODULE_EXT])dnl
+AC_REQUIRE([LT_SYS_MODULE_PATH])dnl
+AC_REQUIRE([LT_SYS_DLSEARCH_PATH])dnl
+AC_REQUIRE([LT_LIB_DLLOAD])dnl
+AC_REQUIRE([LT_SYS_SYMBOL_USCORE])dnl
+AC_REQUIRE([LT_FUNC_DLSYM_USCORE])dnl
+AC_REQUIRE([LT_SYS_DLOPEN_DEPLIBS])dnl
+AC_REQUIRE([LT_FUNC_ARGZ])dnl
+
+m4_require([_LT_CHECK_OBJDIR])dnl
+m4_require([_LT_HEADER_DLFCN])dnl
+m4_require([_LT_CHECK_DLPREOPEN])dnl
+m4_require([_LT_DECL_SED])dnl
+
+dnl Don't require this, or it will be expanded earlier than the code
+dnl that sets the variables it relies on:
+_LT_ENABLE_INSTALL
+
+dnl _LTDL_MODE specific code must be called at least once:
+_LTDL_MODE_DISPATCH
+
+# In order that ltdl.c can compile, find out the first AC_CONFIG_HEADERS
+# the user used.  This is so that ltdl.h can pick up the parent projects
+# config.h file, The first file in AC_CONFIG_HEADERS must contain the
+# definitions required by ltdl.c.
+# FIXME: Remove use of undocumented AC_LIST_HEADERS (2.59 compatibility).
+AC_CONFIG_COMMANDS_PRE([dnl
+m4_pattern_allow([^LT_CONFIG_H$])dnl
+m4_ifset([AH_HEADER],
+    [LT_CONFIG_H=AH_HEADER],
+    [m4_ifset([AC_LIST_HEADERS],
+	    [LT_CONFIG_H=`echo "AC_LIST_HEADERS" | $SED 's|^[[      ]]*||;s|[[ :]].*$||'`],
+	[])])])
+AC_SUBST([LT_CONFIG_H])
+
+AC_CHECK_HEADERS([unistd.h dl.h sys/dl.h dld.h mach-o/dyld.h dirent.h],
+	[], [], [AC_INCLUDES_DEFAULT])
+
+AC_CHECK_FUNCS([closedir opendir readdir], [], [AC_LIBOBJ([lt__dirent])])
+AC_CHECK_FUNCS([strlcat strlcpy], [], [AC_LIBOBJ([lt__strl])])
+
+m4_pattern_allow([LT_LIBEXT])dnl
+AC_DEFINE_UNQUOTED([LT_LIBEXT],["$libext"],[The archive extension])
+
+name=
+eval "lt_libprefix=\"$libname_spec\""
+m4_pattern_allow([LT_LIBPREFIX])dnl
+AC_DEFINE_UNQUOTED([LT_LIBPREFIX],["$lt_libprefix"],[The archive prefix])
+
+name=ltdl
+eval "LTDLOPEN=\"$libname_spec\""
+AC_SUBST([LTDLOPEN])
+])# _LTDL_SETUP
+
+
+# _LT_ENABLE_INSTALL
+# ------------------
+m4_define([_LT_ENABLE_INSTALL],
+[AC_ARG_ENABLE([ltdl-install],
+    [AS_HELP_STRING([--enable-ltdl-install], [install libltdl])])
+
+case ,$enable_ltdl_install,$enable_ltdl_convenience in
+  *yes*) ;;
+  *) enable_ltdl_convenience=yes ;;
+esac
+
+m4_ifdef([AM_CONDITIONAL],
+[AM_CONDITIONAL(INSTALL_LTDL, test no != "${enable_ltdl_install-no}")
+ AM_CONDITIONAL(CONVENIENCE_LTDL, test no != "${enable_ltdl_convenience-no}")])
+])# _LT_ENABLE_INSTALL
+
+
+# LT_SYS_DLOPEN_DEPLIBS
+# ---------------------
+AC_DEFUN([LT_SYS_DLOPEN_DEPLIBS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_CACHE_CHECK([whether deplibs are loaded by dlopen],
+  [lt_cv_sys_dlopen_deplibs],
+  [# PORTME does your system automatically load deplibs for dlopen?
+  # or its logical equivalent (e.g. shl_load for HP-UX < 11)
+  # For now, we just catch OSes we know something about -- in the
+  # future, we'll try test this programmatically.
+  lt_cv_sys_dlopen_deplibs=unknown
+  case $host_os in
+  aix3*|aix4.1.*|aix4.2.*)
+    # Unknown whether this is true for these versions of AIX, but
+    # we want this 'case' here to explicitly catch those versions.
+    lt_cv_sys_dlopen_deplibs=unknown
+    ;;
+  aix[[4-9]]*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  amigaos*)
+    case $host_cpu in
+    powerpc)
+      lt_cv_sys_dlopen_deplibs=no
+      ;;
+    esac
+    ;;
+  bitrig*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  darwin*)
+    # Assuming the user has installed a libdl from somewhere, this is true
+    # If you are looking for one http://www.opendarwin.org/projects/dlcompat
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  freebsd* | dragonfly* | midnightbsd*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  gnu* | linux* | k*bsd*-gnu | kopensolaris*-gnu)
+    # GNU and its variants, using gnu ld.so (Glibc)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  hpux10*|hpux11*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  interix*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  irix[[12345]]*|irix6.[[01]]*)
+    # Catch all versions of IRIX before 6.2, and indicate that we don't
+    # know how it worked for any of those versions.
+    lt_cv_sys_dlopen_deplibs=unknown
+    ;;
+  irix*)
+    # The case above catches anything before 6.2, and it's known that
+    # at 6.2 and later dlopen does load deplibs.
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  netbsd* | netbsdelf*-gnu)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  openbsd*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  osf[[1234]]*)
+    # dlopen did load deplibs (at least at 4.x), but until the 5.x series,
+    # it did *not* use an RPATH in a shared library to find objects the
+    # library depends on, so we explicitly say 'no'.
+    lt_cv_sys_dlopen_deplibs=no
+    ;;
+  osf5.0|osf5.0a|osf5.1)
+    # dlopen *does* load deplibs and with the right loader patch applied
+    # it even uses RPATH in a shared library to search for shared objects
+    # that the library depends on, but there's no easy way to know if that
+    # patch is installed.  Since this is the case, all we can really
+    # say is unknown -- it depends on the patch being installed.  If
+    # it is, this changes to 'yes'.  Without it, it would be 'no'.
+    lt_cv_sys_dlopen_deplibs=unknown
+    ;;
+  osf*)
+    # the two cases above should catch all versions of osf <= 5.1.  Read
+    # the comments above for what we know about them.
+    # At > 5.1, deplibs are loaded *and* any RPATH in a shared library
+    # is used to find them so we can finally say 'yes'.
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  qnx*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  solaris*)
+    lt_cv_sys_dlopen_deplibs=yes
+    ;;
+  sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+    libltdl_cv_sys_dlopen_deplibs=yes
+    ;;
+  esac
+  ])
+if test yes != "$lt_cv_sys_dlopen_deplibs"; then
+ AC_DEFINE([LTDL_DLOPEN_DEPLIBS], [1],
+    [Define if the OS needs help to load dependent libraries for dlopen().])
+fi
+])# LT_SYS_DLOPEN_DEPLIBS
+
+# Old name:
+AU_ALIAS([AC_LTDL_SYS_DLOPEN_DEPLIBS], [LT_SYS_DLOPEN_DEPLIBS])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LTDL_SYS_DLOPEN_DEPLIBS], [])
+
+
+# LT_SYS_MODULE_EXT
+# -----------------
+AC_DEFUN([LT_SYS_MODULE_EXT],
+[m4_require([_LT_SYS_DYNAMIC_LINKER])dnl
+AC_CACHE_CHECK([what extension is used for runtime loadable modules],
+  [libltdl_cv_shlibext],
+[
+module=yes
+eval libltdl_cv_shlibext=$shrext_cmds
+module=no
+eval libltdl_cv_shrext=$shrext_cmds
+  ])
+if test -n "$libltdl_cv_shlibext"; then
+  m4_pattern_allow([LT_MODULE_EXT])dnl
+  AC_DEFINE_UNQUOTED([LT_MODULE_EXT], ["$libltdl_cv_shlibext"],
+    [Define to the extension used for runtime loadable modules, say, ".so".])
+fi
+if test "$libltdl_cv_shrext" != "$libltdl_cv_shlibext"; then
+  m4_pattern_allow([LT_SHARED_EXT])dnl
+  AC_DEFINE_UNQUOTED([LT_SHARED_EXT], ["$libltdl_cv_shrext"],
+    [Define to the shared library suffix, say, ".dylib".])
+fi
+if test -n "$shared_archive_member_spec"; then
+  m4_pattern_allow([LT_SHARED_LIB_MEMBER])dnl
+  AC_DEFINE_UNQUOTED([LT_SHARED_LIB_MEMBER], ["($shared_archive_member_spec.o)"],
+    [Define to the shared archive member specification, say "(shr.o)".])
+fi
+])# LT_SYS_MODULE_EXT
+
+# Old name:
+AU_ALIAS([AC_LTDL_SHLIBEXT], [LT_SYS_MODULE_EXT])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LTDL_SHLIBEXT], [])
+
+
+# LT_SYS_MODULE_PATH
+# ------------------
+AC_DEFUN([LT_SYS_MODULE_PATH],
+[m4_require([_LT_SYS_DYNAMIC_LINKER])dnl
+AC_CACHE_CHECK([what variable specifies run-time module search path],
+  [lt_cv_module_path_var], [lt_cv_module_path_var=$shlibpath_var])
+if test -n "$lt_cv_module_path_var"; then
+  m4_pattern_allow([LT_MODULE_PATH_VAR])dnl
+  AC_DEFINE_UNQUOTED([LT_MODULE_PATH_VAR], ["$lt_cv_module_path_var"],
+    [Define to the name of the environment variable that determines the run-time module search path.])
+fi
+])# LT_SYS_MODULE_PATH
+
+# Old name:
+AU_ALIAS([AC_LTDL_SHLIBPATH], [LT_SYS_MODULE_PATH])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LTDL_SHLIBPATH], [])
+
+
+# LT_SYS_DLSEARCH_PATH
+# --------------------
+AC_DEFUN([LT_SYS_DLSEARCH_PATH],
+[m4_require([_LT_SYS_DYNAMIC_LINKER])dnl
+AC_CACHE_CHECK([for the default library search path],
+  [lt_cv_sys_dlsearch_path],
+  [lt_cv_sys_dlsearch_path=$sys_lib_dlsearch_path_spec])
+if test -n "$lt_cv_sys_dlsearch_path"; then
+  sys_dlsearch_path=
+  for dir in $lt_cv_sys_dlsearch_path; do
+    if test -z "$sys_dlsearch_path"; then
+      sys_dlsearch_path=$dir
+    else
+      sys_dlsearch_path=$sys_dlsearch_path$PATH_SEPARATOR$dir
+    fi
+  done
+  m4_pattern_allow([LT_DLSEARCH_PATH])dnl
+  AC_DEFINE_UNQUOTED([LT_DLSEARCH_PATH], ["$sys_dlsearch_path"],
+    [Define to the system default library search path.])
+fi
+])# LT_SYS_DLSEARCH_PATH
+
+# Old name:
+AU_ALIAS([AC_LTDL_SYSSEARCHPATH], [LT_SYS_DLSEARCH_PATH])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LTDL_SYSSEARCHPATH], [])
+
+
+# _LT_CHECK_DLPREOPEN
+# -------------------
+m4_defun([_LT_CHECK_DLPREOPEN],
+[m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+AC_CACHE_CHECK([whether libtool supports -dlopen/-dlpreopen],
+  [libltdl_cv_preloaded_symbols],
+  [if test -n "$lt_cv_sys_global_symbol_pipe"; then
+    libltdl_cv_preloaded_symbols=yes
+  else
+    libltdl_cv_preloaded_symbols=no
+  fi
+  ])
+if test yes = "$libltdl_cv_preloaded_symbols"; then
+  AC_DEFINE([HAVE_PRELOADED_SYMBOLS], [1],
+    [Define if libtool can extract symbol lists from object files.])
+fi
+])# _LT_CHECK_DLPREOPEN
+
+
+# LT_LIB_DLLOAD
+# -------------
+AC_DEFUN([LT_LIB_DLLOAD],
+[m4_pattern_allow([^LT_DLLOADERS$])
+LT_DLLOADERS=
+AC_SUBST([LT_DLLOADERS])
+
+AC_LANG_PUSH([C])
+lt_dlload_save_LIBS=$LIBS
+
+LIBADD_DLOPEN=
+AC_SEARCH_LIBS([dlopen], [dl],
+	[AC_DEFINE([HAVE_LIBDL], [1],
+		   [Define if you have the libdl library or equivalent.])
+	if test "$ac_cv_search_dlopen" != "none required"; then
+	  LIBADD_DLOPEN=-ldl
+	fi
+	libltdl_cv_lib_dl_dlopen=yes
+	LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"],
+    [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#if HAVE_DLFCN_H
+#  include <dlfcn.h>
+#endif
+    ]], [[dlopen(0, 0);]])],
+	    [AC_DEFINE([HAVE_LIBDL], [1],
+		       [Define if you have the libdl library or equivalent.])
+	    libltdl_cv_func_dlopen=yes
+	    LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"],
+	[AC_CHECK_LIB([svld], [dlopen],
+		[AC_DEFINE([HAVE_LIBDL], [1],
+			 [Define if you have the libdl library or equivalent.])
+	        LIBADD_DLOPEN=-lsvld libltdl_cv_func_dlopen=yes
+		LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"])])])
+if test yes = "$libltdl_cv_func_dlopen" || test yes = "$libltdl_cv_lib_dl_dlopen"
+then
+  lt_save_LIBS=$LIBS
+  LIBS="$LIBS $LIBADD_DLOPEN"
+  AC_CHECK_FUNCS([dlerror])
+  LIBS=$lt_save_LIBS
+fi
+AC_SUBST([LIBADD_DLOPEN])
+
+LIBADD_SHL_LOAD=
+AC_CHECK_FUNC([shl_load],
+	[AC_DEFINE([HAVE_SHL_LOAD], [1],
+		   [Define if you have the shl_load function.])
+	LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la"],
+    [AC_CHECK_LIB([dld], [shl_load],
+	    [AC_DEFINE([HAVE_SHL_LOAD], [1],
+		       [Define if you have the shl_load function.])
+	    LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la"
+	    LIBADD_SHL_LOAD=-ldld])])
+AC_SUBST([LIBADD_SHL_LOAD])
+
+case $host_os in
+darwin[[1567]].*)
+# We only want this for pre-Mac OS X 10.4.
+  AC_CHECK_FUNC([_dyld_func_lookup],
+	[AC_DEFINE([HAVE_DYLD], [1],
+		   [Define if you have the _dyld_func_lookup function.])
+	LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dyld.la"])
+  ;;
+beos*)
+  LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}load_add_on.la"
+  ;;
+cygwin* | mingw* | pw32*)
+  AC_CHECK_DECLS([cygwin_conv_path], [], [], [[#include <sys/cygwin.h>]])
+  LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}loadlibrary.la"
+  ;;
+esac
+
+AC_CHECK_LIB([dld], [dld_link],
+	[AC_DEFINE([HAVE_DLD], [1],
+		   [Define if you have the GNU dld library.])
+		LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dld_link.la"])
+AC_SUBST([LIBADD_DLD_LINK])
+
+m4_pattern_allow([^LT_DLPREOPEN$])
+LT_DLPREOPEN=
+if test -n "$LT_DLLOADERS"
+then
+  for lt_loader in $LT_DLLOADERS; do
+    LT_DLPREOPEN="$LT_DLPREOPEN-dlpreopen $lt_loader "
+  done
+  AC_DEFINE([HAVE_LIBDLLOADER], [1],
+            [Define if libdlloader will be built on this platform])
+fi
+AC_SUBST([LT_DLPREOPEN])
+
+dnl This isn't used anymore, but set it for backwards compatibility
+LIBADD_DL="$LIBADD_DLOPEN $LIBADD_SHL_LOAD"
+AC_SUBST([LIBADD_DL])
+
+LIBS=$lt_dlload_save_LIBS
+AC_LANG_POP
+])# LT_LIB_DLLOAD
+
+# Old name:
+AU_ALIAS([AC_LTDL_DLLIB], [LT_LIB_DLLOAD])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LTDL_DLLIB], [])
+
+
+# LT_SYS_SYMBOL_USCORE
+# --------------------
+# does the compiler prefix global symbols with an underscore?
+AC_DEFUN([LT_SYS_SYMBOL_USCORE],
+[m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+AC_CACHE_CHECK([for _ prefix in compiled symbols],
+  [lt_cv_sys_symbol_underscore],
+  [lt_cv_sys_symbol_underscore=no
+  cat > conftest.$ac_ext <<_LT_EOF
+void nm_test_func(){}
+int main(){nm_test_func;return 0;}
+_LT_EOF
+  if AC_TRY_EVAL(ac_compile); then
+    # Now try to grab the symbols.
+    ac_nlist=conftest.nm
+    if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $ac_nlist) && test -s "$ac_nlist"; then
+      # See whether the symbols have a leading underscore.
+      if grep '^. _nm_test_func' "$ac_nlist" >/dev/null; then
+        lt_cv_sys_symbol_underscore=yes
+      else
+        if grep '^. nm_test_func ' "$ac_nlist" >/dev/null; then
+	  :
+        else
+	  echo "configure: cannot find nm_test_func in $ac_nlist" >&AS_MESSAGE_LOG_FD
+        fi
+      fi
+    else
+      echo "configure: cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+    fi
+  else
+    echo "configure: failed program was:" >&AS_MESSAGE_LOG_FD
+    cat conftest.c >&AS_MESSAGE_LOG_FD
+  fi
+  rm -rf conftest*
+  ])
+  sys_symbol_underscore=$lt_cv_sys_symbol_underscore
+  AC_SUBST([sys_symbol_underscore])
+])# LT_SYS_SYMBOL_USCORE
+
+# Old name:
+AU_ALIAS([AC_LTDL_SYMBOL_USCORE], [LT_SYS_SYMBOL_USCORE])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LTDL_SYMBOL_USCORE], [])
+
+
+# LT_FUNC_DLSYM_USCORE
+# --------------------
+AC_DEFUN([LT_FUNC_DLSYM_USCORE],
+[AC_REQUIRE([_LT_COMPILER_PIC])dnl	for lt_prog_compiler_wl
+AC_REQUIRE([LT_SYS_SYMBOL_USCORE])dnl	for lt_cv_sys_symbol_underscore
+AC_REQUIRE([LT_SYS_MODULE_EXT])dnl	for libltdl_cv_shlibext
+if test yes = "$lt_cv_sys_symbol_underscore"; then
+  if test yes = "$libltdl_cv_func_dlopen" || test yes = "$libltdl_cv_lib_dl_dlopen"; then
+    AC_CACHE_CHECK([whether we have to add an underscore for dlsym],
+      [libltdl_cv_need_uscore],
+      [libltdl_cv_need_uscore=unknown
+      dlsym_uscore_save_LIBS=$LIBS
+      LIBS="$LIBS $LIBADD_DLOPEN"
+      libname=conftmod # stay within 8.3 filename limits!
+      cat >$libname.$ac_ext <<_LT_EOF
+[#line $LINENO "configure"
+#include "confdefs.h"
+/* When -fvisibility=hidden is used, assume the code has been annotated
+   correspondingly for the symbols needed.  */
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
+#endif
+int fnord () { return 42; }]
+_LT_EOF
+
+      # ltfn_module_cmds module_cmds
+      # Execute tilde-delimited MODULE_CMDS with environment primed for
+      # $module_cmds or $archive_cmds type content.
+      ltfn_module_cmds ()
+      {( # subshell avoids polluting parent global environment
+          module_cmds_save_ifs=$IFS; IFS='~'
+          for cmd in @S|@1; do
+            IFS=$module_cmds_save_ifs
+            libobjs=$libname.$ac_objext; lib=$libname$libltdl_cv_shlibext
+            rpath=/not-exists; soname=$libname$libltdl_cv_shlibext; output_objdir=.
+            major=; versuffix=; verstring=; deplibs=
+            ECHO=echo; wl=$lt_prog_compiler_wl; allow_undefined_flag=
+            eval $cmd
+          done
+          IFS=$module_cmds_save_ifs
+      )}
+
+      # Compile a loadable module using libtool macro expansion results.
+      $CC $pic_flag -c $libname.$ac_ext
+      ltfn_module_cmds "${module_cmds:-$archive_cmds}"
+
+      # Try to fetch fnord with dlsym().
+      libltdl_dlunknown=0; libltdl_dlnouscore=1; libltdl_dluscore=2
+      cat >conftest.$ac_ext <<_LT_EOF
+[#line $LINENO "configure"
+#include "confdefs.h"
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+#include <stdio.h>
+#ifndef RTLD_GLOBAL
+#  ifdef DL_GLOBAL
+#    define RTLD_GLOBAL DL_GLOBAL
+#  else
+#    define RTLD_GLOBAL 0
+#  endif
+#endif
+#ifndef RTLD_NOW
+#  ifdef DL_NOW
+#    define RTLD_NOW DL_NOW
+#  else
+#    define RTLD_NOW 0
+#  endif
+#endif
+int main () {
+  void *handle = dlopen ("`pwd`/$libname$libltdl_cv_shlibext", RTLD_GLOBAL|RTLD_NOW);
+  int status = $libltdl_dlunknown;
+  if (handle) {
+    if (dlsym (handle, "fnord"))
+      status = $libltdl_dlnouscore;
+    else {
+      if (dlsym (handle, "_fnord"))
+        status = $libltdl_dluscore;
+      else
+	puts (dlerror ());
+    }
+    dlclose (handle);
+  } else
+    puts (dlerror ());
+  return status;
+}]
+_LT_EOF
+      if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
+        (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+        libltdl_status=$?
+        case x$libltdl_status in
+          x$libltdl_dlnouscore) libltdl_cv_need_uscore=no ;;
+	  x$libltdl_dluscore) libltdl_cv_need_uscore=yes ;;
+	  x*) libltdl_cv_need_uscore=unknown ;;
+        esac
+      fi
+      rm -rf conftest* $libname*
+      LIBS=$dlsym_uscore_save_LIBS
+    ])
+  fi
+fi
+
+if test yes = "$libltdl_cv_need_uscore"; then
+  AC_DEFINE([NEED_USCORE], [1],
+    [Define if dlsym() requires a leading underscore in symbol names.])
+fi
+])# LT_FUNC_DLSYM_USCORE
+
+# Old name:
+AU_ALIAS([AC_LTDL_DLSYM_USCORE], [LT_FUNC_DLSYM_USCORE])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LTDL_DLSYM_USCORE], [])
+
+# pkg.m4 - Macros to locate and use pkg-config.   -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=m4_default([$1], [0.9.0])
+	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		AC_MSG_RESULT([yes])
+	else
+		AC_MSG_RESULT([no])
+		PKG_CONFIG=""
+	fi
+fi[]dnl
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurrence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+    pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+    PKG_CHECK_EXISTS([$3],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
+		     [pkg_failed=yes])
+ else
+    pkg_failed=untried
+fi[]dnl
+])dnl _PKG_CONFIG
+
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi[]dnl
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $2])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+        AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+                $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else
+                $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
+        # Put the nasty error message in config.log where it belongs
+        echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+        m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+        ])
+elif test $pkg_failed = untried; then
+        AC_MSG_RESULT([no])
+        m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+        ])
+else
+        $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+        $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        AC_MSG_RESULT([yes])
+        $3
+fi[]dnl
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
+
+dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES,
+dnl   [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND],
+dnl   [DESCRIPTION], [DEFAULT])
+dnl ------------------------------------------
+dnl
+dnl Prepare a "--with-" configure option using the lowercase
+dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and
+dnl PKG_CHECK_MODULES in a single macro.
+AC_DEFUN([PKG_WITH_MODULES],
+[
+m4_pushdef([with_arg], m4_tolower([$1]))
+
+m4_pushdef([description],
+           [m4_default([$5], [build with ]with_arg[ support])])
+
+m4_pushdef([def_arg], [m4_default([$6], [auto])])
+m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes])
+m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no])
+
+m4_case(def_arg,
+            [yes],[m4_pushdef([with_without], [--without-]with_arg)],
+            [m4_pushdef([with_without],[--with-]with_arg)])
+
+AC_ARG_WITH(with_arg,
+     AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),,
+    [AS_TR_SH([with_]with_arg)=def_arg])
+
+AS_CASE([$AS_TR_SH([with_]with_arg)],
+            [yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)],
+            [auto],[PKG_CHECK_MODULES([$1],[$2],
+                                        [m4_n([def_action_if_found]) $3],
+                                        [m4_n([def_action_if_not_found]) $4])])
+
+m4_popdef([with_arg])
+m4_popdef([description])
+m4_popdef([def_arg])
+
+])dnl PKG_WITH_MODULES
+
+dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
+dnl   [DESCRIPTION], [DEFAULT])
+dnl -----------------------------------------------
+dnl
+dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES
+dnl check._[VARIABLE-PREFIX] is exported as make variable.
+AC_DEFUN([PKG_HAVE_WITH_MODULES],
+[
+PKG_WITH_MODULES([$1],[$2],,,[$3],[$4])
+
+AM_CONDITIONAL([HAVE_][$1],
+               [test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"])
+])dnl PKG_HAVE_WITH_MODULES
+
+dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
+dnl   [DESCRIPTION], [DEFAULT])
+dnl ------------------------------------------------------
+dnl
+dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after
+dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make
+dnl and preprocessor variable.
+AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES],
+[
+PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4])
+
+AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
+        [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])])
+])dnl PKG_HAVE_DEFINE_WITH_MODULES
+
 # Copyright (C) 2002-2021 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
diff --git a/config.h.in b/config.h.in
index 9990868..37a15b3 100644
--- a/config.h.in
+++ b/config.h.in
@@ -4,6 +4,12 @@
    authenticate the callers */
 #undef ACCT_TOOLS_SETUID
 
+/* Define to support lastlog. */
+#undef ENABLE_LASTLOG
+
+/* Define to manage session support with logind. */
+#undef ENABLE_LOGIND
+
 /* Define to 1 if translation of program messages to the user's native
    language is requested. */
 #undef ENABLE_NLS
@@ -54,6 +60,10 @@
    */
 #undef HAVE_DCGETTEXT
 
+/* Define to 1 if you have the declaration of `cygwin_conv_path', and to 0 if
+   you don't. */
+#undef HAVE_DECL_CYGWIN_CONV_PATH
+
 /* Define to 1 if you have the declaration of `PAM_DATA_SILENT', and to 0 if
    you don't. */
 #undef HAVE_DECL_PAM_DATA_SILENT
@@ -70,26 +80,23 @@
    if you don't. */
 #undef HAVE_DECL_PAM_NEW_AUTHTOK_REQD
 
+/* Define if you have the GNU dld library. */
+#undef HAVE_DLD
+
+/* Define to 1 if you have the `dlerror' function. */
+#undef HAVE_DLERROR
+
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
+/* Define if you have the _dyld_func_lookup function. */
+#undef HAVE_DYLD
 
 /* Define to 1 if you have the `explicit_bzero' function. */
 #undef HAVE_EXPLICIT_BZERO
 
-/* Define to 1 if you have the `fchmod' function. */
-#undef HAVE_FCHMOD
-
-/* Define to 1 if you have the `fchown' function. */
-#undef HAVE_FCHOWN
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#undef HAVE_FCNTL_H
-
-/* Define to 1 if you have the `fsync' function. */
-#undef HAVE_FSYNC
+/* Defined to 1 if you have the declaration of 'fgetpwent_r' */
+#undef HAVE_FGETPWENT_R
 
 /* Define to 1 if you have the `futimes' function. */
 #undef HAVE_FUTIMES
@@ -97,18 +104,6 @@
 /* Define to 1 if you have the `getentropy' function. */
 #undef HAVE_GETENTROPY
 
-/* Define to 1 if you have the `getgrgid_r' function. */
-#undef HAVE_GETGRGID_R
-
-/* Define to 1 if you have the `getgrnam_r' function. */
-#undef HAVE_GETGRNAM_R
-
-/* Define to 1 if you have the `getpwnam_r' function. */
-#undef HAVE_GETPWNAM_R
-
-/* Define to 1 if you have the `getpwuid_r' function. */
-#undef HAVE_GETPWUID_R
-
 /* Define to 1 if you have the `getrandom' function. */
 #undef HAVE_GETRANDOM
 
@@ -124,9 +119,6 @@
 /* Define to 1 if you have the `getusershell' function. */
 #undef HAVE_GETUSERSHELL
 
-/* Define to 1 if you have the `getutent' function. */
-#undef HAVE_GETUTENT
-
 /* Define to 1 if you have the <gshadow.h> header file. */
 #undef HAVE_GSHADOW_H
 
@@ -142,26 +134,17 @@
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 
-/* Define to 1 if you have the `l64a' function. */
-#undef HAVE_L64A
-
 /* Define to 1 if you have the <lastlog.h> header file. */
 #undef HAVE_LASTLOG_H
 
 /* Define to 1 if you have the `lckpwdf' function. */
 #undef HAVE_LCKPWDF
 
-/* Defined if you have libcrack. */
-#undef HAVE_LIBCRACK
-
-/* Defined if you have the ts&szs cracklib. */
-#undef HAVE_LIBCRACK_HIST
+/* Define if you have the libdl library or equivalent. */
+#undef HAVE_LIBDL
 
-/* Defined if it includes *Pw functions. */
-#undef HAVE_LIBCRACK_PW
-
-/* Define to 1 if you have the <limits.h> header file. */
-#undef HAVE_LIMITS_H
+/* Define if libdlloader will be built on this platform */
+#undef HAVE_LIBDLLOADER
 
 /* Define to 1 if you have the <linux/btrfs_tree.h> header file. */
 #undef HAVE_LINUX_BTRFS_TREE_H
@@ -172,24 +155,15 @@
 /* Define if struct lastlog has ll_host */
 #undef HAVE_LL_HOST
 
-/* Define to 1 if you have the <locale.h> header file. */
-#undef HAVE_LOCALE_H
-
 /* Define to 1 if you have the `lutimes' function. */
 #undef HAVE_LUTIMES
 
-/* Define to 1 if you have the `memset_s' function. */
-#undef HAVE_MEMSET_S
+/* Define to 1 if you have the `memset_explicit' function. */
+#undef HAVE_MEMSET_EXPLICIT
 
 /* Define to 1 if you have the <minix/config.h> header file. */
 #undef HAVE_MINIX_CONFIG_H
 
-/* Define to 1 if you have the `mkdir' function. */
-#undef HAVE_MKDIR
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#undef HAVE_NETDB_H
-
 /* Define to 1 if you have the <paths.h> header file. */
 #undef HAVE_PATHS_H
 
@@ -202,15 +176,15 @@
 /* Define to 1 if you have the `putspent' function. */
 #undef HAVE_PUTSPENT
 
-/* Define to 1 if you have the `rename' function. */
-#undef HAVE_RENAME
-
-/* Define to 1 if you have the `rmdir' function. */
-#undef HAVE_RMDIR
+/* Define to 1 if you have the <readpassphrase.h> header file. */
+#undef HAVE_READPASSPHRASE_H
 
 /* Define to 1 if you have the <rpc/key_prot.h> header file. */
 #undef HAVE_RPC_KEY_PROT_H
 
+/* Define to 1 if you have the `rpmatch' function. */
+#undef HAVE_RPMATCH
+
 /* Define to 1 if you have the <security/openpam.h> header file. */
 #undef HAVE_SECURITY_OPENPAM_H
 
@@ -241,11 +215,8 @@
 /* Have working shadow group support in libc */
 #undef HAVE_SHADOWGRP
 
-/* Define to 1 if you have the `snprintf' function. */
-#undef HAVE_SNPRINTF
-
-/* Define to 1 if stdbool.h conforms to C99. */
-#undef HAVE_STDBOOL_H
+/* Define if you have the shl_load function. */
+#undef HAVE_SHL_LOAD
 
 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
@@ -256,14 +227,11 @@
 /* Define to 1 if you have the <stdlib.h> header file. */
 #undef HAVE_STDLIB_H
 
-/* Define to 1 if you have the `strcasecmp' function. */
-#undef HAVE_STRCASECMP
-
-/* Define to 1 if you have the `strdup' function. */
-#undef HAVE_STRDUP
+/* Define to 1 if you have the `stpecpy' function. */
+#undef HAVE_STPECPY
 
-/* Define to 1 if you have the `strerror' function. */
-#undef HAVE_STRERROR
+/* Define to 1 if you have the `stpeprintf' function. */
+#undef HAVE_STPEPRINTF
 
 /* Define to 1 if you have the <strings.h> header file. */
 #undef HAVE_STRINGS_H
@@ -271,21 +239,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H
 
-/* Define to 1 if you have the `strstr' function. */
-#undef HAVE_STRSTR
-
-/* Define to 1 if `st_atim' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_ATIM
-
-/* Define to 1 if `st_atimensec' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_ATIMENSEC
-
-/* Define to 1 if `st_mtim' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_MTIM
-
-/* Define to 1 if `st_mtimensec' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_MTIMENSEC
-
 /* Define to 1 if `ut_addr' is a member of `struct utmpx'. */
 #undef HAVE_STRUCT_UTMPX_UT_ADDR
 
@@ -307,42 +260,6 @@
 /* Define to 1 if `ut_xtime' is a member of `struct utmpx'. */
 #undef HAVE_STRUCT_UTMPX_UT_XTIME
 
-/* Define to 1 if `ut_addr' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_ADDR
-
-/* Define to 1 if `ut_addr_v6' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_ADDR_V6
-
-/* Define to 1 if `ut_host' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_HOST
-
-/* Define to 1 if `ut_id' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_ID
-
-/* Define to 1 if `ut_name' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_NAME
-
-/* Define to 1 if `ut_syslen' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_SYSLEN
-
-/* Define to 1 if `ut_time' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_TIME
-
-/* Define to 1 if `ut_tv' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_TV
-
-/* Define to 1 if `ut_type' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_TYPE
-
-/* Define to 1 if `ut_user' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_USER
-
-/* Define to 1 if `ut_xtime' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_XTIME
-
-/* Define to 1 if you have the <syslog.h> header file. */
-#undef HAVE_SYSLOG_H
-
 /* Define to 1 if you have the <sys/capability.h> header file. */
 #undef HAVE_SYS_CAPABILITY_H
 
@@ -352,39 +269,24 @@
 /* Define to 1 if you have the <sys/random.h> header file. */
 #undef HAVE_SYS_RANDOM_H
 
-/* Define to 1 if you have the <sys/resource.h> header file. */
-#undef HAVE_SYS_RESOURCE_H
-
 /* Define to 1 if you have the <sys/statfs.h> header file. */
 #undef HAVE_SYS_STATFS_H
 
 /* Define to 1 if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H
 
-/* Define to 1 if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H
-
 /* Define to 1 if you have the <sys/types.h> header file. */
 #undef HAVE_SYS_TYPES_H
 
 /* Define to 1 if you have the <tcb.h> header file. */
 #undef HAVE_TCB_H
 
-/* Define to 1 if you have the <termios.h> header file. */
-#undef HAVE_TERMIOS_H
-
 /* Define to 1 if you have the <termio.h> header file. */
 #undef HAVE_TERMIO_H
 
-/* Define to 1 if you have the <ulimit.h> header file. */
-#undef HAVE_ULIMIT_H
-
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 
-/* Define to 1 if you have the `updwtmp' function. */
-#undef HAVE_UPDWTMP
-
 /* Define to 1 if you have the `updwtmpx' function. */
 #undef HAVE_UPDWTMPX
 
@@ -394,18 +296,15 @@
 /* Define to 1 if `utime(file, NULL)' sets file's timestamp to the present. */
 #undef HAVE_UTIME_NULL
 
-/* Define to 1 if you have the <utmpx.h> header file. */
-#undef HAVE_UTMPX_H
-
 /* Define to 1 if you have the <utmp.h> header file. */
 #undef HAVE_UTMP_H
 
+/* Define to support vendor settings. */
+#undef HAVE_VENDORDIR
+
 /* Define to 1 if you have the <wchar.h> header file. */
 #undef HAVE_WCHAR_H
 
-/* Define to 1 if the system has the type `_Bool'. */
-#undef HAVE__BOOL
-
 /* Path for lastlog file. */
 #undef LASTLOG_FILE
 
@@ -477,9 +376,6 @@
 /* Define to support /etc/suauth su access control. */
 #undef SU_ACCESS
 
-/* Define to 1 if your <sys/time.h> declares `struct tm'. */
-#undef TM_IN_SYS_TIME
-
 /* Define to allow the bcrypt password encryption algorithm */
 #undef USE_BCRYPT
 
@@ -495,9 +391,6 @@
 /* Define to support flushing of sssd caches */
 #undef USE_SSSD
 
-/* Define to use syslog(). */
-#undef USE_SYSLOG
-
 /* Enable extensions on AIX 3, Interix.  */
 #ifndef _ALL_SOURCE
 # undef _ALL_SOURCE
@@ -586,12 +479,12 @@
 #endif
 
 
-/* Define if utmpx should be used */
-#undef USE_UTMPX
-
 /* Define to allow the yescrypt password encryption algorithm */
 #undef USE_YESCRYPT
 
+/* Directory for distribution provided configuration files */
+#undef VENDORDIR
+
 /* Version number of package */
 #undef VERSION
 
@@ -607,6 +500,9 @@
 /* Build shadow with BtrFS support */
 #undef WITH_BTRFS
 
+/* Build shadow without libbsd support */
+#undef WITH_LIBBSD
+
 /* Build shadow with SELinux support */
 #undef WITH_SELINUX
 
diff --git a/configure b/configure
index 58c90c1..e23e2ea 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for shadow 4.13.
+# Generated by GNU Autoconf 2.71 for shadow 4.15.2.
 #
 # Report bugs to <pkg-shadow-devel@lists.alioth.debian.org>.
 #
@@ -621,8 +621,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='shadow'
 PACKAGE_TARNAME='shadow'
-PACKAGE_VERSION='4.13'
-PACKAGE_STRING='shadow 4.13'
+PACKAGE_VERSION='4.15.2'
+PACKAGE_STRING='shadow 4.15.2'
 PACKAGE_BUGREPORT='pkg-shadow-devel@lists.alioth.debian.org'
 PACKAGE_URL='https://github.com/shadow-maint/shadow'
 
@@ -698,12 +698,21 @@ LIBSEMANAGE
 LIBSELINUX
 WITH_BTRFS_FALSE
 WITH_BTRFS_TRUE
-LIBCRACK
 LIBAUDIT
 LIBATTR
 LIBACL
+WITH_LIBBSD_FALSE
+WITH_LIBBSD_TRUE
+LIBBSD_LIBS
+LIBBSD_CFLAGS
+LIBBSD
 LIYESCRYPT
 LIBCRYPT
+ENABLE_LOGIND_FALSE
+ENABLE_LOGIND_TRUE
+LIBSYSTEMD
+ENABLE_LASTLOG_FALSE
+ENABLE_LASTLOG_TRUE
 ENABLE_SUBIDS_FALSE
 ENABLE_SUBIDS_TRUE
 ENABLE_REGENERATE_MAN_FALSE
@@ -718,6 +727,13 @@ HAVE_VENDORDIR_TRUE
 VENDORDIR
 LIBECONF
 ECONF_CPPFLAGS
+HAVE_CMOCKA_FALSE
+HAVE_CMOCKA_TRUE
+CMOCKA_LIBS
+CMOCKA_CFLAGS
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
 WITH_SU_FALSE
 WITH_SU_TRUE
 USE_YESCRYPT_FALSE
@@ -729,6 +745,12 @@ USE_SHA_CRYPT_TRUE
 GROUP_NAME_MAX_LENGTH
 LIBOBJS
 CPP
+LIBADD_DL
+LT_DLPREOPEN
+LIBADD_DLD_LINK
+LIBADD_SHL_LOAD
+LIBADD_DLOPEN
+LT_DLLOADERS
 LT_SYS_LIBRARY_PATH
 OTOOL64
 OTOOL
@@ -741,6 +763,7 @@ ac_ct_AR
 AR
 DLLTOOL
 OBJDUMP
+FILECMD
 NM
 ac_ct_DUMPBIN
 DUMPBIN
@@ -872,8 +895,9 @@ enable_largefile
 enable_shadowgrp
 enable_man
 enable_account_tools_setuid
-enable_utmpx
 enable_subordinate_ids
+enable_lastlog
+enable_logind
 with_audit
 with_libpam
 with_btrfs
@@ -882,7 +906,6 @@ with_acl
 with_attr
 with_skey
 with_tcb
-with_libcrack
 with_sha_crypt
 with_bcrypt
 with_yescrypt
@@ -890,6 +913,7 @@ with_nscd
 with_sssd
 with_group_name_max_length
 with_su
+with_libbsd
 enable_vendordir
 with_xml_catalog
 with_fcaps
@@ -909,7 +933,14 @@ CPPFLAGS
 YACC
 YFLAGS
 LT_SYS_LIBRARY_PATH
-CPP'
+CPP
+PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+CMOCKA_CFLAGS
+CMOCKA_LIBS
+LIBBSD_CFLAGS
+LIBBSD_LIBS'
 
 
 # Initialize some variables set by options.
@@ -1458,7 +1489,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures shadow 4.13 to adapt to many kinds of systems.
+\`configure' configures shadow 4.15.2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1529,7 +1560,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of shadow 4.13:";;
+     short | recursive ) echo "Configuration of shadow 4.15.2:";;
    esac
   cat <<\_ACEOF
 
@@ -1558,9 +1589,10 @@ Optional Features:
                           Install the user and group management tools setuid
                           and authenticate the callers. This requires
                           --with-libpam.
-  --enable-utmpx          enable loggin in utmpx / wtmpx [default=no]
   --enable-subordinate-ids
                           support subordinate ids [default=yes]
+  --enable-lastlog        enable lastlog [default=no]
+  --enable-logind         enable logind [default=yes]
   --enable-vendordir=DIR  Directory for distribution provided configuration
                           files
   --disable-nls           do not use Native Language Support
@@ -1586,7 +1618,6 @@ Optional Packages:
                           found]
   --with-skey             use S/Key support [default=no]
   --with-tcb              use tcb support (incomplete) [default=yes if found]
-  --with-libcrack         use libcrack [default=no]
   --with-sha-crypt        allow the SHA256 and SHA512 password encryption
                           algorithms [default=yes]
   --with-bcrypt           allow the bcrypt password encryption algorithm
@@ -1600,6 +1631,7 @@ Optional Packages:
                           set max group name length [default=32]
   --with-su               build and install su program and man page
                           [default=yes]
+  --with-libbsd           use libbsd support [default=yes if found]
   --with-xml-catalog=CATALOG
                           path to xml catalog to use
   --with-fcaps            use file capabilities instead of suid binaries for
@@ -1627,6 +1659,17 @@ Some influential environment variables:
   LT_SYS_LIBRARY_PATH
               User-defined run-time library search path.
   CPP         C preprocessor
+  PKG_CONFIG  path to pkg-config utility
+  PKG_CONFIG_PATH
+              directories to add to pkg-config's search path
+  PKG_CONFIG_LIBDIR
+              path overriding pkg-config's built-in search path
+  CMOCKA_CFLAGS
+              C compiler flags for CMOCKA, overriding pkg-config
+  CMOCKA_LIBS linker flags for CMOCKA, overriding pkg-config
+  LIBBSD_CFLAGS
+              C compiler flags for LIBBSD, overriding pkg-config
+  LIBBSD_LIBS linker flags for LIBBSD, overriding pkg-config
 
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
@@ -1696,7 +1739,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-shadow configure 4.13
+shadow configure 4.15.2
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1891,62 +1934,57 @@ printf "%s\n" "$ac_res" >&6; }
 
 } # ac_fn_c_check_func
 
-# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
-# -------------------------------------------
-# Tests whether TYPE exists after having included INCLUDES, setting cache
-# variable VAR accordingly.
-ac_fn_c_check_type ()
+# ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR
+# ------------------------------------------------------------------
+# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
+# accordingly. Pass EXTRA-OPTIONS to the compiler, using FLAG-VAR.
+ac_fn_check_decl ()
 {
   as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
+  as_decl_name=`echo $2|sed 's/ *(.*//'`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
+printf %s "checking whether $as_decl_name is declared... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
-  eval "$3=no"
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-int
-main (void)
-{
-if (sizeof ($2))
-	 return 0;
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
+  as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
+  eval ac_save_FLAGS=\$$6
+  as_fn_append $6 " $5"
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $4
 int
 main (void)
 {
-if (sizeof (($2)))
-	    return 0;
+#ifndef $as_decl_name
+#ifdef __cplusplus
+  (void) $as_decl_use;
+#else
+  (void) $as_decl_name;
+#endif
+#endif
+
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-
-else $as_nop
   eval "$3=yes"
+else $as_nop
+  eval "$3=no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  eval $6=\$ac_save_FLAGS
+
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
 printf "%s\n" "$ac_res" >&6; }
   eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
 
-} # ac_fn_c_check_type
+} # ac_fn_check_decl
 
 # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
 # ----------------------------------------------------
@@ -2277,58 +2315,6 @@ rm -f conftest.val
   as_fn_set_status $ac_retval
 
 } # ac_fn_c_compute_int
-
-# ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR
-# ------------------------------------------------------------------
-# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
-# accordingly. Pass EXTRA-OPTIONS to the compiler, using FLAG-VAR.
-ac_fn_check_decl ()
-{
-  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-  as_decl_name=`echo $2|sed 's/ *(.*//'`
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
-printf %s "checking whether $as_decl_name is declared... " >&6; }
-if eval test \${$3+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
-  eval ac_save_FLAGS=\$$6
-  as_fn_append $6 " $5"
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-int
-main (void)
-{
-#ifndef $as_decl_name
-#ifdef __cplusplus
-  (void) $as_decl_use;
-#else
-  (void) $as_decl_name;
-#endif
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  eval "$3=yes"
-else $as_nop
-  eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  eval $6=\$ac_save_FLAGS
-
-fi
-eval ac_res=\$$3
-	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
-  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_check_decl
 ac_configure_args_raw=
 for ac_arg
 do
@@ -2353,7 +2339,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by shadow $as_me 4.13, which was
+It was created by shadow $as_me 4.15.2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -3626,7 +3612,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='shadow'
- VERSION='4.13'
+ VERSION='4.15.2'
 
 
 printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -3666,7 +3652,93 @@ AMTAR='$${TAR-tar}'
 # We'll loop over all known methods to create a tar archive until one works.
 _am_tools='gnutar  pax cpio none'
 
-am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to create a pax tar archive" >&5
+printf %s "checking how to create a pax tar archive... " >&6; }
+
+  # Go ahead even if we have the value already cached.  We do so because we
+  # need to set the values for the 'am__tar' and 'am__untar' variables.
+  _am_tools=${am_cv_prog_tar_pax-$_am_tools}
+
+  for _am_tool in $_am_tools; do
+    case $_am_tool in
+    gnutar)
+      for _am_tar in tar gnutar gtar; do
+        { echo "$as_me:$LINENO: $_am_tar --version" >&5
+   ($_am_tar --version) >&5 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); } && break
+      done
+      am__tar="$_am_tar --format=posix -chf - "'"$$tardir"'
+      am__tar_="$_am_tar --format=posix -chf - "'"$tardir"'
+      am__untar="$_am_tar -xf -"
+      ;;
+    plaintar)
+      # Must skip GNU tar: if it does not support --format= it doesn't create
+      # ustar tarball either.
+      (tar --version) >/dev/null 2>&1 && continue
+      am__tar='tar chf - "$$tardir"'
+      am__tar_='tar chf - "$tardir"'
+      am__untar='tar xf -'
+      ;;
+    pax)
+      am__tar='pax -L -x pax -w "$$tardir"'
+      am__tar_='pax -L -x pax -w "$tardir"'
+      am__untar='pax -r'
+      ;;
+    cpio)
+      am__tar='find "$$tardir" -print | cpio -o -H pax -L'
+      am__tar_='find "$tardir" -print | cpio -o -H pax -L'
+      am__untar='cpio -i -H pax -d'
+      ;;
+    none)
+      am__tar=false
+      am__tar_=false
+      am__untar=false
+      ;;
+    esac
+
+    # If the value was cached, stop now.  We just wanted to have am__tar
+    # and am__untar set.
+    test -n "${am_cv_prog_tar_pax}" && break
+
+    # tar/untar a dummy directory, and stop if the command works.
+    rm -rf conftest.dir
+    mkdir conftest.dir
+    echo GrepMe > conftest.dir/file
+    { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5
+   (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }
+    rm -rf conftest.dir
+    if test -s conftest.tar; then
+      { echo "$as_me:$LINENO: $am__untar <conftest.tar" >&5
+   ($am__untar <conftest.tar) >&5 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }
+      { echo "$as_me:$LINENO: cat conftest.dir/file" >&5
+   (cat conftest.dir/file) >&5 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }
+      grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+    fi
+  done
+  rm -rf conftest.dir
+
+  if test ${am_cv_prog_tar_pax+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  am_cv_prog_tar_pax=$_am_tool
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_pax" >&5
+printf "%s\n" "$am_cv_prog_tar_pax" >&6; }
 
 
 
@@ -6285,8 +6357,8 @@ esac
 
 
 
-macro_version='2.4.6'
-macro_revision='2.4.6'
+macro_version='2.4.7'
+macro_revision='2.4.7'
 
 
 
@@ -6914,13 +6986,13 @@ else
 	mingw*) lt_bad_file=conftest.nm/nofile ;;
 	*) lt_bad_file=/dev/null ;;
 	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
 	*$lt_bad_file* | *'Invalid file or object type'*)
 	  lt_cv_path_NM="$tmp_nm -B"
 	  break 2
 	  ;;
 	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
 	  */dev/null*)
 	    lt_cv_path_NM="$tmp_nm -p"
 	    break 2
@@ -7058,7 +7130,7 @@ esac
   fi
 fi
 
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
     *COFF*)
       DUMPBIN="$DUMPBIN -symbols -headers"
       ;;
@@ -7151,7 +7223,7 @@ else $as_nop
     lt_cv_sys_max_cmd_len=8192;
     ;;
 
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+  bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
     # This has been around since 386BSD, at least.  Likely further.
     if test -x /sbin/sysctl; then
       lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -7194,7 +7266,7 @@ else $as_nop
   sysv5* | sco5v6* | sysv4.2uw2*)
     kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
     if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[	 ]//'`
+      lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[	 ]//'`
     else
       lt_cv_sys_max_cmd_len=32768
     fi
@@ -7400,6 +7472,114 @@ esac
 
 
 if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}file", so it can be a program name with args.
+set dummy ${ac_tool_prefix}file; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_FILECMD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$FILECMD"; then
+  ac_cv_prog_FILECMD="$FILECMD" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_FILECMD="${ac_tool_prefix}file"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+FILECMD=$ac_cv_prog_FILECMD
+if test -n "$FILECMD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $FILECMD" >&5
+printf "%s\n" "$FILECMD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_FILECMD"; then
+  ac_ct_FILECMD=$FILECMD
+  # Extract the first word of "file", so it can be a program name with args.
+set dummy file; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_FILECMD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_FILECMD"; then
+  ac_cv_prog_ac_ct_FILECMD="$ac_ct_FILECMD" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_FILECMD="file"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_FILECMD=$ac_cv_prog_ac_ct_FILECMD
+if test -n "$ac_ct_FILECMD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_FILECMD" >&5
+printf "%s\n" "$ac_ct_FILECMD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_FILECMD" = x; then
+    FILECMD=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    FILECMD=$ac_ct_FILECMD
+  fi
+else
+  FILECMD="$ac_cv_prog_FILECMD"
+fi
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
 set dummy ${ac_tool_prefix}objdump; ac_word=$2
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -7542,7 +7722,7 @@ beos*)
 
 bsdi[45]*)
   lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_cmd='$FILECMD -L'
   lt_cv_file_magic_test_file=/shlib/libc.so
   ;;
 
@@ -7576,14 +7756,14 @@ darwin* | rhapsody*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     case $host_cpu in
     i*86 )
       # Not sure whether the presence of OpenBSD here was a mistake.
       # Let's accept both of them until this is cleared up.
       lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_cmd=$FILECMD
       lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
       ;;
     esac
@@ -7597,7 +7777,7 @@ haiku*)
   ;;
 
 hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   case $host_cpu in
   ia64*)
     lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
@@ -7644,7 +7824,7 @@ netbsd* | netbsdelf*-gnu)
 
 newos6*)
   lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   lt_cv_file_magic_test_file=/usr/lib/libnls.so
   ;;
 
@@ -8017,13 +8197,29 @@ esac
 fi
 
 : ${AR=ar}
-: ${AR_FLAGS=cr}
 
 
 
 
 
 
+# Use ARFLAGS variable as AR's operation code to sync the variable naming with
+# Automake.  If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
+# higher priority because thats what people were doing historically (setting
+# ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
+# variable obsoleted/removed.
+
+test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+lt_ar_flags=$AR_FLAGS
+
+
+
+
+
+
+# Make AR_FLAGS overridable by 'make ARFLAGS='.  Don't try to run-time override
+# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
+
 
 
 
@@ -8440,7 +8636,7 @@ esac
 
 if test "$lt_cv_nm_interface" = "MS dumpbin"; then
   # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
   # Adjust the below global symbol transforms to fixup imported variables.
   lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
   lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
@@ -8458,20 +8654,20 @@ fi
 # Transform an extracted symbol line into a proper C declaration.
 # Some systems (esp. on ia64) link data and code symbols differently,
 # so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
 $lt_cdecl_hook\
 " -e 's/^T .* \(.*\)$/extern int \1();/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
 
 # Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
 $lt_c_name_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
 
 # Transform an extracted symbol line into symbol name with lib prefix and
 # symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
 $lt_c_name_lib_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
@@ -8495,7 +8691,7 @@ for ac_symprfx in "" "_"; do
   if test "$lt_cv_nm_interface" = "MS dumpbin"; then
     # Fake it for dumpbin and say T for any non-static function,
     # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
+    # Also find C++ and __fastcall symbols from MSVC++ or ICC,
     # which start with @ or ?.
     lt_cv_sys_global_symbol_pipe="$AWK '"\
 "     {last_section=section; section=\$ 3};"\
@@ -8513,9 +8709,9 @@ for ac_symprfx in "" "_"; do
 "     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
 "     ' prfx=^$ac_symprfx"
   else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+    lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
   fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
 
   # Check to see that the pipe works correctly.
   pipe_works=no
@@ -8715,7 +8911,7 @@ case $with_sysroot in #(
    fi
    ;; #(
  /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
    ;; #(
  no|'')
    ;; #(
@@ -8840,7 +9036,7 @@ ia64-*-hpux*)
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *ELF-32*)
 	HPUX_IA64_MODE=32
 	;;
@@ -8861,7 +9057,7 @@ ia64-*-hpux*)
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
     if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -melf32bsmip"
 	  ;;
@@ -8873,7 +9069,7 @@ ia64-*-hpux*)
 	;;
       esac
     else
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -32"
 	  ;;
@@ -8899,7 +9095,7 @@ mips64*-*linux*)
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
     emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *32-bit*)
 	emul="${emul}32"
 	;;
@@ -8907,7 +9103,7 @@ mips64*-*linux*)
 	emul="${emul}64"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *MSB*)
 	emul="${emul}btsmip"
 	;;
@@ -8915,7 +9111,7 @@ mips64*-*linux*)
 	emul="${emul}ltsmip"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *N32*)
 	emul="${emul}n32"
 	;;
@@ -8939,14 +9135,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
       *32-bit*)
 	case $host in
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_i386_fbsd"
 	    ;;
 	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
+	    case `$FILECMD conftest.o` in
 	      *x86-64*)
 		LD="${LD-ld} -m elf32_x86_64"
 		;;
@@ -9054,7 +9250,7 @@ printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
     *64-bit*)
       case $lt_cv_prog_gnu_ld in
       yes*)
@@ -9837,8 +10033,8 @@ int forced_loaded() { return 2;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
       $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
-      echo "$AR cr libconftest.a conftest.o" >&5
-      $AR cr libconftest.a conftest.o 2>&5
+      echo "$AR $AR_FLAGS libconftest.a conftest.o" >&5
+      $AR $AR_FLAGS libconftest.a conftest.o 2>&5
       echo "$RANLIB libconftest.a" >&5
       $RANLIB libconftest.a 2>&5
       cat > conftest.c << _LT_EOF
@@ -9865,17 +10061,12 @@ printf "%s\n" "$lt_cv_ld_force_load" >&6; }
       _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
     darwin1.*)
       _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[912]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[012][,.]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*|11.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+    darwin*)
+      case $MACOSX_DEPLOYMENT_TARGET,$host in
+        10.[012],*|,*powerpc*-darwin[5-8]*)
+          _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+        *)
+          _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
       esac
     ;;
   esac
@@ -10172,8 +10363,8 @@ esac
 ofile=libtool
 can_build_shared=yes
 
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
+# All known linkers require a '.a' archive for static linking (except MSVC and
+# ICC, which need '.lib').
 libext=a
 
 with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -10691,7 +10882,7 @@ lt_prog_compiler_static=
 	lt_prog_compiler_static='-qstaticlink'
 	;;
       *)
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
 	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
 	  lt_prog_compiler_pic='-KPIC'
@@ -11114,15 +11305,15 @@ printf %s "checking whether the $compiler linker ($LD) supports shared libraries
 
   case $host_os in
   cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
     # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
+    # Microsoft Visual C++ or Intel C++ Compiler.
     if test yes != "$GCC"; then
       with_gnu_ld=no
     fi
     ;;
   interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
     with_gnu_ld=yes
     ;;
   openbsd* | bitrig*)
@@ -11177,7 +11368,7 @@ printf %s "checking whether the $compiler linker ($LD) supports shared libraries
       whole_archive_flag_spec=
     fi
     supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
+    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
       *GNU\ gold*) supports_anon_versioning=yes ;;
       *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
       *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -11289,6 +11480,7 @@ _LT_EOF
 	emximp -o $lib $output_objdir/$libname.def'
       old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       enable_shared_with_static_runtimes=yes
+      file_list_spec='@'
       ;;
 
     interix[3-9]*)
@@ -11303,7 +11495,7 @@ _LT_EOF
       # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
       # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
       archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
       ;;
 
     gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
@@ -11346,7 +11538,7 @@ _LT_EOF
 	  compiler_needs_object=yes
 	  ;;
 	esac
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ C*)			# Sun C 5.9
 	  whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
 	  compiler_needs_object=yes
@@ -11358,13 +11550,14 @@ _LT_EOF
 
         if test yes = "$supports_anon_versioning"; then
           archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
             echo "local: *; };" >> $output_objdir/$libname.ver~
             $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
         fi
 
 	case $cc_basename in
 	tcc*)
+	  hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
 	  export_dynamic_flag_spec='-rdynamic'
 	  ;;
 	xlf* | bgf* | bgxlf* | mpixlf*)
@@ -11374,7 +11567,7 @@ _LT_EOF
 	  archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
 	  if test yes = "$supports_anon_versioning"; then
 	    archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
               echo "local: *; };" >> $output_objdir/$libname.ver~
               $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
 	  fi
@@ -11506,7 +11699,7 @@ _LT_EOF
 	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
 	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
 	else
-	  export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	  export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
 	fi
 	aix_use_runtimelinking=no
 
@@ -11777,12 +11970,12 @@ fi
 
     cygwin* | mingw* | pw32* | cegcc*)
       # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
+      # Microsoft Visual C++ or Intel C++ Compiler.
       # hardcode_libdir_flag_spec is actually meaningless, as there is
       # no search path for DLLs.
       case $cc_basename in
-      cl*)
-	# Native MSVC
+      cl* | icl*)
+	# Native MSVC or ICC
 	hardcode_libdir_flag_spec=' '
 	allow_undefined_flag=unsupported
 	always_export_symbols=yes
@@ -11823,7 +12016,7 @@ fi
           fi'
 	;;
       *)
-	# Assume MSVC wrapper
+	# Assume MSVC and ICC wrapper
 	hardcode_libdir_flag_spec=' '
 	allow_undefined_flag=unsupported
 	# Tell ltmain to make .lib files, not .a files.
@@ -11864,8 +12057,8 @@ fi
     output_verbose_link_cmd=func_echo_all
     archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
     module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+    archive_expsym_cmds="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    module_expsym_cmds="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
 
   else
   ld_shlibs=no
@@ -11899,7 +12092,7 @@ fi
       ;;
 
     # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
+    freebsd* | dragonfly* | midnightbsd*)
       archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
       hardcode_libdir_flag_spec='-R$libdir'
       hardcode_direct=yes
@@ -12080,6 +12273,7 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
 	# Fabrice Bellard et al's Tiny C Compiler
 	ld_shlibs=yes
 	archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
 	;;
       esac
       ;;
@@ -12151,6 +12345,7 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
 	emximp -o $lib $output_objdir/$libname.def'
       old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       enable_shared_with_static_runtimes=yes
+      file_list_spec='@'
       ;;
 
     osf3*)
@@ -12843,7 +13038,7 @@ cygwin* | mingw* | pw32* | cegcc*)
     case $host_os in
     cygwin*)
       # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
 
       sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
       ;;
@@ -12853,14 +13048,14 @@ cygwin* | mingw* | pw32* | cegcc*)
       ;;
     pw32*)
       # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
       ;;
     esac
     dynamic_linker='Win32 ld.exe'
     ;;
 
-  *,cl*)
-    # Native MSVC
+  *,cl* | *,icl*)
+    # Native MSVC or ICC
     libname_spec='$name'
     soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
     library_names_spec='$libname.dll.lib'
@@ -12879,7 +13074,7 @@ cygwin* | mingw* | pw32* | cegcc*)
       done
       IFS=$lt_save_ifs
       # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
       ;;
     cygwin*)
       # Convert to unix form, then to dos form, then back to unix form
@@ -12916,7 +13111,7 @@ cygwin* | mingw* | pw32* | cegcc*)
     ;;
 
   *)
-    # Assume MSVC wrapper
+    # Assume MSVC and ICC wrapper
     library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
     dynamic_linker='Win32 ld.exe'
     ;;
@@ -12949,7 +13144,7 @@ dgux*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   # DragonFly does not have aout.  When/if they implement a new
   # versioning mechanism, adjust this.
   if test -x /usr/bin/objformat; then
@@ -14114,30 +14309,41 @@ striplib=
 old_striplib=
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
 printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
+if test -z "$STRIP"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
+  if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+    old_striplib="$STRIP --strip-debug"
+    striplib="$STRIP --strip-unneeded"
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+  else
+    case $host_os in
+    darwin*)
+      # FIXME - insert some real tests, host_os isn't really good enough
       striplib="$STRIP -x"
       old_striplib="$STRIP -S"
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+      ;;
+    freebsd*)
+      if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
+        old_striplib="$STRIP --strip-debug"
+        striplib="$STRIP --strip-unneeded"
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      else
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    fi
-    ;;
-  *)
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+      fi
+      ;;
+    *)
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    ;;
-  esac
+      ;;
+    esac
+  fi
 fi
 
 
@@ -14226,203 +14432,419 @@ CC=$lt_save_CC
 # Only expand once:
 
 
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5
+printf %s "checking for $CC options needed to detect all undeclared functions... " >&6; }
+if test ${ac_cv_c_undeclared_builtin_options+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_save_CFLAGS=$CFLAGS
+   ac_cv_c_undeclared_builtin_options='cannot detect'
+   for ac_arg in '' -fno-builtin; do
+     CFLAGS="$ac_save_CFLAGS $ac_arg"
+     # This test program should *not* compile successfully.
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
-
-ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default"
-if test "x$ac_cv_type__Bool" = xyes
+int
+main (void)
+{
+(void) strchr;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
 then :
 
-printf "%s\n" "#define HAVE__BOOL 1" >>confdefs.h
+else $as_nop
+  # This test program should compile successfully.
+        # No library function is consistently available on
+        # freestanding implementations, so test against a dummy
+        # declaration.  Include always-available headers on the
+        # off chance that they somehow elicit warnings.
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <float.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stddef.h>
+extern void ac_decl (int, char *);
 
+int
+main (void)
+{
+(void) ac_decl (0, (char *) 0);
+  (void) ac_decl;
 
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  if test x"$ac_arg" = x
+then :
+  ac_cv_c_undeclared_builtin_options='none needed'
+else $as_nop
+  ac_cv_c_undeclared_builtin_options=$ac_arg
+fi
+          break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+    done
+    CFLAGS=$ac_save_CFLAGS
 
-   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5
-printf %s "checking for stdbool.h that conforms to C99... " >&6; }
-if test ${ac_cv_header_stdbool_h+y}
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5
+printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; }
+  case $ac_cv_c_undeclared_builtin_options in #(
+  'cannot detect') :
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot make $CC report undeclared builtins
+See \`config.log' for more details" "$LINENO" 5; } ;; #(
+  'none needed') :
+    ac_c_undeclared_builtin_options='' ;; #(
+  *) :
+    ac_c_undeclared_builtin_options=$ac_cv_c_undeclared_builtin_options ;;
+esac
+
+
+LT_DLLOADERS=
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+lt_dlload_save_LIBS=$LIBS
+
+LIBADD_DLOPEN=
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
+printf %s "checking for library containing dlopen... " >&6; }
+if test ${ac_cv_search_dlopen+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include <stdbool.h>
 
-             #ifndef __bool_true_false_are_defined
-               #error "__bool_true_false_are_defined is not defined"
-             #endif
-             char a[__bool_true_false_are_defined == 1 ? 1 : -1];
-
-             /* Regardless of whether this is C++ or "_Bool" is a
-                valid type name, "true" and "false" should be usable
-                in #if expressions and integer constant expressions,
-                and "bool" should be a valid type name.  */
-
-             #if !true
-               #error "'true' is not true"
-             #endif
-             #if true != 1
-               #error "'true' is not equal to 1"
-             #endif
-             char b[true == 1 ? 1 : -1];
-             char c[true];
-
-             #if false
-               #error "'false' is not false"
-             #endif
-             #if false != 0
-               #error "'false' is not equal to 0"
-             #endif
-             char d[false == 0 ? 1 : -1];
-
-             enum { e = false, f = true, g = false * true, h = true * 256 };
-
-             char i[(bool) 0.5 == true ? 1 : -1];
-             char j[(bool) 0.0 == false ? 1 : -1];
-             char k[sizeof (bool) > 0 ? 1 : -1];
-
-             struct sb { bool s: 1; bool t; } s;
-             char l[sizeof s.t > 0 ? 1 : -1];
-
-             /* The following fails for
-                HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */
-             bool m[h];
-             char n[sizeof m == h * sizeof m[0] ? 1 : -1];
-             char o[-1 - (bool) 0 < 0 ? 1 : -1];
-             /* Catch a bug in an HP-UX C compiler.  See
-         https://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html
-         https://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html
-              */
-             bool p = true;
-             bool *pp = &p;
-
-             /* C 1999 specifies that bool, true, and false are to be
-                macros, but C++ 2011 and later overrule this.  */
-             #if __cplusplus < 201103
-              #ifndef bool
-               #error "bool is not defined"
-              #endif
-              #ifndef false
-               #error "false is not defined"
-              #endif
-              #ifndef true
-               #error "true is not defined"
-              #endif
-             #endif
-
-             /* If _Bool is available, repeat with it all the tests
-                above that used bool.  */
-             #ifdef HAVE__BOOL
-               struct sB { _Bool s: 1; _Bool t; } t;
-
-               char q[(_Bool) 0.5 == true ? 1 : -1];
-               char r[(_Bool) 0.0 == false ? 1 : -1];
-               char u[sizeof (_Bool) > 0 ? 1 : -1];
-               char v[sizeof t.t > 0 ? 1 : -1];
-
-               _Bool w[h];
-               char x[sizeof m == h * sizeof m[0] ? 1 : -1];
-               char y[-1 - (_Bool) 0 < 0 ? 1 : -1];
-               _Bool z = true;
-               _Bool *pz = &p;
-             #endif
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
+int
+main (void)
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' dl
+do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_search_dlopen=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext
+  if test ${ac_cv_search_dlopen+y}
+then :
+  break
+fi
+done
+if test ${ac_cv_search_dlopen+y}
+then :
+
+else $as_nop
+  ac_cv_search_dlopen=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
+printf "%s\n" "$ac_cv_search_dlopen" >&6; }
+ac_res=$ac_cv_search_dlopen
+if test "$ac_res" != no
+then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+printf "%s\n" "#define HAVE_LIBDL 1" >>confdefs.h
+
+	if test "$ac_cv_search_dlopen" != "none required"; then
+	  LIBADD_DLOPEN=-ldl
+	fi
+	libltdl_cv_lib_dl_dlopen=yes
+	LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#if HAVE_DLFCN_H
+#  include <dlfcn.h>
+#endif
 
 int
 main (void)
 {
+dlopen(0, 0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+
+printf "%s\n" "#define HAVE_LIBDL 1" >>confdefs.h
 
-             bool ps = &s;
-             *pp |= p;
-             *pp |= ! p;
-
-             #ifdef HAVE__BOOL
-               _Bool pt = &t;
-               *pz |= z;
-               *pz |= ! z;
-             #endif
-
-             /* Refer to every declared value, so they cannot be
-                discarded as unused.  */
-             return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !j + !k
-                     + !l + !m + !n + !o + !p + !pp + !ps
-             #ifdef HAVE__BOOL
-                     + !q + !r + !u + !v + !w + !x + !y + !z + !pt
-             #endif
-                    );
+	    libltdl_cv_func_dlopen=yes
+	    LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+printf %s "checking for dlopen in -lsvld... " >&6; }
+if test ${ac_cv_lib_svld_dlopen+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
+int
+main (void)
+{
+return dlopen ();
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"
+if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_header_stdbool_h=yes
+  ac_cv_lib_svld_dlopen=yes
 else $as_nop
-  ac_cv_header_stdbool_h=no
+  ac_cv_lib_svld_dlopen=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5
-printf "%s\n" "$ac_cv_header_stdbool_h" >&6; }
-
-if test $ac_cv_header_stdbool_h = yes; then
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = xyes
+then :
 
-printf "%s\n" "#define HAVE_STDBOOL_H 1" >>confdefs.h
+printf "%s\n" "#define HAVE_LIBDL 1" >>confdefs.h
 
+	        LIBADD_DLOPEN=-lsvld libltdl_cv_func_dlopen=yes
+		LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"
 fi
 
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
 
-ac_fn_c_check_header_compile "$LINENO" "crypt.h" "ac_cv_header_crypt_h" "$ac_includes_default"
-if test "x$ac_cv_header_crypt_h" = xyes
+if test yes = "$libltdl_cv_func_dlopen" || test yes = "$libltdl_cv_lib_dl_dlopen"
+then
+  lt_save_LIBS=$LIBS
+  LIBS="$LIBS $LIBADD_DLOPEN"
+  ac_fn_c_check_func "$LINENO" "dlerror" "ac_cv_func_dlerror"
+if test "x$ac_cv_func_dlerror" = xyes
 then :
-  printf "%s\n" "#define HAVE_CRYPT_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_DLERROR 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "errno.h" "ac_cv_header_errno_h" "$ac_includes_default"
-if test "x$ac_cv_header_errno_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_ERRNO_H 1" >>confdefs.h
 
+  LIBS=$lt_save_LIBS
 fi
-ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "$ac_includes_default"
-if test "x$ac_cv_header_fcntl_h" = xyes
+
+
+LIBADD_SHL_LOAD=
+ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = xyes
+then :
+
+printf "%s\n" "#define HAVE_SHL_LOAD 1" >>confdefs.h
+
+	LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la"
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+printf %s "checking for shl_load in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_shl_load+y}
 then :
-  printf "%s\n" "#define HAVE_FCNTL_H 1" >>confdefs.h
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char shl_load ();
+int
+main (void)
+{
+return shl_load ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_dld_shl_load=yes
+else $as_nop
+  ac_cv_lib_dld_shl_load=no
 fi
-ac_fn_c_check_header_compile "$LINENO" "limits.h" "ac_cv_header_limits_h" "$ac_includes_default"
-if test "x$ac_cv_header_limits_h" = xyes
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = xyes
 then :
-  printf "%s\n" "#define HAVE_LIMITS_H 1" >>confdefs.h
+
+printf "%s\n" "#define HAVE_SHL_LOAD 1" >>confdefs.h
+
+	    LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la"
+	    LIBADD_SHL_LOAD=-ldld
+fi
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
-if test "x$ac_cv_header_unistd_h" = xyes
+
+
+
+case $host_os in
+darwin[1567].*)
+# We only want this for pre-Mac OS X 10.4.
+  ac_fn_c_check_func "$LINENO" "_dyld_func_lookup" "ac_cv_func__dyld_func_lookup"
+if test "x$ac_cv_func__dyld_func_lookup" = xyes
 then :
-  printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
 
+printf "%s\n" "#define HAVE_DYLD 1" >>confdefs.h
+
+	LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dyld.la"
 fi
-ac_fn_c_check_header_compile "$LINENO" "sys/time.h" "ac_cv_header_sys_time_h" "$ac_includes_default"
-if test "x$ac_cv_header_sys_time_h" = xyes
+
+  ;;
+beos*)
+  LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}load_add_on.la"
+  ;;
+cygwin* | mingw* | pw32*)
+  ac_fn_check_decl "$LINENO" "cygwin_conv_path" "ac_cv_have_decl_cygwin_conv_path" "#include <sys/cygwin.h>
+" "$ac_c_undeclared_builtin_options" "CFLAGS"
+if test "x$ac_cv_have_decl_cygwin_conv_path" = xyes
 then :
-  printf "%s\n" "#define HAVE_SYS_TIME_H 1" >>confdefs.h
+  ac_have_decl=1
+else $as_nop
+  ac_have_decl=0
+fi
+printf "%s\n" "#define HAVE_DECL_CYGWIN_CONV_PATH $ac_have_decl" >>confdefs.h
 
+  LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}loadlibrary.la"
+  ;;
+esac
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+printf %s "checking for dld_link in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_dld_link+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char dld_link ();
+int
+main (void)
+{
+return dld_link ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_dld_dld_link=yes
+else $as_nop
+  ac_cv_lib_dld_dld_link=no
 fi
-ac_fn_c_check_header_compile "$LINENO" "utmp.h" "ac_cv_header_utmp_h" "$ac_includes_default"
-if test "x$ac_cv_header_utmp_h" = xyes
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = xyes
 then :
-  printf "%s\n" "#define HAVE_UTMP_H 1" >>confdefs.h
+
+printf "%s\n" "#define HAVE_DLD 1" >>confdefs.h
+
+		LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dld_link.la"
+fi
+
+
+
+
+LT_DLPREOPEN=
+if test -n "$LT_DLLOADERS"
+then
+  for lt_loader in $LT_DLLOADERS; do
+    LT_DLPREOPEN="$LT_DLPREOPEN-dlpreopen $lt_loader "
+  done
+
+printf "%s\n" "#define HAVE_LIBDLLOADER 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "utmpx.h" "ac_cv_header_utmpx_h" "$ac_includes_default"
-if test "x$ac_cv_header_utmpx_h" = xyes
+
+
+LIBADD_DL="$LIBADD_DLOPEN $LIBADD_SHL_LOAD"
+
+
+LIBS=$lt_dlload_save_LIBS
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+ac_fn_c_check_header_compile "$LINENO" "crypt.h" "ac_cv_header_crypt_h" "$ac_includes_default"
+if test "x$ac_cv_header_crypt_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_UTMPX_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_CRYPT_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "termios.h" "ac_cv_header_termios_h" "$ac_includes_default"
-if test "x$ac_cv_header_termios_h" = xyes
+ac_fn_c_check_header_compile "$LINENO" "utmp.h" "ac_cv_header_utmp_h" "$ac_includes_default"
+if test "x$ac_cv_header_utmp_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_TERMIOS_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_UTMP_H 1" >>confdefs.h
 
 fi
 ac_fn_c_check_header_compile "$LINENO" "termio.h" "ac_cv_header_termio_h" "$ac_includes_default"
@@ -14443,30 +14865,12 @@ then :
   printf "%s\n" "#define HAVE_SYS_IOCTL_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
-if test "x$ac_cv_header_syslog_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_SYSLOG_H 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "paths.h" "ac_cv_header_paths_h" "$ac_includes_default"
 if test "x$ac_cv_header_paths_h" = xyes
 then :
   printf "%s\n" "#define HAVE_PATHS_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "utime.h" "ac_cv_header_utime_h" "$ac_includes_default"
-if test "x$ac_cv_header_utime_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_UTIME_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "ulimit.h" "ac_cv_header_ulimit_h" "$ac_includes_default"
-if test "x$ac_cv_header_ulimit_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_ULIMIT_H 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "sys/capability.h" "ac_cv_header_sys_capability_h" "$ac_includes_default"
 if test "x$ac_cv_header_sys_capability_h" = xyes
 then :
@@ -14479,12 +14883,6 @@ then :
   printf "%s\n" "#define HAVE_SYS_RANDOM_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "sys/resource.h" "ac_cv_header_sys_resource_h" "$ac_includes_default"
-if test "x$ac_cv_header_sys_resource_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_SYS_RESOURCE_H 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "gshadow.h" "ac_cv_header_gshadow_h" "$ac_includes_default"
 if test "x$ac_cv_header_gshadow_h" = xyes
 then :
@@ -14497,24 +14895,12 @@ then :
   printf "%s\n" "#define HAVE_LASTLOG_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "locale.h" "ac_cv_header_locale_h" "$ac_includes_default"
-if test "x$ac_cv_header_locale_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_LOCALE_H 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "rpc/key_prot.h" "ac_cv_header_rpc_key_prot_h" "$ac_includes_default"
 if test "x$ac_cv_header_rpc_key_prot_h" = xyes
 then :
   printf "%s\n" "#define HAVE_RPC_KEY_PROT_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "$ac_includes_default"
-if test "x$ac_cv_header_netdb_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_NETDB_H 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "acl/libacl.h" "ac_cv_header_acl_libacl_h" "$ac_includes_default"
 if test "x$ac_cv_header_acl_libacl_h" = xyes
 then :
@@ -14550,30 +14936,6 @@ then :
   printf "%s\n" "#define HAVE_ARC4RANDOM_BUF 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "l64a" "ac_cv_func_l64a"
-if test "x$ac_cv_func_l64a" = xyes
-then :
-  printf "%s\n" "#define HAVE_L64A 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "fchmod" "ac_cv_func_fchmod"
-if test "x$ac_cv_func_fchmod" = xyes
-then :
-  printf "%s\n" "#define HAVE_FCHMOD 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "fchown" "ac_cv_func_fchown"
-if test "x$ac_cv_func_fchown" = xyes
-then :
-  printf "%s\n" "#define HAVE_FCHOWN 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "fsync" "ac_cv_func_fsync"
-if test "x$ac_cv_func_fsync" = xyes
-then :
-  printf "%s\n" "#define HAVE_FSYNC 1" >>confdefs.h
-
-fi
 ac_fn_c_check_func "$LINENO" "futimes" "ac_cv_func_futimes"
 if test "x$ac_cv_func_futimes" = xyes
 then :
@@ -14604,12 +14966,6 @@ then :
   printf "%s\n" "#define HAVE_GETUSERSHELL 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "getutent" "ac_cv_func_getutent"
-if test "x$ac_cv_func_getutent" = xyes
-then :
-  printf "%s\n" "#define HAVE_GETUTENT 1" >>confdefs.h
-
-fi
 ac_fn_c_check_func "$LINENO" "initgroups" "ac_cv_func_initgroups"
 if test "x$ac_cv_func_initgroups" = xyes
 then :
@@ -14634,12 +14990,6 @@ then :
   printf "%s\n" "#define HAVE_SETGROUPS 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "updwtmp" "ac_cv_func_updwtmp"
-if test "x$ac_cv_func_updwtmp" = xyes
-then :
-  printf "%s\n" "#define HAVE_UPDWTMP 1" >>confdefs.h
-
-fi
 ac_fn_c_check_func "$LINENO" "updwtmpx" "ac_cv_func_updwtmpx"
 if test "x$ac_cv_func_updwtmpx" = xyes
 then :
@@ -14652,46 +15002,40 @@ then :
   printf "%s\n" "#define HAVE_INNETGR 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "getpwnam_r" "ac_cv_func_getpwnam_r"
-if test "x$ac_cv_func_getpwnam_r" = xyes
-then :
-  printf "%s\n" "#define HAVE_GETPWNAM_R 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "getpwuid_r" "ac_cv_func_getpwuid_r"
-if test "x$ac_cv_func_getpwuid_r" = xyes
+ac_fn_c_check_func "$LINENO" "getspnam_r" "ac_cv_func_getspnam_r"
+if test "x$ac_cv_func_getspnam_r" = xyes
 then :
-  printf "%s\n" "#define HAVE_GETPWUID_R 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_GETSPNAM_R 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "getgrnam_r" "ac_cv_func_getgrnam_r"
-if test "x$ac_cv_func_getgrnam_r" = xyes
+ac_fn_c_check_func "$LINENO" "rpmatch" "ac_cv_func_rpmatch"
+if test "x$ac_cv_func_rpmatch" = xyes
 then :
-  printf "%s\n" "#define HAVE_GETGRNAM_R 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_RPMATCH 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "getgrgid_r" "ac_cv_func_getgrgid_r"
-if test "x$ac_cv_func_getgrgid_r" = xyes
+ac_fn_c_check_func "$LINENO" "memset_explicit" "ac_cv_func_memset_explicit"
+if test "x$ac_cv_func_memset_explicit" = xyes
 then :
-  printf "%s\n" "#define HAVE_GETGRGID_R 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_MEMSET_EXPLICIT 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "getspnam_r" "ac_cv_func_getspnam_r"
-if test "x$ac_cv_func_getspnam_r" = xyes
+ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
+if test "x$ac_cv_func_explicit_bzero" = xyes
 then :
-  printf "%s\n" "#define HAVE_GETSPNAM_R 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "memset_s" "ac_cv_func_memset_s"
-if test "x$ac_cv_func_memset_s" = xyes
+ac_fn_c_check_func "$LINENO" "stpecpy" "ac_cv_func_stpecpy"
+if test "x$ac_cv_func_stpecpy" = xyes
 then :
-  printf "%s\n" "#define HAVE_MEMSET_S 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_STPECPY 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
-if test "x$ac_cv_func_explicit_bzero" = xyes
+ac_fn_c_check_func "$LINENO" "stpeprintf" "ac_cv_func_stpeprintf"
+if test "x$ac_cv_func_stpeprintf" = xyes
 then :
-  printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_STPEPRINTF 1" >>confdefs.h
 
 fi
 
@@ -14900,180 +15244,6 @@ rm -rf conftest*
 fi
 
 
-ac_fn_c_check_member "$LINENO" "struct stat" "st_atim" "ac_cv_member_struct_stat_st_atim" "$ac_includes_default"
-if test "x$ac_cv_member_struct_stat_st_atim" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_STAT_ST_ATIM 1" >>confdefs.h
-
-
-fi
-
-ac_fn_c_check_member "$LINENO" "struct stat" "st_atimensec" "ac_cv_member_struct_stat_st_atimensec" "$ac_includes_default"
-if test "x$ac_cv_member_struct_stat_st_atimensec" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_STAT_ST_ATIMENSEC 1" >>confdefs.h
-
-
-fi
-
-ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim" "ac_cv_member_struct_stat_st_mtim" "$ac_includes_default"
-if test "x$ac_cv_member_struct_stat_st_mtim" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_STAT_ST_MTIM 1" >>confdefs.h
-
-
-fi
-
-ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimensec" "ac_cv_member_struct_stat_st_mtimensec" "$ac_includes_default"
-if test "x$ac_cv_member_struct_stat_st_mtimensec" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_STAT_ST_MTIMENSEC 1" >>confdefs.h
-
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5
-printf %s "checking whether struct tm is in sys/time.h or time.h... " >&6; }
-if test ${ac_cv_struct_tm+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <sys/types.h>
-#include <time.h>
-
-int
-main (void)
-{
-struct tm tm;
-				     int *p = &tm.tm_sec;
-				     return !p;
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  ac_cv_struct_tm=time.h
-else $as_nop
-  ac_cv_struct_tm=sys/time.h
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5
-printf "%s\n" "$ac_cv_struct_tm" >&6; }
-if test $ac_cv_struct_tm = sys/time.h; then
-
-printf "%s\n" "#define TM_IN_SYS_TIME 1" >>confdefs.h
-
-fi
-
-
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_type" "ac_cv_member_struct_utmp_ut_type" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_type" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_id" "ac_cv_member_struct_utmp_ut_id" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_id" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_name" "ac_cv_member_struct_utmp_ut_name" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_name" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_NAME 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_user" "ac_cv_member_struct_utmp_ut_user" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_user" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_USER 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_host" "ac_cv_member_struct_utmp_ut_host" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_host" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_HOST 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_syslen" "ac_cv_member_struct_utmp_ut_syslen" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_syslen" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_SYSLEN 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_addr" "ac_cv_member_struct_utmp_ut_addr" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_addr" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_ADDR 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_addr_v6" "ac_cv_member_struct_utmp_ut_addr_v6" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_addr_v6" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_ADDR_V6 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_time" "ac_cv_member_struct_utmp_ut_time" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_time" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TIME 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_xtime" "ac_cv_member_struct_utmp_ut_xtime" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_xtime" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_XTIME 1" >>confdefs.h
-
-
-fi
-ac_fn_c_check_member "$LINENO" "struct utmp" "ut_tv" "ac_cv_member_struct_utmp_ut_tv" "#include <utmp.h>
-"
-if test "x$ac_cv_member_struct_utmp_ut_tv" = xyes
-then :
-
-printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TV 1" >>confdefs.h
-
-
-fi
-
 
 ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_name" "ac_cv_member_struct_utmpx_ut_name" "#include <utmpx.h>
 "
@@ -15140,45 +15310,6 @@ printf "%s\n" "#define HAVE_STRUCT_UTMPX_UT_XTIME 1" >>confdefs.h
 fi
 
 
-if test "$ac_cv_header_lastlog_h" = "yes"; then
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ll_host in struct lastlog" >&5
-printf %s "checking for ll_host in struct lastlog... " >&6; }
-if test ${ac_cv_struct_lastlog_ll_host+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <lastlog.h>
-int
-main (void)
-{
-struct lastlog ll; char *cp = ll.ll_host;
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  ac_cv_struct_lastlog_ll_host=yes
-else $as_nop
-  ac_cv_struct_lastlog_ll_host=no
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_lastlog_ll_host" >&5
-printf "%s\n" "$ac_cv_struct_lastlog_ll_host" >&6; }
-
-	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
-
-printf "%s\n" "#define HAVE_LL_HOST 1" >>confdefs.h
-
-	fi
-fi
-
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -15467,19 +15598,6 @@ printf "%s\n" "#define HAVE_UTIME_NULL 1" >>confdefs.h
 fi
 rm -f conftest.data
 
-ac_fn_c_check_func "$LINENO" "mkdir" "ac_cv_func_mkdir"
-if test "x$ac_cv_func_mkdir" = xyes
-then :
-  printf "%s\n" "#define HAVE_MKDIR 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" mkdir.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS mkdir.$ac_objext"
- ;;
-esac
-
-fi
 ac_fn_c_check_func "$LINENO" "putgrent" "ac_cv_func_putgrent"
 if test "x$ac_cv_func_putgrent" = xyes
 then :
@@ -15519,32 +15637,6 @@ else $as_nop
 esac
 
 fi
-ac_fn_c_check_func "$LINENO" "rename" "ac_cv_func_rename"
-if test "x$ac_cv_func_rename" = xyes
-then :
-  printf "%s\n" "#define HAVE_RENAME 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" rename.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS rename.$ac_objext"
- ;;
-esac
-
-fi
-ac_fn_c_check_func "$LINENO" "rmdir" "ac_cv_func_rmdir"
-if test "x$ac_cv_func_rmdir" = xyes
-then :
-  printf "%s\n" "#define HAVE_RMDIR 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" rmdir.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS rmdir.$ac_objext"
- ;;
-esac
-
-fi
 
 ac_fn_c_check_func "$LINENO" "sgetgrent" "ac_cv_func_sgetgrent"
 if test "x$ac_cv_func_sgetgrent" = xyes
@@ -15586,72 +15678,6 @@ esac
 
 fi
 
-ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf"
-if test "x$ac_cv_func_snprintf" = xyes
-then :
-  printf "%s\n" "#define HAVE_SNPRINTF 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" snprintf.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS snprintf.$ac_objext"
- ;;
-esac
-
-fi
-ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp"
-if test "x$ac_cv_func_strcasecmp" = xyes
-then :
-  printf "%s\n" "#define HAVE_STRCASECMP 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" strcasecmp.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strcasecmp.$ac_objext"
- ;;
-esac
-
-fi
-ac_fn_c_check_func "$LINENO" "strdup" "ac_cv_func_strdup"
-if test "x$ac_cv_func_strdup" = xyes
-then :
-  printf "%s\n" "#define HAVE_STRDUP 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" strdup.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strdup.$ac_objext"
- ;;
-esac
-
-fi
-ac_fn_c_check_func "$LINENO" "strerror" "ac_cv_func_strerror"
-if test "x$ac_cv_func_strerror" = xyes
-then :
-  printf "%s\n" "#define HAVE_STRERROR 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" strerror.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strerror.$ac_objext"
- ;;
-esac
-
-fi
-ac_fn_c_check_func "$LINENO" "strstr" "ac_cv_func_strstr"
-if test "x$ac_cv_func_strstr" = xyes
-then :
-  printf "%s\n" "#define HAVE_STRSTR 1" >>confdefs.h
-
-else $as_nop
-  case " $LIBOBJS " in
-  *" strstr.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strstr.$ac_objext"
- ;;
-esac
-
-fi
-
 
 ac_fn_c_check_func "$LINENO" "setpgrp" "ac_cv_func_setpgrp"
 if test "x$ac_cv_func_setpgrp" = xyes
@@ -15684,6 +15710,10 @@ else $as_nop
 /* end confdefs.h.  */
 
 				#include <shadow.h>
+				#ifdef HAVE_GSHADOW_H
+				#include <gshadow.h>
+				#endif
+				int
 				main()
 				{
 					struct sgrp *sg = sgetsgent("test:x::");
@@ -15818,9 +15848,6 @@ printf "%s\n" "$shadow_cv_passwd_dir" >&6; }
 printf "%s\n" "#define PASSWD_PROGRAM \"$shadow_cv_passwd_dir/passwd\"" >>confdefs.h
 
 
-
-printf "%s\n" "#define USE_SYSLOG 1" >>confdefs.h
-
 if test "$ac_cv_func_ruserok" = "yes"; then
 
 printf "%s\n" "#define RLOGIN 1" >>confdefs.h
@@ -15869,26 +15896,32 @@ else $as_nop
 fi
 
 
-# Check whether --enable-utmpx was given.
-if test ${enable_utmpx+y}
+# Check whether --enable-subordinate-ids was given.
+if test ${enable_subordinate_ids+y}
 then :
-  enableval=$enable_utmpx; case "${enableval}" in
-	 yes) enable_utmpx="yes" ;;
-	  no) enable_utmpx="no" ;;
-	   *) as_fn_error $? "bad value ${enableval} for --enable-utmpx" "$LINENO" 5 ;;
-	 esac
+  enableval=$enable_subordinate_ids; enable_subids="${enableval}"
 else $as_nop
-  enable_utmpx="no"
+  enable_subids="maybe"
 
 fi
 
 
-# Check whether --enable-subordinate-ids was given.
-if test ${enable_subordinate_ids+y}
+# Check whether --enable-lastlog was given.
+if test ${enable_lastlog+y}
 then :
-  enableval=$enable_subordinate_ids; enable_subids="${enableval}"
+  enableval=$enable_lastlog; enable_lastlog="${enableval}"
 else $as_nop
-  enable_subids="maybe"
+  enable_lastlog="no"
+
+fi
+
+
+# Check whether --enable-logind was given.
+if test ${enable_logind+y}
+then :
+  enableval=$enable_logind; enable_logind="${enableval}"
+else $as_nop
+  enable_logind="yes"
 
 fi
 
@@ -15966,15 +15999,6 @@ else $as_nop
 fi
 
 
-# Check whether --with-libcrack was given.
-if test ${with_libcrack+y}
-then :
-  withval=$with_libcrack; with_libcrack=$withval
-else $as_nop
-  with_libcrack=no
-fi
-
-
 # Check whether --with-sha-crypt was given.
 if test ${with_sha_crypt+y}
 then :
@@ -16038,6 +16062,15 @@ else $as_nop
 fi
 
 
+# Check whether --with-libbsd was given.
+if test ${with_libbsd+y}
+then :
+  withval=$with_libbsd; with_libbsd=$withval
+else $as_nop
+  with_libbsd=yes
+fi
+
+
 if test "$with_group_name_max_length" = "no" ; then
 	with_group_name_max_length=0
 elif test "$with_group_name_max_length" = "yes" ; then
@@ -16049,6 +16082,7 @@ printf "%s\n" "#define GROUP_NAME_MAX_LENGTH $with_group_name_max_length" >>conf
 
 GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
 
+
  if test "x$with_sha_crypt" = "xyes"; then
   USE_SHA_CRYPT_TRUE=
   USE_SHA_CRYPT_FALSE='#'
@@ -16133,9 +16167,9 @@ fi
 
 
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntoa" >&5
-printf %s "checking for library containing inet_ntoa... " >&6; }
-if test ${ac_cv_search_inet_ntoa+y}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
+printf %s "checking for library containing gethostbyname... " >&6; }
+if test ${ac_cv_search_gethostbyname+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
@@ -16146,16 +16180,16 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
    builtin and then its argument prototype would still apply.  */
-char inet_ntoa ();
+char gethostbyname ();
 int
 main (void)
 {
-return inet_ntoa ();
+return gethostbyname ();
   ;
   return 0;
 }
 _ACEOF
-for ac_lib in '' inet
+for ac_lib in '' nsl
 do
   if test -z "$ac_lib"; then
     ac_res="none required"
@@ -16165,149 +16199,243 @@ do
   fi
   if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_search_inet_ntoa=$ac_res
+  ac_cv_search_gethostbyname=$ac_res
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext
-  if test ${ac_cv_search_inet_ntoa+y}
+  if test ${ac_cv_search_gethostbyname+y}
 then :
   break
 fi
 done
-if test ${ac_cv_search_inet_ntoa+y}
+if test ${ac_cv_search_gethostbyname+y}
 then :
 
 else $as_nop
-  ac_cv_search_inet_ntoa=no
+  ac_cv_search_gethostbyname=no
 fi
 rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntoa" >&5
-printf "%s\n" "$ac_cv_search_inet_ntoa" >&6; }
-ac_res=$ac_cv_search_inet_ntoa
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5
+printf "%s\n" "$ac_cv_search_gethostbyname" >&6; }
+ac_res=$ac_cv_search_gethostbyname
 if test "$ac_res" != no
 then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
 fi
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5
-printf %s "checking for library containing socket... " >&6; }
-if test ${ac_cv_search_socket+y}
+
+
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKG_CONFIG+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char socket ();
-int
-main (void)
-{
-return socket ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' socket
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
 do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
   fi
-  if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_search_socket=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext
-  if test ${ac_cv_search_socket+y}
-then :
-  break
-fi
 done
-if test ${ac_cv_search_socket+y}
-then :
+  done
+IFS=$as_save_IFS
 
-else $as_nop
-  ac_cv_search_socket=no
+  ;;
+esac
 fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+printf "%s\n" "$PKG_CONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5
-printf "%s\n" "$ac_cv_search_socket" >&6; }
-ac_res=$ac_cv_search_socket
-if test "$ac_res" != no
-then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
-fi
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
-printf %s "checking for library containing gethostbyname... " >&6; }
-if test ${ac_cv_search_gethostbyname+y}
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+  ac_pt_PKG_CONFIG=$PKG_CONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char gethostbyname ();
-int
-main (void)
-{
-return gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' nsl
+  case $ac_pt_PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
 do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKG_CONFIG" = x; then
+    PKG_CONFIG=""
   else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKG_CONFIG=$ac_pt_PKG_CONFIG
   fi
-  if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_search_gethostbyname=$ac_res
+else
+  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext
-  if test ${ac_cv_search_gethostbyname+y}
-then :
-  break
+
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=0.9.0
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	else
+		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+		PKG_CONFIG=""
+	fi
 fi
-done
-if test ${ac_cv_search_gethostbyname+y}
-then :
 
-else $as_nop
-  ac_cv_search_gethostbyname=no
+pkg_failed=no
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cmocka" >&5
+printf %s "checking for cmocka... " >&6; }
+
+if test -n "$CMOCKA_CFLAGS"; then
+    pkg_cv_CMOCKA_CFLAGS="$CMOCKA_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "cmocka") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_CMOCKA_CFLAGS=`$PKG_CONFIG --cflags "cmocka" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
 fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+ else
+    pkg_failed=untried
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5
-printf "%s\n" "$ac_cv_search_gethostbyname" >&6; }
-ac_res=$ac_cv_search_gethostbyname
-if test "$ac_res" != no
-then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+if test -n "$CMOCKA_LIBS"; then
+    pkg_cv_CMOCKA_LIBS="$CMOCKA_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "cmocka") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_CMOCKA_LIBS=`$PKG_CONFIG --libs "cmocka" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+                CMOCKA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "cmocka" 2>&1`
+        else
+                CMOCKA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "cmocka" 2>&1`
+        fi
+        # Put the nasty error message in config.log where it belongs
+        echo "$CMOCKA_PKG_ERRORS" >&5
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libcmocka not found, cmocka tests will not be built" >&5
+printf "%s\n" "$as_me: WARNING: libcmocka not found, cmocka tests will not be built" >&2;}
+elif test $pkg_failed = untried; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libcmocka not found, cmocka tests will not be built" >&5
+printf "%s\n" "$as_me: WARNING: libcmocka not found, cmocka tests will not be built" >&2;}
+else
+        CMOCKA_CFLAGS=$pkg_cv_CMOCKA_CFLAGS
+        CMOCKA_LIBS=$pkg_cv_CMOCKA_LIBS
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+        have_cmocka="yes"
+fi
+ if test x$have_cmocka = xyes; then
+  HAVE_CMOCKA_TRUE=
+  HAVE_CMOCKA_FALSE='#'
+else
+  HAVE_CMOCKA_TRUE='#'
+  HAVE_CMOCKA_FALSE=
 fi
 
 
@@ -16354,6 +16482,9 @@ else $as_nop
 fi
 
 if test -n "$LIBECONF"; then
+
+printf "%s\n" "#define VENDORDIR \"$enable_vendordir\"" >>confdefs.h
+
 	ECONF_CPPFLAGS="-DUSE_ECONF=1"
 	# Check whether --enable-vendordir was given.
 if test ${enable_vendordir+y}
@@ -16366,6 +16497,11 @@ fi
 
 VENDORDIR=$enable_vendordir
 
+if test "x$enable_vendordir" != x; then
+
+printf "%s\n" "#define HAVE_VENDORDIR 1" >>confdefs.h
+
+fi
  if test "x$enable_vendordir" != x; then
   HAVE_VENDORDIR_TRUE=
   HAVE_VENDORDIR_FALSE='#'
@@ -16657,6 +16793,117 @@ else
 fi
 
 
+if test "$enable_lastlog" = "yes" && test "$ac_cv_header_lastlog_h" = "yes"; then
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ll_host in struct lastlog" >&5
+printf %s "checking for ll_host in struct lastlog... " >&6; }
+if test ${ac_cv_struct_lastlog_ll_host+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <lastlog.h>
+int
+main (void)
+{
+struct lastlog ll; char *cp = ll.ll_host;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_struct_lastlog_ll_host=yes
+else $as_nop
+  ac_cv_struct_lastlog_ll_host=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_lastlog_ll_host" >&5
+printf "%s\n" "$ac_cv_struct_lastlog_ll_host" >&6; }
+
+	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
+
+printf "%s\n" "#define HAVE_LL_HOST 1" >>confdefs.h
+
+
+printf "%s\n" "#define ENABLE_LASTLOG 1" >>confdefs.h
+
+		enable_lastlog="yes"
+	else
+		as_fn_error $? "Cannot enable support for lastlog on systems where the data structures aren't available" "$LINENO" 5
+		enable_subids="no"
+	fi
+fi
+ if test "x$enable_lastlog" != "xno"; then
+  ENABLE_LASTLOG_TRUE=
+  ENABLE_LASTLOG_FALSE='#'
+else
+  ENABLE_LASTLOG_TRUE='#'
+  ENABLE_LASTLOG_FALSE=
+fi
+
+
+
+if test "$enable_logind" = "yes"; then
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sd_session_get_remote_host in -lsystemd" >&5
+printf %s "checking for sd_session_get_remote_host in -lsystemd... " >&6; }
+if test ${ac_cv_lib_systemd_sd_session_get_remote_host+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsystemd  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char sd_session_get_remote_host ();
+int
+main (void)
+{
+return sd_session_get_remote_host ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_systemd_sd_session_get_remote_host=yes
+else $as_nop
+  ac_cv_lib_systemd_sd_session_get_remote_host=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_systemd_sd_session_get_remote_host" >&5
+printf "%s\n" "$ac_cv_lib_systemd_sd_session_get_remote_host" >&6; }
+if test "x$ac_cv_lib_systemd_sd_session_get_remote_host" = xyes
+then :
+  enable_logind="yes"; LIBSYSTEMD=-lsystemd;
+
+printf "%s\n" "#define ENABLE_LOGIND 1" >>confdefs.h
+
+else $as_nop
+  enable_logind="no"
+fi
+
+fi
+ if test "x$enable_logind" != "xno"; then
+  ENABLE_LOGIND_TRUE=
+  ENABLE_LOGIND_FALSE='#'
+else
+  ENABLE_LOGIND_TRUE='#'
+  ENABLE_LOGIND_FALSE=
+fi
+
+
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
 printf %s "checking for crypt in -lcrypt... " >&6; }
@@ -16746,6 +16993,200 @@ fi
 
 
 
+if test "$with_libbsd" != "no"; then
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing readpassphrase" >&5
+printf %s "checking for library containing readpassphrase... " >&6; }
+if test ${ac_cv_search_readpassphrase+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char readpassphrase ();
+int
+main (void)
+{
+return readpassphrase ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' bsd
+do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_search_readpassphrase=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext
+  if test ${ac_cv_search_readpassphrase+y}
+then :
+  break
+fi
+done
+if test ${ac_cv_search_readpassphrase+y}
+then :
+
+else $as_nop
+  ac_cv_search_readpassphrase=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_readpassphrase" >&5
+printf "%s\n" "$ac_cv_search_readpassphrase" >&6; }
+ac_res=$ac_cv_search_readpassphrase
+if test "$ac_res" != no
+then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else $as_nop
+
+		as_fn_error $? "readpassphrase() is missing, either from libc or libbsd" "$LINENO" 5
+
+fi
+
+	if test "$ac_cv_search_readpassphrase" = "-lbsd"
+then :
+
+
+pkg_failed=no
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libbsd-overlay" >&5
+printf %s "checking for libbsd-overlay... " >&6; }
+
+if test -n "$LIBBSD_CFLAGS"; then
+    pkg_cv_LIBBSD_CFLAGS="$LIBBSD_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libbsd-overlay\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libbsd-overlay") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_LIBBSD_CFLAGS=`$PKG_CONFIG --cflags "libbsd-overlay" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$LIBBSD_LIBS"; then
+    pkg_cv_LIBBSD_LIBS="$LIBBSD_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libbsd-overlay\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libbsd-overlay") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_LIBBSD_LIBS=`$PKG_CONFIG --libs "libbsd-overlay" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+                LIBBSD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libbsd-overlay" 2>&1`
+        else
+                LIBBSD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libbsd-overlay" 2>&1`
+        fi
+        # Put the nasty error message in config.log where it belongs
+        echo "$LIBBSD_PKG_ERRORS" >&5
+
+        as_fn_error $? "Package requirements (libbsd-overlay) were not met:
+
+$LIBBSD_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables LIBBSD_CFLAGS
+and LIBBSD_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+        { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables LIBBSD_CFLAGS
+and LIBBSD_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+        LIBBSD_CFLAGS=$pkg_cv_LIBBSD_CFLAGS
+        LIBBSD_LIBS=$pkg_cv_LIBBSD_LIBS
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+fi
+
+fi
+		save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
+	ac_fn_c_check_header_compile "$LINENO" "readpassphrase.h" "ac_cv_header_readpassphrase_h" "$ac_includes_default"
+if test "x$ac_cv_header_readpassphrase_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_READPASSPHRASE_H 1" >>confdefs.h
+
+fi
+
+	if test "$ac_cv_header_readpassphrase_h" != "yes"
+then :
+
+		as_fn_error $? "readpassphrase.h is missing" "$LINENO" 5
+
+fi
+	CFLAGS="$save_CFLAGS"
+
+printf "%s\n" "#define WITH_LIBBSD 1" >>confdefs.h
+
+else
+
+printf "%s\n" "#define WITH_LIBBSD 0" >>confdefs.h
+
+fi
+ if test x$with_libbsd = xyes; then
+  WITH_LIBBSD_TRUE=
+  WITH_LIBBSD_FALSE='#'
+else
+  WITH_LIBBSD_TRUE='#'
+  WITH_LIBBSD_FALSE=
+fi
+
+
+
 if test "$with_acl" != "no"; then
 	       for ac_header in acl/libacl.h attr/error_context.h
 do :
@@ -16996,87 +17437,7 @@ fi
 	if test "$audit_header$with_audit" = "noyes" ; then
 		as_fn_error $? "libaudit.h is missing" "$LINENO" 5
 	elif test "$audit_header" = "yes"; then
-		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5
-printf %s "checking for $CC options needed to detect all undeclared functions... " >&6; }
-if test ${ac_cv_c_undeclared_builtin_options+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_save_CFLAGS=$CFLAGS
-   ac_cv_c_undeclared_builtin_options='cannot detect'
-   for ac_arg in '' -fno-builtin; do
-     CFLAGS="$ac_save_CFLAGS $ac_arg"
-     # This test program should *not* compile successfully.
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-int
-main (void)
-{
-(void) strchr;
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
-  # This test program should compile successfully.
-        # No library function is consistently available on
-        # freestanding implementations, so test against a dummy
-        # declaration.  Include always-available headers on the
-        # off chance that they somehow elicit warnings.
-        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <float.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stddef.h>
-extern void ac_decl (int, char *);
-
-int
-main (void)
-{
-(void) ac_decl (0, (char *) 0);
-  (void) ac_decl;
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  if test x"$ac_arg" = x
-then :
-  ac_cv_c_undeclared_builtin_options='none needed'
-else $as_nop
-  ac_cv_c_undeclared_builtin_options=$ac_arg
-fi
-          break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-    done
-    CFLAGS=$ac_save_CFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5
-printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; }
-  case $ac_cv_c_undeclared_builtin_options in #(
-  'cannot detect') :
-    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot make $CC report undeclared builtins
-See \`config.log' for more details" "$LINENO" 5; } ;; #(
-  'none needed') :
-    ac_c_undeclared_builtin_options='' ;; #(
-  *) :
-    ac_c_undeclared_builtin_options=$ac_cv_c_undeclared_builtin_options ;;
-esac
-
-ac_fn_check_decl "$LINENO" "AUDIT_ADD_USER" "ac_cv_have_decl_AUDIT_ADD_USER" "#include <libaudit.h>
+		ac_fn_check_decl "$LINENO" "AUDIT_ADD_USER" "ac_cv_have_decl_AUDIT_ADD_USER" "#include <libaudit.h>
 " "$ac_c_undeclared_builtin_options" "CFLAGS"
 if test "x$ac_cv_have_decl_AUDIT_ADD_USER" = xyes
 then :
@@ -17171,137 +17532,6 @@ printf "%s\n" "#define WITH_AUDIT 1" >>confdefs.h
 	fi
 fi
 
-
-if test "$with_libcrack" = "yes"; then
-	echo "checking cracklib flavour, don't be surprised by the results"
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for FascistCheck in -lcrack" >&5
-printf %s "checking for FascistCheck in -lcrack... " >&6; }
-if test ${ac_cv_lib_crack_FascistCheck+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrack  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char FascistCheck ();
-int
-main (void)
-{
-return FascistCheck ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_lib_crack_FascistCheck=yes
-else $as_nop
-  ac_cv_lib_crack_FascistCheck=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crack_FascistCheck" >&5
-printf "%s\n" "$ac_cv_lib_crack_FascistCheck" >&6; }
-if test "x$ac_cv_lib_crack_FascistCheck" = xyes
-then :
-  LIBCRACK=-lcrack
-printf "%s\n" "#define HAVE_LIBCRACK 1" >>confdefs.h
-
-fi
-
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for FascistHistory in -lcrack" >&5
-printf %s "checking for FascistHistory in -lcrack... " >&6; }
-if test ${ac_cv_lib_crack_FascistHistory+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrack  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char FascistHistory ();
-int
-main (void)
-{
-return FascistHistory ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_lib_crack_FascistHistory=yes
-else $as_nop
-  ac_cv_lib_crack_FascistHistory=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crack_FascistHistory" >&5
-printf "%s\n" "$ac_cv_lib_crack_FascistHistory" >&6; }
-if test "x$ac_cv_lib_crack_FascistHistory" = xyes
-then :
-
-printf "%s\n" "#define HAVE_LIBCRACK_HIST 1" >>confdefs.h
-
-fi
-
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for FascistHistoryPw in -lcrack" >&5
-printf %s "checking for FascistHistoryPw in -lcrack... " >&6; }
-if test ${ac_cv_lib_crack_FascistHistoryPw+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrack  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char FascistHistoryPw ();
-int
-main (void)
-{
-return FascistHistoryPw ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_lib_crack_FascistHistoryPw=yes
-else $as_nop
-  ac_cv_lib_crack_FascistHistoryPw=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crack_FascistHistoryPw" >&5
-printf "%s\n" "$ac_cv_lib_crack_FascistHistoryPw" >&6; }
-if test "x$ac_cv_lib_crack_FascistHistoryPw" = xyes
-then :
-
-printf "%s\n" "#define HAVE_LIBCRACK_PW 1" >>confdefs.h
-
-fi
-
-fi
-
 if test "$with_btrfs" != "no"; then
 	       for ac_header in sys/statfs.h linux/magic.h linux/btrfs_tree.h
 do :
@@ -18031,16 +18261,16 @@ fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-if test "$enable_utmpx" = "yes"; then
-	if test "$ac_cv_header_utmpx_h" != "yes"; then
-		as_fn_error $? "The utmpx.h header file is required for utmpx support." "$LINENO" 5
-	fi
+ac_fn_c_check_func "$LINENO" "fgetpwent_r" "ac_cv_func_fgetpwent_r"
+if test "x$ac_cv_func_fgetpwent_r" = xyes
+then :
 
-printf "%s\n" "#define USE_UTMPX 1" >>confdefs.h
+printf "%s\n" "#define HAVE_FGETPWENT_R 1" >>confdefs.h
 
 fi
 
 
+
 printf "%s\n" "#define SHELL \"$SHELL\"" >>confdefs.h
 
 
@@ -20151,7 +20381,7 @@ else
 fi
 
 
-ac_config_files="$ac_config_files Makefile po/Makefile.in doc/Makefile man/Makefile man/config.xml man/po/Makefile man/cs/Makefile man/da/Makefile man/de/Makefile man/es/Makefile man/fi/Makefile man/fr/Makefile man/hu/Makefile man/id/Makefile man/it/Makefile man/ja/Makefile man/ko/Makefile man/pl/Makefile man/pt_BR/Makefile man/ru/Makefile man/sv/Makefile man/tr/Makefile man/uk/Makefile man/zh_CN/Makefile man/zh_TW/Makefile libmisc/Makefile lib/Makefile libsubid/Makefile libsubid/subid.h src/Makefile contrib/Makefile etc/Makefile etc/pam.d/Makefile shadow.spec"
+ac_config_files="$ac_config_files Makefile po/Makefile.in doc/Makefile man/Makefile man/config.xml man/po/Makefile man/cs/Makefile man/da/Makefile man/de/Makefile man/es/Makefile man/fi/Makefile man/fr/Makefile man/hu/Makefile man/id/Makefile man/it/Makefile man/ja/Makefile man/ko/Makefile man/pl/Makefile man/pt_BR/Makefile man/ru/Makefile man/sv/Makefile man/tr/Makefile man/uk/Makefile man/zh_CN/Makefile man/zh_TW/Makefile lib/Makefile libsubid/Makefile libsubid/subid.h src/Makefile contrib/Makefile etc/Makefile etc/pam.d/Makefile etc/shadow-maint/Makefile tests/unit/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -20310,6 +20540,10 @@ if test -z "${WITH_SU_TRUE}" && test -z "${WITH_SU_FALSE}"; then
   as_fn_error $? "conditional \"WITH_SU\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${HAVE_CMOCKA_TRUE}" && test -z "${HAVE_CMOCKA_FALSE}"; then
+  as_fn_error $? "conditional \"HAVE_CMOCKA\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${HAVE_VENDORDIR_TRUE}" && test -z "${HAVE_VENDORDIR_FALSE}"; then
   as_fn_error $? "conditional \"HAVE_VENDORDIR\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -20326,6 +20560,18 @@ if test -z "${ENABLE_SUBIDS_TRUE}" && test -z "${ENABLE_SUBIDS_FALSE}"; then
   as_fn_error $? "conditional \"ENABLE_SUBIDS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${ENABLE_LASTLOG_TRUE}" && test -z "${ENABLE_LASTLOG_FALSE}"; then
+  as_fn_error $? "conditional \"ENABLE_LASTLOG\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_LOGIND_TRUE}" && test -z "${ENABLE_LOGIND_FALSE}"; then
+  as_fn_error $? "conditional \"ENABLE_LOGIND\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${WITH_LIBBSD_TRUE}" && test -z "${WITH_LIBBSD_FALSE}"; then
+  as_fn_error $? "conditional \"WITH_LIBBSD\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${WITH_BTRFS_TRUE}" && test -z "${WITH_BTRFS_FALSE}"; then
   as_fn_error $? "conditional \"WITH_BTRFS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -20744,7 +20990,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by shadow $as_me 4.13, which was
+This file was extended by shadow $as_me 4.15.2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -20813,7 +21059,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-shadow config.status 4.13
+shadow config.status 4.15.2
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
@@ -20976,6 +21222,7 @@ lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_q
 lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
 reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
 reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
+FILECMD='`$ECHO "$FILECMD" | $SED "$delay_single_quote_subst"`'
 OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
 deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
 file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
@@ -20984,6 +21231,7 @@ want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
 DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
 sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
 AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
+lt_ar_flags='`$ECHO "$lt_ar_flags" | $SED "$delay_single_quote_subst"`'
 AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
 archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
 STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
@@ -21104,6 +21352,7 @@ LN_S \
 lt_SP2NL \
 lt_NL2SP \
 reload_flag \
+FILECMD \
 OBJDUMP \
 deplibs_check_method \
 file_magic_cmd \
@@ -21112,7 +21361,6 @@ want_nocaseglob \
 DLLTOOL \
 sharedlib_from_linklib_cmd \
 AR \
-AR_FLAGS \
 archiver_list_spec \
 STRIP \
 RANLIB \
@@ -21261,7 +21509,6 @@ do
     "man/uk/Makefile") CONFIG_FILES="$CONFIG_FILES man/uk/Makefile" ;;
     "man/zh_CN/Makefile") CONFIG_FILES="$CONFIG_FILES man/zh_CN/Makefile" ;;
     "man/zh_TW/Makefile") CONFIG_FILES="$CONFIG_FILES man/zh_TW/Makefile" ;;
-    "libmisc/Makefile") CONFIG_FILES="$CONFIG_FILES libmisc/Makefile" ;;
     "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
     "libsubid/Makefile") CONFIG_FILES="$CONFIG_FILES libsubid/Makefile" ;;
     "libsubid/subid.h") CONFIG_FILES="$CONFIG_FILES libsubid/subid.h" ;;
@@ -21269,7 +21516,8 @@ do
     "contrib/Makefile") CONFIG_FILES="$CONFIG_FILES contrib/Makefile" ;;
     "etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;;
     "etc/pam.d/Makefile") CONFIG_FILES="$CONFIG_FILES etc/pam.d/Makefile" ;;
-    "shadow.spec") CONFIG_FILES="$CONFIG_FILES shadow.spec" ;;
+    "etc/shadow-maint/Makefile") CONFIG_FILES="$CONFIG_FILES etc/shadow-maint/Makefile" ;;
+    "tests/unit/Makefile") CONFIG_FILES="$CONFIG_FILES tests/unit/Makefile" ;;
 
   *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
   esac
@@ -22095,6 +22343,9 @@ to_host_file_cmd=$lt_cv_to_host_file_cmd
 # convert \$build files to toolchain format.
 to_tool_file_cmd=$lt_cv_to_tool_file_cmd
 
+# A file(cmd) program that detects file types.
+FILECMD=$lt_FILECMD
+
 # An object symbol dumper.
 OBJDUMP=$lt_OBJDUMP
 
@@ -22119,8 +22370,11 @@ sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
 # The archiver.
 AR=$lt_AR
 
+# Flags to create an archive (by configure).
+lt_ar_flags=$lt_ar_flags
+
 # Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
+AR_FLAGS=\${ARFLAGS-"\$lt_ar_flags"}
 
 # How to feed a file listing to the archiver.
 archiver_list_spec=$lt_archiver_list_spec
@@ -22496,7 +22750,7 @@ ltmain=$ac_aux_dir/ltmain.sh
   # if finds mixed CR/LF and LF-only lines.  Since sed operates in
   # text mode, it properly converts lines to CR/LF.  This bash problem
   # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
+  $SED '$q' "$ltmain" >> "$cfgfile" \
      || (rm -f "$cfgfile"; exit 1)
 
    mv -f "$cfgfile" "$ofile" ||
@@ -22661,7 +22915,6 @@ echo
 echo "shadow will be compiled with the following features:"
 echo
 echo "	auditing support:		$with_audit"
-echo "	CrackLib support:		$with_libcrack"
 echo "	PAM support:			$with_libpam"
 if test "$with_libpam" = "yes"; then
 echo "	suid account management tools:	$enable_acct_tools_setuid"
@@ -22679,7 +22932,10 @@ echo "	yescrypt passwords encryption:	$with_yescrypt"
 echo "	nscd support:			$with_nscd"
 echo "	sssd support:			$with_sssd"
 echo "	subordinate IDs support:	$enable_subids"
+echo "	enable lastlog:			$enable_lastlog"
+echo "	enable logind:			$enable_logind"
 echo "	use file caps:			$with_fcaps"
 echo "	install su:			$with_su"
+echo "	enabled vendor dir:             $enable_vendordir"
 echo
 
diff --git a/configure.ac b/configure.ac
index 924254a..789c2c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,9 +4,9 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.13], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.15.2], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
-AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
+AM_INIT_AUTOMAKE([1.11 foreign dist-xz subdir-objects tar-pax])
 AC_CONFIG_MACRO_DIRS([m4])
 AM_SILENT_RULES([yes])
 AC_CONFIG_HEADERS([config.h])
@@ -32,47 +32,30 @@ AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
+LT_LIB_DLLOAD
 
 dnl Checks for libraries.
 
 dnl Checks for header files.
-AC_HEADER_STDBOOL
-
-AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
-	utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
-	utime.h ulimit.h sys/capability.h sys/random.h sys/resource.h \
-	gshadow.h lastlog.h locale.h rpc/key_prot.h netdb.h acl/libacl.h \
+AC_CHECK_HEADERS(crypt.h utmp.h \
+	termio.h sgtty.h sys/ioctl.h paths.h \
+	sys/capability.h sys/random.h \
+	gshadow.h lastlog.h rpc/key_prot.h acl/libacl.h \
 	attr/libattr.h attr/error_context.h)
 
 dnl shadow now uses the libc's shadow implementation
 AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
 
-AC_CHECK_FUNCS(arc4random_buf l64a fchmod fchown fsync futimes \
+AC_CHECK_FUNCS(arc4random_buf futimes \
 	getentropy getrandom getspnam getusershell \
-	getutent initgroups lckpwdf lutimes \
-	setgroups updwtmp updwtmpx innetgr getpwnam_r \
-	getpwuid_r getgrnam_r getgrgid_r getspnam_r \
-	memset_s explicit_bzero)
+	initgroups lckpwdf lutimes \
+	setgroups updwtmpx innetgr \
+	getspnam_r \
+	rpmatch \
+	memset_explicit explicit_bzero stpecpy stpeprintf)
 AC_SYS_LARGEFILE
 
 dnl Checks for typedefs, structures, and compiler characteristics.
-AC_CHECK_MEMBERS([struct stat.st_atim])
-AC_CHECK_MEMBERS([struct stat.st_atimensec])
-AC_CHECK_MEMBERS([struct stat.st_mtim])
-AC_CHECK_MEMBERS([struct stat.st_mtimensec])
-AC_STRUCT_TM
-
-AC_CHECK_MEMBERS([struct utmp.ut_type,
-                  struct utmp.ut_id,
-                  struct utmp.ut_name,
-                  struct utmp.ut_user,
-                  struct utmp.ut_host,
-                  struct utmp.ut_syslen,
-                  struct utmp.ut_addr,
-                  struct utmp.ut_addr_v6,
-                  struct utmp.ut_time,
-                  struct utmp.ut_xtime,
-                  struct utmp.ut_tv],,,[[#include <utmp.h>]])
 
 AC_CHECK_MEMBERS([struct utmpx.ut_name,
                   struct utmpx.ut_host,
@@ -82,29 +65,11 @@ AC_CHECK_MEMBERS([struct utmpx.ut_name,
                   struct utmpx.ut_time,
                   struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
 
-if test "$ac_cv_header_lastlog_h" = "yes"; then
-	AC_CACHE_CHECK(for ll_host in struct lastlog,
-		ac_cv_struct_lastlog_ll_host,
-		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
-					[struct lastlog ll; char *cp = ll.ll_host;]
-				)],
-			[ac_cv_struct_lastlog_ll_host=yes],
-			[ac_cv_struct_lastlog_ll_host=no]
-		)
-	)
-
-	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
-		AC_DEFINE(HAVE_LL_HOST, 1,
-			[Define if struct lastlog has ll_host])
-	fi
-fi
-
 dnl Checks for library functions.
 AC_TYPE_GETGROUPS
 AC_FUNC_UTIME_NULL
-AC_REPLACE_FUNCS(mkdir putgrent putpwent putspent rename rmdir)
+AC_REPLACE_FUNCS(putgrent putpwent putspent)
 AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
-AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
 
 AC_CHECK_FUNC(setpgrp)
 AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
@@ -116,6 +81,10 @@ if test "$ac_cv_header_shadow_h" = "yes"; then
 		ac_cv_libc_shadowgrp,
 		AC_RUN_IFELSE([AC_LANG_SOURCE([
 				#include <shadow.h>
+				#ifdef HAVE_GSHADOW_H
+				#include <gshadow.h>
+				#endif
+				int
 				main()
 				{
 					struct sgrp *sg = sgetsgent("test:x::");
@@ -191,7 +160,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
 	[Path to passwd program.])
 
 dnl XXX - quick hack, should disappear before anyone notices :).
-AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
+dnl XXX - I just read the above message :).
 if test "$ac_cv_func_ruserok" = "yes"; then
 	AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
 	AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
@@ -226,17 +195,6 @@ AC_ARG_ENABLE(account-tools-setuid,
 	[enable_acct_tools_setuid="no"]
 )
 
-AC_ARG_ENABLE(utmpx,
-	[AS_HELP_STRING([--enable-utmpx],
-	                [enable loggin in utmpx / wtmpx @<:@default=no@:>@])],
-	[case "${enableval}" in
-	 yes) enable_utmpx="yes" ;;
-	  no) enable_utmpx="no" ;;
-	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-utmpx) ;;
-	 esac],
-	[enable_utmpx="no"]
-)
-
 AC_ARG_ENABLE(subordinate-ids,
 	[AS_HELP_STRING([--enable-subordinate-ids],
 		[support subordinate ids @<:@default=yes@:>@])],
@@ -244,6 +202,20 @@ AC_ARG_ENABLE(subordinate-ids,
 	[enable_subids="maybe"]
 )
 
+AC_ARG_ENABLE(lastlog,
+	[AS_HELP_STRING([--enable-lastlog],
+		[enable lastlog @<:@default=no@:>@])],
+	[enable_lastlog="${enableval}"],
+	[enable_lastlog="no"]
+)
+
+AC_ARG_ENABLE(logind,
+	[AS_HELP_STRING([--enable-logind],
+		[enable logind @<:@default=yes@:>@])],
+	[enable_logind="${enableval}"],
+	[enable_logind="yes"]
+)
+
 AC_ARG_WITH(audit,
 	[AS_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
 	[with_audit=$withval], [with_audit=maybe])
@@ -268,9 +240,6 @@ AC_ARG_WITH(skey,
 AC_ARG_WITH(tcb,
 	[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
 	[with_tcb=$withval], [with_tcb=maybe])
-AC_ARG_WITH(libcrack,
-	[AS_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
-	[with_libcrack=$withval], [with_libcrack=no])
 AC_ARG_WITH(sha-crypt,
 	[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
 	[with_sha_crypt=$withval], [with_sha_crypt=yes])
@@ -292,6 +261,9 @@ AC_ARG_WITH(group-name-max-length,
 AC_ARG_WITH(su,
 	[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
 	[with_su=$withval], [with_su=yes])
+AC_ARG_WITH(libbsd,
+	[AS_HELP_STRING([--with-libbsd], [use libbsd support @<:@default=yes if found@:>@])],
+	[with_libbsd=$withval], [with_libbsd=yes])
 
 if test "$with_group_name_max_length" = "no" ; then
 	with_group_name_max_length=0
@@ -302,6 +274,7 @@ AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max grou
 AC_SUBST(GROUP_NAME_MAX_LENGTH)
 GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
 
+
 AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
 if test "$with_sha_crypt" = "yes"; then
 	AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
@@ -336,12 +309,16 @@ dnl Check for some functions in libc first, only if not found check for
 dnl other libraries.  This should prevent linking libnsl if not really
 dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
 
-AC_SEARCH_LIBS(inet_ntoa, inet)
-AC_SEARCH_LIBS(socket, socket)
 AC_SEARCH_LIBS(gethostbyname, nsl)
 
+PKG_CHECK_MODULES([CMOCKA], [cmocka], [have_cmocka="yes"],
+	[AC_MSG_WARN([libcmocka not found, cmocka tests will not be built])])
+AM_CONDITIONAL([HAVE_CMOCKA], [test x$have_cmocka = xyes])
+
 AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
 if test -n "$LIBECONF"; then
+        AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"],
+					[Directory for distribution provided configuration files])
 	ECONF_CPPFLAGS="-DUSE_ECONF=1"
 	AC_ARG_ENABLE([vendordir],
 		AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
@@ -349,6 +326,9 @@ fi
 AC_SUBST(ECONF_CPPFLAGS)
 AC_SUBST(LIBECONF)
 AC_SUBST([VENDORDIR], [$enable_vendordir])
+if test "x$enable_vendordir" != x; then
+	AC_DEFINE(HAVE_VENDORDIR, 1, [Define to support vendor settings.])
+fi
 AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])
 
 if test "$enable_shadowgrp" = "yes"; then
@@ -393,6 +373,39 @@ if test "$enable_subids" != "no"; then
 fi
 AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")
 
+if test "$enable_lastlog" = "yes" && test "$ac_cv_header_lastlog_h" = "yes"; then
+	AC_CACHE_CHECK(for ll_host in struct lastlog,
+		ac_cv_struct_lastlog_ll_host,
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
+					[struct lastlog ll; char *cp = ll.ll_host;]
+				)],
+			[ac_cv_struct_lastlog_ll_host=yes],
+			[ac_cv_struct_lastlog_ll_host=no]
+		)
+	)
+
+	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
+		AC_DEFINE(HAVE_LL_HOST, 1,
+			[Define if struct lastlog has ll_host])
+		AC_DEFINE(ENABLE_LASTLOG, 1, [Define to support lastlog.])
+		enable_lastlog="yes"
+	else
+		AC_MSG_ERROR([Cannot enable support for lastlog on systems where the data structures aren't available])
+		enable_subids="no"
+	fi
+fi
+AM_CONDITIONAL(ENABLE_LASTLOG, test "x$enable_lastlog" != "xno")
+
+AC_SUBST(LIBSYSTEMD)
+if test "$enable_logind" = "yes"; then
+	AC_CHECK_LIB(systemd, sd_session_get_remote_host,
+		[enable_logind="yes"; [LIBSYSTEMD=-lsystemd];
+		AC_DEFINE(ENABLE_LOGIND, 1,
+			[Define to manage session support with logind.])],
+		[enable_logind="no"])
+fi
+AM_CONDITIONAL(ENABLE_LOGIND, test "x$enable_logind" != "xno")
+
 AC_SUBST(LIBCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
@@ -401,6 +414,28 @@ AC_SUBST(LIYESCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 
+AC_SUBST(LIBBSD)
+if test "$with_libbsd" != "no"; then
+	AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
+		AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
+	])
+	AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
+		PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
+	])
+	dnl Make sure either the libc or libbsd provide the header.
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
+	AC_CHECK_HEADERS([readpassphrase.h])
+	AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
+		AC_MSG_ERROR([readpassphrase.h is missing])
+	])
+	CFLAGS="$save_CFLAGS"
+	AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
+else
+	AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
+fi
+AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
+
 AC_SUBST(LIBACL)
 if test "$with_acl" != "no"; then
 	AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
@@ -485,17 +520,6 @@ if test "$with_audit" != "no"; then
 	fi
 fi
 
-AC_SUBST(LIBCRACK)
-if test "$with_libcrack" = "yes"; then
-	echo "checking cracklib flavour, don't be surprised by the results"
-	AC_CHECK_LIB(crack, FascistCheck,
-		[LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
-	AC_CHECK_LIB(crack, FascistHistory,
-		AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
-	AC_CHECK_LIB(crack, FascistHistoryPw,
-		AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
-fi
-
 if test "$with_btrfs" != "no"; then
 	AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
 		[btrfs_headers="yes"], [btrfs_headers="no"])
@@ -682,14 +706,7 @@ if test "$with_skey" = "yes"; then
 	]])],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])],[])
 fi
 
-if test "$enable_utmpx" = "yes"; then
-	if test "$ac_cv_header_utmpx_h" != "yes"; then
-		AC_MSG_ERROR([The utmpx.h header file is required for utmpx support.])
-	fi
-	AC_DEFINE(USE_UTMPX,
-	          1,
-	          [Define if utmpx should be used])
-fi
+AC_CHECK_FUNC(fgetpwent_r, [AC_DEFINE(HAVE_FGETPWENT_R, 1, [Defined to 1 if you have the declaration of 'fgetpwent_r'])])
 
 AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])
 
@@ -723,7 +740,6 @@ AC_CONFIG_FILES([
 	man/uk/Makefile
 	man/zh_CN/Makefile
 	man/zh_TW/Makefile
-	libmisc/Makefile
 	lib/Makefile
 	libsubid/Makefile
 	libsubid/subid.h
@@ -731,7 +747,8 @@ AC_CONFIG_FILES([
 	contrib/Makefile
 	etc/Makefile
 	etc/pam.d/Makefile
-	shadow.spec
+	etc/shadow-maint/Makefile
+	tests/unit/Makefile
 ])
 AC_OUTPUT
 
@@ -739,7 +756,6 @@ echo
 echo "shadow will be compiled with the following features:"
 echo
 echo "	auditing support:		$with_audit"
-echo "	CrackLib support:		$with_libcrack"
 echo "	PAM support:			$with_libpam"
 if test "$with_libpam" = "yes"; then
 echo "	suid account management tools:	$enable_acct_tools_setuid"
@@ -757,6 +773,9 @@ echo "	yescrypt passwords encryption:	$with_yescrypt"
 echo "	nscd support:			$with_nscd"
 echo "	sssd support:			$with_sssd"
 echo "	subordinate IDs support:	$enable_subids"
+echo "	enable lastlog:			$enable_lastlog"
+echo "	enable logind:			$enable_logind"
 echo "	use file caps:			$with_fcaps"
 echo "	install su:			$with_su"
+echo "	enabled vendor dir:             $enable_vendordir"
 echo
diff --git a/contrib/Makefile.am b/contrib/Makefile.am
index 5c45cb7..dc3ccd2 100644
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@@ -1,6 +1,4 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
 
-EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
- atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
- udbachk.tgz
+EXTRA_DIST = README adduser.c adduser.sh adduser2.sh
diff --git a/contrib/Makefile.in b/contrib/Makefile.in
index 84f3e30..44fa7cb 100644
--- a/contrib/Makefile.in
+++ b/contrib/Makefile.in
@@ -141,6 +141,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -159,6 +161,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -174,9 +177,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -192,6 +201,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -200,6 +210,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -222,6 +234,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -293,10 +308,7 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
- atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
- udbachk.tgz
-
+EXTRA_DIST = README adduser.c adduser.sh adduser2.sh
 all: all-am
 
 .SUFFIXES:
diff --git a/contrib/README b/contrib/README
index c4d1bc0..6002923 100644
--- a/contrib/README
+++ b/contrib/README
@@ -2,9 +2,6 @@ People keep sending various adduser programs and scripts...  They are
 all in this directory.  I haven't tested them, use at your own risk.
 Anyway, the best one I've seen so far is adduser-3.x from Debian.
 
-atudel is a perl script to remove at jobs owned by the specified user
-(atrm in at-2.9 for Linux can't do that).
-
 udbachk.tgz is a passwd/group/shadow file integrity checker.
 
 --marekm
diff --git a/contrib/adduser.c b/contrib/adduser.c
index deebd4c..584e098 100644
--- a/contrib/adduser.c
+++ b/contrib/adduser.c
@@ -60,7 +60,7 @@
 ** Added in the password date field, which should always reflect the last
 **     date the password was changed, for expiry purposes.  "passwd" always
 **     updates this field, so the adduser program should set it up right
-**     initially (or a user could keep thier initial password forever ;)
+**     initially (or a user could keep their initial password forever ;)
 **     The number is in days since Jan 1st, 1970.
 **
 **                       Have fun with it, and someone please make
@@ -489,7 +489,7 @@ safeget (char *buf, int maxlen)
   while ((c = getc (stdin)) != EOF && (c != '\n') && (++i < maxlen))
     {
       bad = (!isalnum (c) && (c != '_') && (c != ' '));
-      *(buf++) = (char) c;
+      *(buf++) = c;
     }
   *buf = '\0';
 
diff --git a/contrib/groupmems.shar b/contrib/groupmems.shar
deleted file mode 100644
index 62e9b48..0000000
--- a/contrib/groupmems.shar
+++ /dev/null
@@ -1,465 +0,0 @@
-#!/bin/sh
-# This is a shell archive (produced by GNU sharutils 4.2.1).
-# To extract the files from this archive, save it to some FILE, remove
-# everything before the `!/bin/sh' line above, then type `sh FILE'.
-#
-# Made on 2000-05-25 14:41 CDT by <gk4@gnu.austin.ibm.com>.
-# Source directory was `/home/gk4/src/groupmem'.
-#
-# Existing files will *not* be overwritten unless `-c' is specified.
-#
-# This shar contains:
-# length mode       name
-# ------ ---------- ------------------------------------------
-#   1960 -rw-r--r-- Makefile
-#   6348 -rw-r--r-- groupmems.c
-#   3372 -rw------- groupmems.8
-#
-save_IFS="${IFS}"
-IFS="${IFS}:"
-gettext_dir=FAILED
-locale_dir=FAILED
-first_param="$1"
-for dir in $PATH
-do
-  if test "$gettext_dir" = FAILED && test -f $dir/gettext \
-     && ($dir/gettext --version >/dev/null 2>&1)
-  then
-    set `$dir/gettext --version 2>&1`
-    if test "$3" = GNU
-    then
-      gettext_dir=$dir
-    fi
-  fi
-  if test "$locale_dir" = FAILED && test -f $dir/shar \
-     && ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
-  then
-    locale_dir=`$dir/shar --print-text-domain-dir`
-  fi
-done
-IFS="$save_IFS"
-if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
-then
-  echo=echo
-else
-  TEXTDOMAINDIR=$locale_dir
-  export TEXTDOMAINDIR
-  TEXTDOMAIN=sharutils
-  export TEXTDOMAIN
-  echo="$gettext_dir/gettext -s"
-fi
-if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then
-  shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
-elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then
-  shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
-elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then
-  shar_touch='touch -am $3$4$5$6$2 "$8"'
-else
-  shar_touch=:
-  echo
-  $echo 'WARNING: not restoring timestamps.  Consider getting and'
-  $echo "installing GNU \`touch', distributed in GNU File Utilities..."
-  echo
-fi
-rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch
-#
-if mkdir _sh10937; then
-  $echo 'x -' 'creating lock directory'
-else
-  $echo 'failed to create lock directory'
-  exit 1
-fi
-# ============= Makefile ==============
-if test -f 'Makefile' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'Makefile' '(file already exists)'
-else
-  $echo 'x -' extracting 'Makefile' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'Makefile' &&
-/*
-# SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-# SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-# SPDX-License-Identifier: BSD-3-Clause
-# 
-X
-all: groupmems
-X
-groupmems: groupmems.c
-X	cc -g -o groupmems groupmems.c -L. -lshadow
-X
-install: groupmems
-X	-/usr/sbin/groupadd groups
-X	install -o root -g groups -m 4770 groupmems /usr/bin
-X
-install.man: groupmems.8
-X	install -o root -g root -m 644 groupmems.8 /usr/man/man8
-X
-SHAR_EOF
-  (set 20 00 05 25 14 40 28 'Makefile'; eval "$shar_touch") &&
-  chmod 0644 'Makefile' ||
-  $echo 'restore of' 'Makefile' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'Makefile:' 'MD5 check failed'
-b46cf7ef8d59149093c011ced3f3103c  Makefile
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'Makefile'`"
-    test 1960 -eq "$shar_count" ||
-    $echo 'Makefile:' 'original size' '1960,' 'current size' "$shar_count!"
-  fi
-fi
-# ============= groupmems.c ==============
-if test -f 'groupmems.c' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'groupmems.c' '(file already exists)'
-else
-  $echo 'x -' extracting 'groupmems.c' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.c' &&
-/*
-X * SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X * SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X * SPDX-License-Identifier: BSD-3-Clause
-X */
-/*
-**
-**	Utility "groupmem" adds and deletes members from a user's group.
-**	
-**	Setup (as "root"):
-**	
-**		groupadd -r groups 
-**		chmod 2770 groupmems
-**		chown root.groups groupmems
-**		groupmems -g groups -a gk4
-**	
-**	Usage (as "gk4"):
-**	
-**		groupmems -a olive
-**		groupmems -a jordan
-**		groupmems -a meghan
-**		groupmems -a morgan
-**		groupmems -a jake
-**		groupmems -l 
-**		groupmems -d jake
-**		groupmems -l 
-*/
-X
-#include <stdio.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include "defines.h"
-#include "groupio.h"
-X
-/* Exit Status Values */
-X
-#define EXIT_SUCCESS		0	/* success */
-#define EXIT_USAGE		1	/* invalid command syntax */
-#define EXIT_GROUP_FILE		2	/* group file access problems */
-#define EXIT_NOT_ROOT		3	/* not superuser  */
-#define EXIT_NOT_EROOT		4	/* not effective superuser  */
-#define EXIT_NOT_PRIMARY	5	/* not primary owner of group  */
-#define EXIT_NOT_MEMBER		6	/* member of group does not exist */
-#define EXIT_MEMBER_EXISTS	7	/* member of group already exists */
-X
-#define TRUE 1
-#define FALSE 0
-X
-/* Globals */
-X
-extern int optind;
-extern char *optarg;
-static char *adduser = NULL;
-static char *deluser = NULL;
-static char *thisgroup = NULL;
-static int purge = FALSE;
-static int list = FALSE;
-static int exclusive = 0;
-X
-static int isroot(void) {
-X	return getuid() ? FALSE : TRUE;
-}
-X
-static int isgroup(void) {
-X	gid_t g = getgid();
-X	struct group *grp = getgrgid(g);
-X
-X	return TRUE;
-}
-X
-static char *whoami(void) {
-X	struct group *grp = getgrgid(getgid());
-X	struct passwd *usr = getpwuid(getuid());
-X
-X	if (0 == strcmp(usr->pw_name, grp->gr_name)) {
-X		return (char *)strdup(usr->pw_name);
-X	} else {
-X		return NULL;
-X	} 
-}
-X
-static void
-addtogroup(char *user, char **members) {
-X	int i;
-X	char **pmembers;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		if (0 == strcmp(user, members[i])) {
-X			fprintf(stderr, "Member already exists\n");
-X			exit(EXIT_MEMBER_EXISTS);
-X		}
-X	}
-X
-X	if (0 == i) {
-X		pmembers = (char **)calloc(2, sizeof(char *));
-X	} else {
-X		pmembers = (char **)realloc(members, sizeof(char *)*(i+1));
-X	}
-X
-X	*members = *pmembers;
-X	members[i] = user;
-X	members[i+1] = NULL;
-}
-X
-static void
-rmfromgroup(char *user, char **members) {
-X	int i;
-X	int found = FALSE;
-X
-X	i = 0;
-X	while (!found && NULL != members[i]) {
-X		if (0 == strcmp(user, members[i])) {
-X			found = TRUE;
-X		} else {
-X			i++;
-X		}
-X	}
-X
-X	while (found && NULL != members[i]) {
-X		members[i] = members[++i];
-X	}
-X
-X	if (!found) {
-X		fprintf(stderr, "Member to remove could not be found\n");
-X		exit(EXIT_NOT_MEMBER);
-X	}
-}
-X
-static void
-nomembers(char **members) {
-X	int i;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		members[i] = NULL;
-X	}
-}
-X
-static void
-members(char **members) {
-X	int i;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		printf("%s ", members[i]);
-X
-X		if (NULL == members[i+1]) {
-X			printf("\n");
-X		} else {
-X			printf(" ");
-X		}
-X	}
-}
-X
-static void usage(void) {
-X	fprintf(stderr, "usage: groupmems -a username | -d username | -D | -l [-g groupname]\n");
-X	exit(EXIT_USAGE);
-}
-X
-main(int argc, char **argv) {
-X	int arg, i;
-X	char *name;
-X	struct group *grp;
-X
-X	while ((arg = getopt(argc, argv, "a:d:g:Dl")) != EOF) {
-X		switch (arg) {
-X		case 'a':
-X			adduser = strdup(optarg);
-X			++exclusive;
-X			break;
-X		case 'd':
-X			deluser = strdup(optarg);
-X			++exclusive;
-X			break;
-X		case 'g':
-X			thisgroup = strdup(optarg);
-X			break;
-X		case 'D':
-X			purge = TRUE;
-X			++exclusive;
-X			break;
-X		case 'l':
-X			list = TRUE;
-X			++exclusive;
-X			break;
-X		default:
-X			usage();
-X		}
-X	}
-X
-X	if (exclusive > 1 || optind < argc) {
-X		usage();
-X	}
-X
-X	if (!isroot() && NULL != thisgroup) {
-X		fprintf(stderr, "Only root can add members to different groups\n");
-X		exit(EXIT_NOT_ROOT);
-X	} else if (isroot() && NULL != thisgroup) {
-X		name = thisgroup;
-X	} else if (!isgroup()) {
-X		fprintf(stderr, "Group access is required\n");
-X		exit(EXIT_NOT_EROOT);
-X	} else if (NULL == (name = whoami())) {
-X		fprintf(stderr, "Not primary owner of current group\n");
-X		exit(EXIT_NOT_PRIMARY);
-X	}
-X
-X	if (!gr_lock()) {
-X		fprintf(stderr, "Unable to lock group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	if (!gr_open(O_RDWR)) {
-X		fprintf(stderr, "Unable to open group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	grp = (struct group *)gr_locate(name);
-X
-X	if (NULL != adduser) {
-X		addtogroup(adduser, grp->gr_mem);
-X		gr_update(grp);
-X	} else if (NULL != deluser) {
-X		rmfromgroup(deluser, grp->gr_mem);
-X		gr_update(grp);
-X	} else if (purge) {
-X		nomembers(grp->gr_mem);
-X		gr_update(grp);
-X	} else if (list) {
-X		members(grp->gr_mem);
-X	}
-X
-X	if (!gr_close()) {
-X		fprintf(stderr, "Cannot close group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	gr_unlock();
-X
-X	exit(EXIT_SUCCESS);
-}
-X
-/* EOF */
-SHAR_EOF
-  (set 20 00 05 25 14 36 38 'groupmems.c'; eval "$shar_touch") &&
-  chmod 0644 'groupmems.c' ||
-  $echo 'restore of' 'groupmems.c' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'groupmems.c:' 'MD5 check failed'
-f0dd68f8d762d89d24d3ce1f4141f981  groupmems.c
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.c'`"
-    test 6348 -eq "$shar_count" ||
-    $echo 'groupmems.c:' 'original size' '6348,' 'current size' "$shar_count!"
-  fi
-fi
-# ============= groupmems.8 ==============
-if test -f 'groupmems.8' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'groupmems.8' '(file already exists)'
-else
-  $echo 'x -' extracting 'groupmems.8' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.8' &&
-X.\"
-X.\" SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X.\" SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X.\" SPDX-License-Identifier: BSD-3-Clause
-X.\"
-X.\" $Id$
-X.\"
-X.TH GROUPMEMS 8
-X.SH NAME
-groupmems \- Administer members of a user's primary group
-X.SH SYNOPSIS
-X.B groupmems
-\fB-a\fI user_name \fR |
-\fB-d\fI user_name \fR |
-\fB-l\fR |
-\fB-D\fR |
-[\fB-g\fI group_name \fR]
-X.SH DESCRIPTION
-The \fBgroupmems\fR utility allows a user to administer their own
-group membership list without the requirement of superuser privileges.
-The \fBgroupmems\fR utility is for systems that configure its users to
-be in their own name sake primary group (i.e., guest / guest).
-X.P
-Only the superuser, as administrator, can use \fBgroupmems\fR to alter
-the memberships of other groups.
-X.IP "\fB-a \fIuser_name\fR"
-Add a new user to the group membership list.
-X.IP "\fB-d \fIuser_name\fR"
-Delete a user from the group membership list.
-X.IP "\fB-l\fR"
-List the group membership list.
-X.IP "\fB-D\fR"
-Delete all users from the group membership list.
-X.IP "\fB-g \fIgroup_name\fR"
-The superuser can specify which group membership list to modify.
-X.SH SETUP
-The \fBgroupmems\fR executable should be in mode \fB2770\fR as user \fBroot\fR
-and in group \fBgroups\fR.   The system administrator can add users to
-group groups to allow or disallow them using the  \fBgroupmems\fR utility
-to manager their own group membership list.
-X.P
-X     $ groupadd -r groups
-X.br
-X     $ chmod 2770 groupmems
-X.br
-X     $ chown root.groups groupmems
-X.br
-X     $ groupmems -g groups -a gk4
-X.SH FILES
-/etc/group
-X.br
-/etc/gshadow
-X.SH SEE ALSO
-X.BR chfn (1),
-X.BR chsh (1),
-X.BR useradd (8),
-X.BR userdel (8),
-X.BR usermod (8),
-X.BR passwd (1),
-X.BR groupadd (8),
-X.BR groupdel (8)
-X.SH AUTHOR
-George Kraft IV (gk4@us.ibm.com)
-X.\" EOF
-SHAR_EOF
-  (set 20 00 05 25 14 38 23 'groupmems.8'; eval "$shar_touch") &&
-  chmod 0600 'groupmems.8' ||
-  $echo 'restore of' 'groupmems.8' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'groupmems.8:' 'MD5 check failed'
-181e6cd3a3c9d3df320197fa2cde2b4a  groupmems.8
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.8'`"
-    test 3372 -eq "$shar_count" ||
-    $echo 'groupmems.8:' 'original size' '3372,' 'current size' "$shar_count!"
-  fi
-fi
-rm -fr _sh10937
-exit 0
diff --git a/contrib/pwdauth.c b/contrib/pwdauth.c
deleted file mode 100644
index ca15495..0000000
--- a/contrib/pwdauth.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/*
- * pwdauth.c - program to verify a given username/password pair.
- *
- * Run it with username in argv[1] (may be omitted - default is the
- * current user), and send it the password over a pipe on stdin.
- * Exit status: 0 - correct password, 1 - wrong password, >1 - other
- * errors.  For use with shadow passwords, this program should be
- * installed setuid root.
- *
- * This can be used, for example, by xlock - you don't have to install
- * this large and complex (== possibly insecure) program setuid root,
- * just modify it to run this simple program to do the authentication.
- *
- * Recent versions (xlockmore-3.9) are cleaner, and drop privileges as
- * soon as possible after getting the user's encrypted password.
- * Using this program probably doesn't make it more secure, and has one
- * disadvantage: since we don't get the encrypted user's password at
- * startup (but at the time the user is authenticated), it is not clear
- * how we should handle errors (like getpwnam() returning NULL).
- * - fail the authentication?  Problem: no way to unlock (other than kill
- *   the process from somewhere else) if the NIS server stops responding.
- * - succeed and unlock?  Problem: it's too easy to unlock by unplugging
- *   the box from the network and waiting until NIS times out...
- *
- * This program is Copyright (C) 1996 Marek Michalkiewicz
- * <marekm@i17linuxb.ists.pwr.wroc.pl>.
- *
- * It may be used and distributed freely for any purposes.  There is no
- * warranty - use at your own risk.  I am not liable for any damages etc.
- * If you improve it, please send me your changes.
- */
-
-static char rcsid[] = "$Id$";
-
-/*
- * Define USE_SYSLOG to use syslog() to log successful and failed
- * authentication.  This should be safe even if your system has
- * the infamous syslog buffer overrun security problem...
- */
-#define USE_SYSLOG
-
-/*
- * Define HAVE_GETSPNAM to get shadow passwords using getspnam().
- * Some systems don't have getspnam(), but getpwnam() returns
- * encrypted passwords only if running as root.
- *
- * According to the xlock source (not tested, except Linux) -
- * define: Linux, Solaris 2.x, SVR4, ...
- * undef: HP-UX with Secured Passwords, FreeBSD, NetBSD, QNX.
- * Known not supported (yet): Ultrix, OSF/1, SCO.
- */
-#define HAVE_GETSPNAM
-
-/*
- * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt().
- * pw_encrypt() is like the standard crypt(), except that it may
- * support better password hashing algorithms.
- *
- * Define if linking with libshadow.a from the shadow password
- * suite (Linux, SunOS 4.x?).
- */
-#undef HAVE_PW_ENCRYPT
-
-/*
- * Define HAVE_AUTH_METHODS to support the shadow suite specific
- * extension: the encrypted password field contains a list of
- * administrator defined authentication methods, separated by
- * semicolons.  This program only supports the standard password
- * authentication method (a string that doesn't start with '@').
- */
-#undef HAVE_AUTH_METHODS
-
-/*
- * FAIL_DELAY - number of seconds to sleep before exiting if the
- * password was wrong, to slow down password guessing attempts.
- */
-#define FAIL_DELAY 2
-
-/* No user-serviceable parts below :-).  */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#include <pwd.h>
-
-#ifdef USE_SYSLOG
-#include <syslog.h>
-#ifndef LOG_AUTHPRIV
-#define LOG_AUTHPRIV LOG_AUTH
-#endif
-#endif
-
-#ifdef HAVE_GETSPNAM
-#include <shadow.h>
-#endif
-
-#ifdef HAVE_PW_ENCRYPT
-extern char *pw_encrypt();
-#define crypt pw_encrypt
-#endif
-
-/*
- * Read the password (one line) from fp.  We don't turn off echo
- * because we expect input from a pipe.
- */
-static char *
-get_line(fp)
-	FILE *fp;
-{
-	static char buf[128];
-	char *cp;
-	int ch;
-
-	cp = buf;
-	while ((ch = getc(fp)) != EOF && ch != '\0' && ch != '\n') {
-		if (cp >= buf + sizeof buf - 1)
-			break;
-		*cp++ = ch;
-	}
-	*cp = '\0';
-	return buf;
-}
-
-/*
- * Get the password file entry for the current user.  If the name
- * returned by getlogin() is correct (matches the current real uid),
- * return the entry for that user.  Otherwise, return the entry (if
- * any) matching the current real uid.  Return NULL on failure.
- */
-static struct passwd *
-get_my_pwent()
-{
-	uid_t uid = getuid();
-	char *name = getlogin();
-
-	if (name && *name) {
-		struct passwd *pw = getpwnam(name);
-
-		if (pw && pw->pw_uid == uid)
-			return pw;
-	}
-	return getpwuid(uid);
-}
-
-/*
- * Verify the password.  The system-dependent shadow support is here.
- */
-static int
-password_auth_ok(pw, pass)
-	const struct passwd *pw;
-	const char *pass;
-{
-	int result;
-	char *cp;
-#ifdef HAVE_AUTH_METHODS
-	char *buf;
-#endif
-#ifdef HAVE_GETSPNAM
-	struct spwd *sp;
-#endif
-
-	if (pw) {
-#ifdef HAVE_GETSPNAM
-		sp = getspnam(pw->pw_name);
-		if (sp)
-			cp = sp->sp_pwdp;
-		else
-#endif
-			cp = pw->pw_passwd;
-	} else
-		cp = "xx";
-
-#ifdef HAVE_AUTH_METHODS
-	buf = strdup(cp);  /* will be modified by strtok() */
-	if (!buf) {
-		fprintf(stderr, "Out of memory.\n");
-		exit(13);
-	}
-	cp = strtok(buf, ";");
-	while (cp && *cp == '@')
-		cp = strtok(NULL, ";");
-
-	/* fail if no password authentication for this user */
-	if (!cp)
-		cp = "xx";
-#endif
-
-	if (*pass || *cp)
-		result = (strcmp(crypt(pass, cp), cp) == 0);
-	else
-		result = 1;  /* user with no password */
-
-#ifdef HAVE_AUTH_METHODS
-	free(buf);
-#endif
-	return result;
-}
-
-/*
- * Main program.
- */
-int
-main(argc, argv)
-	int argc;
-	char **argv;
-{
-	struct passwd *pw;
-	char *pass, *name;
-	char myname[32];
-
-#ifdef USE_SYSLOG
-	openlog("pwdauth", LOG_PID | LOG_CONS, LOG_AUTHPRIV);
-#endif
-	pw = get_my_pwent();
-	if (!pw) {
-#ifdef USE_SYSLOG
-		syslog(LOG_ERR, "can't get login name for uid %d.\n",
-		       (int) getuid());
-#endif
-		fprintf(stderr, "Who are you?\n");
-		exit(2);
-	}
-	strncpy(myname, pw->pw_name, sizeof myname - 1);
-	myname[sizeof myname - 1] = '\0';
-	name = myname;
-
-	if (argc > 1) {
-		name = argv[1];
-		pw = getpwnam(name);
-	}
-
-	pass = get_line(stdin);
-	if (password_auth_ok(pw, pass)) {
-#ifdef USE_SYSLOG
-		syslog(pw->pw_uid ? LOG_INFO : LOG_NOTICE,
-		       "user `%s' entered correct password for `%.32s'.\n",
-		       myname, name);
-#endif
-		exit(0);
-	}
-#ifdef USE_SYSLOG
-	/* be careful not to overrun the syslog buffer */
-	syslog((!pw || pw->pw_uid) ? LOG_NOTICE : LOG_WARNING,
-	       "user `%s' entered incorrect password for `%.32s'.\n",
-	       myname, name);
-#endif
-#ifdef FAIL_DELAY
-	sleep(FAIL_DELAY);
-#endif
-	fprintf(stderr, "Wrong password.\n");
-	exit(1);
-}
-
-#if 0
-/*
- * You can use code similar to the following to run this program.
- * Return values: >=0 - program exit status (use the <sys/wait.h>
- * macros to get the exit code, it is shifted left by 8 bits),
- * -1 - check errno.
- */
-int
-verify_password(const char *username, const char *password)
-{
-	int pipe_fd[2];
-	int pid, wpid, status;
-
-	if (pipe(pipe_fd))
-		return -1;
-	
-	if ((pid = fork()) == 0) {
-		char *arg[3];
-		char *env[1];
-
-		/* child */
-		close(pipe_fd[1]);
-		if (pipe_fd[0] != 0) {
-			if (dup2(pipe_fd[0], 0) != 0)
-				_exit(127);
-			close(pipe_fd[0]);
-		}
-		arg[0] = "/usr/bin/pwdauth";
-		arg[1] = username;
-		arg[2] = NULL;
-		env[0] = NULL;
-		execve(arg[0], arg, env);
-		_exit(127);
-	} else if (pid == -1) {
-		/* error */
-		close(pipe_fd[0]);
-		close(pipe_fd[1]);
-		return -1;
-	}
-	/* parent */
-	close(pipe_fd[0]);
-	write(pipe_fd[1], password, strlen(password));
-	write(pipe_fd[1], "\n", 1);
-	close(pipe_fd[1]);
-
-	while ((wpid = wait(&status)) != pid) {
-		if (wpid == -1)
-			return -1;
-	}
-	return status;
-}
-#endif
diff --git a/contrib/shadow-anonftp.patch b/contrib/shadow-anonftp.patch
deleted file mode 100644
index e09647d..0000000
--- a/contrib/shadow-anonftp.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-Hello Marek,
-
-I have created a diffile against the 980403 release that adds
-functionality to newusers for automatic handling of users with only
-anonymous ftp login (using the guestgroup feature in ftpaccess, which
-means that the users home directory looks like '/home/user/./'). It also
-adds a commandline argument to specify an initial directory structure
-for such users, with a tarball normally containing the bin,lib,etc
-directories used in the chrooted environment.
-
-I am using it to automatically create chunks of users with only ftp
-access for a webserver.
-
-I have tried to follow your coding standards and I believe it is bug
-free but.. well, who knows. :) It's not much code however.
-
-I hope you find it useful. Do what you like with it, feel free to ask if
-anything is unclear.
-
-Best rgds,
-  Calle Karlsson
-  ckn@kash.se
-
-diff -uNr shadow-980403.orig/src/newusers.c shadow-980403/src/newusers.c
---- shadow-980403.orig/src/newusers.c	Fri Jan 30 00:22:43 1998
-+++ shadow-980403/src/newusers.c	Fri Apr 17 16:55:33 1998
-@@ -76,11 +76,35 @@
- static void
- usage(void)
- {
--	fprintf(stderr, "Usage: %s [ input ]\n", Prog);
-+	fprintf (stderr, "Usage: %s [-p prototype tarfile] [ input ]\n", Prog);
-+	fprintf (stderr, "The prototype tarfile is only used for users\n");
-+	fprintf (stderr, "marked as anonymous ftp users. It must be a full pathname.\n");
- 	exit(1);
- }
- 
- /*
-+ * createuserdir - create a directory and chmod it
-+ */
-+
-+static int
-+createuserdir (char * dir, int uid, int gid, int line)
-+{
-+	if (mkdir (dir, 0777 & ~getdef_num("UMASK", 077))) {
-+		fprintf (stderr, "%s: line %d: mkdir %s failed\n",
-+			 Prog, line, dir);
-+		return -1;
-+	}
-+
-+	if (chown (dir, uid, gid)) {
-+		fprintf (stderr, "%s: line %d: chown %s failed\n",
-+			 Prog, line, dir);
-+		return -1;
-+	}
-+
-+	return 0;
-+}
-+
-+/*
-  * add_group - create a new group or add a user to an existing group
-  */
- 
-@@ -328,6 +352,8 @@
- main(int argc, char **argv)
- {
- 	char	buf[BUFSIZ];
-+	char	anonproto[BUFSIZ];
-+	int	flag;
- 	char	*fields[8];
- 	int	nfields;
- 	char	*cp;
-@@ -340,12 +366,23 @@
- 
- 	Prog = Basename(argv[0]);
- 
--	if (argc > 1 && argv[1][0] == '-')
--		usage ();
-+	* anonproto = '\0';
-+
-+	while ((flag = getopt (argc, argv, "p:h")) != EOF) {
-+		switch (flag) {
-+		case 'p':
-+			STRFCPY(anonproto, optarg);
-+			break;
-+		case 'h':
-+		default:
-+			usage ();
-+			break;
-+		}
-+	}
- 
--	if (argc == 2) {
--		if (! freopen (argv[1], "r", stdin)) {
--			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[1]);
-+	if (optind < argc) {
-+		if (! freopen (argv[optind], "r", stdin)) {
-+			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[optind]);
- 			perror (buf);
- 			exit (1);
- 		}
-@@ -499,15 +536,36 @@
- 		if (fields[6][0])
- 			newpw.pw_shell = fields[6];
- 
--		if (newpw.pw_dir[0] && access(newpw.pw_dir, F_OK)) {
--			if (mkdir (newpw.pw_dir,
--					0777 & ~getdef_num("UMASK", 077)))
--				fprintf (stderr, "%s: line %d: mkdir failed\n",
--					Prog, line);
--			else if (chown (newpw.pw_dir,
--					newpw.pw_uid, newpw.pw_gid))
--				fprintf (stderr, "%s: line %d: chown failed\n",
--					Prog, line);
-+		if (newpw.pw_dir[0]) {
-+		        char * userdir = strdup (newpw.pw_dir);
-+			char * anonpart;
-+			int rc;
-+
-+			if ((anonpart = strstr (userdir, "/./"))) {
-+			        * anonpart = '\0';
-+				anonpart += 2;
-+			}
-+			
-+			if (access(userdir, F_OK))
-+				rc = createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
-+			else
-+				rc = 0;
-+
-+			if (rc == 0 && anonpart) {
-+				if (* anonproto) {
-+					char cmdbuf [BUFSIZ];
-+					snprintf(cmdbuf, sizeof cmdbuf,
-+						 "cd %s; tar xf %s",
-+						 userdir, anonproto);
-+					system (cmdbuf);
-+				}
-+				if (strlen (anonpart) > 1) {
-+					strcat (userdir, anonpart);
-+					if (access (userdir, F_OK))
-+						createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
-+				}
-+			}
-+			free (userdir);
- 		}
- 
- 		/*
diff --git a/contrib/udbachk.tgz b/contrib/udbachk.tgz
deleted file mode 100644
index 605ad63..0000000
--- a/contrib/udbachk.tgz
+++ /dev/null
diff --git a/debian/HOME_MODE.xml b/debian/HOME_MODE.xml
deleted file mode 100644
index 21aa55f..0000000
--- a/debian/HOME_MODE.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-   Copyright (c) 1991 - 1993, Julianne Frances Haugh
-   Copyright (c) 1991 - 1993, Chip Rosenthal
-   Copyright (c) 2007 - 2009, Nicolas François
-   All rights reserved.
-  
-   Redistribution and use in source and binary forms, with or without
-   modification, are permitted provided that the following conditions
-   are met:
-   1. Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-   2. Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-   3. The name of the copyright holders or contributors may not be used to
-      endorse or promote products derived from this software without
-      specific prior written permission.
-  
-   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<varlistentry>
-  <term><option>HOME_MODE</option> (number)</term>
-  <listitem>
-    <para>
-      The mode for new home directories. If not specified,
-      the <option>UMASK</option> is used to create the mode.
-    </para>
-    <para>
-      <command>useradd</command> and <command>newusers</command> use this
-      to set the mode of the home directory they create.
-    </para>
-  </listitem>
-</varlistentry>
diff --git a/debian/changelog b/debian/changelog
index 4816eeb..4e1b6c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,134 @@
+shadow (1:4.15.2-3~progress7.99u1) graograman-backports; urgency=medium
+
+  * Uploading to graograman-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Updating login prompt.
+    - Updating default path.
+    - Enabling pam_access.so.
+    - Disabling pam_motd.so.
+  * Merging debian version 1:4.15.2-3.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Wed, 26 Jun 2024 18:22:25 +0200
+
+shadow (1:4.15.2-3) unstable; urgency=medium
+
+  * d/watch: add versionmangle for -rc
+  * Revert "Use upstream's restrictions on user- and group names again".
+    Breaks adduser's tests, see #1074306.
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Wed, 26 Jun 2024 12:40:34 +0200
+
+shadow (1:4.15.2-2~progress7.99u1) graograman-backports; urgency=medium
+
+  * Uploading to graograman-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Updating login prompt.
+    - Updating default path.
+    - Enabling pam_access.so.
+    - Disabling pam_motd.so.
+  * Merging debian version 1:4.15.2-2.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Wed, 26 Jun 2024 18:21:22 +0200
+
+shadow (1:4.15.2-2) unstable; urgency=medium
+
+  * useradd(8): Fix missing paragraph on username length
+  * d/rules: explicitly set --with-audit and --enable-subordinate-ids
+  * Remove faillog support.
+    Stop installing faillog binary and man pages. Stop creating
+    /var/log/faillog in login.postinst.
+    PAM has removed support for /var/log/faillog by dropping pam_tally, and
+    login itself cannot write to it either.
+  * Use upstream's restrictions on user- and group names again.
+    Upstream started supporting mixed-case names some time ago.
+    Purely numeric names (#79682) are now forbidden again, as there is no
+    way of distinguishing them from user/group IDs otherwise.
+  * Drop useradd's backwards-compatibility -O flag
+  * Remove our copy of HOME_MODE.xml, identical upstream
+  * shadowconfig.8: actually install again
+  * passwd: add Depends: login.
+    Stop-gap until passwd can takeover /etc/login.defs from login.
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Tue, 25 Jun 2024 19:42:24 +0200
+
+shadow (1:4.15.2-1~progress7.99u1) graograman-backports; urgency=medium
+
+  * Uploading to graograman-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Updating login prompt.
+    - Updating default path.
+    - Enabling pam_access.so.
+    - Disabling pam_motd.so.
+  * Merging upstream version 1:4.15.2.
+  * Merging debian version 1:4.15.2-1.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Wed, 26 Jun 2024 18:19:12 +0200
+
+shadow (1:4.15.2-1) unstable; urgency=medium
+
+  * New upstream version 4.15.2
+    Includes fix for csrand_uniform().
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Sat, 22 Jun 2024 17:37:34 +0200
+
+shadow (1:4.15.1-1) unstable; urgency=medium
+
+  * New upstream version 4.15.1
+    Closes: #832047, #812127, #1034312, #856902, #791806
+    Closes: #1006216, #1006225, #1006208
+    * contrib/atudel, non-DFSG-compliant was removed upstream
+    * Remove obsolete configure flag --without-libcrack
+    * Use functions from libbsd (Closes: #1032393)
+    * Build-Depend: libltdl-dev for LT_LIB_DLLOAD
+      (Closes: #1065350)
+    * Build-Depend: pkgconf
+    * Drop upstream applied patches
+    * Disable FTMP_FILE by default, drop login failure logging
+    * Rebase patch 401_cppw_src.dpatch
+    * Rename patch 402_cppw_selinux
+    * Use upstream FAILLOG_ENAB code, incompatible with PAM
+      (Closes: #776314)
+    * Rebase patch 463_login_delay_obeys_to_PAM
+    * Rebase patch 501_commonio_group_shadow
+    * Rebase patch 502_debian_useradd_defaults
+    * Rebase patch 506_relaxed_usernames
+    * Rebase patch 542_useradd-O_option
+  * Update upstream signing keys
+  * Tag build with dh-package-notes
+  * Turn off --enable-lastlog, drop lastlog from not-installed
+  * Explicitly enable logind on linux-any
+  * Update default ENCRYPT_METHOD (Closes: #1043236)
+  * login: switch from Essential to Protected: yes (Closes: #960638)
+    Moves Pre-Depends to Depends.
+  * Enable acl, xattr support (Closes: #745796)
+  * login.defs: remove PAM-unsupported crypt settings (Closes: #1055582)
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Sat, 22 Jun 2024 16:08:41 +0200
+
+shadow (1:4.13+dfsg1-5~progress7.99u1) graograman-backports; urgency=medium
+
+  * Uploading to graograman-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Updating login prompt.
+    - Updating default path.
+    - Enabling pam_access.so.
+    - Disabling pam_motd.so.
+  * Merging debian version 1:4.13+dfsg1-5.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Mon, 03 Jun 2024 07:18:17 +0200
+
 shadow (1:4.13+dfsg1-5) unstable; urgency=medium
 
   * Add myself to Uploaders, per discussion with Serge Hallyn
diff --git a/debian/control b/debian/control
index 6fc4f81..70fa8f4 100644
--- a/debian/control
+++ b/debian/control
@@ -11,18 +11,26 @@ Priority: required
 Build-Depends:
  bison,
  debhelper-compat (= 13),
+ dh-package-notes,
  dh-sequence-zz-debputy-rrr (>= 0.1.23~),
  docbook-xml <!nodoc>,
  docbook-xsl <!nodoc>,
  gettext,
  itstool <!nodoc>,
+ libacl1-dev,
+ libattr1-dev,
  libaudit-dev [linux-any],
+ libbsd-dev,
  libcrypt-dev,
+ libltdl-dev,
  libpam0g-dev,
  libselinux1-dev [linux-any],
  libsemanage-dev [linux-any],
+ libsystemd-dev [linux-any],
  libxml2-utils <!nodoc>,
+ pkgconf,
  quilt,
+ systemd-dev [linux-any],
  xsltproc <!nodoc>
 Standards-Version: 4.6.1
 Vcs-Browser: https://git.progress-linux.org/packages/graograman-backports/shadow
@@ -36,7 +44,8 @@ Package: passwd
 Architecture: any
 Multi-Arch: foreign
 Depends:
- libpam-modules
+ libpam-modules,
+ login
 Recommends:
  sensible-utils
 Description: change and administer password and group data
@@ -48,8 +57,8 @@ Description: change and administer password and group data
 Package: login
 Architecture: any
 Multi-Arch: foreign
-Essential: yes
-Pre-Depends:
+Protected: yes
+Depends:
  libpam-modules,
  libpam-runtime
 Breaks:
@@ -59,7 +68,7 @@ Conflicts:
 Replaces:
  hurd (<< 20140206~) [hurd-any]
 Description: system login tools
- This package provides some required infrastructure for logins and for
+ This package provides support for console-based logins and for
  changing effective user or group IDs, including:
   * login, the program that invokes a user shell on a virtual terminal;
   * nologin, a dummy shell for disabled user accounts;
diff --git a/debian/copyright b/debian/copyright
index 7b7ab2b..f9340ed 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,8 +1,6 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: Shadow
 Source: https://github.com/shadow-maint/shadow
-Note: atudel is licensed under BSD-4-Clause which is not DFSG compatible
-Files-Excluded: contrib/atudel
 
 Files: *
 Copyright: 1989-1994, Julianne Frances Haugh
@@ -85,10 +83,6 @@ Copyright: 1993, Michael Haardt <michael@moria.de>
            1993, Scorpio, www.linuxforum.net
 License: GPL-2+
 
-Files: contrib/udbachk.tgz
-Copyright: 1999, Sami Kerola and Janne Riihijärvi
-License: GPL-2+
-
 Files: man/hu/man5/*
 Copyright: 1993, Michael Haardt <u31b3hs@pool.informatik.rwth-aachen.de>
 License: GPL-2+
@@ -97,18 +91,10 @@ Files: contrib/adduser2.sh
 Copyright: 1996, Petri Mattila, Prihateam Networks <petri@prihateam.fi>
 License: GPL-2+
 
-Files: contrib/pwdauth.c
-Copyright: 1996, Marek Michalkiewicz
-License: BSD-3-clause
-
 Files: lib/subordinateio.h
 Copyright: 2012, Eric W. Biederman
 License: BSD-3-clause
 
-Files: libmisc/date_to_str.c
-Copyright: 2021, Alejandro Colomar <alx.manpages@gmail.com>
-License: BSD-3-clause
-
 Files: man/hu/man1/su.1
 Copyright: 1999, Ragnar Hojland Espinosa <ragnar@macula.net>
 License: BSD-3-clause
@@ -139,16 +125,6 @@ Copyright: 1997, Guy Maor <maor@ece.utexas.edu>
            2007 - 2013, Nicolas François
 License: GPL-2+
 
-Files: libmisc/getdate.y
-Copyright: Steven M. Bellovin <smb@research.att.com>
-License: public-domain
- Originally written by Steven M. Bellovin <smb@research.att.com> while
- at the University of North Carolina at Chapel Hill.  Later tweaked by
- a couple of people on Usenet.  Completely overhauled by Rich $alz
- <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
- .
- This code is in the public domain and has no copyright.
-
 Files: man/ko/man5/*
 Copyright: 2000, ASPLINUX <man@asp-linux.co.kr>
 License: GPL-2+
@@ -161,13 +137,7 @@ Copyright: 1999-2001, Ben Collins <bcollins@debian.org>
            2017-2022 Balint Reczey <balint@balintreczey.hu>
 License: BSD-3-clause
 
-Files: debian/HOME_MODE.xml
-Copyright: 1991-1993, Chip Rosenthal
-           1991-1993, Julianne Frances Haugh
-           2007-2009, Nicolas François
-License: BSD-3-clause
-
-Files: debian/patches/401_cppw_src.dpatch
+Files: debian/patches/cppw-Add-tool.patch
 Copyright: 1997, Guy Maor <maor@ece.utexas.edu>
            1999, Stephen Frost <sfrost@snowman.net>
 License: GPL-2+
diff --git a/debian/login.defs b/debian/login.defs
index 4a5c6ea..9756c44 100644
--- a/debian/login.defs
+++ b/debian/login.defs
@@ -36,12 +36,6 @@ MAIL_DIR        /var/mail
 #MAIL_FILE      .mail
 
 #
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB		yes
-
-#
 # Enable display of unknown usernames when login failures are recorded.
 #
 # WARNING: Unknown usernames may become world readable. 
@@ -73,12 +67,6 @@ SYSLOG_SG_ENAB		yes
 #TTYTYPE_FILE	/etc/ttytype
 
 #
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE	/var/log/btmp
-
-#
 # If defined, the command name to display when running "su -".  For
 # example, if this is defined as "su" then a "ps" will display the
 # command is "-su".  If not defined, then "ps" would display the
@@ -128,32 +116,15 @@ TTYPERM		0600
 #
 #	ERASECHAR	Terminal ERASE character ('\010' = backspace).
 #	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
-#	UMASK		Default "umask" value.
 #
 # The ERASECHAR and KILLCHAR are used only on System V machines.
 # 
-# UMASK is the default umask value for pam_umask and is used by
-# useradd and newusers to set the mode of the new home directories.
-# 022 is the "historical" value in Debian for UMASK
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#
-# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
-# for private user groups, i. e. the uid is the same as gid, and username is
-# the same as the primary group name: for these, the user permissions will be
-# used as group permissions, e. g. 022 will become 002.
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
 ERASECHAR	0177
 KILLCHAR	025
-UMASK		022
 
 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
 # home directories.
-# If HOME_MODE is not set, the value of UMASK is used to create the mode.
-#HOME_MODE	0700
+HOME_MODE	0700
 
 #
 # Password aging controls:
@@ -268,17 +239,6 @@ USERGROUPS_ENAB yes
 #CONSOLE_GROUPS		floppy:audio:cdrom
 
 #
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm.  Default is "no".
-#
-# This variable is deprecated. You should use ENCRYPT_METHOD.
-#
-#MD5_CRYPT_ENAB	no
-
-#
 # If set to MD5, MD5-based algorithm will be used for encrypting password
 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
@@ -291,37 +251,7 @@ USERGROUPS_ENAB yes
 # Note: It is recommended to use a value consistent with
 # the PAM modules configuration.
 #
-ENCRYPT_METHOD SHA512
-
-#
-# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
-#
-# Define the number of SHA rounds.
-# With a lot of rounds, it is more difficult to brute-force the password.
-# However, more CPU resources will be needed to authenticate users if
-# this value is increased.
-#
-# If not specified, the libc will choose the default number of rounds (5000),
-# which is orders of magnitude too low for modern hardware.
-# The values must be within the 1000-999999999 range.
-# If only one of the MIN or MAX values is set, then this value will be used.
-# If MIN > MAX, the highest value will be used.
-#
-#SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
-
-#
-# Only works if ENCRYPT_METHOD is set to YESCRYPT.
-#
-# Define the YESCRYPT cost factor.
-# With a higher cost factor, it is more difficult to brute-force the password.
-# However, more CPU time and more memory will be needed to authenticate users
-# if this value is increased.
-#
-# If not specified, a cost factor of 5 will be used.
-# The value must be within the 1-11 range.
-#
-#YESCRYPT_COST_FACTOR 5
+ENCRYPT_METHOD YESCRYPT
 
 #
 # The pwck(8) utility emits a warning for any system account with a home
diff --git a/debian/login.install b/debian/login.install
index fd8bd12..ab03fc5 100644
--- a/debian/login.install
+++ b/debian/login.install
@@ -1,6 +1,5 @@
 bin/login usr/bin
 debian/login.defs etc
 sbin/nologin usr/sbin
-usr/bin/faillog
 usr/bin/newgrp
 usr/share/locale/*/LC_MESSAGES/shadow.mo
diff --git a/debian/login.manpages b/debian/login.manpages
index 6bb716f..1183942 100644
--- a/debian/login.manpages
+++ b/debian/login.manpages
@@ -1,14 +1,10 @@
 usr/share/man/*/man1/login.1
 usr/share/man/*/man1/newgrp.1
 usr/share/man/*/man1/sg.1
-usr/share/man/*/man5/faillog.5
 usr/share/man/*/man5/login.defs.5
-usr/share/man/*/man8/faillog.8
 usr/share/man/*/man8/nologin.8
 usr/share/man/man1/login.1
 usr/share/man/man1/newgrp.1
 usr/share/man/man1/sg.1
-usr/share/man/man5/faillog.5
 usr/share/man/man5/login.defs.5
-usr/share/man/man8/faillog.8
 usr/share/man/man8/nologin.8
diff --git a/debian/login.postinst b/debian/login.postinst
index 2261e1b..e91a2d5 100644
--- a/debian/login.postinst
+++ b/debian/login.postinst
@@ -1,16 +1,7 @@
 #!/bin/sh
-
 set -e
 
-
 if [ "$1" = "configure" ]; then
-	# Install faillog during initial installs only
-	if [ "$2" = "" ] && [ ! -f "$DPKG_ROOT/var/log/faillog" ] ; then
-		touch "$DPKG_ROOT/var/log/faillog"
-		chown 0:0 "$DPKG_ROOT/var/log/faillog"
-		chmod 644 "$DPKG_ROOT/var/log/faillog"
-	fi
-
 	# Create subuid/subgid if missing
 	if [ ! -e "$DPKG_ROOT/etc/subuid" ]; then
 		touch "$DPKG_ROOT/etc/subuid"
diff --git a/debian/not-installed b/debian/not-installed
index e542a49..d72a23e 100644
--- a/debian/not-installed
+++ b/debian/not-installed
@@ -1,5 +1,4 @@
 bin/groups
-etc/default/useradd
 etc/login.defs
 etc/pam.d/chfn
 etc/pam.d/chage
@@ -15,7 +14,7 @@ etc/pam.d/passwd
 etc/pam.d/useradd
 etc/pam.d/userdel
 etc/pam.d/usermod
-usr/bin/lastlog
+usr/bin/faillog
 usr/bin/sg
 usr/lib/*/libsubid.la
 usr/sbin/logoutd
@@ -25,15 +24,17 @@ usr/share/man/*/man1/logoutd.1
 usr/share/man/*/man1/su.1
 usr/share/man/*/man3/getspnam.3
 usr/share/man/*/man3/shadow.3
+usr/share/man/*/man5/faillog.5
 usr/share/man/*/man5/suauth.5
-usr/share/man/*/man8/lastlog.8
+usr/share/man/*/man8/faillog.8
 usr/share/man/*/man8/logoutd.8
 usr/share/man/man1/groups.1
 usr/share/man/man1/logoutd.1
 usr/share/man/man1/su.1
 usr/share/man/man3/getspnam.3
 usr/share/man/man3/shadow.3
+usr/share/man/man5/faillog.5
 usr/share/man/man5/suauth.5
-usr/share/man/man8/lastlog.8
+usr/share/man/man8/faillog.8
 usr/share/man/man8/logoutd.8
 
diff --git a/debian/passwd.manpages b/debian/passwd.manpages
index fee633b..5e07649 100644
--- a/debian/passwd.manpages
+++ b/debian/passwd.manpages
@@ -24,6 +24,7 @@ usr/share/man/*/man8/newusers.8
 usr/share/man/*/man8/pwck.8
 usr/share/man/*/man8/pwconv.8
 usr/share/man/*/man8/pwunconv.8
+usr/share/man/*/man8/shadowconfig.8
 usr/share/man/*/man8/useradd.8
 usr/share/man/*/man8/userdel.8
 usr/share/man/*/man8/usermod.8
@@ -53,6 +54,7 @@ usr/share/man/man8/newusers.8
 usr/share/man/man8/pwck.8
 usr/share/man/man8/pwconv.8
 usr/share/man/man8/pwunconv.8
+usr/share/man/man8/shadowconfig.8
 usr/share/man/man8/useradd.8
 usr/share/man/man8/userdel.8
 usr/share/man/man8/usermod.8
diff --git a/debian/patches/0001-gpasswd-1-Fix-password-leak.patch b/debian/patches/0001-gpasswd-1-Fix-password-leak.patch
deleted file mode 100644
index 1596b2d..0000000
--- a/debian/patches/0001-gpasswd-1-Fix-password-leak.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001
-From: Alejandro Colomar <alx@kernel.org>
-Date: Sat, 10 Jun 2023 16:20:05 +0200
-Subject: [PATCH] gpasswd(1): Fix password leak
-
-How to trigger this password leak?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When gpasswd(1) asks for the new password, it asks twice (as is usual
-for confirming the new password).  Each of those 2 password prompts
-uses agetpass() to get the password.  If the second agetpass() fails,
-the first password, which has been copied into the 'static' buffer
-'pass' via STRFCPY(), wasn't being zeroed.
-
-agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
-can fail for any of the following reasons:
-
--  malloc(3) or readpassphrase(3) failure.
-
-   These are going to be difficult to trigger.  Maybe getting the system
-   to the limits of memory utilization at that exact point, so that the
-   next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
-   About readpassphrase(3), ENFILE and EINTR seem the only plausible
-   ones, and EINTR probably requires privilege or being the same user;
-   but I wouldn't discard ENFILE so easily, if a process starts opening
-   files.
-
--  The password is longer than PASS_MAX.
-
-   The is plausible with physical access.  However, at that point, a
-   keylogger will be a much simpler attack.
-
-And, the attacker must be able to know when the second password is being
-introduced, which is not going to be easy.
-
-How to read the password after the leak?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Provoking the leak yourself at the right point by entering a very long
-password is easy, and inspecting the process stack at that point should
-be doable.  Try to find some consistent patterns.
-
-Then, search for those patterns in free memory, right after the victim
-leaks their password.
-
-Once you get the leak, a program should read all the free memory
-searching for patterns that gpasswd(1) leaves nearby the leaked
-password.
-
-On 6/10/23 03:14, Seth Arnold wrote:
-> An attacker process wouldn't be able to use malloc(3) for this task.
-> There's a handful of tools available for userspace to allocate memory:
->
-> -  brk / sbrk
-> -  mmap MAP_ANONYMOUS
-> -  mmap /dev/zero
-> -  mmap some other file
-> -  shm_open
-> -  shmget
->
-> Most of these return only pages of zeros to a process.  Using mmap of an
-> existing file, you can get some of the contents of the file demand-loaded
-> into the memory space on the first use.
->
-> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
-> CONFIG_MMAP_ALLOW_UNINITIALIZED.  This is rare.
->
-> malloc(3) doesn't zero memory, to our collective frustration, but all the
-> garbage in the allocations is from previous allocations in the current
-> process.  It isn't leftover from other processes.
->
-> The avenues available for reading the memory:
-> -  /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
-> -  /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
-> -  ptrace (requires ptrace privileges, mediated by YAMA)
-> -  causing memory to be swapped to disk, and then inspecting the swap
->
-> These all require a certain amount of privileges.
-
-How to fix it?
-~~~~~~~~~~~~~~
-
-memzero(), which internally calls explicit_bzero(3), or whatever
-alternative the system provides with a slightly different name, will
-make sure that the buffer is zeroed in memory, and optimizations are not
-allowed to impede this zeroing.
-
-This is not really 100% effective, since compilers may place copies of
-the string somewhere hidden in the stack.  Those copies won't get zeroed
-by explicit_bzero(3).  However, that's arguably a compiler bug, since
-compilers should make everything possible to avoid optimizing strings
-that are later passed to explicit_bzero(3).  But we all know that
-sometimes it's impossible to have perfect knowledge in the compiler, so
-this is plausible.  Nevertheless, there's nothing we can do against such
-issues, except minimizing the time such passwords are stored in plain
-text.
-
-Security concerns
-~~~~~~~~~~~~~~~~~
-
-We believe this isn't easy to exploit.  Nevertheless, and since the fix
-is trivial, this fix should probably be applied soon, and backported to
-all supported distributions, to prevent someone else having more
-imagination than us to find a way.
-
-Affected versions
-~~~~~~~~~~~~~~~~~
-
-All.  Bug introduced in shadow 19990709.  That's the second commit in
-the git history.
-
-Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
-Reported-by: Alejandro Colomar <alx@kernel.org>
-Cc: Serge Hallyn <serge@hallyn.com>
-Cc: Iker Pedrosa <ipedrosa@redhat.com>
-Cc: Seth Arnold <seth.arnold@canonical.com>
-Cc: Christian Brauner <christian@brauner.io>
-Cc: Balint Reczey <rbalint@debian.org>
-Cc: Sam James <sam@gentoo.org>
-Cc: David Runge <dvzrv@archlinux.org>
-Cc: Andreas Jaeger <aj@suse.de>
-Cc: <~hallyn/shadow@lists.sr.ht>
-Signed-off-by: Alejandro Colomar <alx@kernel.org>
----
- src/gpasswd.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/gpasswd.c
-+++ b/src/gpasswd.c
-@@ -896,6 +896,7 @@
- 		strzero (cp);
- 		cp = getpass (_("Re-enter new password: "));
- 		if (NULL == cp) {
-+			memzero (pass, sizeof pass);
- 			exit (1);
- 		}
- 
diff --git a/debian/patches/0002-Added-control-character-check.patch b/debian/patches/0002-Added-control-character-check.patch
deleted file mode 100644
index 29adce1..0000000
--- a/debian/patches/0002-Added-control-character-check.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
-From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
-Date: Thu, 23 Mar 2023 23:39:38 +0000
-Subject: [PATCH] Added control character check
-
-Added control character check, returning -1 (to "err") if control characters are present.
----
- lib/fields.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/lib/fields.c b/lib/fields.c
-index 640be931..fb51b582 100644
---- a/lib/fields.c
-+++ b/lib/fields.c
-@@ -21,9 +21,9 @@
-  *
-  * The supplied field is scanned for non-printable and other illegal
-  * characters.
-- *  + -1 is returned if an illegal character is present.
-- *  +  1 is returned if no illegal characters are present, but the field
-- *       contains a non-printable character.
-+ *  + -1 is returned if an illegal or control character is present.
-+ *  +  1 is returned if no illegal or control characters are present,
-+ *       but the field contains a non-printable character.
-  *  +  0 is returned otherwise.
-  */
- int valid_field (const char *field, const char *illegal)
-@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
- 	}
- 
- 	if (0 == err) {
--		/* Search if there are some non-printable characters */
-+		/* Search if there are non-printable or control characters */
- 		for (cp = field; '\0' != *cp; cp++) {
- 			if (!isprint (*cp)) {
- 				err = 1;
-+			}
-+			if (!iscntrl (*cp)) {
-+				err = -1;
- 				break;
- 			}
- 		}
--- 
-2.34.1
-
diff --git a/debian/patches/0003-Overhaul-valid_field.patch b/debian/patches/0003-Overhaul-valid_field.patch
deleted file mode 100644
index b7a8428..0000000
--- a/debian/patches/0003-Overhaul-valid_field.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
-Date: Fri, 31 Mar 2023 14:46:50 +0200
-Subject: [PATCH] Overhaul valid_field()
-
-e5905c4b ("Added control character check") introduced checking for
-control characters but had the logic inverted, so it rejects all
-characters that are not control ones.
-
-Cast the character to `unsigned char` before passing to the character
-checking functions to avoid UB.
-
-Use strpbrk(3) for the illegal character test and return early.
----
- lib/fields.c | 24 ++++++++++--------------
- 1 file changed, 10 insertions(+), 14 deletions(-)
-
-diff --git a/lib/fields.c b/lib/fields.c
-index fb51b582..53929248 100644
---- a/lib/fields.c
-+++ b/lib/fields.c
-@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
- 
- 	/* For each character of field, search if it appears in the list
- 	 * of illegal characters. */
-+	if (illegal && NULL != strpbrk (field, illegal)) {
-+		return -1;
-+	}
-+
-+	/* Search if there are non-printable or control characters */
- 	for (cp = field; '\0' != *cp; cp++) {
--		if (strchr (illegal, *cp) != NULL) {
-+		unsigned char c = *cp;
-+		if (!isprint (c)) {
-+			err = 1;
-+		}
-+		if (iscntrl (c)) {
- 			err = -1;
- 			break;
- 		}
- 	}
- 
--	if (0 == err) {
--		/* Search if there are non-printable or control characters */
--		for (cp = field; '\0' != *cp; cp++) {
--			if (!isprint (*cp)) {
--				err = 1;
--			}
--			if (!iscntrl (*cp)) {
--				err = -1;
--				break;
--			}
--		}
--	}
--
- 	return err;
- }
- 
--- 
-2.34.1
-
diff --git a/debian/patches/008_login_log_failure_in_FTMP b/debian/patches/008_login_log_failure_in_FTMP
deleted file mode 100644
index 0946ca0..0000000
--- a/debian/patches/008_login_log_failure_in_FTMP
+++ /dev/null
@@ -1,51 +0,0 @@
-Goal: Log login failures to the btmp file
-
-Notes:
- * I'm not sure login should add an entry in the FTMP file when PAM is used.
-   (but nothing in /etc/login.defs indicates that the failure is not logged)
-
---- a/src/login.c
-+++ b/src/login.c
-@@ -827,6 +827,24 @@
- 			(void) puts ("");
- 			(void) puts (_("Login incorrect"));
- 
-+			if (getdef_str("FTMP_FILE") != NULL) {
-+#ifdef USE_UTMPX
-+				struct utmpx *failent =
-+					prepare_utmpx (failent_user,
-+					               tty,
-+					/* FIXME: or fromhost? */hostname,
-+					               utent);
-+#else				/* !USE_UTMPX */
-+				struct utmp *failent =
-+					prepare_utmp (failent_user,
-+					              tty,
-+					              hostname,
-+					              utent);
-+#endif				/* !USE_UTMPX */
-+				failtmp (failent_user, failent);
-+				free (failent);
-+			}
-+
- 			if (failcount >= retries) {
- 				SYSLOG ((LOG_NOTICE,
- 				         "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
---- a/lib/getdef.c
-+++ b/lib/getdef.c
-@@ -38,7 +38,6 @@
- 	{"ENVIRON_FILE", NULL},			\
- 	{"ENV_TZ", NULL},			\
- 	{"FAILLOG_ENAB", NULL},			\
--	{"FTMP_FILE", NULL},			\
- 	{"HMAC_CRYPTO_ALGO", NULL},		\
- 	{"ISSUE_FILE", NULL},			\
- 	{"LASTLOG_ENAB", NULL},			\
-@@ -80,6 +79,7 @@
- 	{"ERASECHAR", NULL},
- 	{"FAIL_DELAY", NULL},
- 	{"FAKE_SHELL", NULL},
-+	{"FTMP_FILE", NULL},
- 	{"GID_MAX", NULL},
- 	{"GID_MIN", NULL},
- 	{"HOME_MODE", NULL},
diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB
deleted file mode 100644
index d8e6034..0000000
--- a/debian/patches/429_login_FAILLOG_ENAB
+++ /dev/null
@@ -1,84 +0,0 @@
-Goal: Re-enable logging and displaying failures on login when login is
-      compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
-      faillog file if it does not exist on postinst (as on Woody).
-Depends: 008_login_more_LOG_UNKFAIL_ENAB
-Fixes: #192849
-
-Note: It could be removed if pam_tally could report the number of failures
-      preceding a successful login.
-
---- a/src/login.c
-+++ b/src/login.c
-@@ -114,9 +114,9 @@
- #endif
- 			);
- 
--#ifndef USE_PAM
- static struct faillog faillog;
- 
-+#ifndef USE_PAM
- static void bad_time_notify (void);
- static void check_nologin (bool login_to_root);
- #else
-@@ -787,6 +787,9 @@
- 				SYSLOG ((LOG_NOTICE,
- 				         "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
- 				         failcount, fromhost, failent_user));
-+				if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
-+					failure (pwd->pw_uid, tty, &faillog);
-+				}
- 				fprintf (stderr,
- 				         _("Maximum number of tries exceeded (%u)\n"),
- 				         failcount);
-@@ -804,6 +807,14 @@
- 				         pam_strerror (pamh, retcode)));
- 				failed = true;
- 			}
-+			if (   (NULL != pwd)
-+			    && getdef_bool("FAILLOG_ENAB")
-+			    && ! failcheck (pwd->pw_uid, &faillog, failed)) {
-+				SYSLOG((LOG_CRIT,
-+				        "exceeded failure limit for `%s' %s",
-+				        failent_user, fromhost));
-+				failed = 1;
-+			}
- 
- 			if (!failed) {
- 				break;
-@@ -827,6 +838,10 @@
- 			(void) puts ("");
- 			(void) puts (_("Login incorrect"));
- 
-+			if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
-+				failure (pwd->pw_uid, tty, &faillog);
-+			}
-+
- 			if (getdef_str("FTMP_FILE") != NULL) {
- #ifdef USE_UTMPX
- 				struct utmpx *failent =
-@@ -1295,6 +1310,7 @@
- 		 */
- #ifndef USE_PAM
- 		motd ();	/* print the message of the day */
-+#endif
- 		if (   getdef_bool ("FAILLOG_ENAB")
- 		    && (0 != faillog.fail_cnt)) {
- 			failprint (&faillog);
-@@ -1307,6 +1323,7 @@
- 				         username, (int) faillog.fail_cnt));
- 			}
- 		}
-+#ifndef USE_PAM
- 		if (   getdef_bool ("LASTLOG_ENAB")
- 		    && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)
- 		    && (ll.ll_time != 0)) {
---- a/lib/getdef.c
-+++ b/lib/getdef.c
-@@ -78,6 +78,7 @@
- 	{"ENV_SUPATH", NULL},
- 	{"ERASECHAR", NULL},
- 	{"FAIL_DELAY", NULL},
-+	{"FAILLOG_ENAB", NULL},
- 	{"FAKE_SHELL", NULL},
- 	{"FTMP_FILE", NULL},
- 	{"GID_MAX", NULL},
diff --git a/debian/patches/542_useradd-O_option b/debian/patches/542_useradd-O_option
deleted file mode 100644
index 3745826..0000000
--- a/debian/patches/542_useradd-O_option
+++ /dev/null
@@ -1,40 +0,0 @@
-Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
-
-Note: useradd.8 needs to be regenerated.
-
-Status wrt upstream: not included as this is just specific 
-                     backward compatibility for Debian
-
---- a/man/useradd.8.xml
-+++ b/man/useradd.8.xml
-@@ -326,6 +326,11 @@
- 	    =<replaceable>100</replaceable>&nbsp;<option>-K</option>&nbsp;
- 	    <replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
- 	  </para>
-+          <para>
-+            For the compatibility with previous Debian's
-+            <command>useradd</command>, the <option>-O</option> option is
-+            also supported.
-+          </para>
- 	  <!--para>
- 	    Note: <option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
- 	    doesn't work yet.
---- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -1227,7 +1227,7 @@
- 			{NULL, 0, NULL, '\0'}
- 		};
- 		while ((c = getopt_long (argc, argv,
--					 "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U"
-+					 "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:P:s:u:U"
- #ifdef WITH_SELINUX
- 		                         "Z:"
- #endif				/* WITH_SELINUX */
-@@ -1367,6 +1367,7 @@
- 				kflg = true;
- 				break;
- 			case 'K':
-+			case 'O': /* compatibility with previous Debian useradd */
- 				/*
- 				 * override login.defs defaults (-K name=value)
- 				 * example: -K UID_MIN=100 -K UID_MAX=499
diff --git a/debian/patches/900_testsuite_groupmems b/debian/patches/900_testsuite_groupmems
deleted file mode 100644
index 6bdc497..0000000
--- a/debian/patches/900_testsuite_groupmems
+++ /dev/null
@@ -1,81 +0,0 @@
---- a/debian/passwd.install
-+++ b/debian/passwd.install
-@@ -9,6 +9,7 @@
- usr/sbin/cppw
- usr/sbin/groupadd
- usr/sbin/groupdel
-+usr/sbin/groupmems
- usr/sbin/groupmod
- usr/sbin/grpck
- usr/sbin/grpconv
-@@ -33,6 +34,7 @@
- usr/share/man/*/man8/chpasswd.8
- usr/share/man/*/man8/groupadd.8
- usr/share/man/*/man8/groupdel.8
-+usr/share/man/*/man8/groupmems.8
- usr/share/man/*/man8/groupmod.8
- usr/share/man/*/man8/grpck.8
- usr/share/man/*/man8/grpconv.8
-@@ -59,6 +61,7 @@
- usr/share/man/man8/chpasswd.8
- usr/share/man/man8/groupadd.8
- usr/share/man/man8/groupdel.8
-+usr/share/man/man8/groupmems.8
- usr/share/man/man8/groupmod.8
- usr/share/man/man8/grpck.8
- usr/share/man/man8/grpconv.8
---- a/debian/passwd.postinst
-+++ b/debian/passwd.postinst
-@@ -31,6 +31,24 @@
-     			exit 1
- 		)
- 	fi
-+	if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
-+	then
-+		groupadd -g 99 groupmems || (
-+    			cat <<EOF
-+************************  TESTSUITE  *****************************
-+Group ID 99 has been allocated for the groupmems group.  You have either
-+used 99 yourself or created a groupmems group with a different ID.
-+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
-+
-+Note that both user and group IDs in the range 0-99 are globally
-+allocated by the Debian project and must be the same on every Debian
-+system.
-+EOF
-+    			exit 1
-+		)
-+# FIXME
-+		chgrp groupmems /usr/sbin/groupmems
-+	fi
-     ;;
- esac
- 
---- a/debian/rules
-+++ b/debian/rules
-@@ -60,6 +60,7 @@
- 	dh_installpam -p passwd --name=chsh
- 	dh_installpam -p passwd --name=chpasswd
- 	dh_installpam -p passwd --name=newusers
-+	dh_installpam -p passwd --name=groupmems
- ifeq ($(DEB_HOST_ARCH_OS),hurd)
- # login is not built on The Hurd, but some utilities of passwd depends on
- # /etc/login.defs.
-@@ -87,3 +88,6 @@
- 	chgrp shadow debian/passwd/usr/bin/expiry
- 	chmod g+s debian/passwd/usr/bin/chage
- 	chmod g+s debian/passwd/usr/bin/expiry
-+	chgrp groupmems debian/passwd/usr/sbin/groupmems
-+	chmod u+s debian/passwd/usr/sbin/groupmems
-+	chmod o-x debian/passwd/usr/sbin/groupmems
---- /dev/null
-+++ b/debian/passwd.groupmems.pam
-@@ -0,0 +1,8 @@
-+# The PAM configuration file for the Shadow 'groupmod' service
-+#
-+
-+# This allows root to modify groups without being prompted for a password
-+auth		sufficient	pam_rootok.so
-+
-+@include common-auth
-+@include common-account
diff --git a/debian/patches/901_testsuite_gcov b/debian/patches/901_testsuite_gcov
deleted file mode 100644
index 717ccca..0000000
--- a/debian/patches/901_testsuite_gcov
+++ /dev/null
@@ -1,76 +0,0 @@
---- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -1,6 +1,8 @@
- 
- AUTOMAKE_OPTIONS = 1.0 foreign
- 
-+CFLAGS += -fprofile-arcs -ftest-coverage
-+
- DEFS = 
- 
- noinst_LTLIBRARIES = libshadow.la
---- a/libmisc/Makefile.am
-+++ b/libmisc/Makefile.am
-@@ -1,6 +1,8 @@
- 
- EXTRA_DIST = .indent.pro xgetXXbyYY.c
- 
-+CFLAGS += -fprofile-arcs -ftest-coverage
-+
- INCLUDES = -I$(top_srcdir)/lib
- 
- noinst_LIBRARIES = libmisc.a
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -7,6 +7,8 @@
- suidperms = 4755
- sgidperms = 2755
- 
-+CFLAGS += -fprofile-arcs -ftest-coverage
-+
- INCLUDES = \
- 	-I${top_srcdir}/lib \
- 	-I$(top_srcdir)/libmisc
---- a/debian/rules
-+++ b/debian/rules
-@@ -40,6 +40,12 @@
- endif
- export CFLAGS
- 
-+clean:: clean_gcov
-+
-+clean_gcov:
-+	find . -name "*.gcda" -delete
-+	find . -name "*.gcno" -delete
-+
- # Add extras to the install process:
- binary-install/login::
- 	dh_installpam -p login
---- a/lib/defines.h
-+++ b/lib/defines.h
-@@ -174,23 +174,9 @@
-    trust the formatted time received from the unix domain (or worse,
-    UDP) socket.  -MM */
- /* Avoid translated PAM error messages: Set LC_ALL to "C".
-+ * This is disabled for coverage testing
-  * --Nekral */
--#define SYSLOG(x)							\
--	do {								\
--		char *old_locale = setlocale (LC_ALL, NULL);		\
--		char *saved_locale = NULL;				\
--		if (NULL != old_locale) {				\
--			saved_locale = strdup (old_locale);		\
--		}							\
--		if (NULL != saved_locale) {				\
--			(void) setlocale (LC_ALL, "C");			\
--		}							\
--		syslog x ;						\
--		if (NULL != saved_locale) {				\
--			(void) setlocale (LC_ALL, saved_locale);	\
--			free (saved_locale);				\
--		}							\
--	} while (false)
-+#define SYSLOG(x) syslog x
- #else				/* !ENABLE_NLS */
- #define SYSLOG(x) syslog x
- #endif				/* !ENABLE_NLS */
diff --git a/debian/patches/503_shadowconfig.8 b/debian/patches/Document-the-shadowconfig-utility.patch
index 0f0d339..5aee1d0 100644
--- a/debian/patches/503_shadowconfig.8
+++ b/debian/patches/Document-the-shadowconfig-utility.patch
@@ -1,12 +1,185 @@
-Goal: Document the shadowconfig utility
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Document the shadowconfig utility
 
 Status wrt upstream: The shadowconfig utility is debian specific.
-                     Its man page also (but it used to be distributed)
+Its man page also (but it used to be distributed)
 
-Index: git/man/shadowconfig.8
-===================================================================
+Gbp-Topic: debian
+---
+ man/Makefile.am            |  2 ++
+ man/fr/Makefile.am         |  1 +
+ man/fr/man8/shadowconfig.8 | 26 +++++++++++++++++++++++
+ man/ja/Makefile.am         |  1 +
+ man/ja/man8/shadowconfig.8 | 25 ++++++++++++++++++++++
+ man/pl/Makefile.am         |  1 +
+ man/pl/man8/shadowconfig.8 | 27 ++++++++++++++++++++++++
+ man/shadowconfig.8         | 41 ++++++++++++++++++++++++++++++++++++
+ man/shadowconfig.8.xml     | 52 ++++++++++++++++++++++++++++++++++++++++++++++
+ 9 files changed, 176 insertions(+)
+ create mode 100644 man/fr/man8/shadowconfig.8
+ create mode 100644 man/ja/man8/shadowconfig.8
+ create mode 100644 man/pl/man8/shadowconfig.8
+ create mode 100644 man/shadowconfig.8
+ create mode 100644 man/shadowconfig.8.xml
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index 83b1d68..dab98f4 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -37,6 +37,7 @@ man_MANS = \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
++	man8/shadowconfig.8 \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+@@ -108,6 +109,7 @@ man_XMANS = \
+ 	porttime.5.xml \
+ 	pwck.8.xml \
+ 	pwconv.8.xml \
++	shadowconfig.8.xml \
+ 	shadow.3.xml \
+ 	shadow.5.xml \
+ 	sg.1.xml \
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 335e029..78aee9a 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -32,6 +32,7 @@ man_MANS = \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
++	man8/shadowconfig.8 \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+diff --git a/man/fr/man8/shadowconfig.8 b/man/fr/man8/shadowconfig.8
+new file mode 100644
+index 0000000..784da70
+--- /dev/null
++++ b/man/fr/man8/shadowconfig.8
+@@ -0,0 +1,26 @@
++.\" This file was generated with po4a. Translate the source file.
++.\"
++.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
++.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
++.SH NOM
++shadowconfig \- active ou désactive les mots de passe cachés
++.SH SYNOPSIS
++\fBshadowconfig\fP \fIon\fP | \fIoff\fP
++.SH DESCRIPTION
++.PP
++\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
++d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
++quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
++de recommencer.
++
++Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
++désactiver lorsqu'ils ne sont pas actifs est sans effet.
++
++Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
++mots de passe cachés et à leurs fonctionnalités.
++
++Notez que désactiver puis réactiver les mots de passe cachés aura pour
++conséquence la perte des informations d'âge sur les mots de passe.
++.SH TRADUCTION
++Nicolas FRANÇOIS, 2004.
++Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index 13f18da..c72097f 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -27,6 +27,7 @@ man_MANS = \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
++	man8/shadowconfig.8 \
+ 	man1/sg.1 \
+ 	man5/shadow.5 \
+ 	man1/su.1 \
+diff --git a/man/ja/man8/shadowconfig.8 b/man/ja/man8/shadowconfig.8
+new file mode 100644
+index 0000000..a75c6f7
+--- /dev/null
++++ b/man/ja/man8/shadowconfig.8
+@@ -0,0 +1,25 @@
++.\"     all right reserved,
++.\" Translated Tue Oct 30 11:59:11 JST 2001
++.\" by Maki KURODA <mkuroda@aisys-jp.com>
++.\"
++.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
++.SH ��
++shadowconfig \- shadow パスワード�設定をオン��オフ�切替�る
++.SH 書�
++.B "shadowconfig"
++.IR on " | " off
++.SH 説明
++.PP
++.B shadowconfig on
++� shadow パスワードを有効��る。
++.B shadowconfig off
++� shadow パスワードを無効��る。
++.B shadowconfig
++�何ら��間����る��エラーメッセージを表示��
++ゼロ����返り値を返�。
++も���よ�����起���場��エラーを修正���度実行���れ��ら��。
++shadow パスワード�設定����オン�場��オン�設定��り�
++���オフ�場��オフ�設定��も�何�影響も��。
++
++.I /usr/share/doc/passwd/README.debian.gz
++�� shadow パスワード��れ�関�る特徴�簡��紹介�書�れ��る。
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index b2f096f..aa79af2 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -18,6 +18,7 @@ man_MANS = \
+ 	man8/logoutd.8 \
+ 	man1/newgrp.1 \
+ 	man1/sg.1 \
++	man8/shadowconfig.8 \
+ 	man3/shadow.3 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/pl/man8/shadowconfig.8 b/man/pl/man8/shadowconfig.8
+new file mode 100644
+index 0000000..2016c9f
+--- /dev/null
++++ b/man/pl/man8/shadowconfig.8
+@@ -0,0 +1,27 @@
++.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
++.\" {PTM/WK/1999-09-14}
++.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
++.SH NAZWA
++shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
++.SH SK�ADNIA
++.B "shadowconfig"
++.IR on " | " off
++.SH OPIS
++.PP
++.B shadowconfig on
++włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
++.B shadowconfig off
++wyłącza dodatkowe pliki haseł i grup.
++.B shadowconfig
++wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
++znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
++.\" if it finds anything awry.
++i uruchomić program ponownie.
++
++Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
++gdy jest wyłączona jest nieszkodliwe.
++
++Przeczytaj
++.IR /usr/share/doc/passwd/README.debian.gz ,
++gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
++plików haseł przesłanianych (shadow passwords) i związanych tematów.
+diff --git a/man/shadowconfig.8 b/man/shadowconfig.8
+new file mode 100644
+index 0000000..c0ee0af
 --- /dev/null
-+++ git/man/shadowconfig.8
++++ b/man/shadowconfig.8
 @@ -0,0 +1,41 @@
 +.\"Generated by db2man.xsl. Don't modify this, modify the source.
 +.de Sh \" Subsection
@@ -49,10 +222,11 @@ Index: git/man/shadowconfig.8
 +.PP
 +Note that turning shadow passwords off and on again will lose all password aging information\&.
 +
-Index: git/man/shadowconfig.8.xml
-===================================================================
+diff --git a/man/shadowconfig.8.xml b/man/shadowconfig.8.xml
+new file mode 100644
+index 0000000..b4080ea
 --- /dev/null
-+++ git/man/shadowconfig.8.xml
++++ b/man/shadowconfig.8.xml
 @@ -0,0 +1,52 @@
 +<?xml version="1.0" encoding="UTF-8"?>
 +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
@@ -106,96 +280,3 @@ Index: git/man/shadowconfig.8.xml
 +    </para>
 +  </refsect1>
 +</refentry>
-Index: git/man/fr/shadowconfig.8
-===================================================================
---- /dev/null
-+++ git/man/fr/shadowconfig.8
-@@ -0,0 +1,26 @@
-+.\" This file was generated with po4a. Translate the source file.
-+.\"
-+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
-+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
-+.SH NOM
-+shadowconfig \- active ou désactive les mots de passe cachés
-+.SH SYNOPSIS
-+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
-+.SH DESCRIPTION
-+.PP
-+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
-+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
-+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
-+de recommencer.
-+
-+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
-+désactiver lorsqu'ils ne sont pas actifs est sans effet.
-+
-+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
-+mots de passe cachés et à leurs fonctionnalités.
-+
-+Notez que désactiver puis réactiver les mots de passe cachés aura pour
-+conséquence la perte des informations d'âge sur les mots de passe.
-+.SH TRADUCTION
-+Nicolas FRANÇOIS, 2004.
-+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
-Index: git/man/ja/shadowconfig.8
-===================================================================
---- /dev/null
-+++ git/man/ja/shadowconfig.8
-@@ -0,0 +1,25 @@
-+.\"     all right reserved,
-+.\" Translated Tue Oct 30 11:59:11 JST 2001
-+.\" by Maki KURODA <mkuroda@aisys-jp.com>
-+.\"
-+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
-+.SH ��
-+shadowconfig \- shadow パスワード�設定をオン��オフ�切替�る
-+.SH 書�
-+.B "shadowconfig"
-+.IR on " | " off
-+.SH 説明
-+.PP
-+.B shadowconfig on
-+� shadow パスワードを有効��る。
-+.B shadowconfig off
-+� shadow パスワードを無効��る。
-+.B shadowconfig
-+�何ら��間����る��エラーメッセージを表示��
-+ゼロ����返り値を返�。
-+も���よ�����起���場��エラーを修正���度実行���れ��ら��。
-+shadow パスワード�設定����オン�場��オン�設定��り�
-+���オフ�場��オフ�設定��も�何�影響も��。
-+
-+.I /usr/share/doc/passwd/README.debian.gz
-+�� shadow パスワード��れ�関�る特徴�簡��紹介�書�れ��る。
-Index: git/man/pl/shadowconfig.8
-===================================================================
---- /dev/null
-+++ git/man/pl/shadowconfig.8
-@@ -0,0 +1,27 @@
-+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
-+.\" {PTM/WK/1999-09-14}
-+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
-+.SH NAZWA
-+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
-+.SH SK�ADNIA
-+.B "shadowconfig"
-+.IR on " | " off
-+.SH OPIS
-+.PP
-+.B shadowconfig on
-+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
-+.B shadowconfig off
-+wyłącza dodatkowe pliki haseł i grup.
-+.B shadowconfig
-+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
-+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
-+.\" if it finds anything awry.
-+i uruchomić program ponownie.
-+
-+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
-+gdy jest wyłączona jest nieszkodliwe.
-+
-+Przeczytaj
-+.IR /usr/share/doc/passwd/README.debian.gz ,
-+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
-+plików haseł przesłanianych (shadow passwords) i związanych tematów.
diff --git a/debian/patches/502_debian_useradd_defaults b/debian/patches/Keep-using-Debian-adduser-defaults.patch
index 6317ed6..51dfb88 100644
--- a/debian/patches/502_debian_useradd_defaults
+++ b/debian/patches/Keep-using-Debian-adduser-defaults.patch
@@ -1,41 +1,54 @@
 From: Balint Reczey <balint@balintreczey.hu>
-Description: Keep using Debian's adduser defaults
- Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit
- in 4.9 merged those values from upstream's default configuration file
- which is not shipped in Debian.
- This patch keeps the program's compiled in defaults in sync with the
- configuration files shipped in Debian (debian/default/useradd).
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Keep using Debian's adduser defaults
+
 Bug: https://github.com/shadow-maint/shadow/issues/501
 Bug-Debian: https://bugs.debian.org/1004710
 Forwarded: not-needed
 
+Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit
+in 4.9 merged those values from upstream's default configuration file
+which is not shipped in Debian.
+This patch keeps the program's compiled in defaults in sync with the
+configuration files shipped in Debian (debian/default/useradd).
+
+Gbp-Topic: debian
+---
+ man/useradd.8.xml | 2 +-
+ src/useradd.c     | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index 001e7d1..4888100 100644
+--- a/man/useradd.8.xml
++++ b/man/useradd.8.xml
+@@ -248,7 +248,7 @@
+ 	    command line), useradd will set the primary group of the new
+ 	    user to the value specified by the <option>GROUP</option>
+ 	    variable in <filename>/etc/default/useradd</filename>, or
+-	    1000 by default.
++	    100 by default.
+ 	  </para>
+ 	</listitem>
+       </varlistentry>
+diff --git a/src/useradd.c b/src/useradd.c
+index 347334a..ac43edd 100644
 --- a/src/useradd.c
 +++ b/src/useradd.c
-@@ -79,12 +79,12 @@
+@@ -91,14 +91,14 @@ static const char Prog[] = "useradd";
  /*
   * These defaults are used if there is no defaults file.
   */
 -static gid_t def_group = 1000;
 +static gid_t def_group = 100;
+ static const char *def_groups = "";
  static const char *def_gname = "other";
  static const char *def_home = "/home";
  static const char *def_shell = "/bin/bash";
  static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
 -static const char *def_create_mail_spool = "yes";
 +static const char *def_create_mail_spool = "no";
  static const char *def_log_init = "yes";
  
  static long def_inactive = -1;
-diff --git a/man/useradd.8.xml b/man/useradd.8.xml
-index af02a23f..c7f95b47 100644
---- a/man/useradd.8.xml
-+++ b/man/useradd.8.xml
-@@ -248,7 +248,7 @@
- 	    command line), useradd will set the primary group of the new
- 	    user to the value specified by the <option>GROUP</option>
- 	    variable in <filename>/etc/default/useradd</filename>, or
--	    1000 by default.
-+	    100 by default.
- 	  </para>
- 	</listitem>
-       </varlistentry>
diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch
index ab32c2a..66f5063 100644
--- a/debian/patches/463_login_delay_obeys_to_PAM
+++ b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch
@@ -1,5 +1,6 @@
-Goal: Do not hardcode pam_fail_delay and let pam_unix do its
-      job to set a delay...or not
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Let pam_unix handle login failure delays
 
 Fixes: #87648
 
@@ -7,25 +8,45 @@ Status wrt upstream: Forwarded but not applied yet
 
 Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 
+Gbp-Topic: debian
+---
+ lib/getdef.c |  1 -
+ src/login.c  | 19 +++++--------------
+ 2 files changed, 5 insertions(+), 15 deletions(-)
+
+diff --git a/lib/getdef.c b/lib/getdef.c
+index 30f54ba..21307bb 100644
+--- a/lib/getdef.c
++++ b/lib/getdef.c
+@@ -84,7 +84,6 @@ static struct itemdef def_table[] = {
+ 	{"ENV_PATH", NULL},
+ 	{"ENV_SUPATH", NULL},
+ 	{"ERASECHAR", NULL},
+-	{"FAIL_DELAY", NULL},
+ 	{"FAKE_SHELL", NULL},
+ 	{"GID_MAX", NULL},
+ 	{"GID_MIN", NULL},
+diff --git a/src/login.c b/src/login.c
+index 9fed7b3..a5512d1 100644
 --- a/src/login.c
 +++ b/src/login.c
-@@ -512,7 +512,6 @@
- #if !defined(USE_PAM)
- 	char ptime[80];
- #endif
--	unsigned int delay;
- 	unsigned int retries;
- 	bool subroot = false;
- #ifndef USE_PAM
-@@ -537,6 +536,7 @@
- 	pid_t child;
- 	char *pam_user = NULL;
+@@ -490,7 +490,6 @@ int main (int argc, char **argv)
+ 	const char     *tmptty;
+ 	const char     *cp;
+ 	const char     *tmp;
+-	unsigned int   delay;
+ 	unsigned int   retries;
+ 	unsigned int   timeout;
+ 	struct passwd  *pwd = NULL;
+@@ -500,6 +499,7 @@ int main (int argc, char **argv)
+ 	char           *pam_user = NULL;
+ 	pid_t          child;
  #else
-+	unsigned int delay;
++	unsigned int   delay;
+ 	bool is_console;
  	struct spwd *spwd = NULL;
- #endif
- 	/*
-@@ -701,7 +701,6 @@
+ # if defined(ENABLE_LASTLOG)
+@@ -669,7 +669,6 @@ int main (int argc, char **argv)
  	}
  
  	environ = newenvp;	/* make new environment active */
@@ -33,7 +54,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
  
  #ifdef USE_PAM
-@@ -717,8 +716,7 @@
+@@ -685,8 +684,7 @@ int main (int argc, char **argv)
  
  	/*
  	 * hostname & tty are either set to NULL or their correct values,
@@ -43,7 +64,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	 *
  	 * PAM_RHOST and PAM_TTY are used for authentication, only use
  	 * information coming from login or from the caller (e.g. no utmp)
-@@ -727,10 +725,6 @@
+@@ -695,10 +693,6 @@ int main (int argc, char **argv)
  	PAM_FAIL_CHECK;
  	retcode = pam_set_item (pamh, PAM_TTY, tty);
  	PAM_FAIL_CHECK;
@@ -53,8 +74,8 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 -#endif
  	/* if fflg, then the user has already been authenticated */
  	if (!fflg) {
- 		unsigned int failcount = 0;
-@@ -771,12 +765,6 @@
+ 		char          hostn[256];
+@@ -736,12 +730,6 @@ int main (int argc, char **argv)
  			bool failed = false;
  
  			failcount++;
@@ -67,7 +88,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  
  			retcode = pam_authenticate (pamh, 0);
  
-@@ -1110,14 +1098,17 @@
+@@ -1032,14 +1020,17 @@ int main (int argc, char **argv)
  		free (username);
  		username = NULL;
  
@@ -85,13 +106,3 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  
  		(void) puts (_("Login incorrect"));
  
---- a/lib/getdef.c
-+++ b/lib/getdef.c
-@@ -77,7 +77,6 @@
- 	{"ENV_PATH", NULL},
- 	{"ENV_SUPATH", NULL},
- 	{"ERASECHAR", NULL},
--	{"FAIL_DELAY", NULL},
- 	{"FAILLOG_ENAB", NULL},
- 	{"FAKE_SHELL", NULL},
- 	{"FTMP_FILE", NULL},
diff --git a/debian/patches/README.patches b/debian/patches/README.patches
deleted file mode 100644
index a804fe3..0000000
--- a/debian/patches/README.patches
+++ /dev/null
@@ -1,22 +0,0 @@
-Small intro to the system for numbering the patches here...
-
--The 00xx-... patches are forwarded to upstream's git repository
-
--The 0xx_... series of patches are patches isolated from the latest
- version of the shadow Debian package not using quilt in order to
- separate upstream from Debian-specific stuff.
-
- NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
-
--The 4xx series are patches which have been applied to Debian's shadow
- and have NOT been accepted and/or applied upstream. These patches MUST be kept
- even after resynced with upstream
-
--The 5xx series are patches which are applied to Debian's shadow
- and will never be proposed upstream because they're too specific
- This list SHOULD BE AS SHORT AS POSSIBLE
-
-In short, while we are working towards synchronisation with upstream,
-our goal is to make 0xx patches disappear by moving them either to 3xx
-series (things already implemented upstream) or to 4xx series
-(Debian-specific patches).
diff --git a/debian/patches/505_useradd_recommend_adduser b/debian/patches/Recommend-using-adduser-and-deluser.patch
index 9fb3fe3..79019a4 100644
--- a/debian/patches/505_useradd_recommend_adduser
+++ b/debian/patches/Recommend-using-adduser-and-deluser.patch
@@ -1,36 +1,48 @@
-Goal: Recommend using adduser and deluser.
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Recommend using adduser and deluser
 
 Fixes: #406046
 
 Status wrt upstream: Debian specific patch.
 
+Gbp-Topic: debian
+---
+ man/useradd.8.xml | 6 ++++++
+ man/userdel.8.xml | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index 4888100..17987a6 100644
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -83,6 +83,12 @@
+@@ -82,6 +82,12 @@
+ 
    <refsect1 id='description'>
      <title>DESCRIPTION</title>
-       <para>
++      <para>
 +	<command>useradd</command> is a low level utility for adding
 +	users.  On Debian, administrators should usually use
 +	<citerefentry><refentrytitle>adduser</refentrytitle>
 +	<manvolnum>8</manvolnum></citerefentry> instead.
 +      </para>
-+      <para>
+       <para>
  	When invoked without the <option>-D</option> option, the
  	<command>useradd</command> command creates a new user account using
- 	the values specified on the command line plus the default values from
+diff --git a/man/userdel.8.xml b/man/userdel.8.xml
+index 5bd2981..384cc86 100644
 --- a/man/userdel.8.xml
 +++ b/man/userdel.8.xml
-@@ -59,6 +59,12 @@
+@@ -58,6 +58,12 @@
+ 
    <refsect1 id='description'>
      <title>DESCRIPTION</title>
-     <para>
++    <para>
 +      <command>userdel</command> is a low level utility for removing
 +      users.  On Debian, administrators should usually use
 +      <citerefentry><refentrytitle>deluser</refentrytitle>
 +      <manvolnum>8</manvolnum></citerefentry> instead.
 +    </para>
-+    <para>
+     <para>
        The <command>userdel</command> command modifies the system account
        files, deleting all entries that refer to the user name <emphasis
-       remap='I'>LOGIN</emphasis>. The named user must exist.
diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/Relax-usernames-groupnames-checking.patch
index 0e066d9..8e00d43 100644
--- a/debian/patches/506_relaxed_usernames
+++ b/debian/patches/Relax-usernames-groupnames-checking.patch
@@ -1,28 +1,38 @@
-Goal: Relaxed usernames/groupnames checking patch.
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Relax usernames/groupnames checking
+
+Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
+characters and don't start with '-', '+', or '~'. This patch is more
+restrictive than original Karl's version. closes: #264879
+Also closes: #377844
+
+Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
+
+I can't come up with a good justification as to why characters other
+than ':'s and '\0's should be disallowed in group and usernames (other
+than '-' as the leading character).  Thus, the maintenance tools don't
+anymore.  closes: #79682, #166798, #171179
 
 Status wrt upstream: Debian specific. Not to be used upstream
 
-Details:
- Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
- characters and don't start with '-', '+', or '~'. This patch is more
- restrictive than original Karl's version. closes: #264879
- Also closes: #377844
- 
- Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
- 
- I can't come up with a good justification as to why characters other
- than ':'s and '\0's should be disallowed in group and usernames (other
- than '-' as the leading character).  Thus, the maintenance tools don't
- anymore.  closes: #79682, #166798, #171179
+Gbp-Topic: debian
+---
+ lib/chkname.c      | 47 +++++++++++++++--------------------------------
+ man/groupadd.8.xml |  6 ++++++
+ man/useradd.8.xml  |  8 ++++++++
+ 3 files changed, 29 insertions(+), 32 deletions(-)
 
---- a/libmisc/chkname.c
-+++ b/libmisc/chkname.c
-@@ -32,44 +32,26 @@
+diff --git a/lib/chkname.c b/lib/chkname.c
+index 995562f..d9678c6 100644
+--- a/lib/chkname.c
++++ b/lib/chkname.c
+@@ -54,44 +54,27 @@ static bool is_valid_name (const char *name)
  	}
  
  	/*
--         * User/group names must match gnu e-regex:
--         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+-         * User/group names must match BRE regex:
+-         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\?
 -         *
 -         * as a non-POSIX, extension, allow "$" as the last char for
 -         * sake of Samba 3.x "add machine script"
@@ -51,7 +61,7 @@ Details:
 +	    || ('+'  == *name)) {
  		return false;
  	}
--
+ 
 -	numeric = isdigit(*name);
 -
 -	while ('\0' != *++name) {
@@ -76,36 +86,40 @@ Details:
 +	return true;
  }
  
- bool is_valid_user_name (const char *name)
---- a/man/useradd.8.xml
-+++ b/man/useradd.8.xml
-@@ -708,6 +708,14 @@
-       the <command>ls</command> output.
-     </para>
-     <para>
-+      On Debian, the only constraints are that usernames must neither start
-+      with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
-+      colon (':'), a comma (','), or a whitespace (space: ' ',
-+      end of line: '\n', tabulation: '\t', etc.). Note that using a slash
-+      ('/') may break the default algorithm for the definition of the
-+      user's home directory.
-+    </para>
-+    <para>
-       Usernames may only be up to 32 characters long.
-     </para>
-   </refsect1>
+ 
+diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
+index 61a548f..d472bd0 100644
 --- a/man/groupadd.8.xml
 +++ b/man/groupadd.8.xml
-@@ -72,6 +72,12 @@
+@@ -71,6 +71,12 @@
+        Fully numeric groupnames and groupnames . or .. are
         also disallowed.
       </para>
-      <para>
++     <para>
 +       On Debian, the only constraints are that groupnames must neither start
 +       with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
 +       colon (':'), a comma (','), or a whitespace (space:' ',
 +       end of line: '\n', tabulation: '\t', etc.).
 +     </para>
-+     <para>
+      <para>
         Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
       </para>
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index 17987a6..c98b214 100644
+--- a/man/useradd.8.xml
++++ b/man/useradd.8.xml
+@@ -735,6 +735,14 @@
+     <para>
+       Usernames may only be up to 256 characters long.
+     </para>
++    <para>
++      On Debian, the only constraints are that usernames must neither start
++      with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
++      colon (':'), a comma (','), or a whitespace (space: ' ',
++      end of line: '\n', tabulation: '\t', etc.). Note that using a slash
++      ('/') may break the default algorithm for the definition of the
++      user's home directory.
++    </para>
    </refsect1>
+ 
+   <refsect1 id='configuration'>
diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch
index cfdf10c..c5e21ac 100644
--- a/debian/patches/501_commonio_group_shadow
+++ b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch
@@ -1,7 +1,20 @@
-Goal: save the [g]shadow files with the 'shadow' group and mode 0440
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Set group and mode for [g]shadow files
+
+Set group 'shadow' and mode 0400.
 
 Fixes: #166793
 
+Gbp-Topic: debian
+---
+ lib/commonio.c | 12 ++++++++++++
+ lib/sgroupio.c |  2 +-
+ lib/shadowio.c |  2 +-
+ 3 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/lib/commonio.c b/lib/commonio.c
+index 01a26c9..72e53b0 100644
 --- a/lib/commonio.c
 +++ b/lib/commonio.c
 @@ -21,6 +21,7 @@
@@ -9,12 +22,12 @@ Fixes: #166793
  #include <stdio.h>
  #include <signal.h>
 +#include <grp.h>
- #include "nscd.h"
- #include "sssd.h"
- #ifdef WITH_TCB
-@@ -970,12 +971,23 @@
+ 
+ #include "alloc.h"
+ #include "memzero.h"
+@@ -956,12 +957,23 @@ int commonio_close (struct commonio_db *db)
+ 		if (errors != 0)
  			goto fail;
- 		}
  	} else {
 +		struct group *grp;
  		/*
@@ -35,10 +48,12 @@ Fixes: #166793
 +		}
  	}
  
- 	snprintf (buf, sizeof buf, "%s+", db->filename);
+ 	if (SNPRINTF(buf, "%s+", db->filename) == -1)
+diff --git a/lib/sgroupio.c b/lib/sgroupio.c
+index 0297df4..107b1e5 100644
 --- a/lib/sgroupio.c
 +++ b/lib/sgroupio.c
-@@ -206,7 +206,7 @@
+@@ -209,7 +209,7 @@ static struct commonio_db gshadow_db = {
  #ifdef WITH_SELINUX
  	NULL,			/* scontext */
  #endif
@@ -47,9 +62,11 @@ Fixes: #166793
  	0,                      /* st_uid */
  	0,                      /* st_gid */
  	NULL,			/* head */
+diff --git a/lib/shadowio.c b/lib/shadowio.c
+index d2c3b47..53dac0b 100644
 --- a/lib/shadowio.c
 +++ b/lib/shadowio.c
-@@ -84,7 +84,7 @@
+@@ -85,7 +85,7 @@ static struct commonio_db shadow_db = {
  #ifdef WITH_SELINUX
  	NULL,			/* scontext */
  #endif				/* WITH_SELINUX */
diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/cppw-Add-tool.patch
index 5244702..a738898 100644
--- a/debian/patches/401_cppw_src.dpatch
+++ b/debian/patches/cppw-Add-tool.patch
@@ -1,10 +1,50 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 401_cppw_src.dpatch by  Nicolas FRANCOIS <nicolas.francois@centraliens.net>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Add cppw / cpgr
+From: Nicolas FRANCOIS <nicolas.francois@centraliens.net>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: cppw: Add tool
 
-@DPATCH@
+Gbp-Topic: debian
+---
+ po/POTFILES.in  |   1 +
+ src/Makefile.am |   2 +
+ src/cppw.c      | 238 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 241 insertions(+)
+ create mode 100644 src/cppw.c
+
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 9ff6100..a60c93e 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -86,6 +86,7 @@ src/chfn.c
+ src/chgpasswd.c
+ src/chpasswd.c
+ src/chsh.c
++src/cppw.c
+ src/expiry.c
+ src/faillog.c
+ src/gpasswd.c
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b6cb09e..c86ba52 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -39,6 +39,7 @@ if WITH_SU
+ bin_PROGRAMS  += su
+ endif
+ usbin_PROGRAMS = \
++	cppw \
+ 	chgpasswd \
+ 	chpasswd \
+ 	groupadd \
+@@ -104,6 +105,7 @@ newuidmap_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -l
+ newgidmap_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
+ chfn_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
+ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
++cppw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
+ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
+ chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl
+ expiry_LDADD = $(LDADD) $(LIBECONF)
+diff --git a/src/cppw.c b/src/cppw.c
+new file mode 100644
+index 0000000..beb4c36
 --- /dev/null
 +++ b/src/cppw.c
 @@ -0,0 +1,238 @@
@@ -246,31 +286,3 @@
 +	return 0;
 +}
 +
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -34,6 +34,7 @@
- bin_PROGRAMS  += su
- endif
- usbin_PROGRAMS = \
-+	cppw \
- 	chgpasswd \
- 	chpasswd \
- 	groupadd \
-@@ -102,6 +103,7 @@
- chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
- chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
- chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
-+cppw_LDADD     = $(LDADD) $(LIBSELINUX) $(LIBAUDIT)
- expiry_LDADD = $(LDADD) $(LIBECONF)
- gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
- groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
---- a/po/POTFILES.in
-+++ b/po/POTFILES.in
-@@ -91,6 +91,7 @@
- src/chgpasswd.c
- src/chpasswd.c
- src/chsh.c
-+src/cppw.c
- src/expiry.c
- src/faillog.c
- src/gpasswd.c
diff --git a/debian/patches/402_cppw_selinux b/debian/patches/cppw-add-selinux-support.patch
index 5f2da1b..0e0566d 100644
--- a/debian/patches/402_cppw_selinux
+++ b/debian/patches/cppw-add-selinux-support.patch
@@ -1,18 +1,19 @@
-Goal: Add selinux support to cppw
-
-Fix:
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: cppw: add selinux support
 
 Status wrt upstream: cppw is not available upstream.
-                     The patch was made based on the
-                     302_vim_selinux_support patch. It needs to be
-                     reviewed by an SE-Linux aware person.
+Needs to be reviewed by an SE-Linux aware person.
 
-Depends on 401_cppw_src.dpatch
+Gbp-Topic: debian
+---
+ src/cppw.c | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
 
-Index: git/src/cppw.c
-===================================================================
---- git.orig/src/cppw.c
-+++ git/src/cppw.c
+diff --git a/src/cppw.c b/src/cppw.c
+index beb4c36..2cbbbc0 100644
+--- a/src/cppw.c
++++ b/src/cppw.c
 @@ -34,6 +34,9 @@
  #include <sys/types.h>
  #include <signal.h>
@@ -23,7 +24,7 @@ Index: git/src/cppw.c
  #include "exitcodes.h"
  #include "prototypes.h"
  #include "pwio.h"
-@@ -139,6 +142,22 @@
+@@ -139,6 +142,22 @@ static void cppwcopy (const char *file,
  	if (access (file, F_OK) != 0) {
  		cppwexit (file, 1, 1);
  	}
@@ -46,7 +47,7 @@ Index: git/src/cppw.c
  	if (file_lock () == 0) {
  		cppwexit (_("Couldn't lock file"), 0, 5);
  	}
-@@ -167,6 +186,15 @@
+@@ -167,6 +186,15 @@ static void cppwcopy (const char *file,
  		cppwexit (NULL,0,1);
  	}
  
diff --git a/debian/patches/series b/debian/patches/series
index c2b8dfd..1c65c20 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,24 +1,9 @@
-# CVE-2023-4641
-0001-gpasswd-1-Fix-password-leak.patch
-
-# CVE-2023-29383
-0002-Added-control-character-check.patch
-0003-Overhaul-valid_field.patch
-
-# These patches are only for the testsuite:
-#900_testsuite_groupmems
-#901_testsuite_gcov
-
-008_login_log_failure_in_FTMP
-401_cppw_src.dpatch
-# 402 should be merged in 401, but should be reviewed by SE Linux experts first
-402_cppw_selinux
-429_login_FAILLOG_ENAB
-463_login_delay_obeys_to_PAM
-501_commonio_group_shadow
-502_debian_useradd_defaults
-503_shadowconfig.8
-505_useradd_recommend_adduser
-506_relaxed_usernames
-542_useradd-O_option
+cppw-Add-tool.patch
+cppw-add-selinux-support.patch
+Let-pam_unix-handle-login-failure-delays.patch
+Set-group-and-mode-for-g-shadow-files.patch
+Keep-using-Debian-adduser-defaults.patch
+Document-the-shadowconfig-utility.patch
+Recommend-using-adduser-and-deluser.patch
+Relax-usernames-groupnames-checking.patch
 progress-linux/0001-login-prompt.patch
diff --git a/debian/rules b/debian/rules
index 6256182..7d20ba6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,26 +5,36 @@
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/buildflags.mk
+include /usr/share/debhelper/dh_package_notes/package-notes.mk
 
 # Adds extra options when calling the configure script:
-DEB_CONFIGURE_EXTRA_FLAGS := --without-libcrack \
+DEB_CONFIGURE_EXTRA_FLAGS := \
 	--mandir=/usr/share/man \
 	--with-libpam \
 	--with-yescrypt \
 	--enable-shadowgrp \
+	--enable-subordinate-ids \
+	--enable-lastlog=no \
 	--enable-man \
 	--disable-account-tools-setuid \
 	--with-group-name-max-length=32 \
-	--without-acl \
-	--without-attr \
+	--with-acl \
+	--with-attr \
 	--without-su \
 	--without-tcb \
-	 SHELL=/bin/sh
+
+
+ifneq ($(DEB_HOST_ARCH_OS),linux)
+DEB_CONFIGURE_EXTRA_FLAGS += --enable-logind
+DEB_CONFIGURE_EXTRA_FLAGS += --with-audit
+endif
 
 ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
 DEB_CONFIGURE_EXTRA_FLAGS += --disable-man
 endif
 
+DEB_CONFIGURE_EXTRA_FLAGS += SHELL=/bin/sh
+
 # Set the default editor for vipw/vigr
 CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
 
@@ -32,7 +42,6 @@ CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
 	dh $@
 
 override_dh_auto_configure:
-	cp debian/HOME_MODE.xml man/login.defs.d/HOME_MODE.xml
 	dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_FLAGS)
 
 override_dh_install-arch:
@@ -58,6 +67,3 @@ override_dh_installpam:
 override_dh_auto_clean:
 	sed -i 's/# Linux only # //' debian/login.pam
 	dh_auto_clean
-
-override_dh_clean:
-	dh_clean ./man/login.defs.d/HOME_MODE.xml
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
index e6edc6c..b033000 100644
--- a/debian/upstream/signing-key.asc
+++ b/debian/upstream/signing-key.asc
@@ -1,80 +1,1989 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQENBE+oKZQBCACz5WylGAr+eitZjuSigzR+y30W3E+gkU0DSNlBB3WlorOtmzMX
-9F2d+z+ozJuez4NPqwfQ5y2ExKSbL8i1rwYmExZIzTDpm1Q6N3hG+vLbxwbrbsKT
-qW9rPiXriU5yRwuvVJl4NOU6T/Pau3/VD8iFN7U4mVpNFVPlB8vCvDJ+07Z0xIH9
-MXe8uaERG3v2EL7Mv8L5w05XEeuTT/CJiw6NdzwjZc1FymVoFjntetl8HaJ+5JCB
-2ylAbnw/wZJHORgsLxZhOL6/zrJRG8GvjgB+1l8izgl4n0DOqjyyoQIZJ+mfuHR0
-6wDqwvP5F9RZqCh8Md4hYujop5a0BKfAzLfdABEBAAG0IFNlcmdlIEhhbGx5biA8
-c2VyZ2VoQGtlcm5lbC5vcmc+iQFOBBMBCgA4FiEEZtA4fbhdMg+ECBZtsXXPqY8Z
-KvIFAl2r0d0CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQsXXPqY8ZKvIM
-nAgAiTpLlXuzyD4C+9I/yCA9N/BqK43jnMfJOl/Ky56vgJ/WbrFJLuO3wubMlRLD
-3jurC6SK2g0TpygyoX2MjwZVT60Sq3ZcgIh71yyWHhtZ29NuUiKsKnajb9IlP+AM
-1V0g9py41YdDUmAuC/5crqyK+8u1CVrB/is7Eym598gIl9nyGvaZrzgjG1cRCjzf
-ZU8pRG+VPMr5Xla8rDKBZl+LcusV90eAUa0E/KVFS5N1dQ6HKckYXPSBN3DKHZy+
-qKa1k7Dq0CnkTjQmjaMu3j5sdOXg4QUfhCHeLDFAtadNdP04I6g5KZRvC44XdQ1A
-bxFMLyObhCsq/QxSh/nYrKsw0rQsU2VyZ2UgSGFsbHluIChrZXJuZWwub3JnKSA8
-c2VyZ2VAaGFsbHluLmNvbT6JATgEEwECACIFAk+oKZQCGwMGCwkIBwMCBhUIAgkK
-CwQWAgMBAh4BAheAAAoJELF1z6mPGSryYfEIAJviOHYwzXjnHWrsbQQ75rJq2wQ4
-NlM5FRljskufCXtIz/DUpKKT3aqG3y7ywtEwl4ePofJmLbC0O5bZF9blgSSCV02z
-zGdeUosAJsxumYHVi9CRHWsiAaNMX8gif9vePqz/iY/caPS4w4gBXJK8vLwvxToI
-4CZDwIlMkMov//3HQ5v5OKfeqbA1rnsGI74vUw9Zt/Sqgudz5bY65693OqeRRWU6
-tOH8zo4HkFew26Ydh80qAn1R7ALnk68zwfXj8vdyR9f05dEqbg/4thZWcjWC/Frn
-QOjcTwKu5DnUCE937a1MPzt4t1FCYUHrqcLN99uzGuOD42o9/S+JAa2HWhe5AQ0E
-T6gplAEIANz2xhKdYCPfLpAT2wY0NQVoqkAVSymulDwt4DTmeHdFTFgN3vmpzR7C
-0ZHX5KWCl6EpB9JdVBPbniMzmUlqc0M9h9+T2T2UzCBJWhM/ZBqzN8OCKvtYopC6
-Pd0HCeZgd0hjaar55oCH/VwJT/+CB1oBOjgQ1CEpMAiK6+IYoGlhf/McCU8i/IWM
-RGwGarTChAq8MayhAQ5vHXO7UZpNZ5NIgScfJGFqMxCspQDFIKH1OHZWPrE6G/H1
-MrqWL55zFi64FU/ReWWDUZ2hAELwpYhMM6tTXyy6PW8QYrhg7NBA/EA2zojzVK9V
-113ZuHvVzICOEevWS6DDc9ZC8t7jIccAEQEAAYkBHwQYAQIACQUCT6gplAIbDAAK
-CRCxdc+pjxkq8mtUCACLsJVcm3yZmI37LPCJlWXOuRFB24HZyC8ZkPoebcwlzVpU
-DcaHS0lwuj5J260I7MpKY9FKydZPX0QrGkMytz2P3s+L1IOsbJQ7HsHPyAqNMjoF
-x880CEDIivkav1IPJPHq1R25KaYSuu+NhY/X8nPuykic3bBB3llVFK9L+s1kaHU1
-TfWh5aVumRTQmkZtmQxe/gkjL7VxofnPOtxEwL0kXF+b9th1qr6MeEy5+dLLRBrd
-CAmQq/PHO+Ugb0FpSa415H5egD0hIQxDMBherElBIvbwSv0hVo2C3PmaoIx/y+4N
-M8amRjKoac6O1A0Xr3nCIDsICvf9ZN6ISXqQqwEWuQENBF2r4KYBCADpPHTIGLuE
-O4VOOtRAvzLcSIsEg/Iu5Ys1AfEs8RT58loJLxthYpOZVIgyZhLLS3Qpt3aWqYib
-nc3E4JfQG6OMYKKvlWykQj5NNNeyRNmzUmxd05sYWhwB4gb4VP1PpEc/pQ51BNUp
-ocxndcp9ZAr5hvTJlo4kD5Bvby8d3eOgwZ6hzusJ9QBXioirsgrNYoL7U9qs/tvo
-s2PbcnfrNjveftQg0LJakPCEDT9NHBUyZY7JN3ZmV0G+kpMcUzRvhP9rzHVGYVG2
-+1CBVDphXpGbxmTCH/bDTCRglSDfr8jDIRNTANe4iRsbQBVanjDeMAPfjAOM+bnZ
-HoHW8Z1sS7YNABEBAAGJAmwEGAEKACAWIQRm0Dh9uF0yD4QIFm2xdc+pjxkq8gUC
-XavgpgIbAgFACRCxdc+pjxkq8sB0IAQZAQoAHRYhBKm9P/FwcrbbeA/PlDVw2hcn
-Cs4kBQJdq+CmAAoJEDVw2hcnCs4k9nwH/j4EtPJvVIpLPS1gKfQaWolZ9El8f12I
-UyZka+/FKwh6IGbLQBE9oWi6lsDCKMjqYnuVbrcYtll0Lc7CdQR1fSwfzT95xU/z
-/WrGV8xbQQUULA8MVuYottIZByhtdDNvkBogtLLH4tc40BSm2jqcb6LuT4vswULk
-9UUOuTUKxWECOM3ci2554l9hGaQ4qSxSXhrPPNR0Le0Y8ElLQI11vTP6UEA6fyVh
-I6eg90eMrNP2OHCW5QnIuazPFJ/2lb12BgahKbHXYR/cRqZNCU1rRgH8NWtKL0b9
-/Q9bsBvLl00IlA0xhpZZV4c6S5HCQbU/FXqIIgBmQvfaWzVuQVPHGxcjhwf/UPxw
-ZiKpo+TGL0GQkP/3H/QH/YHPqNmAOPyoNqUn/RimYs3dyfDTtOTumErF6iLAa9pS
-Bo8OJJZBOxskXfylTEDsaxWPbxXHUsULpJZxVHoh+90RT957Hc8PjEa+B3KW5vRd
-HwpwemlNYKn++Hv+kIr+ndqauw88s8e2QpvAUS09h2WxXmEOhrHTiGIFs1l6rq5P
-+vK5RNQ+xaPSivZZqyzsK6+3s9aTixwPKTw4WYcSOQ92YQ7C1Lsd3GglHxXT/1aW
-iYoxjXNR2LfJpOFNUG+mZWn02G++RfXetb/PzPxwE2eSqU/YK9GhpH8KbcwsJQSf
-MqXESPQLlFAwkwFyBrkBDQRdq+FiAQgAx36JU5PHoULcaG/Y8BJ5eyfG1v0B/5oG
-M1/SbxYpMuAhL3FBvGA0ly0boASm2QF8BK1EsgDmo5rSJgimQnKcQ9uicnXaq+2U
-npvqDWHcBOFhdAGNNDz1f6uUXNUZCyJ6pqeMj5+JI1sNqs4tBRt4k6uR8W6Svfij
-nGWgoQ0v+TC7WUMb9jYYzFlEt7VpUlRdCDgWISJoT4s0VutQfF01HY8The4kd62d
-4cSJP/Nem8QXgwKKyMlMYAcQLjeuXs6odT8YN1xbS53J/2/fcsIVZNEuWAoodXJS
-sdWFXNsHbPX7GfHGH9tBeOC20g/dmqfwteIudQ1Tn56MmK4DB3ByfwARAQABiQE2
-BBgBCgAgFiEEZtA4fbhdMg+ECBZtsXXPqY8ZKvIFAl2r4WICGwwACgkQsXXPqY8Z
-KvL39Qf/S86hi7pvntTGwk1Hl0IyGw9hXsUUhf26PlcgOj9tC3ZFMxrY+4oxtwMY
-g2wOodeo4WlmrlYMeGrRwSgiqGWSCPW4LvsssbDuZbKJoxshNAOVHM/1z1CPc2QY
-0pboVPBHss+HjeSBfKA7VK1UAMh0dqmLD2EjnasXwWs1jLig1FeFRwM9+fTdqS4h
-sXvmxoIdpg7/GhB4SoT7SpXzZX8VPm0hIzKCTOCr73NSGIDhdCPGJWFIrZwCLSJR
-Ndl5zIS54uTrNn2+QPwllqBKKtMWDG0uueFWlQEkw6B9+/mOY79K6fiz7clsB2Jy
-awWrD3SFaYY3BrQXkdnbSsRUDCR23bkBDQRdq+GrAQgAwoQJz9/x/T8J6cqTPfBc
-YS2UbjpguO1O3a1Zhd231nTiKFVph49qcW2+66PI7cjeNRA2/Z+hTUK065XJ9mpf
-5NeqzQFQ9dbBMKQw7Jz98RDm7QEUmNZi2avaxljgCDWO4mybMjuDdycwsv0tuOls
-dGu4UhPmue/03Abs9RGfVecK3211n93SHu8Ro2QPfuPruuPLxQSVVVzBUaGwJHwK
-SrBnpnClDET3DKr9PFv6/yoQlyiFzlJZtiXvQC3Mc5uiSRbpy9GM3P4FwSmc9+7X
-SVs87/xrXoH3pUN2MMY+PayF82wUtpPwy0V8MB2NlEaWt+/danioVGVJQauMie84
-swARAQABiQE2BBgBCgAgFiEEZtA4fbhdMg+ECBZtsXXPqY8ZKvIFAl2r4asCGyAA
-CgkQsXXPqY8ZKvJbjAf/deT3H5ZTF4k22b7mE5978oGxdBRsHP4kcYWN31hDD3yN
-S8803VF+C0p/fVv4UMpuT9y771s0tJ+EoPPYARERWKiApFxWMkPL1eaZZB3Wij4z
-gYc1iGki3lkrV3cJE4iKqKwtCyKHrj+CX2BugxyxS4dGRzeFUpRva6YJk8bfuFR0
-C86Y4xLv/QoIZLmled+xf7N6BIqOmzXayITFheJGmTFsX0xbt6vr/q6S8cvHiMem
-CJnlKO3/06pSIA6BRJB+GkBQmVovF70TeeP4AGzstX4U6O0jriySqCptijlVehsV
-ImGoVOiDX4qYzOd+x0po5lC5mHe/dO0ZTOTGgxQc9w==
-=Ruhn
+mQINBFdP52sBEADlYeZv86QBwFAdQAXDM4J/8S4itUzVdbT/VLgsD/Rwy24nPgYG
+4CaYyekBcrAeUBSAv6jP5fmofKYgiPzoJZjBn/4THk0O5gnX8X8xrEpONroksNvK
+9dv/EgbrYoFbHpifLcoL7G+7ZvMU5bN5a5Zt1pfaru9FWaWFOZfy+iSU04KvOuPk
+7vOYM1+smgnVJWx4SMcfqisO6qqYeRQm2Vm6ZfvHvt86wCdOkVbErRCNmKekaCxd
+Pedx7zEFe8evGaqrpQn0PJ9sw/l1HqtKHD80fGp57fUCsbu4H6E4acsKgI+btlJh
+dPknuz/fNoSWN/ifr+Kb4OtsHA8fyYqSO6Nqxbj97/IdcIxcasbvVoorqbLdE6+3
+GNzqrmVCh6wZWOOAMlD3a2KJHM9rS7r9K117CAr96VLwv2o5bL82sNRl1iH3OltU
+Y9/mvpLHxJUOdbK9dMZ9pVGDZhXj9ZzbG01Ylc8pl2Q/Od55bJjIZD20V20vm4J0
+AP0A9l6dtQsi5kqfg8AtOsZc9o9RD3rE9WLkXtYiRFrvI6if8C2mydPKflU+L061
++pLw4MeKEsXXDkBjeTQIvKXtca9iZQxJi374XeUu2yAIiuRSfb30C7RdcX9Bwzk0
+HLFP1OsXOVMTt6w9oiYnQ3yR2yaSeX6U7bvumZFuSwh+RTCIzpO6po+x7QARAQAB
+tChDaHJpc3RpYW4gQnJhdW5lciA8Y2hyaXN0aWFuQGJyYXVuZXIuaW8+iQJXBBMB
+CgBBAhsDBQkEpvYWBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEESIC4yb0OUQb8
+Bw9Pezw5Hv6pNiQFAlr0mA0CGQEACgkQezw5Hv6pNiRiNBAAt9RPPxGwSXPKLiXR
+sIBYWnSz7GqhjLS2k2VMFlVqCeTqfj/SPfHK8I0fbPQQaRoqSI/0GO85BruDlyZQ
+wN+QipRsncLI2eUlMAPXfIjASnRuB7cXqBfdENi5e8zYQv4Lf7R+o++MLtoPeyfC
+BycGXl+4Lh1XSDGxNxSvNBI8yRdSq8iB9xeQk7KieRtHVVelYXc6xxkCTByUFIdI
+vCT9Yp/klP3yXge6qpVlWrzH/ffQw123Pn3RSJKFd/5enN9cGz5YoZ12hANEouSN
+w8lAPjDgYSJtpujjohDgi4ZJcJVA4FqNiFCTAx3WrVyujU4KcUiaJxt/KNO8Jb9t
+TfA6M47ErAj3Yh2wusg9m03TH7W0WJ2QTmZNyaruypJWgi5rJTsJEMmynDojNsmF
+nBD4dz2VpdvpG3Gr0sTY8+sG2R5IAJ0GcLX/XtcU17g9C3F7EnLakHk1m+t7Cmhm
+MM44I9oKPJt5MOjYkxcYvmtJnfwKRPpNPJIH7uwGZoy6Lf75e3Z7pNTqss0tAsHg
+pYPxdN157oc8SN1Q6/VNpoTWqi5s+UU+fVnJykc4MahUKijbNZIjXuUFvyftn5Zx
+hkcuuQ7D1z3wk5JhWTNQyuov3Xxvn/CZA9M1D/CTsZL7uLXVBy3Lsd9rgYBpjO9I
+cis7rUe6UofOTkZ1KnbEt/T7FJCJAjMEEAEKAB0WIQTo4Z5uOFWmiBIr6zRcWOEG
+Ig0DngUCWvSXewAKCRBcWOEGIg0DnsyCD/94KLUVBb33sU0IWoNwhKQS9t9JLDT5
+/9FsbSBiih1HW+un5hgObtmOjkLfBIBpg0guDDrX/oFC+qibn/nBlojvdrazBw4C
+hBILhkS8iI4QV2VdER2zo6xYWABaj1BN+IDn3D1UxOyPk/ONEPO/BbJn1yKAPeLH
+x3Tzn0Q/W3yyvRP0Uxz+/RZBa2eYeUeBkFvCXvd2P1e9o1N+yvbLYwudAfUKYB1s
+WWjiNezrwQEedhiPWxvLv0L+H2+AZ1shdYi8d5NBhx0zWaTvSa/47CNxzizlzWeG
+1axlN/+XXZH9HJxoDlOF1uZTcVUhY0tIQfuoRQzzVA3uao+AmAwgXfPBumO4eA0Z
+5fKGfDaDgiRdNkF46XFPdSaoY6891+r4IwoiuYcBOZliK6Q88mXE86POESahGATK
+VJKwWXBhYZmjNv116NbKz5TK7mPzLurRUNx79PzmkxV5jZIg9QQ7XIpiqOZ/OiPX
+om2h182xKA9SWCNMSzWmMttqaotT35GhCYkORtxpfk9YsnSPL11LOmLHPX2F2ATD
+9yqCaop9fGpCC67WuF9f5X6kZ28iMP1uA/trkp//DkQ3IhVlzRrjNKsR9+dAjeD1
+rZQZs2ReDwmghORH1Vh2pgzUAzUc0pSUGYjF5JqlbYtf8qZbzJaKC0WXdRHhB9hr
+JQP1m0nmPgr8DIkBHAQQAQoABgUCWvULewAKCRCxdc+pjxkq8ucTB/9I/mjJBpo2
+YvB3WwQ8MssTAttOetF31wmJPTefVmTo9XvoihTT/QAbB8iqyoeQiWW5r15WmXij
+ay62qvCnpwUTRy6kWFK477ut930JplYjSaT+y/toBS+i5NgMaxW3sJI+fIGuwm39
+uXsEoO8gJdxz4uV39OO6QmKyxLteLlzjRqX0mWuX6z+cMmFXnuamEskx1JywTt6p
+PJ+CXiJFLu1RyR6qsL/KbrQuYmMJWcPxRzRnsV8puPaFEPfPV2WBsf/EIZUIVR/X
+02MgfrF1JlUq2tYHeKVBSFP2ErCWg2P0cKfiR6VM3m973Mho4RcbeL5phGtdQEvc
+pkK6PVpPaTpIiQIcBBABAgAGBQJa9WAdAAoJEILJN47TxJBqi3IP/0he8oFVXyQJ
+e8jyWbNRUULNWBGgHEFIWkhBMzdZ6fzrf7KYHSFuE2uILH+kFef66kdzsOD5cGKa
+4gIy5Xv9VYz8o/lXtuXSMQzNiCGC0m7QZTtXIWaH+DpJczzuP1Dyq1jm428KpU7b
+4akPeyQWu+y2d3hkfYf5hsPaDllrGh/ybouKTuuhyaaSj3u2UYvPBbhK/O23bnbe
+xNC2ZYxsEoONA63rtofKuwQkwu+4IODGBstWFZ+TXCHagGjKSCObLYDzRezF46vz
+rG3aagIDRdJcxCTy5SETENDOeuNa2I1YwQJFUhVW6vUNKJ6HF79JEV23zZN5r6aZ
+I26AAIzBtpFNQTgmPphuAT9dBeXGjLBR1a8pJt8H2rKhANcfe7IiMSyXL/3atiOi
+5kucT/fIeZIQ2G63lrVANE/VZX8YuW07wtUH66ge4Lm69tyydp8R7Ec8rp4IwNp2
+bQLAz3kyK/mfk60C/2f5ZcPdwa1mjKPmIDgk3TK80PROp9o/calCo53T3U/Do8iF
+c3zZ4AOBPZoO94UGhr6nMfl0NfrWtCEZ4e+wN669rJiuRMHDGmqEAt1UuQxYELym
+tqlVkKK/P5P+X/WxSrosKOXerqFjYakT7oW7FlJZDZomHIEHvFyQCrjIblCcu75w
+Sgi7p7sB7oMGGBzqdeFwCUWGkbu8K/UxiQIcBBABAgAGBQJa/WyzAAoJEOhnXe7L
+7s6jBSsP/jePduU0LVLQicUh+xqo1/BDc7NwYVtSyexa3RjP/QaPcSGzt3WjDifB
+1TJrF4+gGdG/TD8KcViXd7/LR4iGCeocj3g85ia+PyQggOjBzyyfzVKPHiS/TrzN
+lCORL51Goz5mXPw4MSoiDgE3A1a16elXB3QWMrNoaUf1u03V9hsHxjg4y7BClWXP
+Cf4C1GSXS2W/N/Wzm8r7CAXNqVVtECeWemO8J7AHYr6jCMYESyfc/v7HmjtunYvi
+LyhZb8x5Xxe2AJ5BIQgsUDwbP42I5bZo61/AUEz/HIP1Rcdzs9KcQEcytK9ycq93
+w7Ix1UIUmdrY37mGIm6qLipZXo2zaqGc5EnZCB688PeeoytV2jtUnceg3GqeCf+F
+gLAy6MBpUxujrIKoAeJFrIVI4QIXbh+5wLhAuEhAb4mbVYMB7yuU+BCTGpY041uh
+OQIyOcu6+3urhBCtWOUlusdoS4KkBGQPWlIvajlJdDkpUZtjpNs2XjehgS0/Nmmv
+QCyBXC5tJp5o0K2ztqrPJT8LGJSwwkwDd9ct+0OkwB7HD6xX+uV2FB6erQsbLueg
+ly6sunUB52OanrigOZzuth+VvxuG6rO5QcVZxrWmMAjoiq18mIDoiDRnJBalBmrY
+Ttx9ZOi1AS4wJvzicYqeW1v48yE5DbGivDPSuQcXLgQmHUwRsuF/iQIcBBABCgAG
+BQJa/H8dAAoJEAUvNnAY1cPY5UsQAL8rubGAq32YKRoY5NSVNkKZJN5/YZK67M+D
+LqyIrk18eGIsObbjvmYmjJ5e/8va+HehB8tLzbHtP8dV9TmZvw2NMnhPiIY5BEDW
+LRHazaSe2bcSMweiwiKvcZfmLg7BTlRzUISJiYILmv9B4mkQVsZAnTL8cT2f6aE+
+n9XXRFXqiqvCCyjYeTh38oYogq7aTck3SVio+AKG4PyG3MBSkNhBckdRtpJsQkE5
+4dKPPRt9HTG5grrCf2GXmmcQ6/WJ9hdsWNDLNOVNFYNU5YWjeScyWnEsXo4m4aMx
+XqNWaj8iRiBwxyqNKXDSmJnPKqkGMicT4b2DEwFAJQW/hK8Fd2+QNcHKcXbEFq9m
+9ySKs0G35s+Pxyc+d0G6j4QB0Cvvc99eB3LMl6LDKHzJg6Uu6Q2nM+AP14PV4gne
+imwkMraZxEoFucW1w5FPhMvCdMrtB7QXk+QJMlj2gwYy8N73AbfL3fnH7yigNWs4
+gNzXbigYluaUJ1yc3+C2FaG9p16F6WfhmK058ugyVQZj2aBoB87UVXXrdSyIldVs
+sE1ADhLyU0HyQN7S7Y07J5zDRR0lTp6ly3PLBdkQeQAXmnsBRmkZ8ySjj+J6hZdI
+XXJau8YECNySPdF2KlsXRheVkF4DtTL8g7dPy6grL4N/umKl8jOg9/Ib8JR6nHjl
+gu7Zvo/5iQIzBBABCAAdFiEEb6Gz4/mhjNy+aiz1Snvnv3Dem58FAlw0ulIACgkQ
+Snvnv3Dem5/r/BAAq/GwjVkMaMgSYiLTA/LixkB5tN0DtqnCX0oiGbPE+fWqV7nO
+0jjoHcLnIyfcKD6krghfXGHR4SI2RxUVvOpZbxpbtYUT7QhkPMITTKcrE6pWMdiY
+AYEsmHSn/Ofd2so9AnqyX0WXyh/fFG1c9+TCQkDwLOQwHj9EjlvT2cyT0RIL9xAi
+PFpmfmjbPjIqkABE1F569ee/MJFPCspaulK++D8T/OOVLyQXf+0XMvwdB6Jw3SiB
+pWudF1TRXJQQ4cIrGsXbP5r6yLzoxhUCTmpR52hgqJgyr8GQgZvaBFWKfpJRJhyY
+TllTWrYBsHWwkQ1ytQLFNAPQ4bbEq7aCcYhxlVNb22Qqdpo/nx6JWNNdEOCZKpKx
+vf1JtRGA1P8WEtIuHGc13sA0dYLqayxxY6/pcJFgxg4jCpCqW9i95VJ3VMuxO56e
+uyjEKUvx4uGU++3bi36guNd77zS43KTolSNnKSa1pu3jdc5yPONfOj9kk7IwDgM1
+JatMM83aj5PqRQ4mbciq3MbssKkfKteR1LYjH272WL86GPu5tbtgvQyV7lgfWBIO
+PJrFHYZ+0q7RQJtjaegRvTsbzHHUn6nSeod/iG5sM4hLmbhzQEifTXjifeyaL+W/
+5HnWvZpnoiyRxOkY3jD15EcVcmqmhU9/mKItQijnkKKqQ4hZvYDTdTxb86aJAjME
+EAEKAB0WIQQqvKdJjYPh0y1R07WrSACmLbn3OgUCWvxCxwAKCRCrSACmLbn3Oo2z
+D/4+N7MIlxTBd975FFfH8Idwq1znwup9xi1E//p+ttjh1nBVwkW9lmgyP9W5oZJQ
+aNcRfa2wg8ONoCLG4F5FM9VExv4asryNDOjbP9KbDKfhHcXdXoqo/Ty7kK/4F9H4
+/sE5mMwFRUSt68Fv/+oNQBfQrp1EY/6Ye7MYrj25oU6D6yOE529T2sCNCZhZjkDk
+/V7LVJcr5sZ2jJmnIzmgjRBtysDRynsT4NzXdXbsRfhkq/EY2aO9B+6BnQVpNpbJ
+DVUGH3LdEvrIBY16PYrqjhcwUT1qHn4fJzTlCmt9kA0uEUr+FQyipcMJo3u/3Dy/
+vsZ5pjYaexLz9aPyqyK60MVzT43RgkK3EKxHBKk0YV7Ti2BnEBPhDgk6vCiOJtr8
+xb5ME82NlhN+gWFNgOokC10RaKXv9F8A+0N4Oyxd6W59CfkrLcH/Le7S7STifJ0F
+9397fkmNhyQQWihIKX+uoC5EIRCh93E7vR88+lLzGG2wC51ZgOUOamHymTOABKTn
+kcdH43vAf2rq7EeA3kubY9pFpA61tmG56HAweYoO2zoOcRPEVyPRXO4XiJbFRMBK
+80LF29IwysW4MTyUW7pfLNYtA/ZBIjhVqUubljEFoOM/Y2U0eyDc08szi0W0BaxZ
+zmcStpQ7RZN+TqNL1oBALfYuDIRTV5pmG/rktdlX3UYw9okCMwQQAQoAHRYhBKXD
+9o8indYPcj5uE4ly9N/cbcAmBQJcN7P4AAoJEIly9N/cbcAm3HgP/Rgs2YCIlQqy
+V/zUu5Qp0rDE0oyxcGpFcgeKuXmzGP7O30AgWjhuHjN5asmIaaCNYB7uKzsepYIQ
+oyeGxmdZF/VYtPJ1RCW+nnPr5WG1FjMEpa4iR8NdQL/F5sIhQjzr7fxF+rLmp6yv
+Y+59cpkPsjMpWGpo6ZSINvHj8mFf6RUCgS7KK99SPR/vxPVq5gTcN9WGGbVM6p9H
+nONgoK8H2PQghfoep8Za1DsCWvfokUrJl4vNbhmLKqwaSEOooDIDNUx410hDJOiz
+I6ADLFGwWsfpRGvBpeAuzpCWy1EHm109pXanzw0HQ5PGHKbLbANfPF6ClAObVd6N
+3vBvrRwKj/pvkzIRKvonUtJul3kfvlZhBXxuMP3mdzKVOhs1oJFKIZ03u9KvoPLe
+wGLHQdsybpEIbDiZTT7svHtBmxTQDnLqtc1KvGqMlGy/uVno6IVECsd54go4wKls
+GoEX7KYQCiV4pjSJWhF+aTD/wGZCvGE4h9zWKXB/v89s4VjeNoRhZ8ZKc7kWX+fo
+pZ4JWOrTo4DToVRt20heT4O0zrssg89crRKG/G/fp4hBWs825LoAojWF0WsB57bL
+JnsU6vubjdYVqyE4ldifM7X994cnZkKc2VzgPikeSbFdWUmg/8L5RB5RznYo/Bfe
+EoNVH4hcVS06joIHTp0tKLIiEnHRtZvpiQJXBBMBCgBBAhsDBQsJCAcDBRUKCQgL
+BRYCAwEAAh4BAheAAhkBFiEESIC4yb0OUQb8Bw9Pezw5Hv6pNiQFAlv3KwwFCQaI
+dyEACgkQezw5Hv6pNiRzYA//awDCyW3JL+752IBh4hM1mXqJZluh1Tm+FJ5gLhXj
+yKNqVuRIsJq/7ayZbs6izgqde/mZ6K8pPtqmYZ3Kvby1g1UMP9kQ2Tyi6SH7yElZ
+DjJQanRfjzzStGFw4hG3GQVR93GPHVVMQILprRsZcG8F4bR5jBBdZ0I9OstBQLjf
+ztFZKW7C94FBfOF7w0Nevb5cNmsJJwczJ4PkBLk9N/v1vZlPZqiFBLObySVuIVe/
+2zRyKvNMf0dekRG1HN/EAibGZcBkHFigdRV8SBr2N/XpCeT7Bg6fkfYO5J0Snisg
+pzfVy8PTSHd5jqIECUeXKzymhaYKgBeh/sRxy/Mhh1gcqjfM6xPZjRH4v/qrXsJB
++BtF+E74qjTx6Bjn026Q0i+2YJPCkGt091ACXMkx2bRoUCY90VaTeAQfrOe5N3TP
+r7/Nkalb37+Jq5lvkS5POkEgs1EcSyK5rDYehkugVGJlQ3Tlg7FFTrESLMIwbJbu
+Vn2Qqao/yGb1+JwnhJs2GjA5Dqbv0MhsP9oVBCmqRnaC+KzrGMfyZQJ65maCeJap
+fJPTvodCAgxMOofeZh/xIbzDaifHXdBEJ/cQ5UR0x4XtwWOI1XmDbNIb4itHZtkA
+F/pnLIoYuA+C5w4IDxamoGyPeuhRqP3SzN8uJ5k+fan+UT5ueYiiIZHA8xueWtOC
+8y6JAhwEEAECAAYFAlxZ0/oACgkQ+7dXa6fLC2s1HQ/+Id/9CJ7dt4JS1USykA1+
+RiZ6yhUuW7KKqSl13BwSV3zfIYyybxzbTJ+jsm4morZmJmG6uLraVcmDplJO81zv
+aOd75w9MDMiXrjuK2pz6Trh9Ydl1N6iIbpSXhOjZEWixRq4RdxgfPiQ/iMedz8i5
+nuhkpbhPtJ4CmA0fyeqCMleuSd20MfUR/itLOwBrw7cu4y7Sxz3dkB+g9qTLsDt2
+3KVJ2EflUpmJTjssBNoKEtQCgJp8xJa3g/cFSKqkAvWsVn03O5zId0TE2RWFPHv8
+nkfecYnHkLnsEHyjDVz/06t6DCmJ9N5uuEDtR4sAYL87/ZnHv9XqiDmZ4iw/rKD2
+0NOVLuJZGrl2uGxQsFRmu6+9EjOK5Sae5UxkkDab+PcInyYf15ANrrZnNZIhawUj
+yZDihftcLVmPKRcFy1PA7Mqq28fcAXcs6nsMFAlkrXvY6+nyRQ6AZenpBPdi+bHz
++yuX5QkwT+V93pzkJK3Hqhg6bsWf5sW4SMI2ADqucEJAHZT2qPBhq4r8kqjmdcOk
+GG7vrMQdonr37AYjO9J0IqsVJQyUcP9CFqJnWpV+L/pioA0Kw1aYGnWzwcVshPN9
+Xxuc1LdcBZn7C3Y9r7KnzaI94itvFKGf1Ol2JLFIak4fvgeMNK7Z/RpMxlag2tf/
+SGM3+hROTFRNStrzoxRUmW2JAlEEEwEKADsCGwMFCwkIBwMFFQoJCAsFFgIDAQAC
+HgECF4ACGQEWIQRIgLjJvQ5RBvwHD097PDke/qk2JAUCXdvbVwAKCRB7PDke/qk2
+JMg/EAC2vRSpYPfXUq2Ci2DpAv7nwsRQlCE/8yud4pD6cK8W38hzSbXfTQTsEsom
+3n7mUyW3xLCrwDcBBS9Zm7kew6RvsxtF47RlhofNiNjNN55hBTAVOfvyFSr8hk9X
+KPu92TuDkhT044Lk4TlxjtlHQZd2O0BwbnqITs6yj1UMsQaZxGmaPJub6T4CrdUl
+8qHxKLbm3yn6DeQcRzh21sO6zpD6pxD3emJEzGdzfIij7CjbVY2istjTl7BqGpQl
+mmC7n0JbWPDt7XCzq1SAee3zG+6+FL+TtSCqkn2hRZIDhKuzhQdCX826ewSzjUDM
+xNvIh0ZWNLfualiqYOWUUcZMrbJk9qpQA2EZ2l0/wbSAO69LG0veuPgyfnxVqQVA
+4quJk5QpsgHuBeRPB10jecE27hq+TCHTA6ftVZlpFK0kcKlPH+jjifYFhSyiA5a3
+XRJve12CCsj8B6B4YpxO/XoqWLoPk3F13GDln3CIuGNW7tl9MMjn2PjC/4kP8c8g
+TXjRSjEiL6qq0Vx5zWz97zR2xgglA5Jf4ti9YgyuzYyR9Yo3CEicflcTl9P+YaLI
+zvJDLOFiheZeEdeoWE+OPcQIj1zgVDoKUd5uQJFmHqxAT123UU4Qz0DhmGGSXKwS
+M4vyglkce/f+L2LySvJ3qsjOo//4Chih96JIPgQHOhyZRzvtJYkCMgQQAQoAHRYh
+BPvNqFWOne54K7OqH7ztYeBL7yqxBQJfyB6rAAoJELztYeBL7yqxthoP9jdJBr3b
+KZuJJ0GbQ610/qhUY2Mv0dzP7PJ1wMz5odKjyjz3BOu0PpG7peKMOlsiyetyu5Iw
+OWfnxgGiI2HCpAKnzvGDPv9T+svmVq3f6qkcKw+CpBVr4ZWQutvlRQWKfB+Lr9uN
+AbESgSBAg9bZX0DhrV17QPVK0r8HQpvx8TAI4BNPLFn14iJsQnobK4641WqDdGzQ
+Gl3ptqWFi+6zqBTXhigut7UXJIvcKOdR/Uq57Rfc1GU4Y+UIusY8LWqS2TiCXzOA
+4C+4Me34AbFMAevGcwZ8ryQ1ViJObHm59dWd9UKRf8lQJNctP8BvfCKNKDlDWHC5
+kSb+sYv9fjLjNmftZnRXRqQ8A8RbPlSYF6+9Xufj4fG+wc4SR1iMD3Mq8wjeci+C
+vZp67gByU9qAdRUBMh/z69Mt6OLSj2gz1u2tsHfi5sEwldW5FmlI0LSSKm49xmYS
+osBD3obPh+HSryYPGgBNWRIXUw7T+88i0fUMZUpmkJep4opVG3QcZpfhuoHki8RG
+hmrPfh6CrnBIOBJicHfVS5uZI4dByGYZk2rKt7ZP2bK9P9hJFeFtGMS2AvYXFQOq
+/C6VI/jAOAealph4dnjuNiYY0RmqZFaNNUD8Cs8vMg6yIiaF97rpUAemqXDZctXe
+/DFjEPaG3VAWkU8zwR61xlquXUiz/N2dwxK0MENocmlzdGlhbiBCcmF1bmVyIDxj
+aHJpc3RpYW4uYnJhdW5lckBnZXRlbnYub3JnPokCVAQTAQoAPgIbAwUJBKb2FgUL
+CQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJa
+9JgNAAoJEHs8OR7+qTYkR64QANwwzLFwfnEXGxQArHW2CDxW4MIAeLyiab1ebw15
+i18/Pat8lSKWfIx4/4NO8QwOvN9WWXfU7nFcAYxg+xxHhDIFpl3x7F4TTaN1Yhmi
+6TMR7fZQqNgTyoCz0jjziShujHzuqaswkdHlCsncUhqBIPQSCFOdNfgCT4YZqAlt
+SXCBGE34p83DsnYNkQfkXiA3VSath9lsy1jOIsb+jeSY1RnSAQrLnvT08QbLs35B
+m0Mi+7rc4QgubWCqgmIYn3PN1o786PeGb4C5pR8BWHT8EEAFSW73i4EFIMYkH8KX
+S2qPpRwaAUMR0hY5pV/QoLFc35oeaTaR8UNzGzqPQEQnqkD1uUtNaB0DcgX1QiwU
+bvf41fIu5Vp5Mrv5SolGmyG9thqal6XWy1ZUbe9nPKmQ63Ci5WFMYVK12KOmmx4W
+TmrQV1N3XvwShxszyKMbamoAgnw4+W95qURL7nXvH+WMCTjl31B3ZbvFs4AsZYGN
+7rK2y1HOcm95ut/wzgKIAs8IpA2Cq79OEKFi4susE6ORdDUDK7uYgwQ2zFyrjaAS
+N0FLevj3jlwXF4Y4OrwP6nGZtkZIRdNVqAGJjqQQ1rJ6XHo1jh/bFh/jly6tjyMs
+M6JxNtT/lPwtfI9Fv9eOd3uUCDzmjzkkOhKE7DotgztorqT83D2pkCFHzp200VNX
+bU6jiQIzBBABCgAdFiEE6OGebjhVpogSK+s0XFjhBiINA54FAlrDS7gACgkQXFjh
+BiINA57pBg//WPwhnmQ0JbdSeNKjcWGf3P2ZQ0q9/f4ZwaH5QluDt3o19nyt8U5H
+ttPO0jmNjB4FP5gDJzOwhzPOyfhowsycp0vEWEoflGAW19uj9ck1sBOahuhaVkxc
+kxpm4YS6+ozTGfHLlFBtB6Y/eQCRzie1JUBLNaU1mCyBAYro+lSecQxZ0Cl0KTRK
+O8iqyHPx3cD6aYGGpuN5PGJb+f4nSO45H+i6NrheLZ2hrWvruHj0IWHpG34iUUcp
+ADxAmTP+vsxlizQBbxaoE+lHzCLg8QlrTZcYru7pwhnq5cogcLDL0HexPFeu4BvH
+OshQMUsUXfmO/Q5GAvWZJMKLjTyhtv5cCaJaLS5Rir3md7vGJQzKZrU+ZL4AwMLG
+4wWhRezA4pBNtJnIevfHS8ku5CMv7OipF5e+gFnr0qIzmxJ6IGxQ39N4QJzcdGtd
+/amGR6xCsTQZM6+Etgn9ieK/S95YKh2636a5vyF0I9lZe7xuGa0gZVmkuy36boKM
+pPyZtqglwPHyRqI8esmQMspMO0E4w/ctglGSn/c1ay32IzjFaKixmteSto9Z7K9u
+xflD4W7KqHbUQHL7zFIpIDXT8MKto8d0k3ynxEkfx2xSUQ9YCNJThnTEwiMqlvuo
+x7NBBZBx/npAL4Nur33vqfw8PM1dA59CtOIG2GGst+eiWdnptF0Y6+iJAlQEEwEK
+AD4WIQRIgLjJvQ5RBvwHD097PDke/qk2JAUCWsNLqgIbAwUJBKb2FgULCQgHAwUV
+CgkICwUWAgMBAAIeAQIXgAAKCRB7PDke/qk2JIWdEACxwS4psr8UuwxxYIcKYJMT
+CBLl2MzPfFBp0/gza8ra+A0ZNXp0SVYcp3JG4DSVXhnHBWIXDuqYkjnexe7jLjUc
+SZ058ysu6hqVT4L8OH9yjUscQv5dZvI04Fiauz2oximQhajhuRJm8EGOeaCBxzlT
+JoV5z5dhMxFY7bJUBi3DgPRFZCiLnHQ36noIIIYnJUbXo021rwBQK0ojS45VcDgB
+2Elv53DWpnvm2N0aZFjg//4oMakcte19xWNn5gSM5wTIJpsb/t8qkjchpoT8vxUk
+VIjYTsKDaX5zs0TeRsGBN7hnalKdCsrCrlKMC7tXqPSlzFivBb/dLKuITKIrkP7F
+roAaj33nh+IvL4L1r7/eXjqrUHnvqv2N7v58kJxy2KS1roA/EgZhoLxoCYapme1e
+mTyt+FkbECTN2S+a6WEO6OHPRgyneHJz68uRP3iudgj2BLsdDqeIDtW6yqdAgq1t
+QxKjoBiGTDwK+e+ZFVFCgrkP/LrJ64TbaKzFikUAol7/D+K8rS3SWJ5kEz0Yy68o
+D8wDwQXZ89XS1tGuPDG3pvfOaVZTCMgmkNmFHYpMRWzlvgS3mfFdXIq3UgeRA6y0
+CEv1Ru9kBGqz6VBkm2jW13YxuWJOuMBfqCw/2kXzXGb7Wo7LgMuc4IUAA+1rTSBT
+2OCVkqLH1DjNs28TaALee4kBHAQQAQoABgUCWvULewAKCRCxdc+pjxkq8mB1B/9e
+L9X0RgByCzNRP6M3/aj6hFK6F1shLqFvNbYRKHHDrF1usaZ0r2IegLEoC715dGgk
+fZ/lyU76aXG+I73E+QvCs6//DesuAUYfY4sEuHYa9xsHyWU3GjA0x9AzNyLRS4xf
+gKfmbM825LN7a4BLoMQhndMhmkBwiAzRkIonDZs2rUlpiTXclu5z5H5opPmM8sWO
+fY3MywRR5460K+Yoli3kJn/G2ME7P7RxQMizyIeHkrdQboLeysML7MHUa5UcsN6P
+Zr+5nEgdiV7xdW3gUb7OW3ZCgeGwvRCnKRvL1spmN9k3efxyl7kkhVsHz8Bm1wmR
+yD+3zp/lmDKKZuSr+McsiQIcBBABAgAGBQJa9WAdAAoJEILJN47TxJBqD5oQANrq
+MdCe+FL8TcMiYPPsq0qQbcZNtDnvWX1nDKHaZtWSglzcvFgs3RsDhUFYsvcIyJCm
+sSs2JBQfPkETC/eUBeaLe60KYp4vBiZSniFu2ihgkDN40+St112OaMCt7/pZ+brL
+IvPO7iqV3DevNjBqpvVTmS83O9+dwEvJrD9LcCvod/CWbqIpbxei4sMBPwSgM6+1
+mM7KVzq4SMBDRb3r8OsHJDKmaa9wdWwTwev//oM8gfl4QjLq9fbS0YKKqZDi+RpC
+TDtcy4pX7rzZQdMR+DMXsIMuh50SCnHcuE5E4aOhvcqS1MW6HuEq+oHkx2dGIw0K
+GtX2NnA/62mjH9/CYc5pY0hC/hDmviamnevuifIfxHGd7mrUZhuGQD1tQpSj8SkV
+GAJH1w356ml/yJbxAlWG6WsHHTCwfOgLUMsyqF3REP+mdMP7ik6v7+O0c5BXfoUM
+D+NbJLiafIzo/MmlD+DgquQTF9gASJsK7iBGe57lAu54r9KCNyx7RLWAGAz+kMFw
+Ry/griZcojFuqXDzI1U+oSJj6PvV45mWoUB3xbDHeApWhUqXb8ED4hlRuJRsktTe
+kws850RudnC+enPjkd5iXIFbFu7PyG502H1WGvfLwkDdwXzAX+remyCnYzt1vm/f
+YDbfwHydEScK6jnplVxOPpjuyqAzP1fLYjWeaEHeiQIcBBABAgAGBQJa/WyzAAoJ
+EOhnXe7L7s6jcc8P+wcOIx4xrgK52H2nH5P2jo4dOOvlfchwP7c3zC+6D8Q7pRNi
+pc9VeRgoRTnrYPDlikrxtf7qcko/d8xNYogZO6edoJWVs2v82GZQeDWn/BKMqI2u
+zXR9U4IcmOd520FtEyRhYbquihbDw0cQ+fZnuSkTURq2BT0i/v+2XbtCbyKpL+cV
+67Zcx7U2D9wV2lvtLdS9dvp5w6qkqxb7Y5WHqPP0cW6+lcb/ILQH4hBxiaSN2tQ8
+15LWe0kMtEPCmFK9IOiCsvAReEDNGJ2xihV88lrrLGJddYXPDx0g2QZocgTxaTHu
+gMvXZqi9F863s+fx8FwsTUAK/jT8JkA5uPGwhNC3K4nP/3+yojUnurNgfgXikh0l
+T2JHU9k56Ki+2w+CIyDTIbw6J8mToKlqXD20sqfsK+knJbJbTnqIwCYZxvIP1MZz
+NJ9BVKfDZChNWyRrvhJou0ARhUf1q9+qp2NyisEIsSHqAx4Xo0V3u+mQJosPTn/G
+36YThaDEPvQrkR6PYvt33qd3avl+rCh7HsEYdKHN/55B8lccu8txlMBLMKjKHNC4
+ShqMw3JUFtK4ZvVM5wAUGmODZqZtEVZFQ2DfcnQlDUq1GySRB8rli3iuqGjrvQzM
+zN2lUGkOHGdQqQYymmdMkLW/Dlpd6YuPnQYkPZdgJNHaOE0Zq7gtfiq7/Mh9iQIc
+BBABCgAGBQJa/H8lAAoJEAUvNnAY1cPY0NAQALunaFqJJue2BPOM0mjaaWoKg1Oo
+QMWIGleQJzZg9nN554WmLo3ANY3UEnS0IG6Qsk/5CvXJJ15B8cbw4e+310sRr6PZ
+8zQmm7OxZvG7QFNgmbL8bCBo6+yZG52erdG7O+BScBMiZVNEjcsmnoFnoiKGh2Mf
+U7hsVSFi19k2yTZHuZ5jfW5XQ3b8+2Z1eThiaSoZaT/X4Cz/vClpDY1PrzBtfrh5
+wvdVQQq4yQWCDQ4uhX0jtA0Nvudxncve8uJE4K8NXT8JoD3D4Pnwr0vjOE/a6Sti
+uWsKR7JdFjPL4vbCvQmVa2BQ5CGOPkQ1MQDuJtQLv9/3dYDD+xOAdlKpEeBz7GCn
+NH3EZYPwLpIq6NwQtygz71cAjT2HivBRFPZotZ0FCdgtobhgn0mAMwyMQHYuyAg7
+bbQKWq7/giyGg7V9/Rpo4DdbVTl5X8nDn/HmqXlZGa+7avr58kVlDJn3YBOOhr0R
+fQ1qb0yh2CxJbhD7GmHAIBenJClNuQJ3XfGQIgx8eM7OPQWI6vSz9CiOKRLAz90n
+o3ObEb4XxHi2Eddnn3iPf1b3cN2LlaipEk0YhgRzRRdTIrWmP1HHLJrEmRbmGipF
+jd9ku7ktI2IPPG5AxR85ZSSVRh7+36k3apQTGYXB1ftLHV1APhcPt+YQIklZjz3L
++ptIfQLJoNNC54EHiQIzBBABCAAdFiEEb6Gz4/mhjNy+aiz1Snvnv3Dem58FAlw0
+ulMACgkQSnvnv3Dem58Tyg/+JHJPOvm+d3SDZs/ql5j6VkIcgmiWkv8j89HxGjT1
+RU6kqo+phjjHFtJJ0Tp3kX0yrkN9Pk+jz1SIEPiZZxwQjyY0L8i/Z9IqDOkpuD2E
+DQz8RfenOG2hd7gyV96gfAlXhEODiO3+MPUnq78IuEkKw7HOtxUSkxqTFu1LosEs
+YkzPyi52RsyI0+Jo6i7kPaEULVJD6FEaSeDQ2WamM+qFBFlpAWXOgUGAXCRi612l
+hEerDhVSr4sZrpY+EJTGce2RVQFdwAsRkLV0QyhkIqmN5LkTrG1Ql7qJENucp1SO
+XRnfIivgfi8MhEAHiALO18WINw+R9xYGkATas3hMRcjT3W5NZOM0RJRkKFL6X5Xi
+fsJZcOp/1xGWKhMEq0vVLbQcTITzkCeuokV1XDve8OwlZHmscUDaShb2udvuQzvj
+3nTx3a8gCKIOGKpdefsOnxSy5kPnstLjNPlefAf4QehfkEpo6zWa2JWvIA2tlrPs
+9Eh4DVGD77OT3ExNs+ByLDyQO5yJqWNhabWuKS/0OBIvJH2KZFk0JXgocslaDu89
+Xo/8HmeAuuH6fwdEad3oSrKBYZ7SfeHBEBzBPyTZAHI86FDhglM6DgvqK+6eeJgU
+M2Dd/7z0zTNYxODWm+mI/9y5XEivumXbfqEmIAOOTqUCL8L+jRZHOQORCOzQfcyT
+BZmJAjMEEAEKAB0WIQQqvKdJjYPh0y1R07WrSACmLbn3OgUCWvxC0QAKCRCrSACm
+Lbn3OvlOD/4+ivhCBJqNON3SGP84sWvpFMRcP0si4S2iD/rG9lL1Rcv8yv+1iy+b
+CHGlA1irejPIXSAlGHOoEl4YJtiRa4ErMaxjBYGj3G6ekBv6astte3/s+CNKvfyv
+oQbK1Ox8PSoWPyxVGS37QtE4tS19TYvXF+8nSuPHq0oJjAWsybIMrpQMo7BEyv81
+sp2WB0GB4n5Ql2JXwf4WETa8+tyKjxntLuacvCJw24d35BKMSOrHMzAFiCsiKTaG
+yF305yL7q+m//tQKvt/QIbScSZ5DTjbjeYbbsTvyywYgNwCi6QBoDZP8a0l5eddf
+sy+eYU/4QAjGV4DVEfSVh1i4l/b+wHzygERMpGIPPu8De4Ur6BqIHrEgFIQz4ihM
+PlMB2mjMREmOUeRjYpwnQCjMgiv5/9o4rVjUGbKrnhl1me6yWuz5buOKNlZW3ny3
+tUP39X4g09dCLEW8Hi5FH5uGwI2yJAzBWfRFJN9xN5L01Sl3wpkWr0nFZuHekrV1
+9u07pvgoikcCBu42s5fMxZtx4mFdQaAwgNEVjkykqjB95pnDZygxKQRHvfekykXF
+8KaZOuoiCN5DDHpOlVm/25BqQyugkw7e2i3c429fpJQZH1yT3mEkhoDXqGZVAfVo
+rrn0PnTSiQn35kXW3+uKgj5JQEWIXAZ4DKT6R2tvNeHFgcpyeQ2PcokCVAQTAQoA
+PgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEiAuMm9DlEG/AcPT3s8OR7+
+qTYkBQJb9ysMBQkGiHchAAoJEHs8OR7+qTYkNC0QAK/ckuOFo+h5H/JNsZxOg/pM
+lfFGnKXFcafQg/Cu7zpyj7ot3A4d+O/PAH2nLbsSaW4GNX92MYFvd4ckZCdmWvw3
+80NWc9b7hpIVay+l/SLr3zUIG/+vnd8y6CCPN9K+o2hmbf4s4x36GZz5j+rJDYZT
+OZC+mWE55qX1LelwKVCM4huvJ7OnjMCqnokIYFmyjSC+EmOCfKqT+901CCWunvve
+Fq52vT2J4Z0ExIEl9RbmrFS7bhBnRyveDDOXraKlbJt/k20OxOTK37sz54mXPEfW
+XgZj+/Waj0xcbyc4z2ukHsoabhOQ1MLikncM2fnpR6zw7a7pkwF8GixQpHw/JOZd
+fDiMxi2sZM8EyKJSi+gPpecpnQSDtGbypCgOwpXGX8HR/wtzP7ABAOzJ8pMpliuS
+pX7zxmKfm7Y/N2kilU4+N0InXFeFpXt9aW9wlAGGJI/BpHTy4lE5OPZH6BRXckHD
+0fuNK7XDIfLRgUe+zSitL7ZrhQkSaZXVrpJjqTxj+xCADC0wiNWjRRiYLFtVF1Qg
+D8ND/c9pWR6lEPW/DpONh6mXOICwN8L8IoH+vQL90IsVzhVav7mokHnFvS+KgIj6
+fjIvD5CYxCYz/ArXHVPf9tyuMrvfsqfvJeNNj+X/t302MDDgCg9ompxFtcNVs1QT
+CIFSWtTHEI/MtFX0Sg2PiQIcBBABAgAGBQJcWdP6AAoJEPu3V2unywtrf+MQAILO
+k8GC995C5soNHgna+wP50JNQAWYEC3EpCckO7nCuiYOZiG49J7zsYay/LQBOtlmS
+szFSCuc9dxnE9pOaJBfTxZoqyM0WXEAhSfEYM5gO+qDJpCHDpoyuV4h3JapNIPSR
+GBcKwLPn8PGGemtlFWDnU+VpgNRAIQxBjLa6D05qGR/iSUgGDrm5YBGXFPkTRQ2a
+6dxwJ6TLxxa95+yvpt8XsHMUEv66b7fMPw0WpcFYtU7u7Q3q0w89xDvaO/tdTObc
+y0c7ujeOMmND4/ePcahvTchV3EC8Va8BvoE403oqrwadiA4wQrW1bTjTyydg+Ysz
+SyRU859tuWmq9vf41mce9OzcFcHhDTZrJrZcMvHWsmmHArK6FtMzwzKo29EChMzA
+RiBn0L1QjiBMw/ehQG2PUawDeLEojwgpTwxNG+DVIn8hHpPyn6RzKKBzZluqG+qR
+GkuOg07EEdp9Xhvlngfvcprq3RarONIEZtuBPXUUL1akf2nw2OduZU7ImSAvFXKp
+46kKFrt3TUmwNA13u5FVYgfpOSJNiBKOGxnKiTqVk83B5VcBMF7p3dTNzyRU8exY
+ltg+U4ooub7lpthuPaiTjVtqn0NHXCpQseX1CEuJUVLbqQScvEK3Mgq9HFDvNT7F
+DfLP1ungrN1GWlSHUQ0kp/QQAJvAemDuwAauQYJziQJOBBMBCgA4AhsDBQsJCAcD
+BRUKCQgLBRYCAwEAAh4BAheAFiEESIC4yb0OUQb8Bw9Pezw5Hv6pNiQFAl3b21cA
+CgkQezw5Hv6pNiT/nQ//esAb7guYi0ucDtXuVYlxtUBbkIxjHPkviCjKHU31+YVJ
+mpgQ5qIUZXeTwx8e413f3qwBw6YbBMvVd451djmYjg4063yyip8mxD8ScmSbS+63
+8zYRx8VJIi1QgqloCoebsSHZS5PKTeYfujSR18Dpy+MkYTVoxDc5fN2WHjXhRH6D
+be42xu5Ws78/Lxs/FuEiAo6XVD1gArlq7H8CiZVEEY7duuIIq55yrVYX3CQRRHa2
+dfJWqheehQ+d70LZZcVu/2+FpwcT9ASIYEnsnyyKNcbPucAD6nJOEIfct/kLjPef
+2+PgjKjZDnJ/fqhAm+IQo6khKzMhKTlgVJCIv5md3V9OlGoLRNyjTCJ+PNSTJ45c
+8vpRvIy3kD67kvjxC4SAeCq0Gp0pLkr/GrX99DqZlHOdbn5uYAikqcv17kNEmIPe
+dfZFdJRxADJhfG4NvrufvTWFFbdDcHldyq7EqGYDZdAtYG0UnhSoQo5LtiPScbmL
+FyUQabKbyJhM/3wkZE5qWrzoXxWpZVO+V9UwUT+utbH0SONauplQhJE0ANd4aRuw
+MwAqAvDDmxcixxWzooYOdYvpoowWw1uBZxSlE0JQXouWX1UmR5qTw2HWhNRRDYh5
+windVDcFBW1YpDsHNKnG0krlysq4hultMUDvZBtPAQ3EX/SX8Fp4q9E/ZNlI8R2J
+AjMEEAEKAB0WIQT7zahVjp3ueCuzqh+87WHgS+8qsQUCX8gerAAKCRC87WHgS+8q
+sfjvD/9vcOCNVqlYReyo8e0wB55r2OKz9YeYOHxSLjIlWRU95DK7hZsbAE8ND24E
+qv4v92HjAPrOJqZ+k5JfEJKd1VzL3CrpQEeR4Ys8nNavc9VHJkIgLcRp2keryvmT
+LyJQXQoPX0SOeOKTHwU37cGMlao2K803ZWAqfnABwNHydjf3CIJ2OmsZqjxh0Hhm
+SRXdmlVto/IfMIEbJmXRK45ZZue9WG7mAg+ffqnUyG1UtCFsZZ4E3FQQx+ksW9Jj
+KcB99gLNAbwIxDrwovekHkXZQwaSiwPpYlV/JuEGE53As5GUNI2qgXYevLjCgUNe
+JBFGlRTlsvODR4zW1yKOIESiWY6DOKgEGpoN1VrnqbRwE2QlxQsfvo35YvOkqaMp
+WvtGzdDscrHC60GyXQDWlesdipHahpvG/HFtBlVO50W2j0PMjOjUl03bAVI/QVQC
+aE+Jen2NOq5FjaUHVEJCHoqwAjLxiUhJrpyFDedd9Q98lMWKbVCthzCL5WaUykor
+hA7mB6eRhWuq3KKVxIs59g3Y2OVEk4HyrQXpARkHwGA3VoEYbLV9zpy6ng8KMmje
+LXxle6i3XkVUQ8Ayyz7Qb65TwuuUxHyk98UNOdyIGUQSeTu18AarCgBokU/lk7h9
+iXQP1m04NNjlxkS7icP0PzjDZaVNcimkpErEQq77t/YzfPst/bQwQ2hyaXN0aWFu
+IEJyYXVuZXIgPGNocmlzdGlhbi5icmF1bmVyQHVidW50dS5jb20+iQJUBBMBCgA+
+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQkEpvYWFiEESIC4yb0OUQb8Bw9P
+ezw5Hv6pNiQFAlrDTLIACgkQezw5Hv6pNiSRMQ//Z+OJZFRfX/UHm4KoPhIrZgkD
+A2MQQ1g6cqYcY+FN53YaLvJYtRQUPyH0GHa9bM5QXb7TQg8XH9oSg8JtwEGl8xrQ
+nDMlXrYfDaye6IuoA8jGkIyP5EzlmCX4k0oJfxFkY9rPnEucJn/DbASns45BL01g
+BWHOKujeInUwgjAtptzCU1eXAtKFUS/QUIciwZFafqlq+JgGneGldRQWg0LLjtC4
+mlfvJ9dhbVgJ1E8/KgDcBSKv5Pcu87EuAE/q7VWBERPQLkZ9YqL0TtCeTU0uXgYn
+tGRgbPzr126/yUwSls0EW3kDgNZqn035MvGxeQi6XU7jPMmMFsNpw5CndRmmwTZ3
+Q01lqUS56FZS3SvJJfvvZMOALKcAbcBhjRubJV7T0AkcVxZ7qidaKNHwM4Vg1b/R
+xg4ZsucdaDgYgldk4vbjqWagDJZ+voowY2k4I+Q5nXqgNmNz6Z5vNQLjaOpeRED5
+YjZLhTSm4vspDzMhK+qdU2O6CG0bSNFfiSkzzo+MvmN4jjq3e5MfX9y8TEJm0Ctv
+bKue12sfGmFfyR7S+nes4sN9CG8K0L89Yw9DzXxVR3aBVtNpRgoWbSN+h7PNL16V
+GlDhHUOrYuGWm5Uk52w9j2puREZneE89rs8QttDMsg7sNa1elcNKdPtbxSYpGxp6
+Qf5ZfoXNl5QFz1nHjX+JAjMEEAEKAB0WIQTsR4TFsIWamp/F/PAX+9y/2ZKP9AUC
+WGJUBwAKCRAX+9y/2ZKP9FKUD/4uv+9GDfdQh00VZCsapSDGfn75YJc4T0sp8t8X
+G4L+dWD6iZvStsHiUPnxBfaqJoLewv7b3rxJZwUXvkntHwSvpfOR5o9sNDoo9/wl
+ucHyRlfk2L2m5vRk6xBBHYZs9r8jVf5/hxmQRSdIi5ze5xlYV7CM4UlNYBpmrDUf
+I8y1MQF63pdtkgjE7CcZfmS5ap97cly5W81GzVdBOTA6QIfzA/DhFa3Ros6W/hAa
+uXtyiqQ3e0It8sAjd+iG2sKJAIatipSSaVzsKImeznDLZXhW284a6NZtIQj1G+UA
+qlBTN2d5mmd1S1SAqjrFLnihUMaoKHBB+yikNgQbL8/xdu18FUKlKKFetZJebS1e
+apyUNuxrudwA+pUhhQzj2NQzXWBfJkfJxzfK3Rm8HyswVZHKvfnJULfANaYoF8oz
+pEWGbrNNVS37ZHjPjKySkOv73XFzC9fsqA8G35Ju9XwHXbv14wmSPRKMh667oYOb
+lUYiq0GEUIL2t8/9kcJxrqiT7jrugOirItD9Ige3knR2+HtwrEiWyQTZWEybUUSP
+31fmfgkWg1RRCQGQ6xKMamsQmK6d1DoSvDFaY90tztxuezXELP1Mvv8Prp5B3TLR
+hC0LnQGsOx0OL5GYPUC/XnbJlA2YrqhOmxwEQhrUkvl/yG/XxiHf09jVxBJK5sYn
+F95GMokCQAQTAQoAKgIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUC
+WDQGUAIZAQAKCRB7PDke/qk2JFQFD/4gRoUxmE1rLSM2C3ufYTj4D+Cay9ZRCyR3
+OWA5CMbujlLj+5tRe19TUx26BPFkTuh7WgXBJuaJVmgKaNP82/dyCw/Fo4Ytbd9R
+IJJ/KkIF4G8VohNu/3zIEwwYdp6vL93h5OUGKbmGhYl7M1XNIf1l2wvQsRxM0jc0
+9VZN2uf5ALEr3zBj2asxOSynPD6zldoBCJ/AFop5JKTOaj9oIO9+QWB3guxqIALO
+CYydvJR4eoLZu7xyXoRV97yYMe1hCw82KGiGWsx1BMhYu0z7XK1OXs30kh7owvTy
+C/4+pyxMmidBrfQY8GMrVq7isvPBPFZgn6WLau+eTOgcnp1qJUG5+gs1CNAzWrdC
+ddv03uxY3/4UYhauJuWH9twEjjPClSBEA2oVHfdYrWBbhN6TWiWMgclPE56wsRxW
+wKuhEkm9QHN/Ltmv2lHwvDAB4vznympalamWNxjc4B7H0ft2cEwtC5fPNyapcFl2
+UC3na/SbBy/eUWVWNS/gVGNzn4gUQPHySpacmY08X1tdvenqdi7CmCZNbgGcJZaR
+VkMew1QAljh6YqkHAa5N1ULoOjvazNoExhtylQeoDTMwYhfi5V0nEAcDxY4CqMjM
+uxqqKuziZvJj2X7pXmnrn8TXTM4B9HSSGfeC0yceMJWkbiECPAc2qORmfd71AVPl
+eg8xAqXEWokCHAQQAQoABgUCWT6nlAAKCRBcWOEGIg0DnlCTD/4rOktOyoA1Gn/J
+/CjS01/MKbwTSenBqvWUAgn7gH3OfOjPibW9wvO/lrFrX+C5uT+OCjcxaluC/nui
+/eLbQN6iW7tXCgCIspBelIvOtBUvQre7sKX7awOIkC1X3LjhqxudZfcj6Uvm8n/0
+4a5XXPZoEmB4X/ekr/xSzNxuW1PQR6iQlrzbT7deK8571V2ift0F8syCkpjcLNnX
+XtpKWucI4pfTJdXZrvqaEfqstSQAK+ZK6bIGjI8/QU+CtrvdkUYajZpI2YQQqViY
+DI865J2c9vpfdfjax4OBOBBygRQr02kY+/+zWmkGbJQcEDRWDONIdlVKfCv9EtaC
+5sEbv4fFS4l0PHq8zUvPdMnRBVk6OsvVUIhiCR4c/rhRDroeiyCzUI+yWX2VEY9S
+fE2mA6MrDBiu75Gm5OeUGDd6PP+5Bx7HeoU0LcIbaRGa1y8xuNoooboh/Xj3Egd+
+2bvPGlwS/evAkk0YHsd2XOfMTtKSWFEnaN/ph4LMxdOq4SGkp0xtJPySbMTZD3iZ
+n0jKSFYvhEtXAmYMV9To2Co6wwKdNDM09wgkQKX40pAjGPnFg2bGaBAfCqRll28x
+0D25bOOMYiJDKMoVmnlBd4VS7a1SNHU6s8RNLtVfM76zgVhmYqHZC5Zwhenj8nia
+6sSjqAgmLYI0x1Y+YpvHQKxK8TNNrokCQAQTAQoAKgIbAwULCQgHAwUVCgkICwUW
+AgMBAAIeAQIXgAIZAQUCWTHnRQUJA8MzWgAKCRB7PDke/qk2JBs1EAC8Ki2vOzjb
+RykLuHZmkxACC8stfIlc1ZM35YDrEfGtgstDg72NeCDue+4xnXfLqUvs8qm5ya0i
+qSUlqXClLqFnnMG050sgrUGSmgWQb21Lh+Flz3bvBOK2QOkR/umWj0JuOpEQZB+q
+2Nkp0at8N+B+eldIS7LEPUBzGK7CIsw+NeB2fRy3ABlQ0Cn5XXx6F7IxyKLH+Zba
+M5o49Jpqpxyzx6j7c8mbYCM5Jj73ff8DvFR7gf6fKUWwwff9ld46BvSs6nFeOGDB
+LyxutExafZPMCZPQxMp+q5m0WLv0ae2OlNrGZhYaUJaJtEYBA4CdV0FBlig4oN6M
+DEX+6AgXQtm8J3yz43LYDSyIYxi+ZuxyldPCys5qWtbMlRIJ7GWR8eAhgTU2YkVd
+DsXIExV2YBirf97CiGL5jKOxbMGCgAE9qba8E96zl+Hd9UQBGacB8+Gtbhx8nbgE
+InKPoi90uDgEl6t3JE1dEBiyYoWrgJEJyb1iBykMT6LJP4rHErp4zEYVpqhpr99t
+OVOx5ihJddIfQKZimkZ+PFi1Bm5uKzruCywJXEG9YC3T8ElZk9gLeDiks2eTNjL/
+Rgj4MbWpmIX9F+Mrr/3MzQilWKsFbNtRk80x95kTDRJCMO10JULq43HD0KVLt5JI
+nl+sdrCcIbaLJbYy+H+P42Vvx3icbAnguIkCHAQQAQIABgUCWqKIPgAKCRDlZLnC
+db3VLmJjD/4lFMD521ejMYDoUMD9lTyYELyJFF1oOHJ1fcxeHkO4eidAL2PFzofH
+XoV+6srdV1BRPwSkFlVZoYwaToOgi5y6bmbdHoeRnsFR2AoLSiLVeFyS+/tEZKTJ
+GpAu7PHk+MRj7qJoJRiYM7nWS+ZexA38J++AsCHQCh5tmg1zpmnWsMaq03v8M91k
+OxLwhkoYj8jjy6Lv/5TEQOB5I8HoHP1MM/GcEHsN1mXIZZNimcgH3pHmv1hMHj9n
+0/1P0I3yEESE2JGharcQMhUHyT5u+3A4PRjQO6QAz/6EHeEeaJoOJ63Ji8qviANA
+8S5oW5e/LUmoMD+slfWH/71/15O2jhMvwf+9M5WeBYO/bOxPTJMCBPF9/NtL2D3f
+6OtFqWsCJn+AviNcez5WZPX2PDTLrDU1ArUsS8dJH+4Exyn3egI6Oio7HsK0aqKE
+1B8n1l7iTA8TI9lWOlvOr11U5XqUZvOgWJTxEczSn2hUHyZF6T9qRONQvVTqspMR
+AqZUuGEzKC1mVUPM/0nEjiTOBY0VQlVjbkR6YXzswLklKWyO9h4eeVusaJYwDnnK
+cyoDPlqQIpFTtzAnClrIBCxXi5NxLvrrmOqRsjdpUYIMIMnedLWeNxQDw2725Htt
+iVuhhkn9Ab4xtjDv9NHOqWrAGHX6orTzoIe97yugidbxtZf2V7FPEYheBBARCAAG
+BQJaopBGAAoJEG/hXdHjUQdh0cAA/RlW8r5gpVInVhUSMpApqIQC4WhdywVILprU
+s7J2bNRzAPsEiOJec2EJPdHyix6SD88wunxFzvaI2mS7hRY3WtMpv4kCHAQQAQIA
+BgUCWqKQVAAKCRDs2ssWCZWtiaLPEADJG7IPT3gIE3XxCcCdm1Xi83sngtwuR46+
+RtfQ50eT8ggm5S0vF9/GFlkzWMp6wQIRZpM4DqGum4Ehp8LlADagFIS2Q1C8hFi/
+IyDdPQ0UMhhel71+/dtisNfDH1CFNAIQDdXQ/I22kxbQWh715lCNiSclGSu+4MJZ
+cRuYRLPj/VLeM3neS06ThrM8Y9ie7UvV7qgyVUPGF+qkd0eeuRji4hZ8mw5OAi5v
+wPCrvneqWRJxXXyef/3grvNt9VD+u9zLZg/HS2P/pQDWgVNxsMz/vcvA29/gXwA5
+EnpfgHVlpn9UTfceWoF/KlSzh62NDVBg0+AkCE1ihncW5R/HaFjEF3MXDu9RbkQ7
+XZGkR/N8SK3nLnXE2wWLgA4NcfN4NsJ7bzwC7t7x4XBJKKEQhrEldkO+JBftUzzy
+qvf/B78U5D/1IwfXXIM5OSLwJEptlbsBTrhl8W2iDmB46e2Ionhg2SkgFKQavb14
+PNeBYnAGm/jUKtDqqCSCT7z1vbCjpGYDrQmPDwSjvzXfKapi5dR3rnQ6HoAlfdE+
+th0oYtoV9dGDBRswNxfblPsN5vLPTXRylUBZtDuDfyK9s818P9uQgyt9nmXhex10
++KYwMO5loeHyGvhET/dEay+VTfy7a7fQWdYSoOqXw1EFxAQ0QkqcSyPDZMoArVJk
+3+sc+DcmXYkCMwQQAQoAHRYhBGAvVnZj5ZO8vRTzOMY4l01keS1nBQJasDpEAAoJ
+EMY4l01keS1nYp8P/i+k3LzZHTh+r1jNNWTooWvILA9SL2TaYMPq7LTpDEm+KJxQ
+gxL3hp7+8gZqvdpf5FZqoxoY5+Op0z2zqENkF9OlvM/k5XP7k0OrgnTuYzy3a7hN
+Pa0L8E97oUggKgfSKN89x/PBTQfFD6GPLvtQlBqiZFRvlC3AimKGGYxowFGKP2Pr
+oJHTD0Zly2+vGkuCTkPpKVO2dk04upj1U7QlG5tY80H7vVlgSKSmSkGv06fOWo/2
+aieuea4C6Wlz7IVgsCVMK+vU4hCtZ48zBUEyjyWWxmoU002wRI0SztFRun6Rh/7H
+Wm5OBW3abOjTvLpZp8oZ3naq9m2ybEr+my/yPg0WMm//DJPMKTqCcWwQ39aepFMQ
+a/Ke35XtnB0rDmLApCppjE6QLICcM4+wkR+I8J9ZDJiPy6myhsb46ghk+Q/OugAT
+HFdyQRVPPCn6LPLvEcqYgmTPDBwrbgpyPBslrSVxmh692/XFkThN0r3onMm6EbO+
+FH99ZI3P6o9iErZDhXLWb0Eg9SYiG76x0Iw0Psb7bDdKirID5JUrZHbX6q4G/FjU
+wBdgiKwUXxrjBvbk/XUEz37rguchVyCb4Z5NZ9Kzi21euoU+01mZfegEoSJ/Yv2o
+bAWweTeq1/iLdlixMrvWPBdWRlwQYyI5GrclTvdLYTytu7bydo7daxNQsogliQJA
+BBMBCgAqAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAhkBBQJaFaoBBQkEpvYW
+AAoJEHs8OR7+qTYkAjMP/iPBFCx5ktKM2uABvUxOmhrip7YIN71dbKCPCeQx7wFs
+XBo8pCqm0Krx0cbuMzdtGjNQbJcjL5JNZ6TGts4RL3MPnBQ4I52ZuOXb9e4DX6+D
++AcmX4zOIyoTun7SpILW4yfzIFfpRhjx3wMk0IH6T02mfJog2Csy7ogmGZJ5bosN
+wLmRi1S1+pH/u/QLQXKDxFC3Ixw64yEJpxFOT68Y5ssQ2jcYWQgDDLWStgrvLCg/
+ltUiu60N3kReEisIAidBZOt9I8otQqzn/o6H/VJabLWrwCS8E/uUnH9OgktACQ4k
+F6/K1ajO3X9w3fiWvqqJ1O0tOqy964bFsW0gjYbAqfsdprBGGya+TrO2raD40PdG
+59Nt9maJA8N0ibDTmfgRfsZV3p6aqR0Scrjf5sVHSmBnOUYGp/ges5MGRFYMeAHI
+6DiUCi29sz8Do7fb5yRtN01Qjh5avSmNOGtAqdVTXustMj14UJi9c2NLrl3jJzor
+toHxpDGM572ScvmWcTlr5Yo8TepzHZYYK0QUMnpyyDLJZkBZ/gppGtqyN+/0ACvN
+rQGOrUvcRtjEHyJs/+CUc7hTdDVAElP+3hlKlPQocZpRG1ZI5UudLC0n1o9IyQLE
+ZmQjmxxceqVCeWwB3MJNpFfM0X4jwwDZDGZZ9izovVcZPHBoBRl1DWg9QL9w1Smg
+iQEcBBABCgAGBQJa9Qt7AAoJELF1z6mPGSrygBEH/izKQGREmCfJxkxDN5182ULf
+oypeIO9ECAO4jXdE2+S3/jg4ANKvfX965OilQ70v76a1mStbhIbMQLl/h0NuFPS9
+xrNIVBtVeQWtB3hJOwtWK/JgpB59+bFOp5LsjFnCXypIm1xMyYpXB57XU1nDOMMg
+vIKMFLnB26xDbUn3PrDYdDsS7SuC6yN/mITCJbZncaA6LEc5mb6OH01WDtNW/ZbK
+YAxZ6CwFDnR3ewwa2I3OUwj7ZxcnIKOaHdYGD9RvuoKauisbosQh3h9jJNYw0Krf
+Vk08iXuVzcdUZiriOao7/FQvryzs1sdug5di5JIrE7iQA4L2jbvfBcm27xltKYqJ
+AhwEEAECAAYFAlr1YB0ACgkQgsk3jtPEkGpOPQ/8D1s1lLMdWsikhKjm6Yj1n1g9
+rmfx2Vqny7pD71aSJ53THmFml1rgyU01JxGaf0kMPcNxQwB3cA3fi+MpVkHyFdXk
+XXSHPPihbjMs+OYG7pTOWF+WLIrUR5Ly6v802cfVDsM1kID3DfYUDZ8RXcGVhYzA
+SeuG4aA5n8DIBByYRfkxtDdM3aGkGM/rIhs17+6wU3jqD/FGB+E0efsFWTZaUkGX
+OhSAmStR1DIOhhjbK/PCI/za7RODIONoQB6i51xR1tQnEVe3n9lofEFjNV4Cgh93
+rJ9hs+l/kv3bF5BS5zzivAdbFc3e40qZXdpbbtyZsY+RrbChLpYRpLI3zXLX00c5
+8UGtep3agfTdcJxv+ibtRZoDnWzUmKVxFt87SQCYFMjv13rcYZmFklmwIetn65O7
+takLlo0MR1aq3i7bR7u7N72Yp0v0MFRjy4rVdyqORs4l8VyK/xuC11DdUnWHZ9OO
+O9tGPSPzoIhnLgwEXhQ2DfabRr8kECRkSJXba2q1yXIgZipbAHGjPC+s48JZBfmO
+fjMsxIrdEg27H2rUHYsNnz20FVZNNNWHv/7cYJF8UDibHU52ZWeQ1uhrbQ0iQ0p6
+M6pHlU02S/JGJ92t1ant1O0oyEERGyAt8rkG1MRhLh0jHqN9yXp2HDJ19LdwbdHX
+sHD2jShGiDFNPkgrNlSJAhwEEAECAAYFAlr9bLMACgkQ6Gdd7svuzqNM+Q//S4Po
+8zCXraqjqJl3WWy10E9X5iM8N75N1/TViwcBJRi2s48eKOYfOKVK3kcreqnXn/fm
+4UE1z69vyWos7dk7lIVvVkBXNzICSZGuwvIarAHzeuNWwaEM/VdI+BLLR7Vi5yYa
+v4gSh7JD0XnTrSedY6Ion83/1pQxQW5ptEvUDTO1pPwRwycC9vOSrxgBYezgpomL
+C1Dz99R6/6bVri2gV+tMofpWcwpj4QoFTwIQglYH7vWXExHE5NssX0uxY49hy3Qv
+OcVMWuzq7k/WDqK/VlZ0qQ0NJBdZ1fkX3b4PdT8+wj1dat+rWRNLPzmUUBEh99b7
+9Va1sDp0srHb6FkD2MDvbEIrXYgz9b/RHaalXrNspWPmkVreEiWVuVkeKtMshh2g
+9el/CEkNaHa04bhDIbXivBgXjzXCpyb5LaVzDf8/FteO1ImBwYl5ENmy5g3vIRSw
+WNJrs6V1KDemfkd/hCXy+fr+dviXJRLyBdq0Q9BpfjYX1io4glaegWD0rRh1e/n+
+Jnkc+4kqaz/f1mu062c5xFYoSmlqEcIVQnvFp3Z8Z6CCkqz3iWAFQX4RAlHEmrO0
+IPPkFUyfWHDa/SUk4Ox8H7Z/VNLJhTKY5CqK93uS5cwlcBr/i8enkuItLx1zlNgo
+/4xMm+NEQfs7NXE+36hmQxAhYNQIB6xEvZ8hNNaJAhwEEAEKAAYFAlr8fyUACgkQ
+BS82cBjVw9iudRAAvLkWTWKoLwgc+5+SP6ncsL2/wk34BuqXPtfcNbEBUCWtDf+O
+/3snJ6C1Hq8H8XLH8FcPTqCns3A+J1vS9oymiIXXOa9EkhH5lXT1C0nQ/I8sDi/L
+p/kUNfqsBCq6R0MzEyfpGmI8t40a6C0Lt1LokGeRz+4VBbXvPO5Of4LbwgZjg0jC
+PBa93oWGp3TQhtYrVKZoBq9eXuL1pKyLuO/SgcVmXFylTo+oeYolHNyj6O9ABdM9
+bX5uLVbTa2I2mpMivCtDfKSr8bxWxZszlo5YH5x2NvXKE4+SgAgDQ1cn3CCKE05x
+8yBbzIAUVbnTgpstLP4ZKOTXMnodg5aOurbVBS+3zHU8MAznq9a32vDfuHaB+SRE
+q+XAqt22VOiLLR/IIzCxtfTnlwd1ME7P80VqWksFrEpFyblFCL4VzqWEm6AZFoAy
+e8BMYTzcVcSuXCIFnKkw9wbo1ybvWf43dBzdRmRQ9KM8vRQSSxgPnhD1UofIJBAF
+sOUDki7ITxUgwdthb4cJWPsE+U2w8bWCfyMhCjGWM3lvVTuUP8XVgk4K50AP+wNF
+L3X/lMSVKXWL6tksI2P7fc7U6KoeUYbtkL+HFQhatDI3JO6DiTQ6H1bFNAo0DM5k
+Wh8UyZa6mL83wuPpKTt7TbJtv/tphE8Gbs4KXLfnXV92hmR/WYJyXbScXvqJAjME
+EAEIAB0WIQRvobPj+aGM3L5qLPVKe+e/cN6bnwUCXDS6UwAKCRBKe+e/cN6bn3IH
+D/9rFHDoVkC0LZVvBeyf30SlW1sIF1rDFOUVZCCHFSV3o8yMCxNFiDP/v/vECACa
+3egDpHt1Lef7a5ypZkZlQeozkFNi8XYZN7Uczm6ZhQR8w27rhbcEY2J8aRFoJrC3
+KplHTZHPFpaMUAmwcrM44ALveiY0grS1oYiMszk7v897DwMocj2JE9EdbOxw8ff0
+fbM835q3ee9fqhwb59lup6WCZ4ffxy7dQxQi6oApm/G4+NEMU+JCSny0rMu89wkB
+vIb0b6Gdg4pHVnLThYLVkrq19Ijzm0f5zxNwKjw8ntiZq3/CIY2lg97mNK6tjzfP
+LH2PyXSf19Ojqo4I7Q23vKl+W4h4RNvdz2SLpKvyZdEVd46M0GLZ6OyK5J+BRb+f
+HoQ7+x4qgNXXEBM00m78iglDopWaV1gLuLSCpg/XupTWoSKvs18FApoVKz9XZ2JG
+g+D/dY33r5n2pXkhF9KlEGl34gsGgCCHbUWpm2m8J1UCRR9GP5/LrXrYNJY86joF
+Vufxy74peS+2gnT+l0zC8VZDU7zzC8jVV4r9hBccWHgvYOgwaAauzOUAO9Ysw4SI
+WPof2u46c56lyoL+IjAfg5ySM6a+yFfyvsNpiA8/sI/gDFfqXhj/Yn/1/82M73PM
+sDfabAvb3PBhYQ/g4Ubo7nXnFutr6VTvoRNIapbn/QH3X4kCMwQQAQoAHRYhBCq8
+p0mNg+HTLVHTtatIAKYtufc6BQJa/ELRAAoJEKtIAKYtufc6ZCIQAIiXkRIrpUte
+0VbMFxcsWlpew16ImriwHPXk6FSij9QEAhPlCLzsBvUHFEBqGD6E+1vQHhGEVqZ2
+h5F508tr/an5/8vuWvc5l+plfZ5rmjf4edYtZtphZpFStfIvtzYtd2ptq9XONqG8
+5xfjapV/aQtcZUf4L4kZ1tBSLzvK0wfP2rvltLpy2YEO7wMRtrgjDxr8Jms3HicZ
+Ss2cJYcqq4Kb274rFopTDILXVFc56m46yePZpp4gfQKnB12OpUENpbQUz6QWQD7E
+v/T5naT/+qNfsYwGreJitjPA+UuiWwy4vdIngKidZGF28ZEDHR7lWZoX77yDf/sh
+bhPtGgKNSV3cijTHgYjFqdtV90uVH+MVr0SG3iACXxMSoDuvtf5bsVh9SO6LD3RT
+cRHXedZiGqr8Gb+w/fkWQXQLiexhkbjl74N5ZQ4cbvxhv6Tfns5oVsEL1P2e3ExM
+nF4c/q7neinY4NRD+XhMCB+YjL+3pegaYfg/AdApRkjMQCreePediUPHfeGFOHvD
+5dhGVr4A3Es5FTrOYHr5ZJwzhb3SUG6bV9dUCCCGkSJ/JD+fTchAA6FCZtCobq3O
+aSmKsd+hHVqOJXJtVONPzYMReI5OC7tVTh75tbDwEB2X+Bv8MVTdHgj6nSjcFOZc
+gFTeGGSdZLcKlfJZssjdilvqvdecT4opiQIzBBABCgAdFiEEpcP2jyKd1g9yPm4T
+iXL039xtwCYFAlw3s/0ACgkQiXL039xtwCZ++g/6AuDhOE0m7IGxA1gIGo09fSXK
+1ab2x/SjoF6X34lJ3KE3/iY1I0dcOEoItgrZOb+FWBoU9XfdBFFu+nL0Bnnitkqn
+iDagGzu34m6XasXgyGW01MhtEglecXykptImBKysssT/Qte9/cxEuNMbV8QEnaoP
+Lgy2Du2E6erveZR3ttLmxLu6qFDW6f/91qDli554TQc1ZpLtn3bIst+xxUR2xuWn
+fLA1erHop+arRUymAzBXj33WifxS2SWhef8qJVMlfDPoG5AvkQIlqHRwvcq/cauX
+UemZql8s66ZlcCzW7PvrfSSKJaFk8pYz44rrHyAPf4UdwGAY02g2dx7/tptZqHJ0
+RD0ZVEIKQTkJRUlV2gVnXX6KhN/QgIZd+fR3OK1iQpL52l954bZPZPko1pl3k5n3
+yYx0oOzgfxN53kGZNh9VqEEf1z3xBUIoqscgSX/kA8LljHoYzExjHzghY78SIcj4
+7ik3rpIXxg4MMOYfPA6KQYRgwgakXvrtbcNxOTaW9TS4hPSbz8jtWK6mI7dQaiwM
+C2FmmF6+MOY0HI8sgD3O59RTTmICjGT4sJU8zeDSibzd7KJo1NDA1so00rDDFEiw
+Gd915sL8vakQ+946ike9fndU6xIxjnpZo1PAvtDiFMnPzPK1VujArJPJdEtgPqzt
+C0ctqPzJ2bLUOkEhXZOJAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
+F4AWIQRIgLjJvQ5RBvwHD097PDke/qk2JAUCW/crDQUJBoh3IQAKCRB7PDke/qk2
+JGdOD/9ksNkoM07jyru+RyeFUAN9M7A1toZce5UOU3BzxrtKL/lnJ5BNZwHCbAJ+
+p/KYKTaekXK8w0YYrxkCKR4u4vma2+MW/nDb3iT9mEePT6gqbyj5DLH9wF3buIye
+P5hZ07CMp1Q0z+zn0RcJaXqgVcLBba/PdmLqeEGgPYTl86SMiSGh1Ym7DARu3H/f
+Y1HyQN9Gdt0OpilJLSTMFSYy0lqMkzHMM3UalAT+wr++jZNLlFtMqGi5ehaepsfi
+PADWfv4dVgWUeAp20W7mbTN/Bb9KHiOQpLKFVJ5fVwQ2Z+yT495kRLAB6yO9fdDc
+t07DCnHyMBG13T03IxhJW8eu9a6jf5wVNynovgh7+4elJK6jp7kbjiI+UZyL5a//
+TB8hFtKdwVi39FhjAIJc4JgOOCA5TfEV48/WzRKbtgCFue+oa3k3Q+ajq1FSLrPk
+ZKNvrgincMt+eXQl/nm4jypkQ7TeY1H3OHHIe40iYjODV/CHzH8Xmfer8+r3LdI8
+8gYzI8EEqMuSMeBKj/BQPnSxCXyh2NvQMAD4Fpzogvj532o9acj+xqBgdhIv6J0w
+LhYKawYY8eiaSOZj9U3pu6VE0w0fVN6hLPZJgy+huE4z71edliBmIn0ehCiMatZ9
+NdFSB1Qz7Un+WNQcGWR7NSCDdCeYPxWENVLXT+iODmLeCGQXookCHAQQAQIABgUC
+XFnT+gAKCRD7t1drp8sLa9TkEACJ5+PzS2XTiJodnOfHK9LQtcoQcqlbabCGdz/X
+jMsDLbLG3fFvkfFYOIRcVSJosI7NJC0nFzUgISheqKwWiBUd+5ttFrL61JqFmEuX
+o2yemYY9LrN7p65wCNaJ0z3KFrTvaGmZLIBWjG7e9IZdCCcbIrZwHv38vGcKjiTC
+AHQ6OU2e8FlZGFIMoGdOsMQkmaotVLOH7nkeq3U34VLHxCiOuw+TUEgPCggzduks
+FYA0FJGjs8CvLutinBB2HFdjCkuUmTTPpo1vvkt0ev2APnJT3wp+xxpWox2chEoT
+LF0kQUaXc2pRMNwAitjMs6UtRFu6c2o0SqbCMXxMTYpNsUvmCBuYLQ/HWGeRoPB7
+6aDb6dsbqFRzHL8UuRqlyx4AN7yYgsx4yd+gQN2602BtKqkm2TbwRGXeF1D2D5aG
+qWCq51rbDR7hHZqVBUdulQ59VTaYPyoSkC5seaj0jSLDkCUWqQ7Gb78+eqDYfBLJ
+/9oeELZGeEW2zCjFbz8TMk0cHlIVp70MdbI+t0NADr5WlmOQmZhSA05nkx36rK/N
+9tvvieT4OXvZCok28bOVl711AnDMaSQqosWfrHXF0n52d2E+Q4wVlcdNBVGcvNkP
+LduOJo4WsD/L2VJO4NtkAilK0l+eFORCoWROHpt5Mvqh+Yn9XTnDRvIcPZqkJBUF
+KbDfmIkCTgQTAQoAOAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEiAuMm9
+DlEG/AcPT3s8OR7+qTYkBQJd29tXAAoJEHs8OR7+qTYkOSQQANd5MEPlstlR2YS5
+z9Z05cIfFdrCdy3L104nOf6peUNOurx3LSRIvDCoqsAF6sWYRxKs5B7MNiCb4l2p
+uwdPYWe6GKzHxM8mv3FGT+cOlRXdRjMb1g1bGzDYcqmXCUJ/FniEGY4idpctGx29
+ObTzjTHboZIMyuhwVleiJ+lBHNH+cTT/BfxjWqyVy4g/oCE4ln3k1PWsbtf9KrrS
+mpbml6c+petkuliDEsZSph4Sha3sjyixZB7Ma8yCG5d8Qe8uPNgpoqGEFJ7alNmc
+Z924G+Y1SJgQaiQPiAECYGjGEl2IhSSQDSG7VQZQTb8Ep0yqCaVo28zVPBYlSR4w
+7KNbYUE4Oco8g+lnkvg4HC+4ZGeHkLjs92+DXEWz37DLm6azhdwtM8lCTaTi6Q6Q
+PGAsO59sgsvDZmUbxvtE/RoaMvoW+p5LQ0951zxJRVzV3WsP/SMJRRrq2B7KCcX+
+SbbkXK4VUDZF3zVwyRTJI83+KLo5RuDQS7tlU2FIIa1T/pLzQEj6jXBOCGrd0ZNK
+YDWv3ASy5/5yFfj9Hpzx1IcXs5ctOU35lI004MbciEc4aJe0vP+cvORcWuJ/phD6
+CrhbUvrcTchq5aU+5o9ZRpwh3ElggrExbbC3ouQ6pJMPKkPN7qnzNCOzLlAkE2L9
+8YLFA2a4XhiMF1O0sl0cSQXeTXuJiQIzBBABCgAdFiEE+82oVY6d7ngrs6ofvO1h
+4EvvKrEFAl/IHq0ACgkQvO1h4EvvKrEvDg//Rb3XxjKqe4LmRC3dXr6Byf6n0VQi
+CYZsGBNF+U7XovQ+oNvVgBuX5+KeH83AJKC5bwP3sQVaxesA+hryyahwN9lPyrpP
+/JJID2Wkx+OGGHrGgn18XhiUgQvYwBHpfJZlBeT///gln30bJ03wDJzmMJzmG5TB
+11zF13TdwrC3tp8yfI8uBsxXITxKm5IL0vJbuxXY96r+5lcfPFQt3uRro3sS6PCo
+q0y+M7KW5HOkA0xAqCMzcCdNWVgN+7EM8HB5iI69cvVdlsAEDA4QY4HRls5E3kr4
+ETx2z6IgIGKUTdINEL4UEOtjD7IvfnOEIaloppWpcuO7eYXACgXP7wVe8m0D9u7K
+9d5oUY6r7Pnky/Ee5lxOXaUQcoplJNMxExgUzaUiYAGYVgzgTdOPPjQIcfry3N3d
+PWkXCjzkIG09Qq/Lst1FLKn5s3ENqwke9y3FGyOcXw3OqfXFOuNhspORY6NPgtD0
+IVuSjFXoLZfE3UKD9tzlGFS3GgGIyUoKITNdyQFiyb31tE5rSESKB+fJ7rxDI1Ef
+grrP4EYe/e5/wutvV4wT7xY3GPZ8JSp4yMRPoXLnl00yXqhzFeV15qx7uCeiVEQj
+Kjvap6g7v6KFQOmIm8BooVzKbXVptGcA2ncx7zBJJ128aUtf0CSQ7ykMfsG0jN9g
+EPDxo0DsrXu9frm0M0NocmlzdGlhbiBCcmF1bmVyIDxjaHJpc3RpYW4uYnJhdW5l
+ckBjYW5vbmljYWwuY29tPokCPQQTAQoAJwIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAUCWhWqAwUJBKb2FgAKCRB7PDke/qk2JIGuD/4rcC5ge4Q2HcIrAJJ73Hkb
+tv4Pym+rO7gRLz1Abo+T6LuD4gmwBfRJMNuwuyngQaPkBYCP+RXCmNBOVJd9FGCw
+vSed6JKkI5yU3l7xN4l+2qzEPG0uEIhw/Lcg5ykc+ZmLwOzxn6KgRgeZzj+CFvWa
+E8cJ26IpGDFOmoaGp/b6mLDWv1zqS0spRQMpeD9wQePnCc1cPkbfSFeK3HK+SGBT
+fn8mTVJJWAXD+xrI5B/B9UkM4XbNsPnT164Jr/zKZ/Po5LD45jRSx9/qfSsRwG7X
+0iOdTmlYvN8XZspbcYWb7yH7qrOsdNxOoxQXeNX4Ao/Q6C80b1m1PHb6am1hRfIB
+yoX+ieA5NIKNkNseftD18W1LlZu7Ibz21eE4AD1DZsvVAO/sNScFKhzBgjImVGsV
+2H9Aps4wjiM1L53fFicPuNVsg6RHRJGpp6bRJGfkXGca6tpOqzG/xjV7uptRlzbu
+k2mbOpdUk8N1jbnf2BqG4RKfw2drn8fuwfW6Mln7eJySZ8+kkCKrJYO+Hp/rntvQ
+zI2SwYbbjPlDMP7RnMHyNsNWqfDPROATKNVUbkppBy92mCvE67X2WpYKmAD9QRS6
+ldcOpES/IbBXs+yqqw6c3QJWgTR+tMFENb2FiOzmhIm7ziUYUGxETtD8eWgAlHVW
+iqc98HrIJoAWjqBAe2pyG4kCQAQTAQoAKgIbAwUJAeEzgAULCQgHAwUVCgkICwUW
+AgMBAAIeAQIXgAUCV82yRgIZAQAKCRB7PDke/qk2JI5BD/4mrZX7lU0pKEI0AdHh
+XPzJjv2E09d5O1p7WYjld7fr2L7Tq0kOeAPvYu360gP8S5y7fuOINLM8l87QFYI3
+mHWtYhG/uQk8RYnihgxpetrDaLtiRZYAAKtjBM7Tv6L8Agja6mZArR5WTntMkhQv
+N5VkaTooPL6CLXlPcy2iBX+wsh02/NWFmt8FfZhPAQE/mf9bGp07Tv0p4S67IC9l
+VINmlM77vCB3A+YGcUytkCG2zy33dYUPvWG3SNjCXw7iMdPEgSrpom+wl3KMTc/H
+8yoaUMUwCA7UD4ZFUJuWKdsPS/Oxw38lCUX61xDOGgoNT4LLy1Wn/u26rcv4UTfo
+2pVgYYGWyDigqV6WGI8A9SVV8wGIHWLj4yARPjgx65FH2rwrEjSZ7ukjdUhRXjfe
+yd8o2vy6bDYoepL1SR5jGSpsZWo+erfF6p3Ief8WXmSo25VhKwAxGESsQN5qwByP
++6bPUctgYtt43MzgbHPcylS9HuhuDyJKiTBmloqd5OyOv62muED9DHOeN4nV4kiU
+afA6Ycmqw6KSKhS+9mBZVVu6D0sjFIt4N1xR0F+NbNNJJczVn5ZPba9FjG1JhbL0
+r6riBWNTF+zRP4t9RUmRHRQj6+NfK0eEHu/dzoiGvj5O45e7/lz+9heyFX5bRL55
+qSHeScVlT2/SLA/jU7B88A5c7okCMwQQAQoAHRYhBOxHhMWwhZqan8X88Bf73L/Z
+ko/0BQJYYlQMAAoJEBf73L/Zko/0z4MP/0gSiszTRDiyYFNn2CYn83seFX26/jiX
+fSQ6nei0pqVX+ezEH7C15G65MFamge6cxRewhWXujS9OBuulOJyA2+HWMm/03G19
+zDqabMug9SwJ0OWFliAHZ+BSE+axXRQxz5e+K9g1tpA2aCqRYgzshxoNx5mb8wIQ
+tTWF+RKaaCZTMTIbXLWxIffWZpbo4SKwJ2if7CfPXqImYHn2fw2OID/x1OXi/l/w
+TedISoxbcv7Qtb4hUQEEv1GmBhfRDU55uZtGheMfaOBqkon+fFBeW9jIs/zJleoN
+ISy/zOm72EiC2xhXAWp7W+AI8jhr6Ia2ucfU9HtO6t8In881W5J9KB//6Rbaf2m9
+07rqHi6kL59jDaeKyiZHW4KgTh6B5zByCDITVtBWumbxFZrYpR/jrrCaOR0TeocO
+yQVrSjln6j4rL6gI4QEPVndjsZzC7OzxcwErv2Q2PQHnHH883myVGo1aAWxGZTWq
+gLxkP/nUeOw56UFGnUzgfy1odJXjJ4G1OePdQQsa04oZpqh1JU6IvYGXdzz45iQQ
+mJit9K+549jyRKzr3DJ4dVLo7CQvkIGayQzmyCsMQ6wjX+aIAuHhU1TJDgaIO3BQ
+kA1es4l6ZxIAGk0xq9t/dFhxcPNAwLNbGm/3RxHznzMsMiE8Tm+y13LVwfgjllL8
+wTkauO59GNHFiQI9BBMBCgAnAhsDBQkB4TOABQsJCAcDBRUKCQgLBRYCAwEAAh4B
+AheABQJYNAZNAAoJEHs8OR7+qTYkQg8P/jjhhTYWr+19M2VVjNqd0s+DeZcVcyrH
+cVMS3SEaHS6cVUfQHVxdyM1XoPRZaNmq4FuP6V5hKz4IC9q6Y6HZb9zXLrMByl4P
+dpo8EpJpfYDibU7TjJohhPjlk9Rs/wLkc193O0dDz+igwF3Phu9lOHjfF7Ii8lxO
+NoxbOv8fwvY12M/R+ZQKEwqBR+ZO2H9XzPFhk9RdSuz4pRU1Z2zZr/dr6iF7hbtz
+pggPkLaBEIl5VV9a4Q6vI0iY++u/wDBAfluTkRp4DbLt4r67hV3uOxeVmWAKf9d5
+/R87PcQZEtIXEA8vIGQaMUegF7lFm4KFaVTeEte2qOFti8coFKTSEch6z2Js9gXf
+ycNKl03s6xaOcEQ4Cjyj/ZDL0X6Az8XLMeddtaoeSHaek1lTs94ws1eWC/hCEWqS
+Ur4gi3OnTh4OgKdRY1vsKijAELKbDvA5XZp3toFw6lYHFIYVUK7mVfPA+cbUI1Ux
+uZSQVkFlo39hc19xuUJ1Ub0xHg1XG0/VOysz+BiqWrqpFxplZOaDuwGb9Y1hgZ6o
+8UFkqypSihof0gQ1A4rXNxgY0p7lcmZojVdiFUgIwB6Xekf3j0clp4+JKF4HK4jk
+ergxG8S1CLqbj7AQjAHFPy9Vj5sVFJ5h/xE0N/okVAzQzWdJXkacMR/1rB77eWk4
+BptLoOzbT903iQIcBBABCgAGBQJZPqeXAAoJEFxY4QYiDQOeWQ4P/jBXAOGzEQSX
+LzSorNo4TLHjQMQUy8h8t3H6Ca2659h0PKk4uoG2ZRrJ1lO7TT3lbqZmYU340s9Y
+xVfwlSEdxVpWkjvx6uecylLktiWLhvPL9Vs/Va0Xlk4WZT8lWG9QvvmvyvUSSlSV
+/tV7MTUtswgtiR9uQBuwArzpctlKKqXNkHLOPvJfu8v9vRi4cL5ugsQH56/76Lvx
+QAb3hZX3bwbc+tOPj8WNnIEp1+R7HKOy+WwBWUTTyPDVNePa6WtpCZpizbfuP9qv
++iATWAqWh0vBQwqNLLUVrtjt8REwidKYbzo+r/Lo4fKqtLZGhpYER/dwS5NWrAd0
+ZunOuzjAMpv8sWhRzePhLmsnoSvAB60Kf7vbNRpQdESx+fhs7KJW6ZNIhjG2O/GP
+aBtUxLRF3BmqQj2WsNMSw7NMCAFUmaDpl3vXWTaW8fSv3JbJAnkH3GPzMxWxRP6B
+XYDnxKew8VIm5cCM8DvX4GZg6j81XeVZztBNCeX+RIEw4j1+zxYG79bT5X9QYxm9
+Avpg+haAtm9nvIApCDeF+ls9SvzCElBpHn61bSgKsEfGdYIwJZLbRMmvUMoYBLsd
+ahOFT7XJnnuV66bC9bL7WHnnr0ITIMZEQlbQCbYWmzjbolc3YxMb6rv5RKTYXrWP
+TOwL1KlwhiVg9GdindmkP/1O4hpBde7jiQI9BBMBCgAnAhsDBQsJCAcDBRUKCQgL
+BRYCAwEAAh4BAheABQJZMedGBQkDwzNaAAoJEHs8OR7+qTYkJB0P/0E2SnWOHGY/
+eoRJmbkqLGYgv7amNaBbF7OolEHyMbaCjACawwX0jQcksOZ7a+FX+CBOWd31SwPE
+oZEnIeZ0o2W60MdOQgXam352J3B5uZAxizsJbfRxhCFiFm6iJyZgKQ1g7es/SRC4
+OvgWfsCcD/UwYM/KespmQ8edGMOTXJqnaM1V+7DKNwO352+WMJ5yPjg53FeiIyhS
+5d478fDM1jfynJ9JWY3/sOP80BUUeuZ+quqhjMVaCQ0XnLO95YTkg58L7WiEgsF1
+g7kXRSERLsD1eP2KeCr5D6vR6U4GdE3J2dOQJoWBcIme+RDrXOG2NIqibi+lP5Zu
+9f+CUbm+U+obv9RzUk6CsBNqX4epkvryAu+BfMrlgLQn3mBByrq8ghH+9mD7Rkyb
+FFTcITE790A2nkw+g//JSI37ZoyzLOYg03vrkQ7K3cA1jO5HPcfEse94iWu6Muk7
+beqf/yHoBHS8UDw64NMQ+b0Iet/22XUCq6gTDGM0RPidDpYqF6icWoaI/fguNA4p
+uk8pn+mnNBW6QAxjxJ3gf8XXO6rKC8B6yRDoy4Fy9YbqQc3TXaaeLBeDkV/JPlL+
++sHUP+Jnaity1fXoFMPZYzrh+ddL6vp+5qng5zZECLTPwxljK+JamDcmPJJW5/F2
+MZ40Ydvn6wCru+nvyYKE3ou2YsGMy7VYiQIcBBABAgAGBQJaoog+AAoJEOVkucJ1
+vdUusgAQAI10vqKvKkfGK27EA0iYNJiufCAzrVKB/bha/+wj5RZEBOAY5LW2z9tP
+MLUgm8eqB3VsVZG8Dtn4cF08d+FEU5XAzEa+ASXs/zF6dVC8MI5463F3/3CiQTGZ
+EmtCsHj84Z15/sE6PTFvyqyx8XNXhjPYRQOALPxXR0nr7KnyFmlGXDXeV4U27wyo
+0iNShtwhtbuOnq58PVmp2bWX906H5uxczxaLMdy5xDeMXTwQdR5hboWgd8BE/wtC
+YFjAA9l0jKbgT9+rftfznsJypa4Vpie5db9ZhaVZ+lUrkQaUPvpELavvLQYnT94X
+3WkUkj9qUaj1h87p60DZ+llMQX6azzRgyc7b0Vc0aeeE1RW7qSAlfJuzI8dqx/MK
+trv/LTX1sOzsnuOtzR+74rmLEQlADtszNHGYUnQ/R6tFG2P/w81chZr1vI6LLnTK
+w7WKtxa9E7VIbLNYdwl5xNT/2ii8R8gLqkoLGZQ20OyXPMBp+rKqPwe03UmObEht
+y91UlcY19pDZVmDhxWirEpl2CZjXigBOSnoLt/6cuCqLQEYzOCDV1C4jZWoRknIy
+xz0a7fm7YsCtvUFzIThJh5ooNsXRWWCiBkRpCZ8xGKBDY5F5NJWlMR51f9thCPa8
+ryJ9aYlGDdvhgrX1Xl7C9CDC7po3IkOgsS6A3hsPgEjxRuSCQx5diF4EEBEIAAYF
+AlqikEYACgkQb+Fd0eNRB2ESVwD/aKsa/RcvevibIqNE1GuKMs52aNZNnk9nPkqm
+0Ue9HbAA/0GDeSVLyVu+Snco/0eaGVjNFcReEFOQ1xLh3CH8/uD9iQIcBBABAgAG
+BQJaopBUAAoJEOzayxYJla2Jm4EQANB1DjGa9SQf67ershwUn9VgdADvkR2OC0W1
+xUfjKhWY544ZYz0BWpA1gAAkjjXQDPLd4jFGnEhV+8nPusNgWrubwjQJKIA2VDJW
+gLBCPtNaKYnxseQHJzSDTMsIbC1LAIxpHOnAKj25npBHyQiMIVOv8lakz8OLSoci
+uUZ73CGYAibgno5xCl1/kROI8pX47NlSBaMDvhG3FhGs/CbdIeCdAMEdn7utVYnb
+K2d/L5aZTP7nNx83GaSWf6KVgdln+WOrXjPxc69q5SiWnJdxA/2o6h9J9bUD2672
+ZgPRI2CNyQCZKDC0GwcVwqyZ4QUjGPQyDQU7NqG2A7DxUZl8jNuWVsG4/CzBsyn2
+6BKQJf55wfd7EJpIGEgJ0QrF/o+4aGWxXUU23R7MtgDhkvxFm5qy+TPsrLP/OZdp
+s9qrfdggk3bVK7kxLQrLRJ/gvHPvxf+v++EJpDYXIFyedcWhUF3ju60U5aHRZr1Y
+XbUwRCS5kzFi1i9MeyzbsElIbBosp9Jt6Gqli7TvfPL+p8EW3GoKM74CnwUjxsHn
+RAOLoh4YpEYOK+XlMTLDLPeciGb3K0Hvne84a6texUds5eKmPOHsstm95CL56TIq
+JFGzsRMPWHgrPH47lVwdd/fYu2glPWWFRnPSXrjYalp4zfkvgTAwWzoPdBcwt1DY
+yssawTSiiQIzBBABCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAlqwOkgACgkQ
+xjiXTWR5LWcegRAAjQhl1nxX0UtxXdlCC7Dw5KwbCDNLgp8OGe5V3shhIb0nxMsH
+efXKk+3o6BcoDUbWlfWYETjH4Omt0i6ZIauX9A8iXIavPX2LAYwJskmxJdWgrASE
+oSnAt389q2YgbNJh9pWNqHng3Ya0mnHm5YkggoMPmmC705f4eU2USS3ZFJ7T8ORK
+mhDdPfN22bmIptXSsTv+M8MEC3rfmrX9dOq9SZjkArjkm4GjFPsPvV6rP+n6rmFx
+kgqJb64J5lxPvDrtS1KBaORaFzIQuxglibqB30xRQxHmnEJMvwda8h8GxLHmkiAM
+gyhGnPNQc0A454/LqM9b1Wi97uOuelDCk3J75TLsrhJwI2p+P+8LDjXKGPKd5n8i
+zy1q/3Mud0qX9w5VecDZnwHyASo8GLOx/GNlG0QPqb8pKyf9Eo3RErYIS7ccTmYT
++tQ8u/uM/CgUIAmxDQOSXqNoi1kSa67On1gemVr9KWk/mhygRMYjumIwTUeB0yGe
+s0tfnnpGHWBGxMqYMV9t2jSHxdPDUKC50WdKxhEGtnqy0LmCglEIGRRthD9+YOds
+SZiC7UPRzzOglJhIWYukDQ8RCENavlvXsp/a7YpEOOWEtUkmesSSKb0NLKBlrtgt
+6qvhixltJIw9P4RdyGvBKuwNUX8jwsXcRrd1QMcZsvUrfsWJgS9jDqf7n2OJARwE
+EAEKAAYFAlr1C3sACgkQsXXPqY8ZKvI+RggAqRtaGLHQutg5u6Y5YqPh2laKNh1f
+dgXoBqODMyNUDpdNojxdb7r8nCl98Wns7isy4CGsmfTI0V9v1kaq32ToX8qYmy+x
+iGQnZTZfWrvcPX4M3N17LYINactTST7knV7F3HHhdOLapSStER23ebvFnwcW81Hw
+qtWXXMSKyyHvmNihbJv3KFkM8+qjP8wGPyG+AH01KFlvzUDQ5/wYXt2N+PuiXqLP
+b40WAKwDYWmS5Oz5qd2GdRh2Vb9dbNTbvLuCcoKMperjGKr2iPs+W7LqvrsMRDYL
+wORA13dttin4Rlfc8vKpPSA8I6JYpIfiSmyFhcNM1Gs+c7fftLGKgNdttIkCHAQQ
+AQIABgUCWvVgHQAKCRCCyTeO08SQavzWEACsIKLs6ae/PwLe8SxEPuhUVyj9ur8T
+ax1LS5NDrG9HscxrDoaI/GxfV6yJ0UE+KEUhQd00DDODT9i8rv/+WQoPosUp+a9W
+KPVc8zY15PYp7+kh/37TnnCLMSvS79v7hraNMSYpWOa2q0bKVHXF9ssrhrL0wlPq
+Eur8apBNXpu5rZg1M5493LBwub5OKck75j6dO1sZcOIMpHQZw+Hag7NR6xDlo0JT
+JehwsMBdljXHmZ2JMKIJbplmQ6EACqP72D+Q9i5XetaFHYnGkzKO9hm3YL1ysln6
+0vdg9C7FLO8JcWil0zE3MkG7yDPvtWC6Ue2EQh5gOtUVMF2JG3sPZnCrEcY/gz4T
+KgHLo10xHCPYeV9ROulyr8rMFBNEmLVSXKcX+/M1v+fcgoURcBjuBFRmUWJPI4dM
+Ah5fDSmm+d2LfETRjd+MQb/vL8wTKrS6BFz0X7/EdaQaooKCIRrTrg9MpNZ3lIaR
+VciufJQ9yTAYWPLRhliENospw8pOGTKzodIKeSHuw6lXFXeJ52+YXtSYrGmmhxuK
+mrNnzZT1dBuUKOtwdcMj8s6/xckFjKVF7K/xGcXRRDADMAjlXz82x/giJd1AOPH+
+gROgxrao4B9b+C6aa0fBoKIRFQ3GrMFcjrypBIA8KhY5A6RDbHx35ls900y48pg9
+1icMJ3XdvT9iYokCHAQQAQIABgUCWv1sswAKCRDoZ13uy+7Oo8CyEAC0RrqjeeOz
+X9o2uOKK/Evcv2P/S3FvfTn4vlN56a9y9Onw3F4dxWxhfmyD+ByfgypIQZFq8sM2
+0Ezep/tkfpXdA1Q587iQLBPVB5ZdDnWXd6uNc02dInxIRBw8r9B9j6nvvbJycG94
+OVETRjxasaCv0fxq4RoxQMvtrJmQ4sHkJ1drFMl7OljnJySSdOHZvqNW6JO4jwqT
+8xfH/EQVe3seAG5psUzR5kzKYSlGxLycNkC/znz1Wz22pGvaXySjChSIHAWU7fI7
+/Tx4gjovs15I6SbD12KJLm2YWgMNYYT4fX+FwHJRNHA5bpoUwplvM/HS4PPnrD5Y
+xn9+0EaB9MfmR37591VjUHOenx4eOJgIpZvO3yL43y0zgaNvxiNNVMhX7ZvnTTXr
+qx0gY8BVMFewlrZEslwbPmPj5V+yDkZhKrTbbQY1G/93L2Chaf8h1Prf8wU5jyoP
+yOiOOHywxE/SeBWhs2A9bf4vlnn+JmSM53BrULwZAH4q7L/ipPpZrdR2Ez08sGO8
+OzZAyPL2SgGUmS2pUOq70oLrmgdT2pihURFJWrK/sH9EjceqWvlAvJHLfsBNMJTC
+BeltQ4LUX9cJ7T+gebc98RQVWxhnHdqVIMEgfLQm8DGyWC26RQfidi9aSCijtlvi
+ibjs2PsQi7BOIMh+XiFS6XlOeO6f9awoW4kCHAQQAQoABgUCWvx/JgAKCRAFLzZw
+GNXD2MA/D/4gA1kj26qu9To0A+ZGtN8SxzV3r9L5Q/czYM+gG8gibIQTzzT4kD5T
+Hh1ZF/Wa8PgVuV9it7FBScuWz1iPtjgUK5WM0D3fy9LsQSd7P6JUiSWO1saq4Jkv
+bFDyslAz5J42/1BHmExG7ZH+CTLCyLPsKbde+omIqO1ksrelEB/fvBhtB3PeGsxN
+ViFnRNAGeAvM9czYQM8UYtzM6dgjiOFl+jRwQbQA0MQ09rEpllbVfjN1FODN2+nD
+Ty0vLs+RbFIYbVkIkhDmHMKlsRBlEdyjN6kuTUtY+afxxS4K2bzlMIO/WYsxcSvk
+KHFMEfCfDdZtzOV5YMLnGztpASpk05Kd2viDaqEDYdHboKfl/Qi7NAVOmK+/Aweq
+TT/BAWvKzWOG1Hn2zXpxey8CSWi/6jeME6GGgN4fQM+BDzY0weGrPvNxJkbT4j/j
+eIJJ2iRTmQzNbU1ay4892HUtzdrkas8nxobgmm68lgGBE0LQERNJthWSZQHRBTRB
+Ut9VRCll7ZSkoJQqgkdiNBQAJssNbHYJv5Hf8gogZ4Gv4EvhNTw/ETsLyyEXWv/l
+BLjzxiaBsoe5REAhaFvEKbKTZKCjdP8q5t3E/x3czzX7QDdNbeXnXWynSMmfz06g
+QySY9bcLDQer9vmvplOQwXFj3VeJBrr8h7AUb4/8BNoJRTaIXu1KHIkCMwQQAQgA
+HRYhBG+hs+P5oYzcvmos9Up7579w3pufBQJcNLpTAAoJEEp7579w3pufKYoQAIzm
+0nzU2hMRfNvbFPc4Hil9HCwhrBLYUPX4xx4ahO2t+bSiBb1X8+6HVIJSqlHrAVHn
+s6UB0NyC5hH0pgths8yI8Dbibc9i0N9Kni4zkH8IwchlrQWrlWqiUG9VdbMiaGEo
+Q9AEVDtfvyQt148WkUEQrA3G17ODBfZg9qPiE/tJDMo3f2wHaVf3HY72UPNNLhM+
+uet4lcleqLmVKzi9/3HGTklbduxEBuIC7joYkvybAAd9nT2lxu5rffxWChe0oCs5
+lOMUY+E6sZS2ZcmkJgl2rY1V23w7VkqV9wfD2Z/YPSYah4mn9pBzFljR28mdOSV3
+YONPzRvqK/S0/eWRA6OTGRTn1Q6ErJ17NC623UiGiFBUC+W/fBvKlF+YKYrh7T2O
+o50CaZX5KyqRXjZAeicOaIVJwOl+m9xHGhKW3/MwrGUvSk74YH+XY05KFZDbTeBW
+B5GmoN4oDK9tuMv8Isvyqbkq4sShuT3Y7+TutlFCtjtUW2BnEA4F1n67mMZOUdik
+ZlPvDRl9bWkp+7KMXJ35kZfzuVsyBi1lib209c+oWZfX+BpwdbVaHDmuE+ALLTEs
+LWIPO8PWDNzJ5hbeWbVH8Z0AMHv0jR2HWYcy2d3eM1M9meOYBHcbnL40YfWn0Sua
+fJcExLmgLKsgq6SIIzpbnc9w3L0Ggy2+wSxrPpNOiQIzBBABCgAdFiEEKrynSY2D
+4dMtUdO1q0gApi259zoFAlr8QtEACgkQq0gApi259zp/yhAAkpROYw7S1xhVj4VD
+R0mNq95A1X+p06gfV0hh/3tBeQnJfh0V52x190qIp21f9pPsbe07B6qVird3EVJA
+lXzDK4gDaqahvIDUVxS0ci8G40bU/OFkuNpaPv+M3TqeCMFyFIrNoLDgA25iimPx
+h6S+sfU0LdACaG/U0bB9ZoeOFbi1XhsJlKYTRgmcaNjTKyykqtrEgvozvHk7IIM8
+T5/UQtmDMQyl3JI/NafU/3UkjG/k+6X6EvurVF0o87SfZ3eoPjGkR37B+FoTmbUR
+8VxDYWAACPLOlb+MPqOamthc3xlApfz/iC2I6d9jZ64ugo2UgGLy0M3xSBkIsZxe
+p7OzAIJ0VqY6hwUuq8GZgE+UdjpBUbUdGkzRMnP9duJekZRyQCh02jYyZrT5sQa8
+uAXHNvG7MmmkbVnlN6iHYrUb6ulwWRek+HHMNbIV+uTmDJ5yg08IqilpVsNVhVt9
+ULVGT5gmRNfniPOkAuh8MvXRt5//B+MDUKLZi1W0A6B29BoSl4r8OYQyZBI4I3YX
+ehZ+0JXIlpdI/zHW4Da23oc2r2myyx+Hd2Nbj+r0FmvZL6h9tuJl0DH7PAwopiGq
+30yZ7a3gWwGzCE6zTc+I95sUyUKHroHHLYSsnOZoa9yeC/uYak2x1604nmKC2tz+
+PWPrHpez0lOoHIrWBn9JIu8vpx+JAjMEEAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf
+3G3AJgUCXDez/QAKCRCJcvTf3G3AJupXD/9OcNBf1G8oijSBb68QyrjZTrmHYdY1
+oODEiICbnF6+UhzPStU4t98ovv40gmh++iy/95OsqN+WYwalMosIZtN7l2WdMfiJ
+xukchv44OfbBgR3dk7duyQf6/J0FckTz/SzvNlOQbolwtxf9w8NKHIGiCZl5Ey9C
+1fUIGFyJGg4eIAnwD2ncBfrbDfI5q5yrP34e21q9x1uWIgf/npdPIlw/MZeFug32
+5TdQyPpghALo2bwVHSV2mW+XoEFmeUCIXPKiKgh0pE9rv3xhANdD/MlN/GlSXcGY
+N/wGXoBO2Fpub/D0nWPLO7//7QpVPL+WXxEUmz94Pmoyjnvop0jC8hySDTXzsPsZ
+AcM07xLPyTP2fhy8fgRY7PxbGGXwvTT7eiLNB62cQSpqo4TSHMdS1L3f9NHGQlcg
+da/BUlvMDYG0/b6RZiGn64L9xnC2UMz1407ejDqgsgp0Z4FiiRrxF+FCKHh0r5k6
+wvMSzj8dUpTyCEzn1T6hK7dZBWmlgTE9s1eqNO0HT2F5uZUDwKmVMgqS1YdQoP8K
+W+EpHQxCL7NctZpFfwT+93c8YPd4rxHYyaZZFmGsjOy2qNanu+e90CY28p6v+F65
+cuVgjEAHa+dw1Hl+Jh+0/fLvjp0Nt3QRp6ZsjiRsON6j33GDgWasixOh818bKxv9
+LS0PSiolaEbT6YkCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYh
+BEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJb9ysNBQkGiHchAAoJEHs8OR7+qTYkMxsP
+/j04JSrxfoScV3vpRoTaXWitQCS387w7/2x/xXpWolH78p8uRpxLveGMug5NzDcw
+rzjlGSGDGANInxmcwbF13nJQlzJm+TlbsEW/zQOyfaGaI6w5nBfOJICojWQxk6p6
+9eQ6QcDDqNE3upH9Oz4w3NmdO1Sp+CjsUxonUjhs7ydi/lhG4i6prIhGRKB8gLOn
+VX3zBRH1ZVFCT+tog94QuQYSgTo5zOsIaLWGtAonhMNjEQI5Eg90A26M+axfsQPj
+dzh8KNMSu9mxuyzdpUtvG9UBdyeIOYeuGWGOrx8WdeVj413jM5HsJ4dfBBgQV4vI
+CO0ht66h2w1W/hL4tEUG5VLgyRDWjVS+Qy4a7z7UkcgySeX+tgbPRfmWr+zXWEX4
+LCmjoTqZqZAngUHDluHLWBRbwRdyaCsBYdEzq69wx01DgbHItl0EGo/ROllOS8rQ
+3RbQZINAms2OBHuGbbz5JVZsc2D+VdzIk0vJHCeewgstvXp7Nz/RSiePEvQcaefS
+WbKttxnEKNYRxkb+qax1AKLlPA/SZF7d12j9/EL3tK7Zjx7Cr5P5WvMZEGYZM9fo
+RWuEg+UVwhln0g0zq9KzNS84hSCqefV+gIPN20hSBcg5rXVDdmJKogomZgn2s4kx
+pp7G3Nq/hcedkjHYWr/3+j9hM2ZmwMcE4FAxY7qQ4H58iQIcBBABAgAGBQJcWdP6
+AAoJEPu3V2unywtrZcsP/RuYnNXjzJvAt1eSmkG6d0AjspYZZ6CrzbeMtsURiXE7
+saQ0pYWKh77jyvOpIrAH+y6OvjuYJrYmnmO+kVYztK1kJ708yUViXwa998mw+wst
+QluOlXmRstHOZ+M1fLJAZG3hmavnIlgQ8Xw5be8xJCaPvGGHMvzncPHxYDQp4Wks
+B1O6zqI09LJPvos2yiocwDgeOo8TUGMFSz24ifTV8iML6Om0BTJ4E4jJrS3ptmk9
+pzsghmWRTXMmqY2hRxqwM05fBKkUir+Cvacc9OOS6/Tg25LwWhrvnnQp1vq5pMuC
+9dyPArQREJX7tRV4KVd+bIhC4IWlQolICCIchxdmd70zmVJZmpCkzouGfuGgpRnY
+gap0JPFelJecobkWCPlUhnsRGxyUGyqdTaZilUVqvAQ/jlUu8S00Fxe/RMAvDEcr
++snQHb52tCRpEGcVfZNXZ0rZtxq0ezHhPA4RhP6KFf7OlbFaAyw7o9R81T1OKamB
+P1blrIvp+sgOVFJV38tdX8wE1zuEx4JQmgepbgb8PuYgF5EedGneGw5eqX9I0ptZ
+VME3HV1+V+bXh9POCHSfgsWXs3+jypJHYR20X+wxo/4qjjVcii1WfSIjcF9WLUZK
+ERGAl2fMDxz/nGos04tQbY54tViPO3NbKQVvpmhQZlioNLYkW+c4UHPFvzrNuWTi
+iQJOBBMBCgA4AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEESIC4yb0OUQb8
+Bw9Pezw5Hv6pNiQFAl3b21cACgkQezw5Hv6pNiR4cA/+NGtaefSYNjG5xzJ8JMFG
+iuZiYuatZRcHyihXB09Ir97Pd/3buj7+0AWPSlM48GyILU0fWF+W62Ty7UvW3bXR
+DPx3HG3G8yv2/JnWLFOcPVhKhg6jPomA92rZEwxlVKq7rd4jApRfHXPb7yq8hPE8
+A00ZbasZxeShsjJyScjpZieKT9pnV3q/xj43kaEHrJGKzAPRxU4bmv/mnQlCLGa+
+FEPvDMLtHSPIwsIM+waS5pc5xmsbW9A7zz8QTnidvBpQ5Nf5+XEdGg59hgs1VUGs
+2YM50rby0JyMHtCE6xf9ohhajzVsV1WEppfLDFZ8pBmPbdkAOE7CBgBQm+cN6z8w
+1/MDDOMYJLGHqdN8tQxRCsB/qtFuU3OfABrkKeeOz5k9V8Ov3FRlVqCfBGckzGrb
+MxypOfbruu9ZFpLqAei73fljlstY4/TL39lUKh3sMYsgpKgfrWrmW5QLELNFiYW4
+R4vRwqySSPa2FT/D6RrCQ34QErSgrCdPNp32SfvB0pGKggDsVqJAwXu7o0mQN+Jk
+aEQFL0CY38efpdUQMHq5uloW5r/fhtWY7mAY2CRd5q3O9Ri01MD1nnck54OprzN1
+RA1zeTmMDipopsm6LQS3sXgvxoGpBjg0yh4aCWgxAgykFyqAKylu2hqvS+43x6gv
+qUfNy8OrigNh1L2C1HDsgH2JAjMEEAEKAB0WIQT7zahVjp3ueCuzqh+87WHgS+8q
+sQUCX8gergAKCRC87WHgS+8qsY1OEACEcNWSg9SZAm5v08+fD/speMUVWb3UMEDF
+feCBqWAp7pkNgTR7TRn5tojHhLuPfNsraRuXus7c5tv0uKytiRV0pcUKhChbgbqS
+S2HDFQqCLoLm8tu+34cA5iQIEfyb+68hiUOy6c6gPHtYh0750G5Nb9AP8uVlWax3
+uRtBQpMdvlrJwOnuyGM2iWk5dU9HHcCFIJo5bcYvXzoYu/wXVo1yRN2ppEu1cECW
+5FlTPzO7dt4ZG392fWJL/t6b5+oeW1TCxzC+Xl0qdHh7b/wH965VaMOqevaokfOn
+0PTJQ32oO+CumXQchAUENwz0NcJgJb/44hUmeSXn+Ppz2lJ5SyAEOxsIrtMrjQp0
+F++HvGTX6cmfBfASyh1yseqhSUAztgXT7F0b5YiV/Dc7a1bKjnFwsgwPaRLLRBXo
+uWuAAy0yimRDlEv7tz1H20PVYaOdJSXXfCW3owzgs6RFJHDcuOfe9fkVmZX4IPUQ
++SIUiHVeT5inD+/mg6U8kyBVSbiNJsK2ADO9JRkV+C1JjtffXNNRazs8pQAFtJ8r
+sxSi/LH5y2rc5kOPdaJz/yFEz+lD5cbQqRON69wHR6Qbg+TtEVMQHywDbPXUvVEc
+e5mysybhjFuR2LzvKDTKOXwgzcQhtDb0S7DLAr+3Y13xjAHphwAW0/YVbhy4skey
+kwEvGCvJSLQxQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlzdGlhbi5icmF1bmVyQG1h
+aWxib3gub3JnPokCPQQTAQoAJwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUC
+WhWqBAUJBKb2FgAKCRB7PDke/qk2JFQaD/0R7NB4CcgxIWGeeSrm0efqtlZudCvp
+uKnViswl8tsHXIDPuEMTNXkSrWNheH6GAK2ftxT2CnSC+6kgoLe5v1WvPUmQUDh0
+AppxadDUBrunG/Cp/mspmV1NjmfpBDjtqK03dyKoXqpU3bQGG35HZceOwtrdCfCy
+W2NF39rdEXV/ED2Nxr5iJRP5T12Psy06hutGahw1gwnGD8n1gPAUyr6bb2h4RXa9
+Tc9ldn7YCfCUDVUCICbZCam3TefT+o2S6WBOywsM47O+ir1t3KLKuwojsgSMLZkV
+mqSo8F4TVibTMQAqTb2UYF4gjG4+tx8OxdjLKgR0TV/cKxGXxlooCFSXau3BmObc
+6UbSv5hPh0xEbnmHQeWpKgT8Rdc01wmOHw4+6WSnCYPqxmCrQ04Ue4WpQ+1GlbeS
+yZkoL3s9OEzr5kRScWBbK8ZzgOAscDfKVYPy6xvh98RBLyt1enPo7iQrf13FILI3
+8lqKfH3n6wKCuBtfTXfh+H4MGRXTsenoA7ExD/fBe0/RFZUyAdcydbgzF+YDXknf
+D0vGmtl+AEjM0PFpGiSFFcAtQtWBU96jGZCMVbW7+fL3MQVd5XwkpSSfKWvxOmly
+MeMfjsna4VwOb8B1aJ3+NKnipDYVDm36H3fMIKI45+V6rYrnUlwuxa80R2GvtApo
+O9woNvFw6gkPA4kCHAQQAQIABgUCV4YPPwAKCRDYxyWEGqLzldmZD/97DXt9riwu
+wJJKgX0zyyalhN+r8Ep1uY4m7kIlMp2QMHbNd2L+cFvncpXlkgrWvC7llbEgh2fw
+nw8w4SOuDsZ8+a8mM9FrnggQxJY6w64cDK+9iidIupKdVrK5Q6AV9odJG6rdkD4w
+wCY8r9CVqETAhcSLWKup6sKerr+Kbwwrmd42/EIAIuU2+FO0I0opz1dNHTep3KfH
++4wE6dpqrsA+QVltRvDTk8KwN5syL2di7qaiHq/ppUiK8ReAsZ7bqdQ4noyc49kp
+FDab8xaXxzJy7Ejapkwb8oLS+pJIZ+tD8warx0xMo3Jb5MR6fqo3zfC3SZ6tSKnq
+mmq/amenTTChdKK19ViA7Lseq8tCCdIvXcq0Umh/5N6JJDvy1R7sRt3iMcp3LF5h
+AYx2Y7L4x1P2sLoG7FxNesbkbwvIWv0is/xmYc9yC8DpSurGFEGMqXd5mxDnzuZE
+fjOWMIxXKw34GHrerfeM1beB1EHbds9FZ5yLxYZGj75x8icGKBmVx4j7lpWkpWSS
+UUnpnxaDr2ibEnx9aToKdxk/kV3Z3CWzDSp16jOnE5Xklapamd7+XH5klgbzOgHk
+tXcpscZs3YC8z71AmmwN4EokYdYgDtLXWQVQ97GE8rXO4HI5W29spn4VDTFJiHoJ
+xiZUbzGsNG7L6EUPalhd2qAua0Mtff5CE4kCHAQQAQgABgUCV4PEHgAKCRAIw+qn
+bsSODB+OEACNEmqS4GCjduzPImUBo5gQ5Jc8P+2JrCCtosc5Skawacjx9DlyHE2z
+yS65R7KS5sbQMfeHeCrMFSrJim9HkMdomhS2IEp5FYkulKPZfblk//1wa1oAXGL6
+HWvxTQTnJsXCCaXJ3KUQ2Sq+ifkaMgbohbtfeef8ochrv8N37T6kmSuHgnf7yDIo
+rxs6vQBjVKg+kBSGFAX/pOrKe7YMHBHTrEOAb7P51pbZmHE8hCl2GBOgkzo5Wv5j
+DfEbJHJKDN2sVYQOCLwyTR6Vlo1F4u/7Tmb0mUhv/qozGSzTulI8zy1dOb25uUE3
+X+/CngnRt5oE4iQg6mCAmRZnXX4JQQ/MPudQGuZDJafrKFrEJ2XG3/rZlee5Le3B
+oIWrR1ztiNe5tDOIIPVRXckVcG2AaZFAv+ap6pdTdYUaDEO7FnKlcgfJvAYeBtYK
+QU38c6Ibf2AITnAv8ZShBOatolhXOOKkXcQO8eNRicYphC1OYiHSfI8jbPsY9RKG
+1ZiGODrcQ3pE6wjUOWj/6qRSPEdW+xuILHFxccMX6MJAJHSJsAOagCCP2W0P4bI2
+BbpMMYTuoI85FMVyy3TpI+nDtutUiB2tYQE2V2ghhxweSNzmQZmUYD8vgwbY3Y7d
+mZ1Cij4BOL4eiGGaEcux7K/kViPanZ31R8E8Bt/5h1bighCkZzTsoYkCPQQTAQoA
+JwUCV3em/gIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRB7PDke
+/qk2JKlAEADZHCn81KBK/sUvM4GEID8Fexn3wMf5GzWH80HjtNvBhEEztb9jsB30
+3upgM4E0MI8ktGiPZDbDiaA7zbRwadLdwtCkwGOyR2NhvIpQemq1B8RRZ1hxJqXO
+7ITwCKi4AwkN9JzEWOaAVGXnWxhbCH5c5yUWk0dg8rBf7CRrp52JHAN/Y4Q4TG0K
+rGQyhxkk84zYzKO9ylIqBJgOCvYn0IOOrtU47XPFws/Ma+FCp9ZG+RD0bkA3kIcf
+KCCqmgj6HaWHcmByOda91mtUpz6nnghUH2Wz8si0z9mtk6F+rd9YlJ8NyHQ6RbSf
+DbSKJ24eL++BOlh7Z1QGvOYvdJjfaLKEp0Kh5v5nG7Ggp0AHVG2n54KOROIkKrJ0
+BKkvgXxa30Dh02tth/mgfEOipSziGU5fkVNsNaVsPSsonn/vTeRtuvMQ/91aBH6B
+/N7nu5VdQeqwYhN1KWR4A+ffSrgORElolkMScJphA5HdknIF0EEH58pge6+lR1Cn
+mTt8dkOiT7psTFIrrbhP+STXRzGh2pJHpxIB5tQA4sMIDun5RzC5s30JsUfj6tn+
+nCDBQIUzxvBI+u0VaBv8jk0S5tus51NPxzoht3+pgenosOd5sBMgnsHkrQX9LR+X
+xvogWL/kHEP+39JeApH/sgap/w0fM1XgCdlP2egyvOOJMEmzfjnmXokCQAQTAQoA
+KgIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCV8rDbwIZAQAKCRB7
+PDke/qk2JKsSD/9RGyinXXCqBmvlbP+ghyKmu4/RaIFlZGz3BmWnRtTGmABH7XYh
+th+LSX4LkVWT8oSjXnGeOHw1M1g6iIauN/mHXumSeddaSO/NIWKRiOVh9gydYxnG
+S8UqXPxARUh7I+wve3eISIArN3HaiFlrSy1ObfWRDdQcyBWLatWNkzGVPpwH50rx
+BH5PYSc7yM5FxcbigIMRF7lKvo643ut3NNbomu4bF8JRIZMem2Nrc9Hcpy56F2+9
+oLM0LHMw1Yp+P+gycDqJZoM1dHDvyR35iIbSGphBo4B9a6/9cDqM+E4JBL06MbDx
+4C/C0hLI1oitCDJJ0gW+HNN9wBTJWhFFJFQqtvenOjDx5vsLywv9cZqGZJXxqNOd
+/fXQYRBEkfep+WJ+nqdyypcXuG60naqltuNDwUGFb63uE2d9Tp9dxzkpB7OjFm2Q
+R8VbDee7kLZkE4YNXhKHpS0qhjXYaKZk5R5YGlWXQ0+6sYZ4pItZRfGilfeqAWMJ
+kH2pHpG/oxfqYt/peiFqrIYE0ftieslc/fmZvJHt7/jmJpZJCdwUIuRRjKmxhDWJ
+v0t6Ht/y54euff5Z0OaitJpYQradtgtg6YN984XapZK9HUfwcCf3nKV+/CtafP5C
+Ds6lx67dEOoLPduEE4ZqL9DrT1ezdLjdqsPDWHBAmjcI5lXYUaFZYcLQeokCMwQQ
+AQoAHRYhBOxHhMWwhZqan8X88Bf73L/Zko/0BQJYYlQLAAoJEBf73L/Zko/00/kP
+/ApdrTdK6A4CTlNfPfSZGskA5QSrMnAFus+6Fpe12v5EEFlv3ycyR7DQWy4Sgz1U
+S7Ot5C2qJKwgguy9bEjo729qb2rgbDIoMiDvs1dup7tCWvRdzxYeCe6qDFBLa14J
+yEug8lexZE2T7sihEHX3BXAoNgI77oR2ZdYam2NslLWAc0e5mkv1llfU+e4xiRBd
+lynBGszr4yLtbJ0QCXljBgTQlRcxSnrILEYP0F6AtQjuok8q++lxo+ECum2GyNcR
+0swoVtLPQhyHi0df7BXLcm7d0jteISKKPd1dNsfYUrI1ou7o/XMm3Sb62F8kZRd5
+GrC6fk1mE9kocrS0pPiRCPeQKrWX4JQ1ZlRz/bK5d1GSYI86hrifimJIw3ufjv0m
+kzZBji39RzqjaEpYa+ofQ17HFLgui/hEXKp4bisR4vuDISuKGs9k42//sUsCEDhL
+hIMS49iCL1DUKfDzMuXQcUDMgXSYk5SwmIFdM9331/sR+GigV2CTH1bEBOlaBumZ
+UCnguV3lz5TMHF0chFSUhnDrOZYydPfkjrxp5uNyWgDfLddcc0E8sbqungdkd1Ur
+nSGJBNtq3Cb2hvK2Cy55Q5x0o6Bh+7zNjSdUfpDTDas9LXh0N+OXwX3NY8hCrU0p
+0v8zmsp2YmrT2xa3xSjctNP0jwrodgsmNAbR4u7KygUxiQI9BBMBCgAnAhsDBQkB
+4TOABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJXzbJDAAoJEHs8OR7+qTYkrxsQ
+AK6tP7EHcVW/d8v3VZw3ehNlJDBtbuEukHSkkzo91mtv1vSyrIBQbiGfzbpS424q
+Meb6/SAz7mjF8zo54AV4ir1WkOSnEn2FGmljCG3GlTqzOsvpYAKJm7Zg5CZqPmos
+8PoujGyOOg/mERMnx8H6tVNqRWBS9NHO/Q6ZqQK2UBu3K10+8x+dkN8DxX6ck0sY
+C9vU5r0XmHBLS7kz898EGPITQkigBXR0KahFq8QYsFh/j/dR2N9AHzrE4arBsnqq
+MPjzSSr5Ir9oczRKBFS6czFQBpwVvNUsaDnW4ybZFtpiHEKGA/vq2IkI8P4VW/tp
+FTAQjw1OcBD6t5V5bCZHWGBtrArrUGPOZzsrgijyJ3qGbj8smaUt5XYRdiMopXJD
+qGT/MnHVK+vldmbjx9QWHWI+X2uDlw9gGTkz2yaboyCrrBCDPemi/ozvNRj9LN2c
+Z8pkvR9HQQmzdWdiacsvHdXaMqp38S3oihTg135p8v+z8FThIsTZfOnrQ0kE1ABC
+Y09SipWFjbsvjoVCNsPg/+LnyxzLv3iFpQEgKuPfw44NRCrSRTEkBWsN5PzEaD5N
+RmSiyUOoYzpjsjmjmcip2SA9xgIgxXMYSgUSr/CSe2Ndan75jI2RYkyIZwBC8dOb
++XWaSbSBO0rcY3Ys4C5V/d8LgrjgXe49tzf1XCYjCnE0iQIcBBABCgAGBQJZPqeX
+AAoJEFxY4QYiDQOezEwP/i90hkTwCy12W8ISfg6teOuMZ/GfOOcYdEYuKRJN1IlH
+o3N7SJlJ0344PNwXZl8+yX6pCAqDUQYoIrRy50kOojWppwFo759hpj/Jdq/i8SEi
+j23pd46HABPQ7nyD5a3GDnDAIv12JGzoJi6d/SGOYJ/4wgP/7w4E28BKhxL+FKcz
+Mn3NxDtgpLfo7zJCj1Y2T7WOresSJiv2kMS8gUenSBDIEcH+ApFsVppNekbBCODv
+Hsw7+ioQFMlh3oWRyAmioXxwzi8jC1n0lmQqMRc6vS3DEGcaFUH4P9bCwwf7vz+M
+3MZRIFPDwQ9tHPqmr2Ayhs9xpMwUKX0UKs0c/jaU/uExeLMia3wRU8Dn5lv1JHPK
+WjVSx6ldw2sEH9q/03CTsszwht9K1LiQBlpLpF0BEAt+7QeXDjWuyYWP7N59Jc/c
+9cbHV2NtSifjlu178ux+8Un7iOYKvVHJ4taCGZx+OBnNmw4rYolz4p6yI1jreIXC
+LACt5ZMhkR5xL1SwbdtcyL111voaWPz5bA3ZiT2pzi06n/qvK58jTNzulC/Gjjfs
++6f+2G+Or1/GqJ8yLDxP74ZR/VmveCh8eKFmqJalNqX3eKoIxVi29ny42SHtghxD
+lOaP+L9irGubFSHCXIovW9/Jd1qfRGO7RTt9PCKSEjD61rj1JRm+TeT9wa4iFpCj
+iQI9BBMBCgAnAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJZMedGBQkDwzNa
+AAoJEHs8OR7+qTYknogQANDDkAhlyoBVGYANWcVnmNqKLnneMenf4GvbOv37PSRK
+GMiAdr9HAHsWM0ycwdI3+x0blZR5HZrvfHiMxmwsN0s7UQV+yJPIsFv/jPGO5yIZ
+Q3lVXudWufnxsrt+nttdMEE/3/Si91BpVIMF574DF+1E5u6OzmApYYjkFXFmLO/x
+Q20H+JDKB0aSOyjR4jMclcvckrxqnnMEgbe+pcMQCZ+B1Z7J6uHjXo6MbM8tnLQh
+hc8g20nkPYSqqnWABt/euP48/QcC3QbZ5/x5sDXM2fhAju/T/XCJuPivxFqU5HbZ
+zWSyWHePZVWKXvQqY0DQ7PUx0Y3U7Izr16fHopLomhG7g+REiyAhNNXHVnG2hYuq
+TE+oTcLMuqnxE4qxrDrEcNEAo4rmcOSBpM3bkacjtQIhJhs3cQbtVwLGhcYLwvC1
+ZAL4nuauCOD+bMhqlNYm1s8/05Dpn2K8nrTr4Ry7jS4ayLc/8rACyTWaenA2EIlM
+hOO6a02KRSR+NB3K17RGpTClW0SC8STWRYubz/TrDBlJu5zFDVCwo3vb8hfLEdz4
+qzL6+WwU4nhXbyehJlEX2BCbXK1Fm/hxCvyWBLoaL9XMWb7to3XvmEJd9o8HmqSi
+p7Dxerem3J2sOlInr6L2jzHrSgrO6Z9syDkjM2eKit5+vTnelTNEdXGUEPOXsm6n
+iQEcBBABAgAGBQJaom7oAAoJEBX5dcGyaSFb+vQIAK/fYBtof4XuquQE9YjYn5aq
+4AdcAqldRN2dHHgUWbGSrInXD0OOtAXHGtLX50uEE4TtVXhNg38IskEuuNwInpZ9
+Q/zGgwLNzSpr8VFJt+FbXqS1MULzuyH2mOi/GCl3CMi7/K1sI8SliCKjd8jUeRwh
+HmYlLHCt2aA9ZGaGUInh49YY76RifK3TwkuOqFQBJ4jKBpAm7tVzXpPtThr5w41G
+IAWyo05h9IvhVTgx4rpFinpYAx6AzyxEJNeqaLiEeRskFAVtxELieFX88J5yEXYb
+1ZNabliymnkmtReYPnpo5f0bd20CnmL2WQqtoP/g/ycNZUBDleQNEpxKahTGrDGJ
+AhwEEAEIAAYFAlqiaooACgkQxoyJPD2mOwKahw//Y7VOauSJ/aZqX5G6rj/hehJc
+k5vtMi+elpsfQiIdrZdhHqLGhsJYAM41EmNhtp6ZLiCmhGZCXVcjUCzy56m+NRrV
+TU/IbXol2STNoNKIZUUoz2tgbghm46NYX8GIwcBL9vLHYhqAwveA7/qSdTmW4+KR
+Y3SHFBIVD5jgB9/vhn+SKDspCcP6Uk2w317O04gSYHFoU8pMkMj96v9Afn/KoYQo
+EMqJRB/yLMruNVaz+PiImZnPlpujaJhY5VDJQKwslt3PDHRYaWQdfW3TXjbM6kAW
+Lx0Yuwg6g+8oxhpcJbwxYo8E54GTVBVI63dfsQz468sCi0jhe/e6EXbVOYlUfKkX
++sp6VcJHp0rjfA8S3b5wtXiacTvNlz9sve4/tjZL323Nav7PbFvtnjlE3nHu77Fr
+ojrbvOHKNnH2aUjiI1DN168Tst2/cz/0NCBqbij12PEXwSQCoFSmLAYJC5ja1C4V
+9Fd3+Is0V93p+FqSwjKN1jOUo7QJf2jBXkqWuoTmI29ZiXyOxipeOGYoUUSKcNuW
+YsVbO2y/Gb7MiZFztzQUYlNjFA46Stwdp+JfZMa8jyfZJW/Nxecik6f4kWpdczGI
+N2bnFyQYRv5u93GuE7liP2T/OiMHQuiBvjrMfGR/AFxwU+87uk0Bt7DdhCkqoLGg
+lzcspw8xlsZFHQDFb+KJARwEEAECAAYFAlqiaOEACgkQbDc/V48coGe8wAf/VAA4
+ou5veZFk5PKZ1D5AVEtx7G3dZCqzk+nWWjIHC27UFwfSdcIecdcl5Nw2+1zudlDx
+fjblR/848awoaz92P8/KReKpS/qI3gpLBSxha7cdLmeJJlVHFhwey6QMhC33QTcr
+g/CtWjd3TJ+fXQOTqndQyu2BO+40Kwq9Q5ARIrG78U6eAg5G+4sX/bdkrEo8CWbR
+V3Qc65Mii4Gr7urTXQX5PNRi0rIf6wop3sRpN37VXDq3Z8blL20Lz4MXBccxgiL5
+qQcmAKDPE/cIW12lr6CCX8tL2xAl6u9oZQK0P9r2Fxa0aX85GtGxOqJwsojmdsLh
+M06rHW9J5N/uAmvZa4kCHAQQAQgABgUCWqJlsgAKCRCsmD61v2vLqcb3EACvMLsN
+nRe/LsMDU41PNpHlvkRmJKO5okLmXKwoTV0EY7opTODqlM4HD/iY/6oJ/A6hEFIV
+jgnlzJlH/ep9SgATnIf1hl6Dp3X6g3aIQDO4jgruljwDTs6rKm0KQdGdM3DrPh2h
+djmNBsslEfsM7CL7aAaPfvbPnjWJwkve8ooUothOv+r//AFGgguA+YMhcgT89UbP
+FDN2O+5JrxTovOyUCDb1hzZQKM31Nl8WzT00M39fSz0HKRZdT9V56Sg6041ySXvM
+y8MOEUU4jGwMXFNF872DkOl771FiPr4O7fvqCGmHp1OLTQim0s/iIsE8BOfvWfXm
++CmQiKowDFjBZg699I0BuhGn6TkLjLhdiqZCNXTnf0djt2ufQKwT5KYtFE0GpZp0
+uPQj7FfNR461BSjzCFq8yo+E+ecpoiBvQyvJg9J9qZc0KBbJu+kB+6hzUOGVlsqE
+bQFLIzZAl+fnjoD7y0FHSvwiL25BMqIPCSu/aB3kFE6QgQ9oVi8LD85NJ6oxTxsk
+oz6/6z1nWYxl7eJ5cbzNsDu08mUOaRsDNZB0K/15HVHyujYchmh83WA+kKQ4zzm7
+0mW7ZaHhBo+a1DZOVe8zppa+NxX3ehw6J200f7wDr8p/J3VdSDGTaFftGYzC+/F0
+CqRhpYEqBw+kXDiLk0x/1vKfxJvlutXLPXCmYIkCMwQQAQoAHRYhBEjWpfQtYFe/
+mjeABF3olJqJnI2ZBQJaolv2AAoJEF3olJqJnI2ZKKMP/0hS++OcyQkzIaVcNud+
+CoWMlYzu/UCNnDQ57BKhZU3727zjSjBSpfoebWopEM7VITkg21CZK+HoqMQbkExR
+7Mx4mAQSaci7uGePueQuFvuDD1tR6nROR/DuU4tYwOI7R7iZNESvNEFnawMo2n/x
+PU/CgU6ChINBoOBWskcZyl8/VLrnRZiF7xrTDn/C9cu1AoSKhCL62lWxbNAiBfer
+enDKpkYQwORdvnkHdcJuLuQp462B5f7IeVQ6eIkvpWeaA54SMTnpEymjh1JMaaFA
+4lBMsfBQsZ0LBwXoVxlN083z8+nKgxCA2Q24Dxg7EoqdSnN/LwRsXmkKPum+rr31
+3vXSFPfU5YmsVg8wIQKtGHQqBP6rw74nYPIVVFOFuJXD41/u9BgIFm572Cl95Jxc
+HbgEflxoDLfobuiXsLKD3ak+5c9OxB0vPqIw98RrNd2zcwmOU+LUYjVPmsDr53o6
+3IBgzjUYdIrLfnFZTqUvaiGBeCZW6Z5ISqNSl4ZoepjK1GPAt1z/knaMMWg/ZW0R
+qFI1pwD/1NuQ8U7DR+MXpuZs117gb88tTSuisYQJiYDmRqBixoa+3ARUeo+VyHbM
+aDjJyIon6bQsvCZtk03unvCwyYBBByJSSjncbud4pX9Vv31+gQrPJLUlRGj0KDyh
+k3DOtGkyy4SyLfBr+yXO6wA2iQEcBBABAgAGBQJaoluxAAoJEJoxTsX0cKCsom8I
+AJQRFug/YODuiMl7B8zdn8jsGwHwNr+MxafAIr+WZudVRzJ1vN19WmFcjh5etSdB
+UuAsUv+bBHIoS1UE4gEZqIGGqidWVdcQRgjTmb+x/I3/bVTNqWm73mYF+CDnCL4D
+4J1HP9CTqJZcB3/b59Xs0+fF8uWwo63hRMhbo6Uv6jFihp5aJ6uZcq2x1zFndWD6
+2S2fxNQ6AVbHOcNqvnFbIBXTOKxAgw4PF5/ja1SZAYe3HJqeCkDUakFAqJlWrSSu
+cVCkx6CLGdTP44p6FLPyyYgpYKz0/5dUWo3fxV3hQYLT9Ko42f9P8od5zwFHJHfv
+pU3YmHAnmsM/teFQ6XU8f1mJAhwEEAECAAYFAlqiW3oACgkQuj4pM4KAskKN+Q/+
+Kkg7Uccfb3wADmKThgWo3iT/ie6MUAbCQspa7+yQuf0HsfCx3JSn6CbuBIAlldUY
+tBAxCSgqnvZr7xgxp2+376LMAm4srfTdhcA5nkFvAOfZyliAaTduoOrVp4IGKZ4b
+DXRhVagRf5bkEjBIa/PxPoJuW5XTQfPTMUUBK2SekxUZr8lxq36yd6CGcutcWPCx
+NjDYj3+7imPbDw9XpHaysogP9Z0XxP1tkrhFkQJol9ggEjqyakd/6oD/aDhl5DRi
+iSoP1kUODjt+TRtGmzufD44UGvkg7Xl1IWozRwpZmfTWSaIkNoHqauYNwr7w8hIF
+vIzc10yUNsrT6JB0y4w6Jq1vAuKoGEoO+MrTfKoUhPvqkj48UdVb2d0vTRSot50b
+ltSDDsz49F40ZyF9JIbzLqfdrf0d5imksiMt6huLRcJTmQApNgZIOlHOwO7+PMGY
+v+nAlOAAdsJ28aQEOItVVAQshAp3YBxvUrk9rkO4eEuvfhXQ62eMaghlIpPx7mW4
+HI3KHhsv4azjQgz6wD9jpxJJoEdlIqjogd3oEuIeDSOTG9KbHP0fIy/x9iFvLVTs
+MT8KzCkXp9y8mCXzAsYBtZrjCB1XnNt9x2qqWlyJbbeMRMe/X8v4pgVQXSxUbY6E
+bugQ3JbDord6b4IDL8wZkPTrRsQkKSYaSgCPBqwngEyJAjMEEAEIAB0WIQRbYSZe
+LE80TUMdz+keRBCkAkvG8AUCWqJaaQAKCRAeRBCkAkvG8HViD/kBR1xZc0iwCciJ
+vlcpmzyRi3LqAj/LCvnbgjjMQ82wyUAjEjr+30IAkySaYZ4gtr2/APDXrwxhuqC/
+ZmXY72dAfHPZ4cb5+p/uSb5OGSqMXhdN9bnXSm8DbGxB78TtnnPFg4xAhqx9uYrY
+Jm/hD7wtOge36ocF2NVzeNFSdrLb2ICDguVEtXtdLA4zHyWewqVrfbagHlue3qmf
+ycMnzU25b/x6ofWG5MCeqKqKlqwjiEgJEaQ4kzNPY3B+nET6TMSBwa4cXpKyc5V6
+3rgGx4O6oFmSs5LT4elasEel0devNzOXY/Dvjh6jLj9PeIAWM4+Pt9/0b3frnk4x
+AsB0bBUAdLyKh371GHeIAJgAoIbTzbaFAAI3Xpj5ouNRiDFH7d4CEpfrIHQHUiiC
+w+8zWBza+VksrhhcnjP9oAu2a1gbTgXUap6rvmaQTAZgSuzb+3RLoBVppsjpYmzz
+uwWQpN6XKMnS1O2CBkPVvulRtdP4x2ZDZ1u946N9NexMPeAg20FMnNixDC2nF7B7
+r0z0wtLP0P7PMLWpI/REbpKOsPQgJTMRANJ27itsBzVIul1K5u1O7ok/wyDp6zpN
+60MiT4sA0C08nHQQ1OBPJwHjYu4vC6U1Lw2QxIY5VMv8DDsb3kgvkUJapQxXzpH7
+/gbqnrgkH95FSeA5ZAst/75yA9bA34kCMwQQAQoAHRYhBLfyQ2bUHvz97m8Hy4P8
+BxPaZgwlBQJaollKAAoJEIP8BxPaZgwl47UP/RcAv0wLnrDBm2ynByikLf/9Cror
+NrE8NPh446uFlgUF/6MEWkuOYTK4zDwjZR6CpaeAwBR+eNONb0i9dmmudIYt2GBQ
+gUGRB1C9yR4dRlfZG/vOgn6yvCUYFPksRJp3oSbdR4M1y1N7z/iOusC3+9TrziBl
+zEpXPcf31uXBa/s+YhNdFP1f2VdewpujhxgeUdxg9yrPLImISxhXY2eIwQKROIbW
+rFGknRn7WarreP6Wb+yHCjQ8k+XSiTNvOfdUTboiZJ6j00I9Kbfh7SuY9P++rNto
+2j0A8MRlxNWOPTZW5BXpOqFvZS6Dv58BYnvFVjJ/JRVq1gdo+M2D4NI8x6afTDLQ
+6Q+OlbAXBTY7K4nfHRMw7zUKbCvZOfP7lENJRq4T2y+CfpPgEj+wqWwMB3hvASOR
+oOD+6xLA5ZxB4od20FCFozfolArzx9hPYr/ugCKKosKM6GqQfcSNjGkvsfhZONQn
+BwPVNMIUekTwMYH8dI5nYibNRDVFBm9DM638hV9SkZfeF/YIFHTycZ55MzQbfdVy
+lVB4QW9SQ/2GfZ2HBsDvU/++XoAI468lFhkebHmi6At8YUc0tSHTFI2h1G9QwlEm
+6FEoEToKtRx1DxhtKEgNQM47TPVveQowA7FoBFbol7pun+cz3uqkaj/LFlCQhSOE
+6ir9jUrVRELkqCpoiQIcBBABAgAGBQJaoog+AAoJEOVkucJ1vdUusAwP/jbz+OQR
+zJPWZOEt0aRvnfP0QOBqalvMwbUO5zGSUtej2JQBWbBSKCeUxiXqXw0/0J1VFXk9
+BuWXqFlF9E4WyRHqxaWtURT5seh39CfgnxXapB84u+5gwL6/kig+so7kGaRg896y
+jEv1GlKt/t8NzdGtdVanvd51gWPb6kMpGyVcHNjtzH/5/u0gGOBZhSw9TM8H3zV0
+Wf0j2mkw7ByenxuWMGX5DbQavgjzTwsdDH15VFv0LtHbTjJCcXixpdGFXWxSSy/Z
+xSjql98d5u/hd/KLW+I7np1/H52oZTewRXgs1yQF6rrI9W0C+pLm8ylzi5B4930V
+65J7KcO8PMTg01NQk3l3eErcI+mJapZByfazxh1QhNPjsEPgy5FZMvhu9sI4chH/
+Twu/vct/H7abNQJnMREU0PQLad6dTTJlhUxZBogjqWOn73S2HKQ/u2ejPI9Iixef
+IjILxoswFxk0agUUFJivMtqPPfIsMzAxiOnl6n1OC78eqM4duOJXAtNvNUst43bV
+5QZtjgmCmjV+zoropl6/dQEKCaF1B3/b6LENFARqSe75pG41mIn1ZQ3JFfJLfj9P
+nbkd+lribDXEfOXWJH8EFzcizUxcL5Y8CxuHr5lYBp/1/L1UyZ/ivcB5euHb0asR
+joxO8LPePkuiy2FjfHze400QEBJKTIpjO/g5iQIzBBABCgAdFiEEYC9WdmPlk7y9
+FPM4xjiXTWR5LWcFAlqwOkgACgkQxjiXTWR5LWePDhAAk/XlJVz7gwItoghfUX8f
+0yeOfT/gy7ZDv+yWwGi9TEFtfMF+4sTpaZCzrbiYNi+WvDYXLZ+h3ZyXr9s5XdGY
+O9KcZgFAJDXpd3/cHQkbsdCWKcZg3xEOULspUCUAYMYDIXNWZDys6OvveAfZtXfo
+GPMKtBLQgxojAKxBuS++rVxRz3EwMS8jHKX4ZjKjsUxq7Psq1RlE6Nu9vCxJmSzO
+Dl+JNdBHFJmWf4kkqNOCtIbR5ts0Dtb4S5KTiqEhDkrcSZ9NZkCqQhg3SN5SMk5M
+rBuq/0xwPetjxwzUHpVcXoUu6SrLIl9dUZjH4xDow7wMrZvpkZMQ1p4xi+EVYRdf
+bvPD7rWKsyr/C4YmHIKtUP5TXo1rl2ju6bxxZbuuAPpbIMh7CifMtVDwR+OUdhYA
+Fyyz59LTuX2ULFG7Amzv1/3IKadWRw1uGgWF2yC1PAGc6nExcGH1n4W+feBBBTnT
+lztbYrfmRK/rtQvcEFLIyqluDdXK3Huaj+ISL3nQXfWoWitWEW1kz1jwDQGLqaA5
+dUvvF6mFLg8gCm/aJHUp4u6XjOjsOS5PHEiecays7f1a2L8EBvkDg6eVIQoEbv1a
+HyGPlP4t4/CdDLjh+KwEuzI2PIfA1gNSVJqeWR7I6isNUces1twWJpCK5zWWACfd
+ShVBESuJojoZ+WDsrlkmpqCJARwEEAEKAAYFAlr1C3sACgkQsXXPqY8ZKvKnzAgA
+qgvfYuVzv47ow+4ePm5uLH6YxW/4TdeFPWMNOwMj9/Ar+1BhMEkLy2cGlc6j4WFI
+DXnV8+lkPvI73gWEeKzRdJhAG0mq98cxEjeQLOaTRSLkdamcp50MlhwWjdVo4Fn6
+as3r6oAF6aDwsQg0EEbfR/x3jFCuoDNLQLnXSDO063pyu6EMz3Vr2yxkF11iQpHd
+aSi3Nb0jGymffofOpkRGCzmxxggWPWbZZTRzhC+/toNQjIdHT6ma+jc451ngEZWa
+ZQez746wPCEiwJQUU+AZ7JwicQmLqZGfee9Q/se3V75dKlHeZd/EAzS9KSRSOQ5u
+fGsR+Q24VUDanCxASYYtHokCHAQQAQIABgUCWvVgHQAKCRCCyTeO08SQaom0EACO
+qQfneSeyZeVDvLKhMWgAXB/s9nW72CU94tBgZu2nWlyHLEXSP18TR3CflmoqnCfq
+CPXyNoYeAWzt0QcAelJLI2bJCa2MWbJKocZ870DfT1LXzA3Rw6LlBXdgfXXrUlIV
+boMFQy2p0hU61jwNQYUp/4b1P//35Cxy8XL/o9OFizUyHrW4WL3+ggvHTVPtmRr+
+7cYVUc98aE5QFIBP5byGvKW+T5PiLwdhZWWYfxmKBj6FmouqEajUdBiPhicp8/ZJ
+7MlQMKZkLACa6mirSCpDLCiI6N8JK8r4BWmZenXKcEvCqiNgmcxXIKOwDUCs1qtR
+nJWKLuI7kXzSSHFliikeQD87TH4LEiIMErst6GrGENrwwulAYBR3HW10cAnT3QKd
+Tmy81nevc9xh3+IB/ZoofnFSbjXb5tHQbhScAVYNBqmXb6vKGfac/wXV78NbYJEH
+1esTyi1M35Z7+TGwDN1BMOpxLYEqvP8KLfqX9QrPw74/KMATzzFb3PdFLdasoOGL
+YffyB2BFgEcLKYhHiFIr2/Wb6KwtFRdoCn85685dOgvMHVcm/IbN8LsQwYWHzTB6
+ZSBCwEPO2xgPKfi2KRp8eaqSWDpGMtXmNb/o2MIC3mqeWKLDHAuQJsofvm0BdMYG
+T0z/zd9q5t06A4mTNgE+A7aqn/14gFa28zvdxeNVLIkCHAQQAQoABgUCWvx/JQAK
+CRAFLzZwGNXD2JAlEAC7xPWMzFv6Gykh3KNmu3JLAnH8FCJcoHGBDGJtMmP1hvZd
+IoCQEWUSdtcPN+8kQB/MigM5oBToeROcYyRWCw+mdxzaPNNnhvaf0+orlllk4ccM
+bvnNfCJaBGfFWrqhCk+I4tle8qJnXqyrwPuBP9UjYDLbkwl3rScOOeP02WuNjiYi
+fk0saAsQC8zdKg8Xc4yKKSmr5qQwGIWjeDSTLdPJ+abvgr5RDbCg71H70YfnA6TR
+i2drCg24QZeesHIH6Ll2Vm0SS6oKNp1fLnwALIkB4w4R26Pw6zh9uWt6RbzmhAjI
+L3tKApDX5AZVuNUTZyDu0gtte0VViRyBDhgRv9Lw8vRa792d3RggZ2NfkvKe7d6f
+TRFZySkv78hQ1M60Sv+IEcrPso96nkI8ae/FWiGlL6GbOCxMaD978XP8xJ+zAS9j
+mDwWVVJf7iC9SqKsSRqmZzHHM5uy4Jnc4eR2OocRzbdM/wbWFwgKqyw1BKl44k54
+FgNUu7lmDYFuACDyJYRA+G7aUBREwAzyaetCaxlvjj9G4vWv2KSu/oLrFb8VDYGD
+4foA9Fpnfro2Ea2y6O2WdEKUQBeFvA5fNbwgTI3tL0y7b7/9ds33rvmxWtL3IV9O
+AcAN6sovuE9Q7Q9XWO6gPdDhQQvEx5P/5EyWJj5u+v2ujMmBM8eWK9fV/hBcYIkC
+MwQQAQoAHRYhBCq8p0mNg+HTLVHTtatIAKYtufc6BQJa/ELRAAoJEKtIAKYtufc6
+gXkP/iMrixpGnpkNRlIH0pGZpBAcok+ZlwlJnoGibtaG4setzJcLM0kDnuLtc9ie
+I/OMRB0KU2TA0k1a9SawvwfcjPs520r3NXk0Ibmf+hqhpc2de2StehNe/3BYZqkj
+Wrt11npj9QPMAdEHmUYOYYtDh52MmCqiwgoiASyvtsgo/PU7vgtrI9mOFmSEKUQI
+4/JtLBZhCvk8gRBTkKAOQ8bc2H33WB0e8bu4VYPYf3MJCTyXs5pAjnbWJLKfIPTx
+L3YylwOEoS3BEd10N7HGPxEJWWd2zalphBHeXd/LJwdHYu8uwto0hKeY6fnOl0Te
+GlskcF1PAQKuXqbAeDbb579d/W9AEG4SQ8dGJrJdpBhSVrADAPLXrUV8Rp7zQCg4
+juA7h1FIM4WzUrdQZF0HkvaZdoYN9T1P9CEWuCvtfzzSRx4GdkheIVuHMmyt+YvU
+e2OPF7TxczEQsdOWnzX98FScQxTD3Fsh/hcIOqsUBxh61bDaN+ph8n5VK7NYSzoO
+CFo+s/39ZBxTo0x5cjpDEFsYqNcQkcONtoXnhp7Z+6y5gCD1YyceD/gptiGUwjb6
+YRqU7wUiGoOLDL41gRJlSHjYWQf1FikHIHPBnuHpiQMEpgVs9N2lWvE2YkMkkz27
+mCQHnj+AznCCKt8H1c4r3VWS8d+g1vr8KiUUFkjQ4Lws28P9iQJUBBMBCgA+AhsD
+BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEESIC4yb0OUQb8Bw9Pezw5Hv6pNiQF
+Alv3Kw0FCQaIdyEACgkQezw5Hv6pNiSjBQ/+LlFK/wS6diNUwrTpT3zbZ5jpuLPS
+SQEtuMjQIEYgt3J6AiJHkpW0r8ESKdRszqAE5ev4ca4jgC/vQ07+2IcvSOwuYNwu
+CD7vWn56aozncdCOAb63e+Jb0TU/H6V0xVAWQhuqSrixjZprsRsuGrgm/fnFXg3b
+D3BGm2yeCk1BEkNPh2J2ijp7atP5ZGqSsUVXxvn1ue6kZsgGMHTwGo/2gc62jjm6
+Lr4FtU9Zxzie3f3pmY3KEbN5CWpZktBs0kh+CkvWRVDFRpB+uibYOzIQiuPd0xWw
+Ysue4YXM/LwX+5iQF7pzWxlksj/GRGyjYWiSG9LDeT3BJleh8N1PAXdPSqeRNiMr
+/9rqADrxsiWz0/j6lcnizhdWTqlN1UhOzfvaQpfaPMQi6aHFaFhD59QE/pBLrfHY
+AmtKZV3Gyhp0aeW0llktf5kBlmrIIjNkzC5tfD234pNI1BuW4Tbgj8/ySdrP9nKS
+5ZSmRhWWolu2zaMYjhhHjrdRvtv7hNIqDvYfsin5MlfE67rUTwNK/7rdaZ4N0xPX
+/+y18A6rTSsIWsTAOQ+uFpoikaukpK7hby2ktyWI/lQQQ/O42tnVfei1rPgenkHx
+O4E8AZ9ZDkYhp05uOs6dJV7EooarcfYu8B7V9seK4XPsDrRvSjPiR5eO7b0L5plz
+izIGANQjGHzgjzWJAmcEMAEKAFEWIQRIgLjJvQ5RBvwHD097PDke/qk2JAUCXDNm
+bzMdIEkgbm8gbG9uZ2VyIHVzZSBtYWlsYm94Lm9yZyBhcyBteSBlbWFpbCBwcm92
+aWRlci4ACgkQezw5Hv6pNiS5ag/+K0ikF7wwvKuodKdxdYxFIusCKYUPsrxyZPrN
+zPn5+6UMA+elLG5MX+OA4f58kFUtvTBXcArGPl+Ja837yKtqM+ac1GYKXneJKhAQ
+06bVfTMnlanuLVABzeYCIH39omxjtux9uv8Z/d+CdB9HxyAfFOIZt31Q8l0B3d7y
+LKhxZJnMcO1mgNBDsMY4Yum8GKlzpMT7IfO6GAqteTLt+SDLsIDHSLlafnmDDmEB
+vrG0G74kA4NF5yo0GyL9Pp+0OqyYv9FZ4IrDFSLpomTdZ9+1V7bNcg2Jpp8alFtm
+MP45we1JL5rfm7pA59JH5sRBbK1ILJii/qUcA456/ENvnq2Jy1eamvHHuiG2/a7b
+OM+i4mwXFhd6rdyYJJeg5EGmyaHOJSFLrRoJJRAEPUwzso0xXRlDj/okGViZJB05
+2Qq0ig0zxLDuhZ1VJjdVDjQAzXFsuCrLi+OgJTa3PvD5OBqb+8xaD+dh7y0kX+C0
+jrGadU5VbKZemETdrMnHYKPFbm9m9tuTcWiNbL2Kgpn/WjqIxqJUTNF+81DjiZVJ
+jOXgcfBBiMmZKJuoUdHzRfobE9++aDA4CZt+LYsKAH7QpaOYFnjhYzB75pt7OwoR
+Kt2Rrw7NYIaj+yQMtoUyWgZgh3zr62jakuEw6VXy1hEDLG154rWBnYocewHOJ4HH
+uIciu4O0JENocmlzdGlhbiBCcmF1bmVyIDxjYnJhdW5lckBzdXNlLmRlPokCYwQw
+AQoATRYhBEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJaw0vRLx0gVGhpcyBlbWFpbCBh
+ZGRyZXNzIGlzIG5vdCBmdW5jdGlvbmFsIGFueW1vcmUuAAoJEHs8OR7+qTYkSmUP
+/2wreCtvKeArUMkfqFG91i0BFNVAbX+S5Y6mMt1nPdnaHdEE6KZnalkzhkUzxH64
+/6kQvkf1wBvYXEf2PtTJI9ja7fIOjvvwaXWsccgySPbW9ohDRXe2u9ctT+8BLZYb
+Fhg7xZmuxXRvIedbsk9e+JXjMKUNNVgbN+gyvwhd8XoUlqtkeAYoNEeDNbfaJJxP
+hivEt1obB6ZQ1urPA1i6OsmREdCDWsLSEU+kAJo2jJ8xjVMXbM2F+FuxpUVJj3z7
+H2NQt4xSZPNCvkEQW+fhSy7B3pjMQxISTApxfva+/O7rUKMdUcai7IrOoMzLLqTY
+Y+iXIZh64pnZzbPMnkOFZry7XCOm0S4pgMLhHUAtVSEOx00jJ4SU+AbtN6dIPKyZ
+Zkb7Y1OKNzY8mS8fjwSIMOm0qpUqg9gYyxOYEuIa8osmPGoRQNky8ScMRMQTv949
+fYSWuUf+5+dHzUkBdQoxjoDHFjQZqYhaCr82Hf7DA9jE83ropAj8MhCcNgPvt2JS
+VpT8Fywcg3GI1f+rRG++OTS7AZI80Lp22LrhhkLsXM7K4gH3PUT++NtlvGlYs6Ub
+lAIz+0SLMNB0VksgdIeyPYDdcRglOFbP8KPn4BbVQZQ+4aQ19E/mVCUmKs4UUQLJ
+yutfHu7dhtKbjb69a1VCgVwdrZGCm1ZjBFw1jaPynnfqiQI9BBMBCgAnAhsDBQsJ
+CAcDBRUKCQgLBRYCAwEAAh4BAheABQJaFaoEBQkEpvYWAAoJEHs8OR7+qTYkTXkP
+/1B7fDHmJlbPuzae0L+o0o5zuZCCSJQXGkEpMbWvao68PhM4jl+pdXwkIhy3yB8k
+k/QjhgjeVeaeZbUdbmKvc4cUgPTfVCpFl5iJxrd+6SSaXZBWbt+qBvyGEyipTZd1
+zHo58gU2G09rn2gPqgWVx1O2Og7q/PMpPxii17YcM+IEl+OwiFo62q5IeKSB7zVg
+X4ZCCpByZM3UVoY47Cih/z7U6CeTTZ+WzHJ0I7XLreRIwGUxnaC8R53QYtjBmqg9
+2BqVTd6oSQ9iDi10sYefu42IsCaosGUkdQOyzB+T83S5nuovm8NCxh57FjSCYpUE
+Ct+P86jOFpquBQr3Cy87UmpBNitOWl/mo+3Lyy9VK3Gi0TFQ3HbQogRYTnFDj6Me
+gB9F7FXswor8esgeiqzq2MLug2T+RNg5GN6xU9OIBPSRctb5swN+FJe3XgKpq4Zt
+gdMNYUipXHAXlfeTEhVXLtL6yc9c2LRB1swLx07gSZ4UOkfgRQ2q/JLFOleKjROo
+72NogKlEMVfr9uqPsj7tAxAAqGOlOgn/C9fRTR79ks02VgLu/K3Vdi3oTsiE6B+G
+z4KzqFNGoCUfYx3ZBi4QgyIMZ+xJw+unbsYfj2MntFwfvlgNlO90lYS0iMtQTMQR
+c+VdOCl86spoj8RAZBMrOoSpCUgwldhPP1kgWCQnGkY3iQIcBBABCAAGBQJXT/Os
+AAoJEPYwWWUBAm21rXcQAMVbBDazwQ07HUpclaby/eZ6sybyNVLMAkbCGn+wQkjT
+WwEoyHhrwhS++v1PCPkAgedaPEPDOz/GjAOOPH0ceNtQZB67lsgIWwKdxwD7c8mQ
+AYUH07AN+90widpy7zDT9OAYxRM+wAQbdL6APenADm991QN6qK5aUfeISVmREWDx
+ejij5+faawYXFVV+ZNzrr3nu460UaoJIisyA6ySQsZLRZIRb+/v3EXIiuctN3zei
+Zwk0Gv+5o+qx57o1e/7/HGR/wTXQOazddm1GJU8MeMGKzuWhsH6ro/bx7kz17vTo
+GaUG9Y3IMYTd2/qspiqLhVRILm1Vpwil4/kzpAVEhr8qlwEVhx5LXQzTOXQIJ6Cb
+r8KNf7O+xbE7jzJWk/QT474wvQyTEXFh27jjItsEbL3w+vqcZUOpOZlTStV33as0
+f18t0Zro91K+ZXYr/dbe4W1yim+LeudJGZj2PXMKUnbDfty4M6KwIPVl0DZoBQKB
+BEOOGoJKijMNtKYx5n13haWUgwhYpvhkqzTNnJZj+ozZU6TF0Fwj/uzrZNJJObV8
+QidNciIFvoYxV2prpMIlS3FGuQ3J7R36F6G88jcogtlwaiQVrz88tU4YYB2FzOHI
+5JWxWmG833SdRRvD27FAb5MDQrKxgf0c0OA6w7SjQrkCgcr19A4O1qLMALny1mr3
+iQIcBBABCgAGBQJXT/g0AAoJEF3olJqJnI2ZuCYQAIM5XyK1M/ozUUQW3KXCFLCK
+RcRw077JAKXtyJdcNRLyYOfEPm6eAwMfgArTrXtVLbHO+rq5qDqFA2x0Do9MbnEd
+nTf/AKYpA9I/psYEB3wbYCwEWknUgABObXm73q6WmYctSa+cXLbMmbnE9gyRnS8T
+N3pUSMRYIt8qZeJiuVYJebL5PwqLgyFcQBK2Dqj/TOzA12Na5YrC/ArG9D60oQgR
+w7Rs3EpQfikYJJiUMxSYfBvwNYpST1M/evT1DgLg0d1+5SjrJgOOi9W1udo5XGqn
+Rno3tBn08/bGVgUEU0e/4Qdi+sRqF596WpCkawNfwOZvSNXG2eJEiaAyF8tGaJ3j
+qlJCsjE+8k7FhcgPUZvT166n2x8HfcmGch6spE1oiBGHL+ROb3JneN1CVHynmI8Y
+W771Pi6wrschE3XSVPU2hB197TPN5y3AIz9swiTr3ZyckS068ngYeDY0GZWiJd+1
+0atpcdQFsrPwJitjnvSRHCgQjIt6Ejl3tS5OJGdxFRUig2ThRi4IhpCzHcMthNsd
+w9M7LrLQWVEaUwAzIOdICFQ5/BgaQ6uFgb0C9V6JuEC19aadYqTP6Ys1dZo7775D
+LDYtUNj5YMuB/leh5m8QY0PrFRb4UdEAmlrJPA9E4CBpFBR34S0RY3/gvuo0XhMn
+Oavp7U3YmdhImLy0Z6QciQIcBBABCgAGBQJXT/5lAAoJEJa+jG/YnWVlyNAP/ibt
+H4v/3STrvC9C5qk1tUH1P7eIOSdrbJj0DQBbSGWZ4VpVw8iBTngoSY2E/du4U9c0
+AxnIOJpYrcypsD4kofxKVnU4T94MVZrGw5eYRBZjAvPAovUOw0tgToaxt0C80Wlg
+lOktxmGGZPyz6kjNWnui7wH+cN3ADUIhUPY3pa/nu80WROQMFYPcy/YWXtNSG8Dg
+LMrNaryM6TYf7HWEXoLjsh9q44CGKgQB0/R+DrT7XokEcS3a7FFAvMNHzSUQtBSr
+2+rWYDyckJNGoR6mFpGBAuzHIwdIHSesxZtkqPjX2QDr45j+gtpPCZru6M9UW1kt
+PHXDMVhfnhkaWtl/3xyX4H79CGvgQ6kCTADIzB4NGMSritjFQpKQeh7scDO2TPIt
+49vDwaCa6GHwBZWrqppst6DwRVSsRAeHpkD9ubib5J92W83MGZX7NYCoUy+34RXS
+FdU8UgZb2v2ZtC8bGTKwO0Leigy3/GJOyTLMzJh1T6By8YVnOfKpbBq2B+rLCctR
+5bl1XPVyW5+LS7pcJdjKuUx3j3OX01nC54y4R1bGWy9bxDXL33yI07HyCTzHupul
+2RYbOKH6Uxp9rjhs124XjoBg9HGKTv/JzGlT9D+CE2cT+lnBZbfj6kKyunKrnV5W
+LpKwb8+aRwx8z9UMGZ8HBVRdR8p9bwBv2BP8b9H6iQIcBBABCAAGBQJXbk2YAAoJ
+EEoj40+gM0NtT3UQAISP4vnTWyBnns0O9/ArbV88cN2lTj0byqMIaPxeBRYLgCiK
+XKnXpYHMB/Zn5g4ZtdfmMb8qCRMmOTG8Fjm+jopf5Mc9zSXWXYDBI/j6Bz9FykmG
+8JqNhbhSk9o7KQ9J5WPbqeDu4hmoTr9MesPNtNr6eUeLD+qNbUoxHTqbQH3Ot6HU
+26sFj35k8xsLwrq5dsCMYQME+xkG3uaGHTHZkaKtdwpI7RA8ecTW2XTz/i2gFYzP
+HhLMy+gsxER4uCyqsTHhRg08ysp4tmDutNY23q7nV6QlrPt7egsBJzEQp5Df4mxS
+CR0xjIjqNlYmEHw8GVTwHVSR3HPxb8PMWElOE0uxNInjt/0fX8QGxeOJTy0sDIeM
+ypdbiOKJxRcyb7qQpnhuCKsr04jmdsWbm/ksFABnlbE4A2UQtfUDpT4zpBtuWoEO
+iR2OxIdxGIYkHLr/60XiFLIBaLaS7hUw3oTh4sQ8GZBPfiX48H00eixhBu6xJibN
+3wiYw7B7qhITR7gOngfZgIGOaP9Cohp1mRRRvKpGjiMxiNdxe6Rmg96CVx18vcQ6
+9MnTrDXvEyK+ngmN0nZIg59nexblKN6C+ws2G5s6n62cHGA6B6lfANT8iyc4IKNZ
+yzZkaRXptxYJ77oksrtsV7oi6jsb4Ajh6Cs+JXcHxkJy6CcbXbOYFITMaq//iEYE
+EBECAAYFAldwH38ACgkQOJpWPMJyoSZ7AACfZ4vUWtPhmJMKyWTP99WvcIKW6k0A
+n2Bd4No2M5mle22Q4b6O6z+BN5FEiQIcBBABAgAGBQJXcB+EAAoJEFKUJKP/kSrL
+dh4P/08+5t1if9AKO67daqC2kZ9Jv0XeiAydziZRnxACZVgoZbMcCiAuvxX8LAKA
+JXUsINujTSDVHh5yzYWU0UEZOIao1IVcKx/yRruvYCtnX8E0/reXsxikCwryfz12
+c5I3wfG4N5VFp9wakXUdmwbg+pygwCqS9dHqyyCSDuNnZf221sRZZqsAk+bNXaOU
+qOcBfAkO8gqk0ebvWGgWtsEGtp6r8ra2/rvS5kgXBnVaCbxCK5ldRt9lJJCaK7cS
+3mSGfHqINjuNz5tE1h8IdkqjbbSYNTkSW0rAEAzlfmtxZJd9mxZfzK3JWuZEhvUK
+ryhDUHNW8xCwyG10zKgMsGVD2+4fp6I2UAO6YEEKkdfRTgJon/l1Q9XRgy7DuC0h
+c6JD0UgShaznTKvxzmNny6lt4WDt9hjQjS8if3PsGKDA6vePm25BuGOuaBNg0YZ9
+I58r+6QaCl35/52V4kK6v1t0P2YWi2zU6nUD0BorOzlVkYqLb8JQ2oAxXdRXv/G3
+7n7FcwcFHZUsc3KfIHGofB+mM8fVu7R3lHdQuyNfeooGR2D+iCIA2PYHjeV7A1Qh
+7Klj+N4b1010uquRdVKkngs3u70vXSRPwryyENTOdrMYs8LQs1hKobT+Q820fvMR
+8/tvdAyLHLMYrd0XvKcL1ZYFP5Lotw50AAgBVLsteclDg2OIiQIcBBABAgAGBQJX
+cTs8AAoJEHv3KdXnyB+go0kP/RnbbOFsO3CcYroZqJNZxKnxyUFbpoGDaOjySaV7
+sr1dcfvZvJAq6d00GJFs0schdMw++nDtOFvkUZOTn5VHXhgHao7cy8JdFpwFJP5i
+x/OYl5WGzbUYu298SV5PFztd3wpi8RjkhEd6rs6cnSrtJk/vP+L0vK1fgk5utVOn
+CkEVOqVSWuO36XM4JIBAYKdVOZ2SvK6HaP+yyjo9s9LojEDV/dFGfvfWuFnjUoiS
+14/u0kwAiSFee5wdib1QV3NPQ0kvIMqJES8bUdbsTs4k7mNa52psCGlON4mXf3ma
+IQUL0QOze87ACPpnAnQHhmIy90GzX4pG3sKCRehVwXm8AHPyRu18RCDxR88rSpAy
+e969DJCCUINNaCVLFsI55m8AHBlQKV2/FxpKhDVCyg6sw1OAAOq/RGU8KrMEfm8u
+MW38jDp1dKuDdxG/PzO3CtyBYTUK1VGzeL3GEJsems/mtenxRle5NIf/ojwUicaG
+r8VZsjm6TZ7obkpjgmajSVslrWiRflPZ4rf54MI0ZLYx8oxeeEVfWpjYsDOSNHml
+8W0OYTRk7brudQx0lwgaJz/NeBT+GljS5TAHTPXutXcx7vtU7z00lLhRPUEpBR7n
+mzGklBLS7wOjwICDIPoIFT+Kky+oW1irA82nSON8uUON/ggkAQSlZXoCX2Ff6/vY
+ZXBIiQI9BBMBCgAnBQJXT/DbAhsDBQkB4TOABQsJCAcDBRUKCQgLBRYCAwEAAh4B
+AheAAAoJEHs8OR7+qTYkeQ8P/0lQnVTudz5OWo+j0+eBUzd2sGVM8BMVWNDdEr5j
+t3hnK+aC+n3xDK0Znc0VqTHZ3WMkgOZrt3HTzW9tS/TNb3kOZPSttRxWzqGEQLOM
+yrjw1m/NMzYxPno6Jjj1BIxumsUq6DFw9poxidU3OPWP2Cu9w45f4jkCOFTcmvM5
+l+YQZrPFUHfMNKVTQIz8H9rTEeRcat6v7VLZpjeFc2g9Xhun6FDx27EYaTTFopi3
++/V7cufg/7kX9s1lZY7QbrAiuF/sSSNOKYEVfSGxpW3M8Y/F1Lb3FTb70p6zUS1o
+0y95HqGGYGfrYXnOvFrGywXXoqfbE8VEIT3GWDj+jklbcyZafOdSbycr0sCVQR89
+O3rXmalZfbOBrlP7XHYommO1GMAvQALyE5VBN8IuNeX9Ex4JGq/i4PUH9HV/Fs4N
+d5PhBJ5CvVHnfOD2X7GJ1hJsR9zNJr35Rv92UO60kixXId5xCrF4e+5SOGw7gCUw
+/fQWJmyBEYBSeB7titQ4ef9QKWqJpXZmpUhbqCyw1+73e7m3RwsJmpFLirZyIZaB
+Qd7n1y50qmUdkaXVwY8Ia4NFLUWOYvKu7rtTEBOrMkAbPkpbBckKx+eL8RABIDcv
+PvVp0RwPo+wT4EilhsBIF6xdetSui8nSpQJfxQ+5ZUB7jtroVwwk1RCLpJjX+FEZ
+f/U+iEYEEBECAAYFAldyZLEACgkQXUKg+qaYNn6LqgCcCN0aakgWoqprZnrh4NZu
++9f/cNIAnRiX/+2WxHc0JfQaj7VJ72wlEnJbiEYEEBECAAYFAldtemAACgkQSTYL
+Ox37oWTp8QCg5hnyh7nseYkj3pdAa3FNp6waOlUAoN3Clb0hqInu4rHsgOg6FC/9
+EaxQiQEcBBABAgAGBQJXb+szAAoJEGKLgqb27CIaEXMIAJ58wyEZJp7eOLtRTeFl
+ggD6JW4tx83EF8gy5uP+fw16y/4ezoS0s5jlyhl6UCUeS11XmC9yJG9WQgb9AcQU
+Fi6Ed36tFJb/qNL6zRm2C3m/V6n4z2L0W/iiGAvKNdGPb7PTEEvWXRgHnfKt82sL
+LqKfr8ARBmhEBHiWbnWBUZzhLsfTJ6unfQ8A37Sghnz/k445DboTnaEDCtGb1UoX
+C6XOMg7n96ngWi9I0ihnHTQMqhZpxPd7neWcQ9xnkSPjMfqe0k01TCr8RcUz8R/s
+Le501Yt/ZOdwNX6x7zo2e2Un9m+6LisVFdUkC+WjwoClv6SBypsBf3/SGcz4D4uw
+IxmJAhwEEAEKAAYFAldyYq4ACgkQLMBYiiWS0sgdEBAApynY5NRrdqLIRJ7lTNTG
+fyPi0UXStDlZ9/mQXk6lmXu2YTOsXxFNlRhvv3ajRfYH71x6i/wTOlxUoVEg2PYH
+9LzhI8UvbBlmEP0BSGixyayDP/lBh5O9bII+PBw+J2SPR4PJNGwXYUvNvcZ+NCn5
+EksN8Jjujhf2ularkWBjujiOP2SGBLz6gEL7lSovH/97sZF0wA+WSMcspA+oVvGW
+8TaAHgXkP/ekkk0bSMFtz+ok2O+1GKuN2j5k1WvDpUlQ1mFMKjhGXprcSUOx8UP4
+AcKS2uMTeRRqlkh4g7Jnx5uL1PV86b2AVGiUuiscpOHAZtoUaRV0TujocJeLnLeg
+cgD79dC/0sUQIE4CxbB1RkV3Jxtl7DwjjeCnJJGMcWaDzaBuYpR67/Zw2latos8e
+I+mDrZ459bxGv60cx+a/qtB6cGXN6vHqzy7khzfb4xmnuY8ocAzQnyZUaLWCzmaH
+FMDD34LBcQOoTRy7tLhCjlDeDpxFdCDZmH8yJV9u4mWAaPeR4E35yorP/5MJ4/dN
+Wro5gL7Xe99xQLPmPNAJxgClCjVHxKNNR8C1ZfXE7QlPcnP/EtwiKjcNVuBb7XtV
+WivAJNOrRdXlYLT8DffcqiMGGbXAWyMWBR58dtyWFayASjtxBxkDigjdSwTMz8x1
+I3nAEQEHQoQjwUFkyuJc4/GJAhwEEwEKAAYFAld+yBkACgkQ5SPyIKyN+9BifQ/+
+OYC7JSEnpYmKnY4Q2F2kNE30/RBHa+WB1o0XvMPHKrxR2QTGk+/AOWYhD5pQUgQ6
+Fo8lnDaFm4wquXA0FCG/KkkyBUUMEu1Ab/a+kkb7VCIqiaHMLSzTODQF+baXfgYE
+3LjYTLJqP1N5l7wxH/5+M5fvl5JAy+jnAaQj/2rShVcjZ8yyeKonEu4SIW6H43jr
+2WafrkmBl5wtjZDLBgqsaxp82y5oxofv9JU1buRhMneHtwz2TEIa9XcRisE03MfH
+F/SkzVs2Sg5fXwXh0pd+I0WEhbRBtldO2Fyg5wB6ObdeFCZrejdWf/GP0A+qpQUx
+yxLoIUsJsj9TlF6gTUdrrj8hyMryKeKhGEs1a9bkuw7MmFeLMLCh71d2WOQE7OTX
+OEBIBcG8822k4JoNR7HxTPcy4d559f8N4ypmWTrnGwMWRucqOCB/FNcDcvxyt0Bs
+G47Yy+R+747mKpxsBpTdiCMd1/otqme1p3K3OB4icDrWPUdnkBonI2ntZ1M9anXi
+wQERq6mfQ5UmT5gXkPhvkcr0hif30cUyFIhaBQ23mKxaYDKDlPHZBXjChc6PltOp
+jcYc4d6EPpSr5eTD6NDQHuABdAH24p+pHR01Rs2L4KHfVT2k6eB+fz+bKBzn9TUb
+HNa30Zi7V1uLtUcYpMLZkiLx66i4NbGcZTUA+vW5A+iJAhwEEAECAAYFAleGDz8A
+CgkQ2MclhBqi85VsjRAAjE9qQG4+MOFTqm6Javii/j6l/YnZ6ZbTrljwz6Sv7rtK
+9qsdkm3A75+G1LJK5AJtFe3LJhgJLfc5LqWIfvVksDWSMRNitjMP4ENgc6p0xcPB
+5EQr22ySDQ2brT0O1hGgKKFuoGAJz3bemqgWw3qh+oWeUX2y9I3ja2swjnTUazUL
+3JyE0O7oleXKYhzZt+dkF6RQj+1eZ5llBhP2sXtaEmHcpaN2HUAItivhEjYw2zS+
+YC0yZZuTrhZXdPFEYyiiiGJKjIm5WFi4HyTfxuf3Zf7PbzoKC2RJcJeDSmEoIrhg
+1MvHTW6vALIUXxoMQV/kE02C+Mrh1/dRGx+YDAMuVBA9Gct3KXVADfx5GRujqRaL
+R4P+27xg8646mLYsYHdX5+n5j0aMaXQLP/FTn4fboD3ih6JU6wX2MYYWyI4UhLOH
+eKLVb4bBxjVrO8uGW4PS2lWnb9FTDYfz4QS8b68vp5ic4C9JJ/DTA/apdhUOdJ+3
+DKbbgMJg5veRuYfoGmuFxdK/XIC7QB2GESCEtJ6U5ScJYn/5kdR6GF5FWAQQiZ7F
+tx+6dZgMPRnoqhHEfzmwjOibOhikaNNG8BMa7st4rAkM9Ns0ph7yQsLSUz2q8EoJ
+oelq2QZhpfX1AhmDfdpEvktDyVpaU0+eZX4FYAT3Ny+bTLU/sVm82ESxABsUhPWJ
+AhwEEAEIAAYFAleDxB4ACgkQCMPqp27Ejgzc6A/+K2k75qVPRjQxTzrO7CPIsgLB
+YG2Hb8AlabZPROMKum7fdR1Sl3+T2G1V+kfczSGeLXIUH0UbZt9twuVO0haUGKJP
+S2nvPPKPq7ASIRPUB4WzKfZNmXvFo3V1QPAITGBEBO77Qw9taorjJe2DHVlsXWiW
+HVHYNVisuRlR8ojnBndZUg0GG5R6bxM2TZAz3VOkgggKRM9izwPqG1Ce5GomH8py
+ie/gaEGoFhROEw8QEIy0vdecu/bOQ6fx+A2jysrlCp+v4pwceiMvstSlT+R65GVI
+irAe6JJUz4WbJg87FcntpMNEeQhDb8nRHGYmkbp1gZxsw24arjh52eDz5W/5dZhm
+1bevkqgXRcMJib5WBtAEXk5vN3/NPk31RjIaAAfTpBzj0mBzhWbZj+J9XBRQxrm0
+q8anKm/lZHL1FuIJN94QtM0LAnUh6KAXILTG9M4xzJU1X83LiWAIEGfQF7nwvVje
+mf0aGTY15mReXTGyUb9tGcQ84AYmZp7fe3YJT8hiQTWYCkJKu+zhyT3vRMXjLOvQ
+cAp+Ctne//3THzqV0EczOi3eCvmqxg15hzFInmLWFcQBRWfT3mtwvgx8g4xNq72C
+lae5/V98TEH9L+nlrUyYfKs4E6Fowx0faOrOW3GvTo4x9zevbx7rjmd8Uu7LjoZs
+cA0zVPFdLWrS4eAk7sSJAkAEEwEKACoCGwMFCQHhM4AFCwkIBwMFFQoJCAsFFgID
+AQACHgECF4AFAld3qcwCGQEACgkQezw5Hv6pNiRq8g//eO9eI+Cn7sUGfb0QdwqW
+kOx1eST/50kqvDUiL6w5T422Lqc81BKHCJ1FNrntCylyCrUgoBMGJSxFeI7JFd0B
+bVXHvkgX9/wPZP2o/fKysz9oMZ3G4YVeEF9FDVV3RaWCmXkzO7+A3GDZztpT18xW
+Uj9IGpcGRCepueteZvpIJxEh+doWLDykjwr6DB1H9vsZx2TnT+IluDJlSjqJle1a
+emDuztVtwt7+zWWYZYS9QecbArnDNREymM0UanMndzgb3hinNJ3cnD+7xFSlKX8K
+uFeuSQsG0Td8m/wPcTWN/vaaPiLhgqs2EPBDKl+eSRycT1dH9yUBc0XTMk/bskrF
+nPswwsgJmihQC/lVPHPykqG5hyWQwBX2XoyeebFLBdNCor957moAPqIlBPkOz3Tj
+gzJprlivzy9IGOeKn3gbkzNJn6T6hJLxzgIPawGHl9yBgsza+O794Ggz8eqToZx8
+n4lDPC1zoDW4YFOQIrjWJwFvAUbszoE8NWIT/Yjh5ErK4ljVZYec25DdyppX0Jg+
+IiW5M4glZuTczNAcFqO8EecDjEmsD1fUOQf6TOlFwEmzeXAag+aLNc7Yzhs6ItTp
+AYNPJPmGiv1C5PTMBVsADFMDUrT8zDDWtLznvvEqcpNrzh130Eom+CXzcdoZKgBH
+ugKhnK18kS382I3LJCkUztWJAjMEEAEKAB0WIQTsR4TFsIWamp/F/PAX+9y/2ZKP
+9AUCWGJUCgAKCRAX+9y/2ZKP9LAlEACNfe+njYRXz4daAJmfhB6einJJuoZmH4yE
+Jlubco1UB/SYCgBMsdw7F3QyAjsRvQ+F2mS+Nl3N9ka1fyCd7ZvxTpo4o2hn4Wb1
+J+1N5QNf1ENecNk6UraZPubecE9SkJAYN+nHSNYDYk4fnU1wR6zk7zGeP/4w0UJc
++sCemx8M7FP5TNMPQFgnhoAQRU9B9TGNdSQQbBm3kanrJPCfSqA620z3KSjXSiNG
+oikMH8UZtErl2kP+1/xItEz85Fxn62pjnj5ZimvW7lITBNs9plywvxiIg0LpxpGs
+sQKJe15Nir2Y14G0Tb7qhomdgnJdWKIyOm2Z00kfvrDptezCKpYmwympJGuANaA8
+Q9+CL8VzKzmfu7ue9RBpRWZ4IpmHeKP+9hfiwIZ1ZiDvPW1qILE6qgDr+Q1Is7dv
+ANwXcHyHerUImN0RxttusgoM4KEW9KAAwrhwOBcHO6TNC03WmFbNIG7ecug/NRIv
+lb24/5fSsEwOMJHeXMa8P5YbDRh9hbGqijzgRudKf1PwksBy9hPfwvHzrvWcnNmT
+uj/1pG9MJl0TvGkDsRjDzyjaRck3tSZ1JLxAZeJR7V45LTqvp39w+hdLKJ1bdlcu
+rm6RxNOpMnqQvDGGOnNJd2LRsw59h3IsRR/o8PaPIVCwtXpU5wfGJZ26qpNwSaOa
+ePn2XxSQeYkCPQQTAQoAJwIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIX
+gAUCV8rDbAAKCRB7PDke/qk2JELMEAC32JxP3M2xFs74vcOh+EWtS6r6XVsJE9vo
+9I6UopHm5tqvAEcHyrH4srsFNQWFVsX0MDfkWjRNKCJL77KMXlRBuVIBLc8DCAxN
+6NpIAgPZPSJ+OAubP6aethkCSBiVGGUBhWGxIc9+PstqLAt2UI1qLY7tX8EE1Hmv
+W15QhqSM1vdJXUXOYMFSfa7Du8Pq46ShnAq+hc7NTETBGnzEzeJ0L9Ng6OzD/n6u
+32eNQVSoBH+E8k/TNMEs0+Qimp9U0VviPFkIclZHBQNjOPMTiNIXgh5yRKlCHwU+
+I0FJP+O7C82a+OZsYNmEpuOD6dfUMdgc7MW2qP3e5j/s1aBwOo23WX+dTfv7mUkf
+3r86JbXxAmxzWjIhwWHAQeKRf9wNO0nHNThbNk/uAxdPFztKU0POcs/4iINkxuw/
+lwWWGvCT7CSFncOtwW6kDpfMn15tpCPMxyNtBHYkaTQnn7wftztaXLl2iekXLLkW
+kd8hB5pPrOBYNgaalaoAYAlJ/JST8Noe7Lapt5iT94gskGZAU3clFmM36C9drwu7
+vpbWPRU6IlRYuJtjbw85QDGqywoRZpOJckRxvTXE3zyVuzGOXBVkvnX+NKdaa1YT
+jrJDA11fueKB4cay36zUdCt6FPcMZB1lK/xIfwUfMpnI9M7Y5aqddggsmvnsl1bC
+IzPxT+0/IIkCHAQQAQoABgUCWT6nlwAKCRBcWOEGIg0DnqZND/474LjZuUbumgzC
+/ZG0YOAcRFARRMGhPVJp1HuZwIhuX3OwT7MVJO73STNa4D+ApdR3uni2IlfSAUZ0
+m8h60p11T0+o3ptU9Np8moJ+GfyHo93l0vT3U/u+BaU9MyhyIDdkD8aEIYgVx5BG
+YDffZsQLIoumy5b9+YOhQKrWsYv3aGmxpkMJmNvwYVD+7sAg4Y+iR36UbsI8WYQX
+cdBX4cZP32b3btlpjz5r3ZsMGdaM00tb+AylEwyovLPZgh3cvERbMgbTA2hylSXh
+E0sAyXSVgyEpE7SyBAJDFcWqtt5h9k90eqpLnkT77h9KLxRPVN1IYfYRdP1RZF/9
+dSCyccZSB9LjvjMwkAWF+DijmQFRN41qvK7OP9fMvTEXAOj9Sd9pen4YqivJzJN3
+998x8q3k3C3EyEYpvNUh57p4p8/1rFOMATeDzbejPDJJWPQo5t1Qnjt6Fy+X08Eo
+GED8wr/bwJ2SNqx3Cn8anBWMU7OIpXpzwqeDFO5yL1vDriHYfKiFEo8wghZAvBjy
+SvNdR79jTUK1TorRmY3+bwOuorJMQO16LsRvo65lgyA++cDMfcHK34jNNv47tA5b
+J52Z+Kfx6mwld5bakf90VWcsCrBfQywT1EyGbFdTwQ+YXgO7qGt0S25JEv9p6t+E
+xDQbH+zYRRhfQQsOD/NMFPMR9f3IdYkCPQQTAQoAJwIbAwULCQgHAwUVCgkICwUW
+AgMBAAIeAQIXgAUCWTHnRgUJA8MzWgAKCRB7PDke/qk2JDLnD/9GlYGI0l5qqcqO
+7d16DaatiPYmVkkjugy9UI4oku0NM4/dnCYvvaqXeTdScolBJOfOiWyMweQhiDaw
+3JmDKtUyF3a30kWsiN5ax90520NKeHowVo+6kllBozGPaqMy73+KiB/tmwrIoboX
+aQoZkay0M6s6hLt18G+GZjHTp4Tc7h8zpbme18bsrrYN/DDhK8rYAK9wsmIZDPO3
+4Iq6NG6HLOA349tM8ds7cLU31FFFzfypJbyhB4QYG5Vj5YatL6zpka4/uBk6kTJt
+JgDEMLFRHVFtzPznOTpWd4GyO9Qq7FtF6IMrxUHC6I7hAlEFtx042G1I62ZCUho8
+XlI3ZPAXBwva55h6aZNAHLajkin1m0wYcjBr1ofBE27t58j4697khhlwl62NMnTh
+VD3vwyDHmQCFRxALVKrTpWzonnECiKDBmtLZwtzXqoAvdWIi2R7w6R8lhwxZXsgp
+vJwJEn1SZ1Q2UHWieEGdQfur7cDsE06Gkscx311D9TBBmar/hj4xCyDVOos7Te8z
+H9QFkvO4TGPZsV+ScEnfVun8Vx7bwnVcsowX7QxaxVLwKT/Wv0GTFtEsNB0hRlf9
+XderlH9dOk4VOSfpzFflxRZbSiBZHfK4YkL/F+IFeViinrY00XMD55I535AU5Bn0
+qKU2JYyMZT/vRQBgXm2gTOBGp9gIE7QlQ2hyaXN0aWFuIEJyYXVuZXIgPGNicmF1
+bmVyQHN1c2UuY29tPokCYwQwAQoATRYhBEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJa
+w0voLx0gVGhpcyBlbWFpbCBhZGRyZXNzIGlzIG5vdCBmdW5jdGlvbmFsIGFueW1v
+cmUuAAoJEHs8OR7+qTYkvDgQAOVIrM6w5xRg6flHze+s/xSQatBXNs4UBB9RCVEM
+qEx+vD+64pIGeD4etlLDTUQectmSOriX8Rxkc/izIWrMTuAjNV4S8TT0C0r5MPzo
+/SLP9pbUtDVJZbS1tGz82Ecl64xcJAtuln30jPS6VY2I5XQ9p30aakFpGAkIiI9E
+Zyp2gKnqyO2Q38wXl/1dQDwUJIXyrJfspQ87OsY/+mFI6ad9k+sMR/vwj7VIDLmU
+den8sCyOX5MVZbB7XLWf2b87hh6oWS0l4xJwg2MwAQ/X6PaIuFjnNFOFVVTW0yzF
+yY8o/YiuHf7dFoml17gbhDPUUAZkUBbpB/EZ5AbermPAUcO8fMKB0GerXT1FAv0Q
+N8QLH5yy9APURp10hJ4GK0iUaursLKvwQ/cWy8KFZJbZS2n9pcb/bUcR8ToPv54v
+VHoaKPdpwUtCUIqjX3ZA6uPWuhjJmEnpHuGVVI/nmj7sBJMCwe1VGvwkBO9pLJWm
+L9f22zZX/dHA9Xr1jQT7zf+pnrvLRwXPqvqIAzPyialmvWajAK1vCvU1+Pvdibup
+xaBbu44neT3U1b3ZaN+YqeSVvGpyTgIvl9KYvjTijuWAbGgA6sTyvmYninrvmuAd
+EIvsUwzuCmxkLP9f5QiP8FNwTxUafNweYNS7tMEP126DdfXwWopIWF2BiLFtiABQ
+cQYhiQI9BBMBCgAnAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJaFaoEBQkE
+pvYWAAoJEHs8OR7+qTYkxaMQAJZyRcnljA+fQ8S5xLPb2ygz9eqSW7Y1Ei9HAF6f
+AmrlzfOL/Avm3RIJRmhT7q6uRtFS9n/9eQAN0nLlmBEGcNfCBUmzYktxbpnayZVN
+prppKlkSBZj0ESh5yz1D2pAuvsWcazFFp85PZVu43zzSW/Uh3BHcZ+nLRz07cPid
+p91XzKAiySwcdXmXseyQ8UpGjZsyHQDWKhAFNXjCj6c6/WRnZQZ/O8ywxtawH29e
++NPovrCa0Hfxt082HAjovwRuHSAwg8zADQ+H44KtWEg5Q7DWgUaWZgyLCev2oOOv
+tZVmyv5fjA3zlUoj8oii+P6AFqm5xnxas9DFTo6j3id/fyyrzhYaAs++G4FMwXL7
+SKluV0/kxatQCuGfVJCG2ty4U6UaP1unwM6hYt+ENHLa1Wib0WW2i0Oo6GzrscRQ
+yPYt0Gth8AMdSGnh7bodzdkzOSD5POGPwDDNz02NpheNgZAG6VC9UjKyZ42Ppgsj
+/7AzSU8k55svwJrlg5k/sGBI4A82s+ldlsLnnvReA41b1pQiniCNZDTQgEnlUqwy
+FH4mVgEwuk5H/SJ/Whiv2AQqsASVz1LCVPdm7Ipb13mwwOVDim8xa5hTbO0txLER
+AGt4fv1mGPfYxnru9S74GwLGy2yu2TraxvQ5xTkYvTswjnV8aHzvppdbJqwXyHMX
+VqZ4iQIcBBABCAAGBQJXT/OxAAoJEPYwWWUBAm213vkQALgOR9IK/xWpVfPVBFKp
+P8l83Dlb2k5nHcpGrlDs04xMU1U0sfGqkV3tK2rqTRklGCEqB826cKXX6brxED14
+FqT1/xg92uac2RPnUuFHVOhuB/nhZrmkiBRKQyPnhQ1hirvGj5iemYmIfxRojy0e
+jz6t7mxDX9Ts/rpD1YEE6EcROaIsf3KA22KWucAUGOs0lorsWt9d8W+qc7QCIyDO
+W95EkwtTtILLAgLCYjU4GWkI/bh8Sm3TZKmYpAJn9mrqPMQ6UfIlr8tTOiqz39Gl
+dgdJx49pVQpGwLG5nBqr77Q1TTFqRY+b6fqs/BFrGuKWLCi+1hd59sgOziaJryo8
+Tu9M0olGUzCvvuEnWjgjTCajAMowWWG1Wv2pudFUWhDVT2qqdryuYSYQxlaxwedD
+ZQ545/UYejc0wmkTst1zqSdfJhkaevkQ1FxOgTMMD0ytqEvFrWTUZ7YRS6RIlaxZ
+SR21Lpujtro445Au3hRiHMddx7H+hQEHDXsVGPJyXZV6H4mniJN19REQbZfNYVxk
+JO17O9BAUD+Gv8x2xG+0xM+2e0yd+LobTYfP9YD3b3/vQVyQzrAPXvwqqkzZbd1i
+Vla2m8m04tF5OJFrHBZYGUXT1t93M1faJ2Q1Jc1Tm16JTQqM+ckb9lhu2vr1Leev
+x2N9HtWHtFc7ZiFVHGKDL+i6iQIcBBABCgAGBQJXT/g1AAoJEF3olJqJnI2ZMFwP
+/iZmBl0WstDgBTc6IdDlcXgiaesscjff8Nh91N3eTOmP9pqEXLjn4PUZOkPzw3XV
+7b37zg+SfAA9UR1Y48AJ0J2lpzeTbFOQjUNjnoDWqTIvNlI+LD8llO4LfMBgOx11
+4ZvKSxZxyWPQZ/h7zFveG1W2ecINCdEKuPsg3a4/6btImGXEtoS13pQxhoLZU0it
+Pq9BocPQL4oGTX2fUw8jzEE5tuMy6WAayggRISRDwkWuX5Ilbf5AT2ImnZ/iutDd
+2KkJ0KuK/e6QUDQWkPR7NJtsIQ82X4wPyino2gh20dKQTfQi/iCLqkfRa5I5zczu
+5OMACa7dj938STXCf9RbMc2An3qDU4twiH8E/0ePNWEeqN0P/r6eQCZDdVwxnxN1
+OYnSXNLtc8aNgkClsXNf1q3DM/TfaNopjaIVjath5MZ6hzK0NbqRR97KYNSQ458M
+ySaCvw3tDCQAClmMosqMOz90Bpa8jXPF99ZHOUthF9dWrI5uu0Vs4Ofq3tOatpLm
+NAiB1FtndBVYbFwsy32XDCHSrIM4wqI1SgHLuXG+4VupzmB5zYugYWt5ml+90r25
+bZCxpliuv4CgrLGPOfkX5MjKVqBSykvczBslx5RxrOrwBepvwIogBy7HO4zJPGNw
+SdyYzvBjFaCUcdJ+n/MLZOcJUeIo5QgVjWW0K4vAQLITiQIcBBABCgAGBQJXT/5p
+AAoJEJa+jG/YnWVlKnwP/1P2ODvgAXKDA1SnmAlsgwD1NeF5ddeNaZgUcp23M4zV
+cNB/hk59uCzYmCUC/kWZd37wyEnzhRv+8MCimoeu+FoD3RJlYd3jH/XAFyyYs/iC
+Exh8cdtfmjg4fUAtNqlNlTbRHxIOsVyn+l7kXRdDpGt8UaEZ820Bo9iGrqnbj+tA
+4BztHSpulhtzM1eh5rdIK44xN1ZB2eShOfrbJGRYDEI7okdnlIbpPOQo3B8rRx++
+Z2dkQTNe4KDVLn5irV8AfJpPH3NuXUD39gLa8j7Jaqjehq1kgLyMq2VPCnZ0RIlI
+8diU3j8QmDEy4s8dn809nb86DFFc0swtMQckWAAykt7vVwrUe6fyYtPSyABw0QCe
+bk7q2Y6o6+39zjSkCf4ivcY/ZgzaQCGSMgcEcxYzDjBaGjA5b4RwH5oc2Fdp/s5i
+Y9ZChrvV2AQ/pswvG5xDGjmodrIRLskD7Au7TRbKawcOA8DiKBegfwSRFphT4/b1
+ypHtBLVRnJojQcOIorMr9Mc7Xdgv99e616SZlEM3Mwdb8phVyLQaX4ZD6fdGGkr/
+wQpqq5+ti3R2BFX5tAtR0cc6GYpKOOgSpIHkW1Py3Q4v9cJx5oIsYlKR3kKCgWYe
+d88Lr3Cv39vIESIA12GuOwaNMZmH9HMxOq+Pwi7qaJ1sX50G0r5ShRkjoXXknZhr
+iQIcBBABCAAGBQJXbk2YAAoJEEoj40+gM0NtYBMP/2kEW1n/H1z+6aN6198cDU+4
+wZ4WRGoHAyApdBvNIVBhthwgmahZaRa0vodap6IQJoeJ6Th/nQve6GyUUZjqUVvw
+v2ogyOO0yJQfjpqqI9Ri/QYH2pS+tFVlzmsu5N7V8acYoVgBxc/k2TxKRRWWBWUJ
+pn7MmIglxD4NMfz3iN3H8rjPzsN9NDrXb6GQORXKGg8WcM9RqBptCtD3jxToZ7t4
+X/ItJ9LI/85A8IKdPfJgdu5g7o+XXFeSNRqw9UUbopT86jyzjmdklQV4gd3PL3wW
+QhLyAKOD5CSvLKBAgW6V5E74vRYLt4ycgLDAdGt5p2JL3kzVZiQoQ+VkXleQz+rm
+xsAVqDhsfA6h7foTsJwDwn+bmgdSCF+88NRYNadL3iT1Ew33ABmHlY9B5rqpoyA6
+Q9biK9qBTVAuKyyzxlnkELOs6kkrp9hNM9eQP2Z1aOkbf3lqXJ9mCGCqWas1Rkn1
+sm5UtcTiweIMIrRaiyIbBHuRdKod7GKgsA0rUJELqQx/kVwHIurOQF2hzFU6QA6t
+uq6TKMILRlTrNZL1Jb9dy1YL+NTjUZSUWdTr1BOLIXakf+QkvyjKjWkKuR12wTGD
+YAc8ekm79qFrhsTjSQ1wkUVOU3Cf92TXTgMK/rTqfJDPds8wSZ8s9em7QmhSW8qk
+OJKk5EOgNOz3CQEyMe2UiEYEEBECAAYFAldwH4EACgkQOJpWPMJyoSbhNACffM9G
+19hkBiTWQIXG/bP5siFVkmsAniGb40WB2dpLfhFTZiTGwIx+VlPYiQIcBBABAgAG
+BQJXcB+HAAoJEFKUJKP/kSrL1QYP/itI96Jcc0/WuF1kSTxbivgJ1kirtbPklDl7
+eb6qoXgEuCMrbLIP1Nx1lpEftnMSoAdngKL/XrvOXr20Mk/P7kRHVKTqXpa/pghs
+0mEL8Oxy3MBAEsqKQ+SE1LP6w7udM7sPSTFT3Wntdj6DvufHK5aCUIcOEpS//XGd
+cgykuL8gG4ob7Mmpn2kDUCGMpVraNs738ULrx7/q0hx4zKxEYfmj5umQudL/eSxo
+QOpzyvMPqZQKBA361HOz5nbjAMUNsGUnhccSAxrQZzWUW6U/fO35lTlh6Lrk4pj7
+M0mhUrrVJAjnvbB8PCd7NRI6vhQ2GHLPXfjeRxRCBzENMCId6/fyV2NGuJaZqJMM
+WWGKsWOktO7bXcoAp7HNk2V+6TaMUfnCJf/x57DUCAb7g/c79T5Y7R4tV7bKC77/
+eXZUMQboN5lXA3IvcteHu+nldLXpoYMB161w0Pz7Br4JHMqON3dZD/+K9JZBjB4B
+/6sqSj8agInDL+JoVdNj8HxP7ICjEh9mbwkcY+JxT77KsVQNC9njjKqM8WqI66FK
+BNZM8RMvYRmARKrDX5OiI71FVxge3FaTqnP8LTPQDAU/2CAAIbojpQeWwZpTOaqs
+VhJxd9PgGlx07LJOfGH7CE+hzIiAVuOkWK47/RIWft9vEqvEXOXNsRNkYtJuMvx6
+b6Dmh9vLiQIcBBABAgAGBQJXcTs8AAoJEHv3KdXnyB+gL5sP/A41dQssys3dyA4s
+fcIOOTQwvoofQEbro1vFaMPkW98488IsZJPt/zKNdWsoC021gY0xOBSDglpLLZJ2
+aY7l2jWaOMdH+wJq8NxTO1fawoj6/3cogWVt3baNtSJjpnVzRgo8bftT/P7Q0a+h
+9nSWoRNppC0xBm0Paqc3m8JoAunqRd3IMf3kCZNeOjsK5ZeZHcrX48gD9LgJV7K1
+9lOOVBFw5fCvH+b4LxkPvQkHmmi6eV1T+arkpkXTMzyJKhzlo0JihPZK+6L0flkJ
+d1juL4WGNWChuHDYlaK42518l5XL26alvwEY3xJHZZ5ucxCKIBlmwXoeIm0fchQV
+2EtMeT7Co/q02irujr6GKrSP8ewi9WMaS96l36HMp3PwWAbvBsqd+NHELzWHLSqh
+7/fP4GRoEVPxgZnb0r2YeReQCa7MFM1ny6lt6HESyUeRfZUXnYzF79iQj5Ks5Vcw
+MT0Y2OHsQQqaPAfyG6xkAdr9KWMHuTrX8gXQE26Oc+X8bvOkt+XWWGeOTcXSz+tx
+VEIZkL2QL4dt1gR0Rm5OfTDsxgUfi8MRqjcZSq+HRCEnNHflGm0coSHML2y/yM/j
+ROgl228ByHvkL+wb+M9EswTl6vcwzDJajzjDUkOHVwzjm1lM5KVe9uQXXJAXGvDu
+ojmDVpq128VZctNYCcwy2BefvNIBiEYEEBECAAYFAldyZLEACgkQXUKg+qaYNn78
+sACgujvn9FRgNhbkGX2HtJYOAQN/YM0AoNxKZzMlPTRwBvBDAn5AgEB71zw7iEYE
+EBECAAYFAldtemAACgkQSTYLOx37oWTrdACg0SuyQ6/plOa41H+Z+/Qh4JccIjkA
+oJHFJqfNZ3+kC1R4/q8jOE7TUKwEiQEcBBABAgAGBQJXb+szAAoJEGKLgqb27CIa
+D9cH/1epElOoE6pHP0jlocfgagaZh1hvNjpI75htz9IRO0m+MhJl1hF7bQjAumYA
+vihRGiP7tY/as2+KzAdIdcN4r2g+DOzZ19BRtrzxlag1AZbMBHLNnj9VaQlAlNum
+MJao7X06AedNpRlUja7XonqNbulrrWZP+alZbw1ySjUarCwTCqvFm/OlFAMAd3gg
+Tnu2AvFsVoRvYTfFzO75DsTCTJZCV7geDb62l5fRLfwhHxanL+htlnPXZ2GVdZAT
+1V0s52uAfSiKKMowJvHLF66y1/QhhDKO4JO0bqnCSRduht+s3xvRtgEG6DlLZbjA
+bTXpbOfMrgy2JW90TNkvY+3MumWJAhwEEAEKAAYFAldyYq8ACgkQLMBYiiWS0sjj
+vRAAgUeqFsCzGObAWU6sG8rOWiFH2jJOXUdyQqSfAcc/yo3Xf9scNQZ80sLClGJN
+vnmHOSAbqqvxD9euD4wMmbS3hWjGR3jFIQmjBrpYnPchGMhAkPu1A4iCL4XlRydc
+R6JCm2C/5pOWCYmL++1AbOU/JqrD8tfELaXCHcXTVw50dRHcZHVlXgdsm3IKYwkY
+7+kNbwWvSsZMg/ieL54FtCI2p1DUqPDbMXwo3zDAnxzgEjMDJN44zegceOJGHSVa
+ZQnA03YwEvVGpceypuzlXwoZ99na4hYjlFjn4BUNyznW/NqdZI8+lFaxl2RYenwh
+eX8T/qG1U1uJvEwOZOnh4TA6tFynpNEQB+IwhWJD/Pz1IRK3gJDyHmW5Mp+P/XVo
+EO2qSRXcWisiFhHtO7Dqf/SXXsJ66wbcX9SJdG+ZsusXsG4B69SHBh7/lGRTC3F9
+LnHF+m49M30cqLhGxC0hFpLUkdtvA/d99hKdyNsHJJiSoGbUBuX2+rOsoO1eNP/9
+wzpNjCJ55nIEPMtj9Rwm10cyoA2dc4v/meUwOZ88SxSPbsBiLuYfCX6VKityEO48
+knlj6L8RBhm+al9bpKfq36RCKfNUiKLbQx6phCZ2X6S6hs6iOGJztEYVBxnOIVF3
+0Jz0EVmcUtaSuqJK3ZWp2+LTEb4ToaUQ2RmPzSnXIk9tUhCJAhwEEAECAAYFAleG
+Dz8ACgkQ2MclhBqi85VXzhAA5U+iy7j8ZbISoB/aN5BYfZOwzxEhW5Jbgc5fQ0w6
+D5AY6MWN0G5H33aU8J/ps2+npLVPjyMx4gWK3ZIAIsm69V60HlRzYuIMZyRq5LGS
+rII7/7g7wEEBaRH5/4ahUemnWsVPzbKC/0EhFgvoZj9KgU7tgbnc7PuaZ5dNuQFr
+tMB6Hr5fel3dAQ1PyhInzHgJ1jbJZhcoxevZ0vgZdr+KVByXAbwX9GC6/aYAeske
+8QJAESFrvfUC8DF1yitdwanHDA107LggOQzysY2/4ArLXppuAdqIMYwbA0QStD9W
+JeHDGFJFvZ7aBjdvYYV2pcMQklzpphreMfmAJYfwOO5UBpixyLWoaQgAOwEUtNyl
+JXYveLliaPWBkFO2N1K78S1Gf/xYi/VE/I+Gr0NJIgcvoJgSnufbhGhRPrCHYxCm
+kRCDuOewZTlLimwdh6EfACLHWnNg2PQwG2uRIuPjduP1FJ11/uoxbsUZV58PKwSr
+RywusLGRvlvYapHqmI7UEvLfD8eSkso+2ZeOSYT2cz6YeKijg5edq6aRoTn909uB
+pCp1SwNxaMN/Sigl/OQOZBZIssaM2awgvcfwtX4Hez8aX2e0CFaWzwF8L7ef5NxQ
+uHYZE9WHNBxZ6vTtCrRc4aeadn4KJ2FWLQdbglwzZXvf9fMjmhecgeYoCwbKXmDD
+qfeJAhwEEAEIAAYFAleDxB4ACgkQCMPqp27EjgxUoQ/+MwI/WwwEvvZES6CC2QRe
+pLx7CpZjQRPCygtRguo3AWkWl65PZJ9H8gPwQXTGF/VSMlMtCHTx1eqR7TZFLN7t
+jh4nPmSTgDO+wZTIQ0GFA+h6WwzvtQR8VZ5fi4qUC+FyklAu2wVkU8OwWlKrji8r
+n38se4ENqJYNVbgDuBZtymHOC2MNSUIzOrcEtLo26l3EG+K/uBdxr8gBHaNiTncU
+qP6bks1muSCu4uqIsZWiR/0fhpf6wJwd/zwFi/kP9oRuxfnocW3XGJxrZpKbJbxc
+KC+fC7zKYfoU3RhVA1EOeqhH7P15kPftgJUKR2LJ1d/DUc4C84n/u62lv85eTy/j
+oCdD78As4xGkKuq5Nriw/7U85OWR4y2JBbndEmwuFw/kCDUPHWw2unvM/8RKBW24
+j3wLhwUoEYNVW6n11CjLsasJaaVv+7ROjLNRIHXjJ4YY024yKaLA0Ap1Etkph7V8
+J4rvaz8ev81xhkdDWfZIkHbWnxHOTgEiwP3XxzWgQLbxKD1OoyaZRqTeIsce+tdJ
+D2lXl/oD5XRxuzPUD5wL0evaJoyph2i+0pBA5vnrgxsPbwrCKS+b2sQElye3qdg5
+ABfIEM0brW70I26TpbdZyjKhIaWedId9Uf1c0wqefilXzr/KC5TIL8yR5wedH3dM
+Ch2CnKh45fdpbgIl4scyuo6JAjMEEAEKAB0WIQTsR4TFsIWamp/F/PAX+9y/2ZKP
+9AUCWGJUCwAKCRAX+9y/2ZKP9FujD/4uRIuhJWElQV0RM8GqWQVA0p/d/Y4ZNxb4
+VtIcTKYDwXK/Y5U5Su6WrgR3YOJrwm+uCpkFLUbHjKR0Ynm9IIwmTLPigWcVU+u4
+BOEI7U5wjgllo2BcN3UKMnCR+MZrO9WuCGiiT9ifMVB8e/V6Z3CHfcg2RpEvXSNY
+badQXVaDeQTy7apqeJwOW0c1uJ2D3i5kBte8q0hMfAFENrLqEdQpgFFRI9vX9hvA
+QiolG/G5rueCOeZ27pTOulVSBEhrkQCiqgdIMB69fwsSm5CjbqfXOJsA1JLx4UUp
+KbeZZabUEisFKBS7YI2jv+WaDK0ngVQH0QEymEbqUuFvra9NtmTiai9gYvYGTZje
++H0iSzXG3/dLk+lDBjlX9/bzvbllOFe5EDqWCc0INE8jc862uetD+ylmATJIXfFy
+F4xvwwWR8FmvKkUCr/mxHqsnTfE39upT+hbMembzUap+Vy4vDPZQcL3lRnEXgG/e
+Dr4Cff+4O1I4JFKR0k2STm+fjG6PnoPp+37qc24CBfK3ofXlN4GsnnVAe2EVcthz
+NK9zTL2A6+QHWatpbTTv3CDePM9NZh90Bu3sYULgymgcjBqTRe/pLgNU5H2XVa5P
+hCEJL94IB33LTWi/rgNW0SaaPKiZq/TR1bdDuIAykAn+Yj0C/6Xj/4HIuMHAlXbQ
+WTTT32sqZIkCPQQTAQoAJwUCV0/nawIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMB
+AAIeAQIXgAAKCRB7PDke/qk2JKLUD/9LfK6xbqipOS1P9zBc6jHFi5Ms4uli0CvD
+f+Cedns5b1NuGeqtc1gzaO5XGwhB+kFSnQ0StRgPFEeS2iAQ2s5mjdxjAMao8e1E
+pcDlr9ImlS6dUqVnIvPGszvsUdAG0KHL1eGWFPs8Tv0yGnO1s5MybDYfTwvwiSZU
+cnTYPyALth6fJFHiHv8TowEiCA8ssWPo+H2UZ5G5y8F/1GsrW954BRjqmPyX2Hek
+HqSQmeYr1tfLOqF6R1xFvhnol0cKLm8NtL8BNed/Dw+k00sKMQIIdgwJBATu/KaW
+kDFsvcpTs0mI4KAjFc7YdVUM7ayvvmsmeDxmUyhYNNWuAq0fDECuJbatUMI1fDXC
+Mu1h15qsuqDfZbh29beXhDeHsgvDlSyScIz13AG6VO1IdYMptBHRxGLJOwwJ0ASW
+UEJouXE0auIA2QITHofuT6QJ9kSdqOp6wO30me4ZNyDsONkBHf3ltFF1t/ir5A6j
+RhKZnTVCuvMeJctzjskHR6CfYAVOepNyY5IYlAw5+608Qg+KeZvUnNJ5lmMSiR1z
+8KTkfG82btyHV83vZtimyEAI8mNtX+geasGDFmbt5Nd2IdTEFhdbl1bxmWirN5qe
+aocWmT36FBMyCiSi6TPZ2qY7d7MTTg2dBXld39iU22yEazwhfMihrm34egO79z+s
+5x/aij+5kokCHAQQAQoABgUCWT6nlwAKCRBcWOEGIg0Dntw3D/0X9Auz8UBmgv0G
+WNdTZ+kwS2yLIdlhxiDuY5L1Gy4sK8dB23WpIO50d3fn3UPr6vA0+jx6Y1S37X6U
+v1a7lN6c105GvJKtfPHPRO0oh/NYH6MiSE3zTalwoN7PR+LPd2FGtDbJWY384tOW
+x4GcmV3C/qdCn+9j4cRjH9JMtqFPQqHpIDn5+0lcThprbPIvlRhMNxuXFBgh6eYU
+9mIQLWGubj8o+hrHpnZNBLxIenS0ZbL+IZeUENdPzxswwgnyAQYrrvxFay7DjsKT
+R5rShkhp1FxXeCc9fiMrPY11hOysVtDT2fkbPDgRLDqXt66kJrDhpxQb7JmxIUHl
+32Z9lYjHpyqM3MCvHyEOFdOsyt45yuVUU9ESkjP6qUJnafJDOpR/Oqd7VPHF5k7E
+OclGLrzSdrcgC6M7+94+n6ZICQwt97aswDvKoSC9niIsXTIOXUxyz3Huklk3pD0l
+s0nY2R8p82gWfHyqUbDggVxTii9c2luZDzEru5FJjQqx4SuXXX5IMXT6s7pqh6J0
+LKz65/4zatLX2RnBPcaznOKhDdDNPHyJ45uH4UaNDKrhwZFUHCje3OGaGldwwpmG
+z85AWp27ibixMLvwDhymYhJuUdvqcBFZiFk3AWxGC/E2+zR0RdvOuhvE6iR4+tFq
+1GEdCmEORB+y/0a+tVDVbOsijxOVd4kCPQQTAQoAJwIbAwULCQgHAwUVCgkICwUW
+AgMBAAIeAQIXgAUCWTHnRgUJA8MzWgAKCRB7PDke/qk2JLV7EACX9Y7MfSDdlapf
+xHwXcF0JwqRTVwCCjZuJZDdmjjFGajZRjqDMoUlI+nndeYSg4DpW6ceAaNGA05pi
+9FURSNl4zcDcIyDFuX1pdoZFuJkpAf/CKlsH7IvAnD01sYNM9OxJLm0BfhydVeYw
+6sVmOMxlM6g/KUFXEdMxY+ZZkfl0oomz4lZxvfRLSa+CsW5t+iGoRHF0ix/tbarj
+PJzEaOZIL6u5Qj6BJLNAjnm38CzI8CaITAvILCNIvjA2RHxIPj29RjRvEtABuFi2
+Bb/Xal1iV0EU8UTYj2UzRLM24uDeW28UFCbzzOkQ561CAIwnxARk19IqR3PnTvIq
+zJcPlIJUTToswG7RAW0DeDcEHdJIDiQkKO5X+FWJwJS28njN4Kb5x5JoEE6NowGu
+Dg5sRcBDRiufHJ01mIDhBVcEQEAxajJm82Q4CkLLmLU5l5ZN46XX6CnIOjl1y3et
+gABwXoON9BlYC85WCBZgbLg/Pv5f2hXJ72S4FApq/g1EVfZ2qmdnfwGITZYNRSVl
+M2qytRdt62qqNzUZg9UFwK5HsgxotVz5/LSaJL5C96/NVnZs8PnykELHSp4bZpNp
+MNngRr6V5UbXzCrQEK/yo45HLUWMni3VwbsWqPX/b57TdkRhbLwVSKbGA4xwhMQr
+iR3IMRZ/+PFS21xDKLL1tJSuTWqFQ7QmQ2hyaXN0aWFuIEJyYXVuZXIgPGJyYXVu
+ZXJAa2VybmVsLm9yZz6JAk4EEwEKADgCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
+F4AWIQRIgLjJvQ5RBvwHD097PDke/qk2JAUCXdvbVwAKCRB7PDke/qk2JLlCD/9j
+K7IompIIWxDvlD7DTQJY0TKTZ1y7K2Kl/4CEB6CKV9PSwbay3xIQnRngvK4JNZKP
+cKQKvcp9wAB3L+VaWhO5uctB33Yx3EEZattpSEOUKjQ8L8EkYBJwokUvmWeHvgrx
+2iUD2bzoNAm0JPrGkVs2JJc7uYoj8QGSNlkPDWWWlwmCqZvWNvwEeyOjN1n22+rZ
+wtviKg8bQtOqwKEi1QmXqSlds8Mmh6vcWLvf/AaYEL9Bnx1eohfwEzxbgkAAKRxr
+blMKIXgptsfZWmxkS5iuugMww7QYz745uh9feuuyA/bRPlrSeYZInnwgS/YFA0uq
+y940Ot+N+YcDAl2l+iWION5K19jgjal3CLDkpDPRUBVlCB9o8zK3ao8fvVSxenbA
+aZ3hILuD5m03rCYpdapqK6u93Tp0wW9YJcNE3ubnG0z75ACnR7oSxTPuf4K6Gs+a
+Jdv2gVlxkharcQvaZGvhO8LnooZ5nhOiFCJzmHSfqqAkB4Ku1jbtEDRtCGE8+KS2
+S+X5JcKeeQiI8FJhbNoqYtcGdzxlt9ckYMSHMRJVbqpUyPwLhkHRNA34fUQQfkmf
+p+elRWrAOKALqUFvVf75bunRSvXPG4A168MJwLaYFRKbGWufPJ7v3H6AJuljV9jb
+qLObaD3045XPjMivJnqO3jay5Ks+cJ8sPOxHDfuvbIkCVAQTAQoAPhYhBEiAuMm9
+DlEG/AcPT3s8OR7+qTYkBQJdGTbNAhsDBQkGiHchBQsJCAcDBRUKCQgLBRYCAwEA
+Ah4BAheAAAoJEHs8OR7+qTYkTSYP/2/ecZKxUamlX1hARtgdjIHAw/fdxUr0ds3B
+tXimju9KPGkV05fd7vl5TUf1T0GScpFyO0E/kpYhuK3UKovBQ8MplOBT64GNNHmy
+1HECHNQOU7Y8EAlfmx26QP13j22/faizf3e4O23DtN4gbNpOSBQzX8PV6zu+u7LB
+MwSbQZP8SG9lBKLDwXDs/bSb+4iD+SNEiwgKTRj8OQEKdKZup/AnlHmpJWPOZLTI
+c76QMt4eBcuGvCYFME24v+y7392Rn4S617MUqeaJ3cyQTYY86MdrHKxdtrXrQlqA
+n3Pp1tHHwZHAsJWuEAlPKylZUIL/G9eyBPL5tc3B1FIOR+I4AL8lNg0pg7gIUhzF
+yU8BP1t7Qu22HUaZ54t6cNsod7XnE1nzJl50n9w3KsXj+UHbyRi9ZHIIUmFa8oEi
+/w+3wdWwznGPRRTLHko15CPAudiC5Kp/lnusnCLpaCrIFSzOHbcLe6QKLRTv9IPu
+lyPsqwMvm9e6lf9xJavyXdqhmtMJUJ9NmWRhRfU2pCxTUSCOxDUNb7SHmNd4EVWI
+eNLSMB5PuJTwfx+IkXhwJHvI471+VrtIGZPXj0ar/XjhknDxbokJC0uPkhkuszMX
+AXVQ6Wjoz1bxqy81iREkOUKnPxxuGQg5t0AEzBvctrKMJuEfgzEiI6BBV9HprV9b
++k8WXsHwiQIzBBABCgAdFiEE+82oVY6d7ngrs6ofvO1h4EvvKrEFAl/IHq4ACgkQ
+vO1h4EvvKrFskhAAtUhrA5gTrhVFtV7f+uNXNwf/xFJM+2fOTaqGfNRB39u89Tej
+gHB0mVeLH4sIBv1X5YHDZuAc6kx4xT6DD1okfmgRbaFCC5JgyAixEZnyKVgozPK8
+P8+WLNmDVshJUZffxqGWzWXdSmgF0QYX+hbP/yYfSYbq1z73bh9fZYesyCZPOdYs
+HVUh1CfXX6HNDsKVpiszwjfjgiQ2ynFPzRDZ7n2FdyoOR8Z71yOa1jWlf/Z0opKF
+5LIWk3MRRrtIxHjLvOK2lvcrXxYP0f1mHe2+k6IVNLzRX1mUfEItAF0VB15TdNLe
+9pTahP+9X0iybKLez+gJGiLgk4iM4bLiuaMOF980EZMJyibuHzfCczikpLAPr3Bz
+ls3kO2vaFJctk4rcrXEyfeTnqds4FIl9D6L+EyHciHIa2KcztLMNgDu4560dLjvs
+qHKzjlXvEFKmIdRBC/RVdFehp/XlSA1Aiy4PUSUiJT9OgbTIqjJMmZECpIOA+zOG
+KeLpNIyLkCfmPen2zHEOYCAnmvFLHCKvNrAiRIDAaZPAAy7hwN/q3GmAePxkSvI8
+o6zeKeO8gq5xGBkDpub2o6MfHbgTimM4/n9uR3rZS5L8b8Qi4MPrUTWL4Z/6dUwT
+HPCQ/O5wLv0RMaFo7d/OvX2qQfP8ATyRllZU+KXfLvp+AX5q1Vb+EHDtYP6JATME
+EAEKAB0WIQRm0Dh9uF0yD4QIFm2xdc+pjxkq8gUCZTrVswAKCRCxdc+pjxkq8tBd
+B/wLi2tK3yNbowFR4oprwi4zBkA8qjYuNYmLGqW946xCQ1ziPEC60dkYk60b+eoB
+qSuwhgt7L9Zp78kQ2sKsoojxbZ8/7jTRmOGzwfj0LO/y87fK35uAl48yEeyx0L8z
+14fKzmJB3LgCEMa6P8ozA0osflU+zRWIzrtBkVtpqIa672D4lkVvQjSy/yILwngW
+Jk4Y/QSXudJx7Q7szlltzoo3CTDSsv8W6czhgBEloyq9yrWG9MvGRy5QArHmbJEy
+qi6VFTIMtGumVLtESkLEMBE2q+XjFZoS/gqzv7YP7u/SoWuzyustFjmpRV9fD+IX
+40qjJLSfoykg4de0SfIvXtaWuQINBFdP52sBEACrmefWFd6G8Ml25aK9qQLHn79C
+bZOAANqXxqLx3//WaFlgprjyARQzlA+y15KoStx4stS0b8EDrh/l8TwDskfqQVAt
+jfNkapkq5OMCBTgT+4FvC4pB6sOPBKIG/1ZBvYTWC5f2ud7JcljvFeo0LsgSk1g1
+rPrXJCyRPzR413iUKHm/TsD95yTpFiC7SJZvlswPga+WJXjaVyVMe6h/ZsZsldQD
+Rl23hxj8juO8cX5TEyxFVNEA1ov8uhdoSsYeMAt8EWjetm4GOfJKEPh+6evv7ArX
+/s79BBADavA4IgeeaDGphR+3GbC4fNUDsQFUF1ykzKQP339x93Ksz01c5Ec99TIN
+k+XxQ8RrkaUw+Lu9rHKSqHNPOB8gquk4exowH/WJSiw6/A9igTmNOLpjjncJwkHS
+mNbmq6kA3xyhrTYLnLABKEXKkWyAkPD3QEVJjyuczg8EVsRzqKbuXDRkFEKW+5di
+qEbL01iGZiiERVzhFc5RI3X+lCFHzgSPLKTyycpe1+hV1g4mQwZ9FCt8JT+YtTTi
+RRngw2+/gLXd6bLQXsF7bgAvdJ46sWC0sEBdxCz/4+gVBmSOF9CppPzmj5Ido4pE
+Km9PSUl10QmCdQ5pXeKuKqd0efHe7N5yb9MnlVshEntS3w4PSZ5vOCUfzL/aD/Tl
+apUTzJzedFvyejTlaQARAQABiQI2BBgBCgAgAhsMFiEESIC4yb0OUQb8Bw9Pezw5
+Hv6pNiQFAl3b2zYACgkQezw5Hv6pNiSP6xAAwxTrSZE7FouZKJNk1LSAQwYTaPNr
+5TUaLng4WaaSwc4IAGdAusZKIv3b2tqhv/fmdk3/O5OAW+JLx9K+OHXLtapmD2Ou
+wRx4P7LUbX+nOEF8g5xIAZYmqfDGgvoWuAo9Nxp6D4nfVOKzW2PL5+HbRohoLU3q
+uncl7XvtJmEGeK4PoQJ8eIr3EC8cssQCpJi7i3jcz+RDbV2aY23wudpL+mH0zLc+
+8vSUW9CdQBctFNME/51yEx8ct2TURO4co4iiKKLq4upJWw5yJ3sBZW+wEEwYnCLk
+1ItlrVPXOCuJFuqefWbmbzMukFuI7UFZxohrkHR/uYIyL+W67nATHSRS97xHh2Ee
+6Osh8gTzNgX0jPTN3+xACbahsOXreg9iExWrpNhCP9GBJkojQSjRY5/F9yaqNNef
+pMMq5AXnxf/1A9dmU7bNqONjkn/zw7Yj5fbAyAZIqqBdVkdqo5fxNmWq/fMOawtk
+Kc+h+q7TA/hyKz13QLEQciXFmY7AtysEAKi9gGrJtwJhfHWcTNvWVIBfUfs1s5zX
+yPpyYOWO5V6ccH9soBExyUb6NjFVGtGFMYnBmwynIsIUoghKl+P4BLCWPOMfl9bZ
+wSMcS3GXG2QqaGnKO20X1YZCci8SmX5OpHIMCalKFmibmrOtu5US1H9wOs4ht0U8
+WZ0AUdObF4t12Su5Ag0EV0/tswEQAOjK5IAk/BvEsQKDH0Vl6aEStKr7WTZp9igu
+T5XTW0YTqx/Re3/UPmknfQsNnj9J2lJWBpPfbXl4DbTkYZtMqEzxS+O0RiZv5MZW
+6vVdb/AMw0bX/sxiLFEBz3E35u3wNlCDfP/FypH2hbw9PoKsXVbzo6uUHE6KDIqe
+wMYWpx1hFXJ6zhqTVn7Q/WukbL4PqnzTTNz6Kah5EuEhZvtDsuV0BCOBh/8ZwMgZ
+WxfSFUnaNuNQxfbaJLmAXCf37myDQW1Sy7d8mOYIVDeEMpnXy7Lza0jYyJkMedaT
+OecRTVm6KfHaiue7ioTFLXWNX/Wvx4ucSFOytRCgSo4Wt9HmY7sCDxYRjuaJfXRk
+S5+bJIjzV6mAJGPZKYJm5zjXZuwKQ/U5wB/StVz6ubtPOQl7n84Rgjuu6i+TqLvW
+rDSZlTqGylr/Kj41sQRRDi7n6HdmEVkqDoBW1LpDzG5WAmoeNCaPQpfaG8BU2u49
+Xfe4b9B1U2QkUtFxJWRWUa+z0F5OD78Dq5mWA5bO98DiKY9RyvvryXbZaF1jYJni
+D1NYde910zKmLpkQEuJSTdYBIIAT5aGkgeos7SaouWJwvQbH+OyKEWhsxqVjyJh3
+8/nEe1XORkomfF9GHYe5aRUyjavnsdNpW6XB8hgSNdhLkTuW+7OVx+FfXGaZwrxw
+laAWGyO1ABEBAAGJBFUEGAEKACACGwIWIQRIgLjJvQ5RBvwHD097PDke/qk2JAUC
+XdvbSgIpwV0gBBkBCgAGBQJXT+2zAAoJEI6wVtU+7LEt9RUP/A+8kAM9AxGSiu7Q
+q3hwRrMSwXlU5GORI2p4OQQFwR/XuGf91P5b4PUjKSG2QHQI0J43HDhG8u2/eL4Q
+5igld9afuJAzu5OsO4n4412wdhNgh+4gkH4ahMohYVM6KN6dDwzEOSLw7Zv6z+pq
+IesDco3ZPswSydMjXm5PDnQxQIOm5QhRMszcv7A1O0Y0q/XkO8c0JsHdk4clGd5K
+hge0CIjVrIYoV39/f0KKbtOSIl3DVuCuVDP78lwBPXU8qvSCEzit3hwM8z5qy+1Y
+c73kQ3HWkVlKnbxI+5r2HS9q3thEEk3VNcRazTx/84C8BoAi5hShvjPNnW6hhNmw
+awWb1ps9/UkUVy4uUKIpqGzmpu/rG7BtRBFbtWuXE4gY+s/LzWO2oLi1c3x9pQw3
+nJjmUOzyCFjD7Eh9Hi73SksfELAjTJMAKqDPA+uTzL+++9OYnhSNN7Vq/4nxSxaZ
+4k64LQgEei6n8yP67DwwPX01L2htVWxyqdGmtBpKZx3Y16i8j8n5I5u9ib5ncXwr
+oYtOLgIYacXDEN3dTV/22J9cvhKov7GnirSiLb2JRbySFMhkbr6lJ08jsrmsmczr
++sKA0rqNDv147HYZqqNIzJcRDbsFhpTyK7L6l8NZuxmm0QdFqH46E3LwlBihkLEL
+MCp+dfp1qDfhkFPXnSloFcWWcHyxCRB7PDke/qk2JMhwEAC1wBV336wPItKAWIPk
+sHE7KYsOTbQkfj0lwlbwOi8pP10J/nams9r/nLnp9iXhssyI6CnONViE+eYG/9i6
+BBNXE8n1bp5eXgaMr5eSfkzrhQyoHIaZuUa0TzbMx91gdXnHLjpyW3YrD5kXrUjd
+Prgi6Oqcdk+FBGOj6mERmBVl/5k2apvERVZ1e3/Uk/6MPNKZb+0VSf0CLh3wgaNW
+gh/QYXiE2c4WavNIfiK/QPPtc1EsyZNOKuf0whktJuME/wxqlPFL+mlEsymQZGH6
+wanUNZqHeQOLQTMTdsXv7kTD77XJY/7kZLVeGqVFz/qybVWTRsiCeKN00arbUKbJ
+Wl89Mxi928Hrde3C/JhsoAKoqcRFixAVF15IlxjYzKzBUjs34Lun1DalAxAwUnuk
+EoFpNh2Qyvc5Li7TLX1cizpCd7NBUR3F+IticpDwcJXeTVl+ThuCwMBeIBVNCAB3
+SkLnZ2DRoe4eyzMb3aUbmepOoZmUpT+xPBNtolZ33jyLccXict+1tnyYQS0MOF7/
+ycNPnDfNxCbrvgbYIJO0pi6HOahVQI0wvjRNeVY1cWI+Ky23DOnVxtGOgI0on4/u
+qNijjozFLmpnBS6IsLWVKl0dzwKNZR5C0XAMcTqtysBYD1TeR6uAetKxBFfRuqaP
+2JIbWB8Y1PajIOAX3dq87syYh7gzBF0cbd0WCSsGAQQB2kcPAQEHQFjCyFrAlrll
+Pnw1Bab1E/ahFMsCTNnID1zULk3xTWh9iQKtBBgBCgAgFiEESIC4yb0OUQb8Bw9P
+ezw5Hv6pNiQFAl0cbd0CGwIAgQkQezw5Hv6pNiR2IAQZFgoAHRYhBECHNFcepwx4
+szJpKJHGG8BleNyiBQJdHG3dAAoJEJHGG8BleNyiLrIA/i/UTZeLfdm9veVE4pk0
+62WKxHi8hcsaFebKOSWt8wv8AQD0Q+gDW6u8ZO7OaASqjtryMSlm2YinvilVX4mO
+rXZAClM/EAC1CeoicAXoqj4uTJgfln5zjC54urC8ewq57YSOYHuMoDaM3xEdKAYl
+SV4AQjIMVu49jAGR+B02JxdjC2puV7MFAyCK84dYlCVJB8GsmhGHui6xo/Gert4I
+1kKlBTdDPhZ1YgIAlWTea9Gg6D7DZjRPYzvBz8F+2kx4oPZslVuxuRvfafgEKhpV
+zV78IPrG6LPOA7zjWZkLxfM6UkGvUK977GoR76Yg8ajQtMBnJ9sUKFHunnZ64XUc
+CLbyWRE0O5TQf8MxgPXb+DIbaHa+0i8+68BC/b5jlY1mZ7yOH8j0yXCMS/oZdXNI
+BfHC+gIu11YfzdpX/hA+uu32CAI4A+IQg+xZ2KkIsRFYsqR+Vl1a6v2sDAuK0H8v
+gZzLkYeB3zmhh/seh13dxGCxP0tTMJxKBYqoumZrr+BRVB15/tDwwTMxAbHnHq6B
+Li5cKsWQwQZW1M986LfPTJAzAsW1Z3ihx741BJXi1/yh/TXN/5LKiHgvpkvlOtL0
+58mVrnJB+zN0VPZsfc9J5V4ePDlMrWxgElJetbi74P+nunHtys4yLXt7ydP+XQMY
+s5kwl86WyObs9zsuBkm7lUlh1M34WKfdvgHI+XgOZuJ8DUv/xxbjA8xdUZSb8ZjY
+jOFg54BSpZ6WPFhDop+nDirg1fKYQMzQZS7jpLFcB4DAKLgLuxfJyJkCDQRhvJjq
+ARAA3olV3okBlcnV3+if1aVY4fS9kPHawvHrItM6zBjtO0xMSfgP7odcCw3wK0Fo
+ZKCqqEqWxMp2Ml7m7mdVSA7VetVY4JZtvLglbljwZNQKEC3unqxDZHf2+iBSdPjs
+BaqjdP9Hq6s0zGgDO64RPt7eFLqotg9ufVFWUUV5JXeADM7ZGFcStnT0DoXXWUjf
+nYnRv6VQz96ubfWy6TmHfAy963iIKBbL3ym5m0xVPspk9T4HXfhb64NV7O5S/JfD
+9LvZa5u2EmiZJNJqlKKBNOaHP8nl1iSrp/BKkEcjEJpC/5y85RcfKyo5atXzIjig
+xWMwwBsmnO1wxhiGHjTwa0sbuV1YEX8sIKAGcxCOHEdGbzKTu3BtKvg1mdJhbwMW
+eZBN4DYE29mDOfT2kvOlrtBPuFgG7v+tJnL/5ZUQHeyS3L0HCYytEfwYDyLo35AH
+lNOk86lSnm/fgyeY5c0ZLYUTjvyvUTyTMAwDUX5Jh2aEkF7gDlij9igvLoezf18t
+DSj+8Z3313iNOPeF4OLgo0UTsNx+2WZwIskWDPndHGBUReEO5/YculJsG+sqxcYT
++IEQjfh2xNkOTreDrGlPSq3M5lxm425vPKOVA5h0xgLLHZhFhvyBT7ObSYv08IV1
+QS8UFgg3xypd/ywm9l3dCFkLPVv/LzGmcWJdMep7kjhNaxcAEQEAAbQiSWtlciBQ
+ZWRyb3NhIDxpcGVkcm9zYUByZWRoYXQuY29tPokCUgQTAQgAPBYhBE6A70nHmHtt
+4vgfUAUHnGw6ZT5XBQJhvJjqAhsDBQsJCAcCAyICAQYVCgkICwIEFgIDAQIeBwIX
+gAAKCRAFB5xsOmU+V3xmD/9oyCjdkLStPpTZbZcDxIyjg0cSIZ5Rmp8d75hZHEIO
+ulaMVdehYQLbl7jTH0V2Sw4/pMtGmMXaSP3RgY7LBVrBbpvRwF8I1hd1e9bT5Z3m
+CUfhKAsF9PKlA4aLjg09Y5e49GaBdmDqGWd9iug2ef2Y8Nf1gYew5nVIoPYUDDBP
+tgOn1A+qEURjA2s+2uQnvoqgpE6nG6sGfmJHmx6M6a5ufDR/HVCK3xZ/ZAiwKjUY
+xrOKEEwYwVhJeBAvsrAhkfWOFFg4b5EG34KscirYbf34gkxMGEktrcPSTsUwiDbi
+OPWpyI5Yxk6xZirzc9V4BlIlPGONmSL6aVb4kxxD2B0OhAm4BPbyhuK9UL4NxS6L
+NMqnLsDp/8NQ7SMbwv9/7TZYf2bQlnXzOGUbcbuCdaqh547EXA2z7BbyX+YEDWd7
+1amh/OBPjfBsE7eIlx/XObPI++4Uau0YycAsuLf/8qtzrd/L89SIh+MNgycp0lYW
+e+XOv1HAwnVPW3Fnw3278kX0xKrA2fTN+jPNq/i+DM7o/kPcwqbmkU2nz2bgdNmL
+fe5yJNOlccXoX3yY40U6ZbfKDJSC5Ml965YTJ50JU8rHUy96xBv12odOaz7iy0kc
+KPCqwiF61W1yvWEs6mCehHVJjqb24kCL/EplplciD7O2bYHnzPgVllnK13hzcvSP
+hYkBMwQQAQoAHRYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJlOtXEAAoJELF1z6mP
+GSryNNUH/Al50z7JniH+eOqlBp14lW3cMUfDJNww0GeWih5gjtyrKpcuU9CaMiQs
+nEfO9823qOB6fcUX7YqCbxR6PeZf/Wlu2zEgh+myZRmZuPu2V7M3PAqu+WApDvfn
+ut8UxW5m/uekzKCC8MgYEc6cB03ZB6b2X/5maJ7LzpIajODlP1avAk3kJbjcqa/3
+daD4nUf2/FjzG7HmhjpoTdxKIFMjhWrG59yQrRE2E6dBXlSb61b5zYoe5UKtireM
++lrBvsH9ubCKDKgv/4Oe/cA1++CdaXyIjiljBxHlBdJiiTiNs/PoA1kZO2Uj098x
+XYVNRS0TW4k0+21hI+amiZRC4R7NZtm5Ag0EYbyY6gEQAKRvDhdllEKeSVnot9dx
+o6GSyAcMsBkbRnY3GVUW+Org8sOvjdTTItNOTK6FpMkwuQN3FK/iLkGAM6MerCFo
+WrnvAi4frEqUtHmn/rSYEJG/NcvLwwUxuBYdxZirm+QxmZoM1Ycy0oHxQrYJzaeQ
+bo1Yo8DZh0iNmjala3K9Rhbjnn5qYbxuOLsjx3cOTKL1DC9gFJpIkBeOOYK0k/NU
+cKaDSxyATbGVndB0FPNQlwd2Ylc7laA5qXDLSupaoN54vR3+ztp1KCY+q1thpXMx
+ZCnqXe/yeQYiI1aKQEMzv0w0AKt4F8OePascAZ748eosPDIVo9FUDgXtLig1Wt6x
+NO8o9VBdt6uyqDWAoa+veJwfGU1ZPFXtZWpjQ0gCSWcJNXZrW/GgPH/W/HT8CnUf
+lxPZZHX4mHjPIpmbJcdyiR/GZ8myfhDdebSABqsaRxJZa13wcb1IgRrNySEMvNR+
+W6XB1E44RUHoDJq/eR8/8uWK62zG+K3lIPJOA1CwHG1NDCgiWmh3t7TOZEVqx9QT
+PAgcAyPI2dW6Z/XesbRRuk9BURomO7vxe8MwR8KC2eZ31iZ2aEDzYORnj0cubgZd
+3ZOgOXoy/ehz/68vQ7XSqUeOLI7uF/eDMb3QV4A0I4KtK548roRS8aYh9rux+MZX
+2gdieD9ernMVFKkXfW1V7E/NABEBAAGJAjYEGAEIACAWIQROgO9Jx5h7beL4H1AF
+B5xsOmU+VwUCYbyY6gIbDAAKCRAFB5xsOmU+V0B1D/44y9sQKrqVsC0TlrxVcF/D
+OQC7d5putf49kYUo9wj8r+3PwNLTpQDOz5hR/Cht1WU94gUmLD4v149tEtK+f8mj
+84KkUAnXxNSlgxdPzUbPhVT/bMhmC+XrYHToECLCKZULgdsLnWKcScY/7VwnBaVZ
+Yq6G1z4ykcnuNG7oqKULIdEQM1KMdVAFwbqYagPGfrt78n0KL63kTG/NPBqlkbqn
+0LYnkncjnQh0DCfO2Dq6+VbrBrV8nBvNFsbo+ZvlRsi3r5lzxG3FeO5yKmPqTqmD
+/Odp8xIpSrowZBDwHPpFlFd7sGFsuJy7t8Rb0skgaAZ0/s7RNsrMc4ATTcq0y/4o
+Xwqyv7lHQZx1q/1n/N+BUBkJtoNshzGp+V7CwiVLuT+DIjmOhXpGoeI10pDpjGSd
+GSuOOKj+Ses7HGXCydwDXRz3lvFOhMvNVLYEnaBdERZ4kxW77U/t763QhEGVK9jf
+O3xTKeMoDIqWYLVzayPNdEETi8SQhRPmQp9vE+Mmc3IlVe39b0ZuUPlVA9rRXkGy
+SalLDKqLOLplNqTaLEMhNluZjIY5WUItPmWo44hGbPqZVWdSUhL4Gd6/smoBTgKy
+vGcgs7C/buGRYaJkDVCrJEitNc241r+P5kncUu1PnIrTShbA7oavT8HOOMfGmhE9
+BbZpiZkX8c0EhJHM5EeADJkBDQRPqCmUAQgAs+VspRgK/norWY7kooM0fst9FtxP
+oJFNA0jZQQd1paKzrZszF/Rdnfs/qMybns+DT6sH0OcthMSkmy/Ita8GJhMWSM0w
+6ZtUOjd4Rvry28cG627Ck6lvaz4l64lOckcLr1SZeDTlOk/z2rt/1Q/IhTe1OJla
+TRVT5QfLwrwyftO2dMSB/TF3vLmhERt79hC+zL/C+cNOVxHrk0/wiYsOjXc8I2XN
+RcplaBY57XrZfB2ifuSQgdspQG58P8GSRzkYLC8WYTi+v86yURvBr44AftZfIs4J
+eJ9Azqo8sqECGSfpn7h0dOsA6sLz+RfUWagofDHeIWLo6KeWtASnwMy33QARAQAB
+tCBTZXJnZSBIYWxseW4gPHNlcmdlaEBrZXJuZWwub3JnPokBTgQTAQoAOBYhBGbQ
+OH24XTIPhAgWbbF1z6mPGSryBQJdq9HdAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4B
+AheAAAoJELF1z6mPGSryDJwIAIk6S5V7s8g+AvvSP8ggPTfwaiuN45zHyTpfysue
+r4Cf1m6xSS7jt8LmzJUSw947qwukitoNE6coMqF9jI8GVU+tEqt2XICIe9cslh4b
+WdvTblIirCp2o2/SJT/gDNVdIPacuNWHQ1JgLgv+XK6sivvLtQlawf4rOxMpuffI
+CJfZ8hr2ma84IxtXEQo832VPKURvlTzK+V5WvKwygWZfi3LrFfdHgFGtBPylRUuT
+dXUOhynJGFz0gTdwyh2cvqimtZOw6tAp5E40Jo2jLt4+bHTl4OEFH4Qh3iwxQLWn
+TXT9OCOoOSmUbwuOF3UNQG8RTC8jm4QrKv0MUof52KyrMNKJAjMEEAEIAB0WIQRb
+YSZeLE80TUMdz+keRBCkAkvG8AUCX3Is7wAKCRAeRBCkAkvG8GIhD/wMdAEJn14m
+0IsRZB/ALeHbEjrS/ZMs50iXw4O/quOwbYwig68fnnF9topX4wTcpqGaPzeiWA2z
+oe2epxwtdCK4LhiMTP2J6UeWsQPuVVbhL3NcfUg8gcPTGXAvUJBddAJiEs74Cdjj
+yZR+7gj6wb67I8u1rj5/+pfdbVBnpv4k4XHKINSMTRyw1pglCNPYQ/rcUzcn+Lyb
+5Bj+zpqsMvg8BclnVrQ2JjIP5kZFJ1N/IGdFKj5WCFFbo2YxsvTEBsLXxbXxAH6d
+BF67sNSi3IbC2tDyGlnPkapJpZOS/hjKtKgHSTFJnh2Wcd4ymEBXqPzyPvt3yYNZ
+A9J3MMdLEOEmimaIlPKAe5k942MK8/tnCbJ0tO34Q7u7S6t5qjcyUrseXICb5QjN
+TdNZUHLhcpfT2gjYWv89UKYhXbQODDOGtkHFDxHH4ed9v7YX5zODT9yBJtBF0hrO
+dV4ezTSC8e2EWd1eMX6r4BGj7Ovtr7BD+krGfonMGpJcyofyNSZ4twmRbbIgTtYQ
+kTusiCpb0AqusLWWu0DGWuuX7xEqCzP3UWUTDaoFKdShYTJ3aXp0CQwChu8PUnSg
+5F8e1hqwVA1QW5vLTddxaFj5mzJpjT63jENixFzfR3p7WFcWV3Ft6uyp0grlhnNJ
+cTPYw8BOlv2ZvOHbCwHZTyXaHir+H54aGYkBMwQTAQoAHRYhBA5ykGENL23E1l6p
+IZoxTsX0cKCsBQJfcjK2AAoJEJoxTsX0cKCsEn4H+wfjmjDrUJLDvPOfPUwd5j+L
+TIOHxUpmsnpyx0UabJYMh39lZ8KtP/KoUeCmGqUN7yAsteCoQgoVrD1dVNB+OHkd
+EexVR6Ftsbf0ArRbMaAbz8zXCxW3OQlDfuxX+Mm78EkWDQcGJLYl0UDh3npYv4ud
++PpDZEKPc2LJ9no+3Ymi4PMd+VFfdwZplm+2iVY9Z62eTY+wcwYmpJFpQI/am+8X
+ku5XML4HDj/KhKT4dRUYC3kftlo7ngKzUzUucN1/eORB1ouprcyi4hzAvE9JP/Vp
+pj4invi1rnUa2WsxYWoq7dfHZTLZuWi1O+Yg7n25UJ2gDBnzZZMKQsPI8MKMfnOJ
+AjMEEAEIAB0WIQRxAKrfrm5ulA0uCtZV5Fpa6Mp8igUCX3JhnwAKCRBV5Fpa6Mp8
+ioNMD/9sHi4GCM1LwbO1gKVN2vybkkUqEOYslJOEzfFA9qV0eH+Rv7wyJMRDC7BY
+0FSUjmcq7CZUurN9jnOCrr61Ra4xUqpLi2wNOn1MYoV6M3R+4X6klZdZ2SH7QqNW
+OOz5kTclufZqoYtzpHlyWYZDCy/4Oex7/a5Sj4vLo290o0pbWitExY0+CHa0FTYI
+rd88PInPq6EtvKx8Jl5suzF4FcBWNHeE4OUl9yoI7ohivn4W7+fSwaTNrlMEkNkN
+CG8i7lJFStywZkJiEkdpU9ITbFfF6+nS/xBfPnvTvKccCNN4ueoZLQl6wYsG4A4m
+MSXGj8m+zcNijWNsbSHm0MTIHWNNjy4gCVTWImTy69UaOKdJCAoW43T2qc6FWqAa
+TAVpupSlSDB9FJ587Hbj4KWfmAQWEsFJBZn3unBX/iYOI0jSKBU4RM7puSc8NYK2
+tVrveiq75xEgX7hFD10HAXwkOijVa3TmP0jDx7fTAD2qLxEvm1zUvP5O/8uV7c79
+/ZejOqPMQoRG2ByDRiYFsYU7RovjVUMg+kNqWgz57d4R10H6w6v/K+c0GdPjTt2s
+vg2U8h+eBdd2BpWHk/j1jIG4dVDn2QAz/5F6UzLwC7DEz2a7x39/9UazyGvWkS/A
+t0+muosc9J/jFV+F6GFkdTXAe08StX6BcJ5G1sT736QOWgmddLQsU2VyZ2UgSGFs
+bHluIChrZXJuZWwub3JnKSA8c2VyZ2VAaGFsbHluLmNvbT6JATgEEwECACIFAk+o
+KZQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELF1z6mPGSryYfEIAJvi
+OHYwzXjnHWrsbQQ75rJq2wQ4NlM5FRljskufCXtIz/DUpKKT3aqG3y7ywtEwl4eP
+ofJmLbC0O5bZF9blgSSCV02zzGdeUosAJsxumYHVi9CRHWsiAaNMX8gif9vePqz/
+iY/caPS4w4gBXJK8vLwvxToI4CZDwIlMkMov//3HQ5v5OKfeqbA1rnsGI74vUw9Z
+t/Sqgudz5bY65693OqeRRWU6tOH8zo4HkFew26Ydh80qAn1R7ALnk68zwfXj8vdy
+R9f05dEqbg/4thZWcjWC/FrnQOjcTwKu5DnUCE937a1MPzt4t1FCYUHrqcLN99uz
+GuOD42o9/S+JAa2HWheJAhwEEAECAAYFAk+osZwACgkQiXL039xtwCY5Jw//c1Zy
+lG+Q52S5qZUwnQABUzLtiPmXw8qfaLZSzoneAFXKO1I8LWAPfqpAYutkAvanDaCJ
+rokq8GRIQm+IXqXE2VObG3wWfwxSJt8t7AMa6Ak4ghFB+S0ucUQY6YbbjPYqtfvo
+uF/eji4F1Wwt1z2o8Zr98Vd67XChwPWG+ipkgy/qZA/taoN42GaqV8pIIOQuFPMq
+Z5T8rgQGNMlMUUahd6x5sRfq6N9ZkXqpgCAFHdD4MChaxKdRqSXRsnia4i/vMs57
+bYob0cuzqKJExXORymeqhBo05eKQ89vBUKC+0CA3j6EU0E3H3GgNrBb1vuD76Oj6
+xOJrS+J11Ync567FOLIycIfFNPVyUP+3LzZkOFreV2kuQYC0ZEiqe6LRp6eejR22
+i/s6PS+6edI9qevPCJpW+RU6kAR2OqWXzBy90D5N3lF3GpCc97skuA5U1ZpV4aXx
+5aC9bGPZ9/YqisKW/CLVSZMW+n/HqgCZNR9wqAARDEixkEM9wwJ9JahiBs85vR/d
+LocognD6ttc8DdqV4aB3z3dAQW+ObvhK8ieSX1BRKXkcN0BR1Ba3cmPHvyDWJ3LV
+DmgoRbI73eVb/wOzlxM5JaeMgg+2KP9nentpt270ipFP7ew8MrKsMJFsdXlT0DeH
+kfy8XXWfXCBf/QtH93qT/zBqStnXxw9MsbXtTn6JAhwEEAECAAYFAk+orvsACgkQ
+T/vk6S796nK6ug//fkS1BR8g4K54Y8AWZTeO54d+t3KUMLhRayFotUgp0a5L2LR2
+AO0FZz8P1mv+hSjuIACeMyiYOEQcsPPhIZOy8oVqgGqrNn0BMSxwbZktq0o9o9s7
+Sijau6BB30x1yKxRqmKARgUvfLlXSK47bH7loachaI0HCwpgBqGTArSSVnUTkeSm
+Q2wpO32a46ulv8WMUJvCPMsJkMmKKvcjnam/vGj/O9f2uUw8Z2zgLjm8QpKPrhu3
+ypvBcbwxpABQtE51+nMsMI5iHLCFWI2Rnw+ZaaeEusuqVmde7O+90kiRd8YkNOB2
+wb9/B7X2T2T6H4qM9gwMfn2UuYpWQgX9W2aSFCSwWiqJ58Wt0vBJcZ4mtsIwDEmO
+5g7NU0opZJMEMqxC6iiEAX8kLSnrYvKklsY4ZAWhxEMA+ama+QdWuewG4CwxY2mu
+JbLdX3IB2wT2P+Y5KodXRDpGSQAreWBmhzrnKnimW2FlAQ7W3XdFDJfAl9E683FI
+OUmBFRShUG3WIf37NHCigAMbUOd0BFPPl3F+lDPFBySQErou6OevtiCRAgipu6/F
+KovBPdxiVA7G4o9RnfkZdq4wVmuD/4YVGBt/LWVIZ4PeaJYLuP8dQXx4oaxynfCy
+52984GLUZeWdgDQ3FGJ8nuIG5HiCtGz2qGfu4qIm8342i7f/zRad+ojXynyJAhwE
+EAECAAYFAk+orzYACgkQdYDO68uIsItioxAAmv81Qt0JtszYCruJTvxCxTWR4ynq
+GPpbBC290wMjuynd9s4GGWv0BH6vRkxn30ILvFtYzYb4RVatzoRVrAuM5dc54xhi
+DWFsdlIiBr7uGIeyxyLULgf8T6i9q5chRIu+dTHOx2EF7/gSF1OcujZ48gM7r9Id
+C0M3JmiSi+lpCVLcQctFMQO5d2k/traRGlOpZDF7AS6aXPR6hl3zZXecEdgh6sCB
+hZbvkkoJgAyuAGTENdUp1ESwcwFvkc+LveCWXr0z0Md7FiTZTjXn+klWegePWGey
+G1GTFQ0GWcEkFFq44CjL9kI1uI4rRn6sZ8FN3oM0QEm6SFaF7LYZABi8kAMHMqvy
+v7LpsDiQQPp4d4fhyyfPCqGB6oWLJ5SXUS6OJW1yL154YLZ1k9otbWIg+7Le39ec
+59QbuHnYSLVyu7p+yJ9zakRzo8AmziTpTHzrHQ8RO+UX32wxyB0bjYUkWtbUM77O
+R64nD6cPhwvOrCsIasmGtc76RcizeHZ+JqgDb5hACi/rNSh/b2XBqYoSScAE0YFS
+/cEK0xOwnMJk6VkVRbB7UC41AlSzfVHRatbyiX4EnCqQdj3S7dzz+PNJXEpaUw+Z
+4Hk6KQ8ns6RdWxMzHVV0RJhTf9lL0qakCSClXLXnp3lrvoxojBm/7EvAzEYRLMfX
+FiYEpIk4gCHEJJWJAhwEEAECAAYFAk+tiG4ACgkQeiPkZtSiuB5CWw//eaaF7e6a
+EnJoE66dE9U7LJ3OG2ywFc7kLKW5ke2j6HZ526eFOmuGyMG/jcMR8W+N7bSYdS6V
+WMVfcczTcEoofSv4IJAo8x/bU3pXJZI2KpdMxJHyQaCCsta+nLBHcwzDE7jj2DU7
+Q01PwMeBEcAUxf1/Bo50uUkN4JwZqca8V8AtvvTUcxDwjcPjFD4KACacEqq5qDVX
+diN/TMyqNfSwGSieOb0GOYX3rj55/kaXJ0bY3MBVKmpK9ps4qRXRUBmU7Y22GBGq
+UV0svI776dJOXAq3lPnMUU/Z1X8kh1wReMkh6qSKKpKN/kLajyyPvgucLoKGIiS/
+21QdOfDMc8VpuiihoI3AHutqkLEzV6DxK6f2eid0xnccLiHCYxFUSpDWhUW/60gW
+MNS/6nVt6hFQQdtpdepX2tT3XdyIaUB1RkJynXmwrvgQFvnoBfElC4C5wT2So+q4
+SPc/YDoB8s1yRsz6CJPfvzvw9t8PaVJrpjj+bOixnExRpLpht04yWrf0o1EAu5pR
+Azv6zsyd9Zi3ZoF7b6UnLdwUVGbD46nMN3mEzCapdj5KRzPjK5Y7ZuPM/N/eLweR
+b+jK0Q6acF0gTEssaGdQoLMewCljwVnlTEDuX8W5QZin8jneHnuFHVbC/ao6LH5H
+9tv5nsoNTP8lB/amx33zDZAJq1uYdi2MaomJAjMEEAEIAB0WIQRbYSZeLE80TUMd
+z+keRBCkAkvG8AUCX3Is9gAKCRAeRBCkAkvG8HurD/9ARchNSllXCY0eIh90Cs68
+c6ELp0my1Bq2/Yvk68EA9VRExrvCs3GfgUqHf5mGmKt/a+TR3M6z4JpZB4Gf6k7v
+bn7wXUj4k26U1PHp6Imbxtj2coxetujFs3pY85+cCo8WaP+PrEXfXc2U5esRuDeX
+K3LXK4lpZTt8w5q7JzUAUxOAF5gpzgoG7hYQPDQrp/zcl7GK07uZyl4nLcEfFYch
+/x3TC+1Uant0rCyH28gevzPvB+/wmMwQqJGRIBZhcAtIMbeK2z+SpAcWVDySyEqR
+nGDu7VzLl6v70a7BxZVJwXeTFvJihddnJ5MvWBSHltG18TD3MvLXT5wyPi0hoLee
+Ucww71oXqELApD3+J6qd2biy+V2oV70RLA2VMmtN318jqIh6rJKnbvSo6CoiTFtG
+SmLUmf1LzG+Sen28PcUemBvnyyDWbnnurD/th5OJ/K2S4NpncSof53JVxNMhctjv
+oywIs95jL81cRylAnoAJ+Tf5d3nLrZlqznYzDfA59tYsIFsQhnrl1JLMCsjplp1d
+4VTY5Sh6tsfaumm65OlsdnbiaKwW7QCo3i2kpl6/OQUuJY81dCPIOD/6pgvurhTS
+Neur83i5W2hnDXjSWg7bgmfbrfWA/Gx9yBL4nM1t58+yERG2VdLdu+9WpalKJmWx
+UuOpMjBLOjEOiEUMmw9+jIkBMwQTAQoAHRYhBA5ykGENL23E1l6pIZoxTsX0cKCs
+BQJfcjK2AAoJEJoxTsX0cKCs8ZgIALGZDrdngJN29M/7HgzBKrPDFWk/U7dZ1pDd
+iY9o+57PXRSyjoW4gbIZHvOqwKVlcTGVk/YqPKiWY+lfbjTHPYOro2hCEs82LiPp
+pcJtjMn4Putm92hPAvpvO4y3FJOewQexbL9FWWSRs/3caQlMhm7zaiB18eIq8IZz
+ehjAZ2x61EEG93qxnmqtPxDPbpkN6Mou9+BGJkSl5AgTKJ+WLBLd6ScmWS3uEts8
+T1EGdEIfOwyYm+IIhhToMLCmN+lSPnJR4d2meVwKBkfBRfeXD/7298e3ApTMnS6I
+DtC0vIMu2wUKcScGoR9tNTNjZySbQOIPoM4G44fj6i8t81v3CuqJAjMEEAEIAB0W
+IQRxAKrfrm5ulA0uCtZV5Fpa6Mp8igUCX3JhowAKCRBV5Fpa6Mp8iiH8D/9DAk5r
+za7FTMX/TekT9W6XjfP2SSN5eAilRjNlNXA2qQC2KoF8KbWgmyVsPscPen8ZRzd0
+JQ23fbKfUdCFpmuKmetQfF1za9lIG7yKEPiioW67UkKslOJGE0qTlzKH765AOeBv
+rFmxqkYr40VCVNZAtFGplC0cuQ5D1C7pmIdOHg3yZBcRCUFs7VdM6CXO+RHfREhq
+3epDM4+BUHlIyuMq/rDfz3iw1PcgoFWDEAoDtQTN+d0ivyMPtWG7oI5sT995fuj6
+S70ksHwzFVk+i+DN01CtEGljyU4a18UDC7PObVW0ysYwZ5T4ZV2CYBUQJeqQE6DG
+grGsIP83Az3knVv9ZKMbS9yJS9WF1sbeu8Gg/qsSjAiXVJqhd932vetiwGDRrIwj
+p4AWFSuozVAks0bwCKAwc1yQanbALFkWi36f5X3xMnGG3F/DUZE0cVk1SYIeasM8
+i0MqCXSWvvO/VmfUsw3YYr8PiuezOw4vdMnI7D/uokkyk18HAvSkmfmedCKk0+Nm
+THOcB3qStnHvdD4wJyzND4+ey8zAozcpQu+K45rn+aKGdRfUM+mEe5pzPMAYoio0
+gDpC74me9fmVAUqJqS0Nu/q/9kTJ+ATERcZAHj3gN5gPytfY10KR0qPRgGrB2Yn0
+HD1u9NXRErTfkHQ2Pink3gBer/OzrM2jlInn2rkBDQRPqCmUAQgA3PbGEp1gI98u
+kBPbBjQ1BWiqQBVLKa6UPC3gNOZ4d0VMWA3e+anNHsLRkdfkpYKXoSkH0l1UE9ue
+IzOZSWpzQz2H35PZPZTMIElaEz9kGrM3w4Iq+1iikLo93QcJ5mB3SGNpqvnmgIf9
+XAlP/4IHWgE6OBDUISkwCIrr4higaWF/8xwJTyL8hYxEbAZqtMKECrwxrKEBDm8d
+c7tRmk1nk0iBJx8kYWozEKylAMUgofU4dlY+sTob8fUyupYvnnMWLrgVT9F5ZYNR
+naEAQvCliEwzq1NfLLo9bxBiuGDs0ED8QDbOiPNUr1XXXdm4e9XMgI4R69ZLoMNz
+1kLy3uMhxwARAQABiQEfBBgBAgAJBQJPqCmUAhsMAAoJELF1z6mPGSrya1QIAIuw
+lVybfJmYjfss8ImVZc65EUHbgdnILxmQ+h5tzCXNWlQNxodLSXC6PknbrQjsykpj
+0UrJ1k9fRCsaQzK3PY/ez4vUg6xslDsewc/ICo0yOgXHzzQIQMiK+Rq/Ug8k8erV
+HbkpphK6742Fj9fyc+7KSJzdsEHeWVUUr0v6zWRodTVN9aHlpW6ZFNCaRm2ZDF7+
+CSMvtXGh+c863ETAvSRcX5v22HWqvox4TLn50stEGt0ICZCr88c75SBvQWlJrjXk
+fl6APSEhDEMwGF6sSUEi9vBK/SFWjYLc+ZqgjH/L7g0zxqZGMqhpzo7UDRevecIg
+OwgK9/1k3ohJepCrARa5AQ0EXavgpgEIAOk8dMgYu4Q7hU461EC/MtxIiwSD8i7l
+izUB8SzxFPnyWgkvG2Fik5lUiDJmEstLdCm3dpapiJudzcTgl9Abo4xgoq+VbKRC
+Pk0017JE2bNSbF3TmxhaHAHiBvhU/U+kRz+lDnUE1SmhzGd1yn1kCvmG9MmWjiQP
+kG9vLx3d46DBnqHO6wn1AFeKiKuyCs1igvtT2qz+2+izY9tyd+s2O95+1CDQslqQ
+8IQNP00cFTJljsk3dmZXQb6SkxxTNG+E/2vMdUZhUbb7UIFUOmFekZvGZMIf9sNM
+JGCVIN+vyMMhE1MA17iJGxtAFVqeMN4wA9+MA4z5udkegdbxnWxLtg0AEQEAAYkC
+bAQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+CmAhsCAUAJELF1z6mP
+GSrywHQgBBkBCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAl2r4KYACgkQNXDa
+FycKziT2fAf+PgS08m9Uiks9LWAp9BpaiVn0SXx/XYhTJmRr78UrCHogZstAET2h
+aLqWwMIoyOpie5Vutxi2WXQtzsJ1BHV9LB/NP3nFT/P9asZXzFtBBRQsDwxW5ii2
+0hkHKG10M2+QGiC0ssfi1zjQFKbaOpxvou5Pi+zBQuT1RQ65NQrFYQI4zdyLbnni
+X2EZpDipLFJeGs881HQt7RjwSUtAjXW9M/pQQDp/JWEjp6D3R4ys0/Y4cJblCci5
+rM8Un/aVvXYGBqEpsddhH9xGpk0JTWtGAfw1a0ovRv39D1uwG8uXTQiUDTGGlllX
+hzpLkcJBtT8VeogiAGZC99pbNW5BU8cbFyOHB/9Q/HBmIqmj5MYvQZCQ//cf9Af9
+gc+o2YA4/Kg2pSf9GKZizd3J8NO05O6YSsXqIsBr2lIGjw4klkE7GyRd/KVMQOxr
+FY9vFcdSxQuklnFUeiH73RFP3nsdzw+MRr4Hcpbm9F0fCnB6aU1gqf74e/6Qiv6d
+2pq7Dzyzx7ZCm8BRLT2HZbFeYQ6GsdOIYgWzWXqurk/68rlE1D7Fo9KK9lmrLOwr
+r7ez1pOLHA8pPDhZhxI5D3ZhDsLUux3caCUfFdP/VpaJijGNc1HYt8mk4U1Qb6Zl
+afTYb75F9d61v8/M/HATZ5KpT9gr0aGkfwptzCwlBJ8ypcRI9AuUUDCTAXIGuQEN
+BF2r4WIBCADHfolTk8ehQtxob9jwEnl7J8bW/QH/mgYzX9JvFiky4CEvcUG8YDSX
+LRugBKbZAXwErUSyAOajmtImCKZCcpxD26Jyddqr7ZSem+oNYdwE4WF0AY00PPV/
+q5Rc1RkLInqmp4yPn4kjWw2qzi0FG3iTq5HxbpK9+KOcZaChDS/5MLtZQxv2NhjM
+WUS3tWlSVF0IOBYhImhPizRW61B8XTUdjxOF7iR3rZ3hxIk/816bxBeDAorIyUxg
+BxAuN65ezqh1Pxg3XFtLncn/b99ywhVk0S5YCih1clKx1YVc2wds9fsZ8cYf20F4
+4LbSD92ap/C14i51DVOfnoyYrgMHcHJ/ABEBAAGJATYEGAEKACAWIQRm0Dh9uF0y
+D4QIFm2xdc+pjxkq8gUCXavhYgIbDAAKCRCxdc+pjxkq8vf1B/9LzqGLum+e1MbC
+TUeXQjIbD2FexRSF/bo+VyA6P20LdkUzGtj7ijG3AxiDbA6h16jhaWauVgx4atHB
+KCKoZZII9bgu+yyxsO5lsomjGyE0A5Ucz/XPUI9zZBjSluhU8Eeyz4eN5IF8oDtU
+rVQAyHR2qYsPYSOdqxfBazWMuKDUV4VHAz359N2pLiGxe+bGgh2mDv8aEHhKhPtK
+lfNlfxU+bSEjMoJM4Kvvc1IYgOF0I8YlYUitnAItIlE12XnMhLni5Os2fb5A/CWW
+oEoq0xYMbS654VaVASTDoH37+Y5jv0rp+LPtyWwHYnJrBasPdIVphjcGtBeR2dtK
+xFQMJHbduQENBF2r4asBCADChAnP3/H9PwnpypM98FxhLZRuOmC47U7drVmF3bfW
+dOIoVWmHj2pxbb7ro8jtyN41EDb9n6FNQrTrlcn2al/k16rNAVD11sEwpDDsnP3x
+EObtARSY1mLZq9rGWOAINY7ibJsyO4N3JzCy/S246Wx0a7hSE+a57/TcBuz1EZ9V
+5wrfbXWf3dIe7xGjZA9+4+u648vFBJVVXMFRobAkfApKsGemcKUMRPcMqv08W/r/
+KhCXKIXOUlm2Je9ALcxzm6JJFunL0Yzc/gXBKZz37tdJWzzv/GtegfelQ3Ywxj49
+rIXzbBS2k/DLRXwwHY2URpa3791qeKhUZUlBq4yJ7zizABEBAAGJATYEGAEKACAW
+IQRm0Dh9uF0yD4QIFm2xdc+pjxkq8gUCXavhqwIbIAAKCRCxdc+pjxkq8luMB/91
+5PcfllMXiTbZvuYTn3vygbF0FGwc/iRxhY3fWEMPfI1LzzTdUX4LSn99W/hQym5P
+3LvvWzS0n4Sg89gBERFYqICkXFYyQ8vV5plkHdaKPjOBhzWIaSLeWStXdwkTiIqo
+rC0LIoeuP4JfYG6DHLFLh0ZHN4VSlG9rpgmTxt+4VHQLzpjjEu/9CghkuaV537F/
+s3oEio6bNdrIhMWF4kaZMWxfTFu3q+v+rpLxy8eIx6YImeUo7f/TqlIgDoFEkH4a
+QFCZWi8XvRN54/gAbOy1fhTo7SOuLJKoKm2KOVV6GxUiYahU6INfipjM537HSmjm
+ULmYd7907RlM5MaDFBz3uQINBGW//MoBEADwcHGv2qYDJ7mlalEmDgs96skPUuuc
+son8516y0WI0t1sApf8m/Ipnqx8OcpA4o9lo5R0G6Hdo/6aKAiboTlH6oNSSOaNp
+zTRbCzsa2EhrEnLCtaUg8joAOCoPsJwBszQJluO3yNOR3wiC3ivArx8pcW6RBzND
+pWvyorwZoPZqquyP80xJS/aA06DssjuwdCB2VAm445AKR2WPFR/PZHMgbK1yoeaP
+AcI8MqomSr7eLsxIzkufIlGLbK8Qg58hi36eDBbDloUItmfJjfu4jxAKVIiirvme
+BEgqvv2FLY5SK5nAJsOmqpcS0/+kahKaFI+e86vibmGUCrJxCaZ1Gshv3BaJq7D0
+LgM+KW1g29EP8ly6gsN0Edb45pBZoGk/ILTuCHZ9qn0NDZ4/CwnEl40rFgQmhD1R
+ek6uUxjGiTo08EghVq1ugLDZMDyPRvDln6VFge3IheLHRmJwaU9dcYVHlINFLAWz
+i1kAgvH1SLNYLK8Ay2yMV8dZVV0Z3DPf+hWEOSF/eTfLXthgQ5GM3aU6cYEAKmjx
+7B72xKKKddKp/hw3ptM1eus09uhAJg98PT1ZURWKsRo4gI1wvJ8LHZzcbhlQaq2Y
+8tmBQyOySJPZNKilQ68d6O/y97Y9JD44OvWYNkKoKMwUi3OAgktg81yo3npcWOyA
+Kn5l3peKeUB0ZwARAQABiQNsBBgBCgAgFiEEZtA4fbhdMg+ECBZtsXXPqY8ZKvIF
+AmW//MoCGwICQAkQsXXPqY8ZKvLBdCAEGQEKAB0WIQR+VuLBP6d84xVZrcl9wkw2
+wzQdIAUCZb/8ygAKCRB9wkw2wzQdIFMYEADFt3elGKNx3TOehJewfH9T4jyozQVO
+AOK2U5v73mRb5a9oUpU0F8cYH+WPxIfFQ2pfcjIaCPFY3xLMgxJkQYL/irXg2gvW
+Fr/1snCJktbXIxenXV/LObFS5sontQvkmSscNBMYFiSc0ICQ9MQoBKP9nIuF3NeB
+LfGsuAojrHHzjZ4ALtErtlhUoHbRRHEHGLcUfOxPMMj8mt+DrULiqcEtvjpuZu+f
+6ouqHbZ7mgfOP02ozMhc//Rb6JZXlCdB751TqW3dsHZqa5Exj+5Z4cawWItiQmU3
+Gjt9oLwA2RGPZusxIphcdX2CSUD6ZeJjuV4UR7SJrINgSkiWUioaeyMVj+DthpKy
++9eHPgYjgGLV5xoowT1tyuodD6U6BkvQ5DcARyQFC10F8nSG78upJ0r4KxuOGjkv
+zNTJ24G31vBrijoGLTlcgkZP9eOt4LK/dgZDNcxxf/kNCPPMAfmYmI0smF7ScdY7
+WlFFIYqNRjO+md+WBQomfbHYtyAPIYHPFkluBREhWatoW2jnPY9Lonz27GWPrhNb
+3EDe54gRr3RInQM5Cra6DocwTCOalg4d1MVo+aV3jZ7RMbnH+G4TPWm2+ezbITXd
+RhRhPLiCIIiQBeOSQIfdtrxwq/U+DWisH9zAu3xqPpAUkzTYe1d+YMYPejU5PnKu
+9Xodd9NO5eRlsuwdB/oCf1eSeucV5FJyMdOKFM7Q9mumCD7llUcLskbB0gs6ahUf
+CtokcyRQZa0HTLJVEl0CdJBXDFu9HAtCzvp1xexue5kuc92TCC3xJC0hVCMB0Xcx
+btI/Zw40MHBfcLPBMQQIJADIvtlc6jFR8+E3pBjBIBP7z9kUEkkeE+icnGESOIC8
+oQ1/frmbBwZG+OjZ+J1BhKoydbplTGINVsOryas5Ci41p4m5ANHymlJoVSUtkWdQ
+6+l5vixRRc0qRxhocuL74pNBTkckzb+YwZjMEXHmy3KHZfJttiqcI0U5Ejjs8fnF
+5QfSjlZWy49VMQsRYq7nx0aschfbKa5tyCicXuP+mQINBGI/tA8BEACYC5fPDOMD
+rT8SxNlsB9fRj9YAZt7okGtbCIlVuSPs81YMkeJmBxtPPnps5Vw2whZS13zaoyPy
+kMg6k+komDWctWQKIF0VgpVYtIuezq4q8kMNmKLcMnHiZRKRh8dOqlK6jHcUlF8r
+BgQhk+RUBUPOqFEYeTveoZ9qqVmWhOVce5uUX01kiU2SjoGAGkNDBqmOkhhVUSQg
+/AVcc4web6Gu184VUbOXx7J5MPpRmXE610fAUeeJ1VzyB8U/hgPLrbZX3jQMJbcC
+SM+Qdxdr/gsptfx1XIm4NsvKXTUOpWg1DQFiQYTJFN6Kz0NKN6MV/3AqbKGtWDqK
+hFt3u3a7T+uUP/qzi9jma+DruQuzQztI6xnthZCbRjFkQ/iUUtuGgmpOB14HrgwN
+aRjKWddzab+A7BL971Q3fFqDsvrntD+koYVUgTfqErcQo9ZdGRAUL5icyyDg4cC6
+xgjdmYfnX1s4Rlo3cXJXTZpIOx5AvZV6HYNNm9puEoPm5gjNtk4F+FENNjkB3c2n
+tFr2prpoxaN9ceNd8a1tkWAgh6ueFVA/tkd1hy+2bP7e5+Nk9NjsWLvnL2slep1c
+X38DU9hx91t21+x/8hCxN4gqtvDJY/eqUZ2d0uARKhPEDZ8GzchxVtX9bGx1HSAV
+cdnkSzKIGFOJi3ivYqUEihXd5WQE57UovQARAQABtCJBbGVqYW5kcm8gQ29sb21h
+ciA8YWx4QGtlcm5lbC5vcmc+iQJOBBMBCgA4FiEEqTSFlM4xKDqCb73Y1XYz1EHi
+W7UFAmNDAAYCGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ1XYz1EHiW7Vm
+4g/+NDfrYWHAHSMBkQnTZdhrOFCR1tJsWTLABwe1fMLBW7djLZMZweDMU76UBruc
+AEsarKkIHyhqpBES5EXwmlvKSnEhzPjXZ+PoHmM0M8Lq7QFZ5IEbrhuJbvpfTCa0
+gleHKIVYCCeaf2AUpgwX1XMkG2mmRdvUDQ2M8NMHljM/OZ+6tBGpw7zvx1kYsSfB
+erlHxmLXlRxHrr9nWi7zXa+HrHZQAhopuufIb1we8lI/gdfywq7s/e5Xelk4dnr/
+pEFx56G1vh0bc+zU36+C9gX5IXOJv2WrTmOfG3AmgaJgWZapJQlPFEByk+2oJf5U
+OgPRhdX7qLR8mVnQ4EHM1sr9B6UGwcySZpVwag9n51WhjgdqYoSPt9dpPSNfNavL
+JDR+paM0aEHi3/t3mGJSyOPM4E6ejrYk7791fOJF0J3VhKr9KR1rMxQpE1kMs7qO
+1uUJvnF+opzrueMELffwTfDDyvY1bV/ZNou/MPi4EbUJyZDvsq2shaKj/NB4nzYJ
+IoGbUzUrz008buTagf+WZ+uTDIdOJbaVPcUUjtzr21KifSWxcokNhqSIrsCLzCJk
+biKEK7nUoOvl9q3Wl9L5CWAOflr5499iyGqxlJ+E7xzerWy1ZqgQHJ3Zp0wVMgHT
+KvPsmDvwaXBvEZkrUQ4PnInWTNJ2yiNxJU/we7Xxkxo4Qk2JATMEEAEKAB0WIQRm
+0Dh9uF0yD4QIFm2xdc+pjxkq8gUCZTrVZwAKCRCxdc+pjxkq8s7uB/4yKEi2S+So
+2YHaIstBo0+9Uxcuqy1NUHuDRFTiNhocph+exjbnt09TK1NM9Sc3ErwnUoItLp2r
+W7D81TMXNnUsIfdusKkVkxC5xs4oLTpoIb+uBzDRO4KYebALpcPz2Y5I/jI9kiXY
+xd/pXUeyBQDN3zKwpM6Y8eax0h+EUh904ZGO4BRBtl0V1rnQ3AybSIi2dUVn2e8M
+GEW7hddMc1B85Bf7jCYuesR1FXMcHMs2v/S4kRH1179xFi6wxrNwBYY+YRwbX0Oj
+SENls6I9vGC6+UoPaCHDS3MOcNuD77otYLK1Up466G/KfcDLQsWsgPEdION3cE0+
+JCa3Kz9jn05DtDFBbGVqYW5kcm8gQ29sb21hciBBbmRyZXMgPGFseC5tYW5wYWdl
+c0BnbWFpbC5jb20+iQJOBBMBCgA4FiEEqTSFlM4xKDqCb73Y1XYz1EHiW7UFAmI/
+tA8CGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ1XYz1EHiW7U3bA//e10l
+6Nw6m3mgFoY63ik8DvbD4fZ+/bUuQmTJ3uOI7wuzgjRnhWKvzBspNGgz3Hzdu3Tu
+GEiVzXfNrdiubwvOVufrW50RDfjkzcvG+lOF8aXkIRz+46+cXkLdGk5FB9xKPtJs
+1KuH0ocTDHIeBbg7zHKIZDkLOizCsrzaNI1wDN5xOpyXkYqQYxuXfCipcfXapkuW
+XnvRQGGsopEhae+2khiL1hXo00t2A2jfwD6LTdUoXhFh7RkWNc72z2xiiSjMv5PD
+tG9EyYBhntEcxZj2kEgnP2ZaRto5OQa557KQg06tSP9s3KYHcHEd/9yLsNlQJTlO
+PMO0LH2XnL2MPvM5a7CZQfzTVOrNWM3k4t+46ON2qoMsOBO4nr9fH9eFtmULiEGN
++oVJn+M+PYQJYlnKKu0mS+rbHZnkD42FiW9ZcXbPLPohB9T1LBjm1lJI8tYiHyfo
+FwnvBLimSjxmO0VsGKEgZYglVV34Jg9l0I2vYt6Y0Yieku7GI2Z7oDcBWlW3qbRx
+PDS+CWN3kSaWXRos1ufM038Yb1PwI4wzIaqrIVvGUmwCESNOXhsc8JPNqhqvnFFc
+bAXlPO4vQ26jThedHGMpbWFVSfajwMTvubAbVuq6vssZCwK405aSESbK10ohSRag
+KexZAqVMeusb1fC4AFTCng9qPgHvJgk5mCX4gmmJAjMEEwEIAB0WIQTlIllbUu2k
+5r/My16FYZkROjXOXgUCYpTOnQAKCRCFYZkROjXOXhBrD/wPSTPIlpcHO0MLKeF/
+hjOYyf48YRvbwZ9Ys1wbjfFX9bL/s3S/zli80dmaEGXJALcml1WA+LmpTDri3otG
+70Em5vTdoocnqwgnlXjiKbB4UzDLtwln7wHinQK0UaE5R33p8qNZRR9Ydg3C8EFE
+riZ0/AZkFUE+/Le8+yeGU/Dg//GOt84OzB/GKh+pSLwA+bJL9xv7ipGI6kOEzKTY
+ceyqj8+KA0VE+rnLeqIdBsH+fp8iCZ2g0Aobv1IWwPvMcYfNYAoza99hfi5NFTmS
+T/gZcE6Jb+U3/KBsCUEWfV6zhGlMcTHEgoCUBoMSKWY6nHC/NPSMi2Q3I4l89CCs
+VcJqABxlY8wrK9axdvv7zPYIpn4JRvGr3HQa5Y5d2HhQyHtRhElVXe/3DGiErLkz
+KJORxbn0miyC/F6WOUMnLQEWqUHqd0VspqavQ3PSOjIKShtlXiLX51q8BED+wOhp
+uafhFcq8NAAUXLBQDHdViVvH6+sazRNUl+vbujodeMv7tLtnhpXiwCryb+MPW1al
+wVcLbnU3xhXazvPRUpG5MtPmir6B++4WtC3El8J/szPeGY6MZUyxgEzxAGGIOycS
+9fB4Gw8cxWpmWwwOF31icb6w5ZIrTD/4Q7DaZ/fyqjgS4duDfHur8ajN0FpkHc0L
+pkUfLl3rOpGxXh9EkAqtNk6kfIkBMwQQAQoAHRYhBGbQOH24XTIPhAgWbbF1z6mP
+GSryBQJlOtVoAAoJELF1z6mPGSryH7IH/A7PoxLIDc1rgbLaGbn1Qrt5AU5IFUVH
+Zh5fW06rDHzEYJjk57f+FNJgz8VfGQ61zk14k1+beboVTUSW2xZuSBQSRsSVOcj0
+5vJHUpdMK0w1l5W5tbOR9nfn1c5qnQ6lhmFNrlJ6BEN5IU0swN3s3p7bRl0v0Axx
+0dZFF41ERDcQ1waqc0Sbp+s4dgdyXhvmu19Vtw6iWoMjPhMWCnP0DDjGOKA6ogWR
+lQcO2DuWGpGqmic5eH4VUheXS7orIATslU9VCvbzGmHrHmqTUj2pAkbvbYDycwK0
+/O317QHXecv5ErtKOdjtzrULlsFzDEt/b3y6bz5/YTka4L8CBNzGkye5Ag0EYj+7
+OQEQAJLWRpWSI3JRdHZEMSKSdnENBThIM8xtIWcyHx8y1k+x77mNFx1gCOuMmWw0
+nR5Ck0im1Z606AmsgQ7tKCEmt4GYfnHeWviIH+DbCJBjUWrJBp5mWFDPkT9T8yj5
+VanTyHF3nWb03q5kRyMju9396eZMPrw68hsrm67dp9iBWye0qKTXndpFyLOXcpPP
+Zryfprjwgw+cGB23V36RB/is50TjBzlR88Hx2EPvn4p7sNnI3SWwMmc+kEqKQEHo
+OOlBAJP2kxriN3BBSMw6unKakvH76Wxxi+Touue7dotUy81AqP+BStNu2S5E16XA
+fIW5ihVoX1rng8d2kTb25aCZ+5Kve0YZxN7YHsIvrMibCgqzpR3Naw/PyTS/ZXK9
+srkk5sGPNEA1TVN1NmXqi3cceOzt9c0eVQqRrtPUaOe2yY+WGjLpMJmC4j8ExMZE
+6qq8n+0LC6uO04HftGJ1Mqu/VxL9Ou6MPhQsWyKEjZUFgVti2zYtyXjTwjNKVnYB
+bokBNihR9LOKrpSsRGxLcKVVzh/X5lDdt1ZCNU52q30ZRl4EnTiEkW12tDvU2vOQ
+RfzbaAV0VOArQ3XJk+9+Nz40T2wBdYsVPijoQw7mgwVFeYg+gV6sh8i+q3ImL6h0
+MJoNs7XRZk3sGqVdddlb9sKar28q87M07TMPHPdmOyn4Hn2PABEBAAGJAjwEGAEK
+ACYWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCYj+7OQIbDAUJAeEzgAAKCRDVdjPU
+QeJbtZgLD/0f+BOvEbe6FCP99Hk7okW/Qv2cehGmVSCQcBtnMCgfRpFOLxkdj1NX
+9ub8pvdn8sEj/Tmr1sg3larTfAK+FOAmw/y/X9iYGTE16xxYMVPeLssCjsYSxC/M
+pYGlPPZemn9QcpwZ92FP5i0MjBwDE7NLmon4wHnXjSatPF1j921XcUcsI/66gH+d
+igPWPwufZgn8eL5mLtq9o28AglVjrC+bIFsk4chirjb9QO/pNCWCZbCfGq6PbEtH
+47HL6MsWow19rtDKv3U24xVoiUG3U9pljIIjh8aRgxrLfTR+fiW2GRlf033iRQyA
+Fvz8N4JLSreNCD9resub48lAhxBJ9hOqX569V5mOhDmnuYT2CUDVGycPfEXaTz2N
+5eBWOPTN9dr+naYQI9pAZjL+5m8i6yGaE7B8OUPvooPN1YvyNbuLU72aJhZ9qaNz
+Dt/kC9BU6s8D44k8lJkjuKzIuRGYiyReSE0mhEhVzRkG+FAU7l2ICl2OLKVnmKUg
+dqkRIa5F4F6w1hCQcCASVuKaTyOIUYXnxlesB00cRduDaIlT8+AAWk0BZL2W6ck0
+/g09Ai/LRzMBe06t8BUOEa/NiwUv31sYM3smE4GcF11BWGKjOzl8CSlY5YAtgfjh
+MIF3HUcQeMuWrHf/w/cFXg9KX4lpPjoZov2BfVphYJq1nryud52VB7kCDQRiP7d1
+ARAAq/ZXcWpJDXSqfz3PPn0c50f/m9vQn0FozhL9p4wcoUGuQlNfIzE+gyDqJL9r
+1O8cGjSb4gaLmilgCHuYsmtwVh4UaZOntlp0k/192cZpvDYwWQDFZdSV0v7wxA4V
+Lu+sv2fNmHB2Yudn0V0a948M2v4xhcoy8HptOBvwq0vrVB4lnd3G3odPS5UP8ze3
+DvKDqGGVsqF9BjbV21KL8rLHVLdUTg60lXXvvHnOwEJvH4O5kbdxwl4Y8K3S8b6l
+UYBt8GAkd058y/qxroWMWkxJm3Izy6yqkn2WrbJlYq9SSdgp/DvTbOUTrKp7pWGt
+H6E6OCw8IKkfNrnpfJhGmREIeAe6G/Jr6jyygR20F1XkU8bqi3cnd1v9sruZyFIu
+5AOgiJuZnSvDE+goh6mGMUA99x0zeDrRaq39028owRucJcwg9pkqxgedhWIK5H0o
+ilwTsYqqBaPvkqStcErhzWtoHtYZCHZRPMBDwwQ0kaj7WvLfGWszT7nObUeoNAfy
+VEyGuq/Gw5OTYDY/I6xqrzL01pfrcXEObmKOTpb3YsB8tv2MxA4VnG9ZbNH2kEB5
+9gmBa+kvQHfXTrDCWdhNvSuL/2qRpxhIy6qql1nyMTwatNW2WNaUCPH8vjyZKfCB
+2X0Nka5lBWkjrnyzoEBO3MPI/0sZUnWxawWQO3DHxizy09EAEQEAAYkEbAQYAQoA
+IBYhBKk0hZTOMSg6gm+92NV2M9RB4lu1BQJiP7d1AhsCAkAJENV2M9RB4lu1wXQg
+BBkBCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmI/t3UACgkQnowa+77/2zJK
+tw/+PGO4y3yAeY2PXc1QpopG7nsTgG9GA0mUEtz7ehpz68iJtYC2kbdI8PB1lSPN
+GzEb0yryew+/pHOhgiyvdDI8TAXZS/wXwRY/IzblXmjXyO3U26J9JK4uemzCNwHf
+xu468kXJz60WaP58xinDA1sVd7YGZGpodKR2Fo0rbbdH6/Ldql8yu+Fztz51NUZB
+mNUAJTGvPRSV1Mlvr3hacgCVjVvc2FWrYzyj8jC6/CO7fSi474iQQVsBNn214L0+
+fCKoagAyrfmCXV5TYg9TJ2WgW2wQjuzJ/mhvsgCQSSj6po6DdXTl8tRbbjaxx502
+CB8qEQ/yEdQ7RMJSGB5YWfvLstq1zzAPyPIUgsRYDBCWmPCM3z+PbD78BTHxoJxB
+ZO45kwHMz+68Eng7r0Z1kM7SarvT0Kd1pnpP3mu1lfd6wZiOlYqZfD+vZtws0BK5
+7iGVLrbIz9AWolPoRDaF7mZpVdDLZzYsdI9vLEyHuPb7W+VE1USYyMMCNQQxrTOF
+JIo/bTZA5J7a05KQRNzBZPUmIvGgDffZAQjZpMEXWNKKcDYRhScARMMnL+yO3e7P
+2O/WUrmQa4wepweYFPl4dbQ3UGccxy3LZ2dnAIxPAXFNsK4GYIVokWe2JSNG6M15
+ev1SWgFYWVO3+nm5JV0mBScE6wsGpvFW3IKIrpDLHb/N9TZpDw/+LI0iX6KnROJB
+hx1/0vzf0PC4n5Xn2Iry11/1rRskYLrmB/vGA6hmghnKPCCppUQ4WjBNWnIYzKfz
+vNPAdq8aIKbC1rtPABeDyfe8NNUX4wa/GgOar2V5wnwJ5qUc0Iw64yLjTpXvN+HV
+7zgADboEdtnQW47+zEbTqV59cIcgBCSMAXgICnvqdc8FskDb9hqvvQtCENsOLibK
+HYzYumMxZ075tx7pZza+LC/sf4vtuIrs9Bn9imxokdhbQsiiHpNDdjQIT6rqCOy9
+BxD9hSodznhB9GgnRXGX/w8NfX46hETmiYVb0oE71yFYd3ZweHu6pWLDEjUMagnC
+kA+A+/ZIxazsoMklPusTKb1ELzoheOjKz8fCrX4rj07hI4tGNBfas9bub6sHpbIO
+b6aGtdofaknV/7lim0aqkMeYBxES6E10+2jCmLg1N1ADMRBBDml5zrVjZa95+B+8
+zK2d6r5E0UZhoh/IhpEhZ8Nljt66/35XyEACS0lB+ZU5keI/1wTbThkgFimkVNze
+XF9sx3EuWMZGgcd7uBMPg6pwTS+qGs6XtYmiKMbMgvDDhcqFh5r/4r7+xW6ZFhR4
+Dfkdp3pyDIh7h0Hf+tv0Qj1RKBpmi/lwn0qZrLWM/aYXo0Vuy2nAbeATAle4Iag+
+r2AkdEAaBDadFeZisl0Oj0djrGERRhu5Ag0EY9v+KgEQAMOFV6nHZR7Jwg6nAseV
+PpxwzjLMhKhuxfJor7fXKL15BlBqCyN2ZRlP+RKEcEAfdbhyTFPcycLpkOLS7LM4
+TgfwjQUg2eF0wnBHo/nYUKLp0SHW2Pg3F5+HVXcf5mAhT1W+zrVHuvJur8omotih
+tvPEG455MzQNttnGj0DQ8ujbCBofFeVgygmuyZNGbYvrU3Yvr4ZBY5O/m64eSKs2
+oX7pP7lQ1gVFU9zojUcsLaLkwXX099yYUMkakjLcuoI5JGMsV9EA+a+RCFa7a4K3
+umgVsN3cuuKVbPZ8VQYVQh+Iej8EXlxQeJH44MPNkNfw5Bf2TLB/Gzz7b4yNTWM/
+kzGi3FEF+31pVu2G0El0sBeJlEjGIHTmfAkzUIypqZ6VYR2Li+u3Btunr//k+Dq3
+E9dN4/yJy4qSr2FAtx8BTG6tj//Xnan/OXfzZdSjHQcid6lVRTLl44ia9Ln9SqHO
+53z95qpD1BxHY7B50J6TVmTwa+cbPIjbRpoJbZyRNo2nFxarbyejPboKzGrqCrOb
+DTIar3/88mYi1pHGfG1ounBpfyQ9UUuulYhRZlXoOcaVYLKVALAAwmS53kwgFuOg
+ydhLKvdmnyFUs/wFLVYy1CcmSDgWlc2NiV0fbOf3jyQHeE+NnINSna3bItHT2DDs
+D40AaYrnrQOHQlni+arnJ0gFABEBAAGJAjwEGAEKACYWIQSpNIWUzjEoOoJvvdjV
+djPUQeJbtQUCY9v+KgIbDAUJAeEzgAAKCRDVdjPUQeJbteydD/9yzfrnjkeKuBuS
+jpywOfrtcvOHdCyNemeN4gJtjcgFgjZL4xo90akA/GcBZnJLpX9OZobyznMMRIvG
+gJxHLCuGH7Bo4EEQySAoT52Qn7LApBVY308hHDICOLK/IQY26flCy+Czpx7uAS41
+o3lnOPHbVUO6nHrVcO7vWQAX0QT8VQYGPCHcb9alTkBNdz9rD822CrBc/tph+eeF
+ZzDuuM6gm3nMYFeDURXE3jVGg4Jeg+8zZTZoeI+nO7Co6BM2CFYswKTOMTLTgbMi
++Hxl0XDbXp7gQ3P9fz3h3Q4ahhpWXbNUZkyyZvoAs1YqOM+RFzyTCowFQR2qTDTJ
+eE4k2suoDBukCTMJIFZkthdvMMY/Ss7ZHZwvtmFiXVg3jNOy3tt9V9oZ0UBPw3qT
+eDKLh6HzgdyN1mPrEkdilIpPVnHi/iAiL1IrAjZNxr11YOoWFyLpDfGUeEn9wK0T
+6Xj6HwytL2XliBremZLFWPQNxkHNHDGoKoAkytIFMXg5P7Tx/Mcs/1b0WTxmghpc
+3kkNYIksIDV19RQ35xjnZ/6yYf2qA5dT80wY8mXGdebPR0jwOod+kzIAq0gmopFo
+25PJjiYSIU28XJciPSS7tgHirvsz+NRotABBBpIRSmfXBunBhuwLkrImdzqjrrMp
+v2Ss9brlxqNYiSYJGdsoqt6MeyhzGQ==
+=/hL5
 -----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/watch b/debian/watch
index e71adb7..f34a05d 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,6 +1,7 @@
 version=4
 opts=downloadurlmangle=s/archive\/refs\/tags\/(.*)\.tar\.gz/releases\/download\/$1\/@PACKAGE@-$1\.tar\.xz/,\
     pgpsigurlmangle=s/$/.asc/,\
+    versionmangle=s/-(alpha|beta|rc)/~$1/,\
     dversionmangle=s/\+dfsg1//,repacksuffix=+dfsg1 \
     https://github.com/shadow-maint/@PACKAGE@/tags \
     /shadow-maint/@PACKAGE@/archive/refs/tags/([^v].*)\.tar\.gz
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 85f2248..aa8b870 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1,5 +1,4 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
 
-EXTRA_DIST = HOWTO README.limits \
-    README.platforms WISHLIST console.c.spec.txt cracklib26.diff
+EXTRA_DIST = HOWTO README.limits
diff --git a/doc/Makefile.in b/doc/Makefile.in
index 1e00544..49441a1 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -141,6 +141,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -159,6 +161,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -174,9 +177,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -192,6 +201,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -200,6 +210,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -222,6 +234,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -293,9 +308,7 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = HOWTO README.limits \
-    README.platforms WISHLIST console.c.spec.txt cracklib26.diff
-
+EXTRA_DIST = HOWTO README.limits
 all: all-am
 
 .SUFFIXES:
diff --git a/doc/README.platforms b/doc/README.platforms
deleted file mode 100644
index a069e89..0000000
--- a/doc/README.platforms
+++ /dev/null
@@ -1,33 +0,0 @@
-# $Id$
-#
-# This is the current (still incomplete) list of platforms this
-# package has been verified to work on.  Additions (preferably
-# in the format as described below) are welcome.  Thanks!
-#
-# V: last version reported to work
-# H: host type
-# L: Linux libc version
-# D: Linux distribution, or other OS name and version
-# C: changes (if any)
-# R: reported by
-
-V: 980529
-H: sparc-unknown-linux-gnu
-L: glibc-2.0.7
-D: Ultrapenguin-1.0.9
-C: had to explicitly disable desrpc.
-R: Bjorn Christianson <bjorn@cascade.psychology.mcmaster.ca>
-
-V: 980724
-H: i486-pc-linux-gnulibc1
-L: libc-5.4.33
-D: Debian-1.3.1.r6
-C: none (use dpkg-buildpackage)
-R: Marek Michalkiewicz <marekm@linux.org.pl>
-
-V: current
-H: i686-pc-linux-gnu
-L: glibc-2.0.7.19981211
-D: Debian-2.1
-C: none (use dpkg-buildpackage)
-R: Marek Michalkiewicz <marekm@linux.org.pl>
diff --git a/doc/WISHLIST b/doc/WISHLIST
deleted file mode 100644
index d9003b1..0000000
--- a/doc/WISHLIST
+++ /dev/null
@@ -1,39 +0,0 @@
-$Id$
-
-This is my wishlist for the shadow suite, in no particular order.  Feel
-free to do anything from this list and mail me the diffs :-).
-
-Patches in diff -u format, against the latest version (sometimes in the
-"beta" directory) are preferred and make my job easier.  Please, no
-MIME, base64, quoted-printable, or HTML.  For very big patches, or if
-your mailer can corrupt them, please use gzip and uuencode.  Thanks!
-
-New ideas to add to this list are welcome, too.  --marekm
-
-- fix all the bugs, of course
-- implement "su only" accounts (no logins, only su from other account)
-- rewrite getdef.c to be more general? (no hardcoded names)
-- patch for rlogind/telnetd to create utmp entry and fill in ut_addr
-- option to specify encrypted password in passwd (for yppasswdd, so it
-  doesn't need to know about shadow/non-shadow); should probably use a pipe
-  (less insecure than command line arguments)
-- add support for changing NIS passwords
-- add option to check passwords by piping them to external programs
-- add functionality of the contrib/rpasswd.c wrapper to passwd
-- option to generate pronounceable passwords (like on SCO), external program?
-- poppassd (remote password change for eudora etc.)
-- add support for passwd/shadow db files (glibc)
-- vipw: check password files for errors after editing
-- add "maximum time users allowed to stay logged in" limit option to logoutd
-- handle quotes in /etc/environment like the shell does (but sshd doesn't...)
-- better utmpx support (logoutd, ...)
-- better OPIE support (report number of logins left, etc.)
-- new option for /etc/suauth: don't load user's environment (force "su -")
-  suggested by Ulisses Alonso Camaro
-- find out why recent releases won't compile on Solaris
-- newusers should be able to copy /etc/skel to the new home directory
-  (like useradd)
-- add directories where other packages can add hooks for package-specific
-  per-user configuration, to be executed with run-parts. Some hooks should
-  be executed at package install time for existing users, likewise for
-  package removal and possibly modification.  (Debian Bug#36019)
diff --git a/doc/console.c.spec.txt b/doc/console.c.spec.txt
deleted file mode 100644
index b7c0d0d..0000000
--- a/doc/console.c.spec.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-$Id$
-
-Specification for console.c source file --
-
-input values --
-	tty -- character pointer to device name with leading "/dev/"
-	       removed.
-
-return values --
-	0 -- false
-	1 -- true
-
-int console (char * tty)
-	if "CONSOLE" string value is not present in login.defs
-		return true
-
-	if the first character of "CONSOLE" string value is not "/"
-		treat the string as a ":" delimited list of device
-		names and search for the value of tty in that
-		tokenized list.
-
-		if a match is found
-			return true
-
-		return false
-
-	if the file named by "CONSOLE" cannot be opened
-		return true
-
-	scan the file looking for a match between the input line
-	and the value of tty
-
-	if a match is found
-		return true
-
-	return false
diff --git a/doc/cracklib26.diff b/doc/cracklib26.diff
deleted file mode 100644
index 09160b8..0000000
--- a/doc/cracklib26.diff
+++ /dev/null
@@ -1,340 +0,0 @@
-diff -ur orig/cracklib26_small/cracklib/fascist.c cracklib26_small/cracklib/fascist.c
---- orig/cracklib26_small/cracklib/fascist.c	Mon Dec 15 02:56:55 1997
-+++ cracklib26_small/cracklib/fascist.c	Sat Apr  4 22:14:45 1998
-@@ -12,6 +12,7 @@
- #include <ctype.h>
- #include <sys/types.h>
- #include <pwd.h>
-+#include <string.h>
- 
- #define ISSKIP(x) (isspace(x) || ispunct(x))
- 
-@@ -460,28 +461,27 @@
- }
- 
- char *
--FascistGecos(password, uid)
-+FascistGecosPw(password, pwd)
-     char *password;
--    int uid;
-+    struct passwd *pwd;
- {
-     int i;
-     int j;
-     int wc;
-     char *ptr;
--    struct passwd *pwp;
-     char gbuffer[STRINGSIZE];
-     char tbuffer[STRINGSIZE];
-     char *uwords[STRINGSIZE];
-     char longbuffer[STRINGSIZE * 2];
- 
--    if (!(pwp = getpwuid(uid)))
-+    if (!pwd)
-     {
- 	return ("you are not registered in the password file");
-     }
- 
-     /* lets get really paranoid and assume a dangerously long gecos entry */
- 
--    strncpy(tbuffer, pwp->pw_name, STRINGSIZE);
-+    strncpy(tbuffer, pwd->pw_name, STRINGSIZE);
-     tbuffer[STRINGSIZE-1] = '\0';
-     if (GTry(tbuffer, password))
-     {
-@@ -490,12 +490,13 @@
- 
-     /* it never used to be that you got passwd strings > 1024 chars, but now... */
- 
--    strncpy(tbuffer, pwp->pw_gecos, STRINGSIZE);
-+    strncpy(tbuffer, pwd->pw_gecos, STRINGSIZE);
-     tbuffer[STRINGSIZE-1] = '\0';
-     strcpy(gbuffer, Lowercase(tbuffer));
- 
-     wc = 0;
-     ptr = gbuffer;
-+    uwords[0] = (char *) 0;
- 
-     while (*ptr)
-     {
-@@ -530,6 +531,8 @@
- 	    *(ptr++) = '\0';
- 	}
-     }
-+    if (!uwords[0])
-+	return ((char *) 0);  /* empty gecos */
- #ifdef DEBUG
-     for (i = 0; uwords[i]; i++)
-     {
-@@ -586,9 +589,10 @@
- }
- 
- char *
--FascistLook(pwp, instring)
-+FascistLookPw(pwp, instring, pwd)
-     PWDICT *pwp;
-     char *instring;
-+    struct passwd *pwd;
- {
-     int i;
-     char *ptr;
-@@ -667,7 +671,7 @@
- 	return ("it looks like a National Insurance number.");
-     }
- 
--    if (ptr = FascistGecos(password, getuid()))
-+    if (ptr = FascistGecosPw(password, pwd ? pwd : getpwuid(getuid())))
-     {
- 	return (ptr);
-     }
-@@ -715,9 +719,10 @@
- }
- 
- char *
--FascistCheck(password, path)
-+FascistCheckPw(password, path, pwd)
-     char *password;
-     char *path;
-+    struct passwd *pwd;
- {
-     static char lastpath[STRINGSIZE];
-     static PWDICT *pwp;
-@@ -750,5 +755,29 @@
- 	strncpy(lastpath, path, STRINGSIZE);
-     }
- 
--    return (FascistLook(pwp, pwtrunced));
-+    return (FascistLookPw(pwp, pwtrunced, pwd));
-+}
-+
-+char *
-+FascistGecos(password, uid)
-+    char *password;
-+    int uid;
-+{
-+    return (FascistGecosPw(password, getpwuid(uid)));
-+}
-+
-+char *
-+FascistLook(pwp, instring)
-+    PWDICT *pwp;
-+    char *instring;
-+{
-+    return (FascistLookPw(pwp, instring, (char *) 0));
-+}
-+
-+char *
-+FascistCheck(password, path)
-+    char *password;
-+    char *path;
-+{
-+    return (FascistCheckPw(password, path, (char *) 0));
- }
-diff -ur orig/cracklib26_small/cracklib/packer.h cracklib26_small/cracklib/packer.h
---- orig/cracklib26_small/cracklib/packer.h	Mon Dec 15 00:09:30 1997
-+++ cracklib26_small/cracklib/packer.h	Sat Jan 10 22:13:46 1998
-@@ -34,6 +34,7 @@
-     FILE *dfp;
-     FILE *wfp;
- 
-+    int canfree;
-     int32 flags;
- #define PFOR_WRITE	0x0001
- #define PFOR_FLUSH	0x0002
-diff -ur orig/cracklib26_small/cracklib/packlib.c cracklib26_small/cracklib/packlib.c
---- orig/cracklib26_small/cracklib/packlib.c	Fri Jul  9 22:22:58 1993
-+++ cracklib26_small/cracklib/packlib.c	Sat Jan 10 22:28:49 1998
-@@ -16,7 +16,7 @@
-     char *mode;
- {
-     int32 i;
--    static PWDICT pdesc;
-+    PWDICT *pdesc;
-     char iname[STRINGSIZE];
-     char dname[STRINGSIZE];
-     char wname[STRINGSIZE];
-@@ -25,92 +25,94 @@
-     FILE *ifp;
-     FILE *wfp;
- 
--    if (pdesc.header.pih_magic == PIH_MAGIC)
--    {
--	fprintf(stderr, "%s: another dictionary already open\n", prefix);
-+    if ((pdesc = (PWDICT *) malloc(sizeof(PWDICT))) == 0)
- 	return ((PWDICT *) 0);
--    }
- 
--    memset(&pdesc, '\0', sizeof(pdesc));
-+    memset(pdesc, '\0', sizeof(*pdesc));
- 
-     sprintf(iname, "%s.pwi", prefix);
-     sprintf(dname, "%s.pwd", prefix);
-     sprintf(wname, "%s.hwm", prefix);
- 
--    if (!(pdesc.dfp = fopen(dname, mode)))
-+    if (!(pdesc->dfp = fopen(dname, mode)))
-     {
- 	perror(dname);
-+	free(pdesc);
- 	return ((PWDICT *) 0);
-     }
- 
--    if (!(pdesc.ifp = fopen(iname, mode)))
-+    if (!(pdesc->ifp = fopen(iname, mode)))
-     {
--	fclose(pdesc.dfp);
-+	fclose(pdesc->dfp);
- 	perror(iname);
-+	free(pdesc);
- 	return ((PWDICT *) 0);
-     }
- 
--    if (pdesc.wfp = fopen(wname, mode))
-+    if (pdesc->wfp = fopen(wname, mode))
-     {
--	pdesc.flags |= PFOR_USEHWMS;
-+	pdesc->flags |= PFOR_USEHWMS;
-     }
- 
--    ifp = pdesc.ifp;
--    dfp = pdesc.dfp;
--    wfp = pdesc.wfp;
-+    ifp = pdesc->ifp;
-+    dfp = pdesc->dfp;
-+    wfp = pdesc->wfp;
- 
-     if (mode[0] == 'w')
-     {
--	pdesc.flags |= PFOR_WRITE;
--	pdesc.header.pih_magic = PIH_MAGIC;
--	pdesc.header.pih_blocklen = NUMWORDS;
--	pdesc.header.pih_numwords = 0;
-+	pdesc->flags |= PFOR_WRITE;
-+	pdesc->header.pih_magic = PIH_MAGIC;
-+	pdesc->header.pih_blocklen = NUMWORDS;
-+	pdesc->header.pih_numwords = 0;
- 
--	fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp);
-+	fwrite((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp);
-     } else
-     {
--	pdesc.flags &= ~PFOR_WRITE;
-+	pdesc->flags &= ~PFOR_WRITE;
- 
--	if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp))
-+	if (!fread((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp))
- 	{
- 	    fprintf(stderr, "%s: error reading header\n", prefix);
- 
--	    pdesc.header.pih_magic = 0;
-+	    pdesc->header.pih_magic = 0;
- 	    fclose(ifp);
- 	    fclose(dfp);
-+	    free(pdesc);
- 	    return ((PWDICT *) 0);
- 	}
- 
--	if (pdesc.header.pih_magic != PIH_MAGIC)
-+	if (pdesc->header.pih_magic != PIH_MAGIC)
- 	{
- 	    fprintf(stderr, "%s: magic mismatch\n", prefix);
- 
--	    pdesc.header.pih_magic = 0;
-+	    pdesc->header.pih_magic = 0;
- 	    fclose(ifp);
- 	    fclose(dfp);
-+	    free(pdesc);
- 	    return ((PWDICT *) 0);
- 	}
- 
--	if (pdesc.header.pih_blocklen != NUMWORDS)
-+	if (pdesc->header.pih_blocklen != NUMWORDS)
- 	{
- 	    fprintf(stderr, "%s: size mismatch\n", prefix);
- 
--	    pdesc.header.pih_magic = 0;
-+	    pdesc->header.pih_magic = 0;
- 	    fclose(ifp);
- 	    fclose(dfp);
-+	    free(pdesc);
- 	    return ((PWDICT *) 0);
- 	}
- 
--	if (pdesc.flags & PFOR_USEHWMS)
-+	if (pdesc->flags & PFOR_USEHWMS)
- 	{
--	    if (fread(pdesc.hwms, 1, sizeof(pdesc.hwms), wfp) != sizeof(pdesc.hwms))
-+	    if (fread(pdesc->hwms, 1, sizeof(pdesc->hwms), wfp) != sizeof(pdesc->hwms))
- 	    {
--		pdesc.flags &= ~PFOR_USEHWMS;
-+		pdesc->flags &= ~PFOR_USEHWMS;
- 	    }
- 	}
-     }
--
--    return (&pdesc);
-+    pdesc->canfree = 1;
-+    return (pdesc);
- }
- 
- int
-@@ -159,8 +161,13 @@
- 
-     fclose(pwp->ifp);
-     fclose(pwp->dfp);
-+    if (pwp->wfp)
-+	fclose(pwp->wfp);
- 
--    pwp->header.pih_magic = 0;
-+    if (pwp->canfree)
-+	free(pwp);
-+    else
-+	pwp->header.pih_magic = 0;
- 
-     return (0);
- }
-@@ -307,6 +314,11 @@
-     register char *this;
-     int idx;
- 
-+/*
-+ * comment in npasswd-2.0beta4 says this:
-+ * This does not work under all circumstances, so don't bother
-+ */
-+#if 0
-     if (pwp->flags & PFOR_USEHWMS)
-     {
- 	idx = string[0] & 0xff;
-@@ -317,6 +329,10 @@
-     	lwm = 0;
-     	hwm = PW_WORDS(pwp) - 1;
-     }
-+#else
-+    lwm = 0;
-+    hwm = PW_WORDS(pwp);
-+#endif
- 
- #ifdef DEBUG
-     printf("---- %lu, %lu ----\n", lwm, hwm);
-diff -ur orig/cracklib26_small/util/mkdict cracklib26_small/util/mkdict
---- orig/cracklib26_small/util/mkdict	Fri Jul  9 22:23:03 1993
-+++ cracklib26_small/util/mkdict	Sat Apr  4 22:31:45 1998
-@@ -14,9 +14,16 @@
- SORT="sort"
- ###SORT="sort -T /tmp"
- 
--cat $* |
-+### Use zcat to read compressed (as well as uncompressed) dictionaries.
-+### Compressed dictionaries can save quite a lot of disk space.
-+
-+CAT="gzip -cdf"
-+###CAT="zcat"
-+###CAT="cat"
-+
-+$CAT $* |
- 	tr '[A-Z]' '[a-z]' |
--	tr -cd '[\012a-z0-9]' |
-+	tr -cd '\012[a-z][0-9]' |
- 	$SORT |
- 	uniq |
- 	grep -v '^#' |
diff --git a/etc/Makefile.am b/etc/Makefile.am
index c5c0620..3f2fa7a 100644
--- a/etc/Makefile.am
+++ b/etc/Makefile.am
@@ -20,4 +20,4 @@ EXTRA_DIST = \
 	$(sysconf_DATA) \
 	$(default_DATA)
 
-SUBDIRS = pam.d
+SUBDIRS = pam.d shadow-maint
diff --git a/etc/Makefile.in b/etc/Makefile.in
index 5dda065..634d2fa 100644
--- a/etc/Makefile.in
+++ b/etc/Makefile.in
@@ -230,6 +230,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -248,6 +250,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -263,9 +266,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -281,6 +290,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -289,6 +299,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -311,6 +323,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -396,7 +411,7 @@ EXTRA_DIST = \
 	$(sysconf_DATA) \
 	$(default_DATA)
 
-SUBDIRS = pam.d
+SUBDIRS = pam.d shadow-maint
 all: all-recursive
 
 .SUFFIXES:
diff --git a/etc/login.defs b/etc/login.defs
index 114dbcd..33622c2 100644
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -228,11 +228,6 @@ PASS_WARN_AGE	7
 SU_WHEEL_ONLY	no
 
 #
-# If compiled with cracklib support, sets the path to the dictionaries
-#
-CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
-
-#
 # Min/max values for automatic uid selection in useradd(8)
 #
 UID_MIN			 1000
diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
index 38ff26a..b8e4321 100644
--- a/etc/pam.d/Makefile.am
+++ b/etc/pam.d/Makefile.am
@@ -2,20 +2,20 @@
 # and also cooperate to make a distribution for `make dist'
 
 pamd_files = \
+	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
+	newusers \
 	passwd
 
 pamd_acct_tools_files = \
 	chage \
 	chgpasswd \
-	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod
diff --git a/etc/pam.d/Makefile.in b/etc/pam.d/Makefile.in
index 187679f..556d16b 100644
--- a/etc/pam.d/Makefile.in
+++ b/etc/pam.d/Makefile.in
@@ -173,6 +173,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -191,6 +193,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -206,9 +209,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -224,6 +233,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -232,6 +242,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -254,6 +266,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -325,15 +340,14 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-pamd_files = chfn chsh groupmems login passwd $(am__append_2)
+pamd_files = chpasswd chfn chsh groupmems login newusers passwd \
+	$(am__append_2)
 pamd_acct_tools_files = \
 	chage \
 	chgpasswd \
-	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod
diff --git a/etc/shadow-maint/Makefile.am b/etc/shadow-maint/Makefile.am
new file mode 100644
index 0000000..f60e402
--- /dev/null
+++ b/etc/shadow-maint/Makefile.am
@@ -0,0 +1,5 @@
+shadowmaint_files = \
+	groupdel-pre.d/01-kill_group_procs.sh \
+	userdel-pre.d/01-kill_user_procs.sh
+
+EXTRA_DIST = $(shadowmaint_files)
diff --git a/etc/shadow-maint/Makefile.in b/etc/shadow-maint/Makefile.in
new file mode 100644
index 0000000..7b7dc79
--- /dev/null
+++ b/etc/shadow-maint/Makefile.in
@@ -0,0 +1,509 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = etc/shadow-maint
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
+EGREP = @EGREP@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
+LIBCRYPT = @LIBCRYPT@
+LIBECONF = @LIBECONF@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBSUBID_ABI = @LIBSUBID_ABI@
+LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
+LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
+LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LIYESCRYPT = @LIYESCRYPT@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VENDORDIR = @VENDORDIR@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+capcmd = @capcmd@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+shadowmaint_files = \
+	groupdel-pre.d/01-kill_group_procs.sh \
+	userdel-pre.d/01-kill_user_procs.sh
+
+EXTRA_DIST = $(shadowmaint_files)
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign etc/shadow-maint/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign etc/shadow-maint/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+	cscopelist-am ctags-am distclean distclean-generic \
+	distclean-libtool distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
new file mode 100644
index 0000000..10db527
--- /dev/null
+++ b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group`
+
+if [ "${GROUPID}" = "" ]; then
+    exit 0
+fi
+
+for status in /proc/*/status; do
+    # either this isn't a process or its already dead since expanding the list
+    [ -f "$status" ] || continue
+
+    tbuf=${status%/status}
+    pid=${tbuf#/proc/}
+    case "$pid" in
+        "$$") continue;;
+        [0-9]*) :;;
+        *) continue
+    esac
+    
+    grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue
+
+    kill -9 "$pid" || echo "cannot kill $pid" 1>&2
+done
+
diff --git a/etc/shadow-maint/userdel-pre.d/01-kill_user_procs.sh b/etc/shadow-maint/userdel-pre.d/01-kill_user_procs.sh
new file mode 100755
index 0000000..d2d7ef2
--- /dev/null
+++ b/etc/shadow-maint/userdel-pre.d/01-kill_user_procs.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Check user exists, and if so, send sigkill to processes that the user owns
+
+ps -eo user >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+    RUNNING=`ps -eo user | grep -Fx "$SUBJECT" | wc -l`
+    # if the user does not exist, RUNNING will be 0
+    if [ "${RUNNING}x" = "0x" ]; then
+        exit 0
+    fi
+fi
+
+# If there is no ps -eo, traverse the process directly.
+
+ls -1 /proc | while IFS= read -r PROC; do
+  echo "$PROC" | grep -E '^[0-9]+$' >/dev/null
+  if [ $? -ne 0 ]; then
+    continue
+  fi
+  if [ -d "/proc/${PROC}" ]; then
+    USR=`stat -c "%U" /proc/${PROC}`
+    if [ "${USR}" = "${SUBJECT}" ]; then
+      echo "Killing ${SUBJECT} owned ${PROC}"
+      kill -9 "${PROC}"
+    fi
+  fi
+done
+
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 3a50b46..22abb97 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -5,57 +5,129 @@ DEFS =
 
 noinst_LTLIBRARIES = libshadow.la
 
+if USE_PAM
+LIBCRYPT_PAM = $(LIBCRYPT)
+else
+LIBCRYPT_PAM =
+endif
+
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
+
 libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
 if HAVE_VENDORDIR
 libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
 endif
 
 libshadow_la_CPPFLAGS += -I$(top_srcdir)
+libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)
 
 libshadow_la_SOURCES = \
+	addgrps.c \
+	adds.c \
+	adds.h \
+	age.c \
+	agetpass.c \
+	agetpass.h \
+	alloc.c \
+	alloc.h \
+	atoi/a2i.c \
+	atoi/a2i.h \
+	atoi/str2i.c \
+	atoi/str2i.h \
+	atoi/strtoi.c \
+	atoi/strtoi.h \
+	atoi/strtou_noneg.c \
+	atoi/strtou_noneg.h \
+	attr.h \
+	audit_help.c \
+	basename.c \
+	bit.c \
+	bit.h \
+	cast.h \
+	chkname.c \
+	chkname.h \
+	chowndir.c \
+	chowntty.c \
+	cleanup.c \
+	cleanup_group.c \
+	cleanup_user.c \
 	commonio.c \
 	commonio.h \
+	console.c \
+	copydir.c \
+	csrand.c \
 	defines.h \
 	encrypt.c \
+	env.c \
 	exitcodes.h \
 	faillog.h \
+	failure.c \
+	failure.h \
+	fd.c \
 	fields.c \
+	find_new_gid.c \
+	find_new_uid.c \
+	find_new_sub_gids.c \
+	find_new_sub_uids.c \
 	fputsx.c \
-	getdef.c \
-	getdef.h \
 	get_gid.c \
-	getlong.c \
 	get_pid.c \
 	get_uid.c \
-	getulong.c \
+	getdate.h \
+	getdate.y \
+	getdef.c \
+	getdef.h \
+	getgr_nam_gid.c \
+	getrange.c \
+	gettime.c \
 	groupio.c \
 	groupmem.c \
 	groupio.h \
 	gshadow.c \
+	hushed.c \
+	idmapping.h \
+	idmapping.c \
+	isexpired.c \
+	limits.c \
+	list.c \
 	lockpw.c \
+	loginprompt.c \
+	mail.c \
+	memzero.c \
+	memzero.h \
+	motd.c \
+	must_be.h \
+	myname.c \
 	nss.c \
 	nscd.c \
 	nscd.h \
-	shadowlog.c \
-	shadowlog.h \
-	shadowlog_internal.h \
-	sssd.c \
-	sssd.h \
+	obscure.c \
 	pam_defs.h \
+	pam_pass.c \
+	pam_pass_non_interactive.c \
 	port.c \
 	port.h \
+	prefix_flag.c \
 	prototypes.h \
 	pwauth.c \
 	pwauth.h \
 	pwio.c \
 	pwio.h \
+	pwd_init.c \
+	pwd2spwd.c \
+	pwdcheck.c \
 	pwmem.c \
+	remove_tree.c \
+	rlogin.c \
+	root_flag.c \
 	run_part.h \
 	run_part.c \
-	subordinateio.h \
-	subordinateio.c \
+	salt.c \
 	selinux.c \
 	semanage.c \
+	setugid.c \
+	setupenv.c \
 	sgetgrent.c \
 	sgetpwent.c \
 	sgetspent.c \
@@ -64,14 +136,74 @@ libshadow_la_SOURCES = \
 	shadow.c \
 	shadowio.c \
 	shadowio.h \
+	shadowlog.c \
+	shadowlog.h \
+	shadowlog_internal.h \
 	shadowmem.c \
+	shell.c \
+	sizeof.h \
 	spawn.c \
-	utent.c
+	sssd.c \
+	sssd.h \
+	string/sprintf.c \
+	string/sprintf.h \
+	string/stpecpy.c \
+	string/stpecpy.h \
+	string/stpeprintf.c \
+	string/stpeprintf.h \
+	string/strftime.c \
+	string/strftime.h \
+	string/strncpy.h \
+	string/strtcpy.c \
+	string/strtcpy.h \
+	string/zustr2stp.h \
+	strtoday.c \
+	sub.c \
+	subordinateio.h \
+	subordinateio.c \
+	sulog.c \
+	time/day_to_str.c \
+	time/day_to_str.h \
+	ttytype.c \
+	tz.c \
+	ulimit.c \
+	user_busy.c \
+	valid.c \
+	write_full.c \
+	xgetpwnam.c \
+	xprefix_getpwnam.c \
+	xgetpwuid.c \
+	xgetgrnam.c \
+	xgetgrgid.c \
+	xgetspnam.c \
+	yesno.c
 
 if WITH_TCB
 libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
 endif
 
+if WITH_BTRFS
+libshadow_la_SOURCES += btrfs.c
+endif
+
+if ENABLE_LASTLOG
+libshadow_la_SOURCES += log.c
+endif
+
+if ENABLE_LOGIND
+libshadow_la_SOURCES += logind.c
+else
+libshadow_la_SOURCES += utmp.c
+endif
+
+if !WITH_LIBBSD
+libshadow_la_SOURCES += \
+	freezero.h \
+	freezero.c \
+	readpassphrase.h \
+	readpassphrase.c
+endif
+
 # These files are unneeded for some reason, listed in
 # order of appearance:
 #
@@ -79,4 +211,5 @@ endif
 
 EXTRA_DIST = \
 	.indent.pro \
-	gshadow_.h
+	gshadow_.h \
+	xgetXXbyYY.c
diff --git a/lib/Makefile.in b/lib/Makefile.in
index 9eef01c..1b4f0fe 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -90,6 +90,16 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VENDORDIR_TRUE@am__append_1 = -DVENDORDIR=\"$(VENDORDIR)\"
 @WITH_TCB_TRUE@am__append_2 = tcbfuncs.c tcbfuncs.h
+@WITH_BTRFS_TRUE@am__append_3 = btrfs.c
+@ENABLE_LASTLOG_TRUE@am__append_4 = log.c
+@ENABLE_LOGIND_TRUE@am__append_5 = logind.c
+@ENABLE_LOGIND_FALSE@am__append_6 = utmp.c
+@WITH_LIBBSD_FALSE@am__append_7 = \
+@WITH_LIBBSD_FALSE@	freezero.h \
+@WITH_LIBBSD_FALSE@	freezero.c \
+@WITH_LIBBSD_FALSE@	readpassphrase.h \
+@WITH_LIBBSD_FALSE@	readpassphrase.c
+
 subdir = lib
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -109,41 +119,116 @@ CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 LTLIBRARIES = $(noinst_LTLIBRARIES)
-libshadow_la_LIBADD =
-am__libshadow_la_SOURCES_DIST = commonio.c commonio.h defines.h \
-	encrypt.c exitcodes.h faillog.h fields.c fputsx.c getdef.c \
-	getdef.h get_gid.c getlong.c get_pid.c get_uid.c getulong.c \
-	groupio.c groupmem.c groupio.h gshadow.c lockpw.c nss.c nscd.c \
-	nscd.h shadowlog.c shadowlog.h shadowlog_internal.h sssd.c \
-	sssd.h pam_defs.h port.c port.h prototypes.h pwauth.c pwauth.h \
-	pwio.c pwio.h pwmem.c run_part.h run_part.c subordinateio.h \
-	subordinateio.c selinux.c semanage.c sgetgrent.c sgetpwent.c \
+am__DEPENDENCIES_1 =
+libshadow_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am__libshadow_la_SOURCES_DIST = addgrps.c adds.c adds.h age.c \
+	agetpass.c agetpass.h alloc.c alloc.h atoi/a2i.c atoi/a2i.h \
+	atoi/str2i.c atoi/str2i.h atoi/strtoi.c atoi/strtoi.h \
+	atoi/strtou_noneg.c atoi/strtou_noneg.h attr.h audit_help.c \
+	basename.c bit.c bit.h cast.h chkname.c chkname.h chowndir.c \
+	chowntty.c cleanup.c cleanup_group.c cleanup_user.c commonio.c \
+	commonio.h console.c copydir.c csrand.c defines.h encrypt.c \
+	env.c exitcodes.h faillog.h failure.c failure.h fd.c fields.c \
+	find_new_gid.c find_new_uid.c find_new_sub_gids.c \
+	find_new_sub_uids.c fputsx.c get_gid.c get_pid.c get_uid.c \
+	getdate.h getdate.y getdef.c getdef.h getgr_nam_gid.c \
+	getrange.c gettime.c groupio.c groupmem.c groupio.h gshadow.c \
+	hushed.c idmapping.h idmapping.c isexpired.c limits.c list.c \
+	lockpw.c loginprompt.c mail.c memzero.c memzero.h motd.c \
+	must_be.h myname.c nss.c nscd.c nscd.h obscure.c pam_defs.h \
+	pam_pass.c pam_pass_non_interactive.c port.c port.h \
+	prefix_flag.c prototypes.h pwauth.c pwauth.h pwio.c pwio.h \
+	pwd_init.c pwd2spwd.c pwdcheck.c pwmem.c remove_tree.c \
+	rlogin.c root_flag.c run_part.h run_part.c salt.c selinux.c \
+	semanage.c setugid.c setupenv.c sgetgrent.c sgetpwent.c \
 	sgetspent.c sgroupio.c sgroupio.h shadow.c shadowio.c \
-	shadowio.h shadowmem.c spawn.c utent.c tcbfuncs.c tcbfuncs.h
+	shadowio.h shadowlog.c shadowlog.h shadowlog_internal.h \
+	shadowmem.c shell.c sizeof.h spawn.c sssd.c sssd.h \
+	string/sprintf.c string/sprintf.h string/stpecpy.c \
+	string/stpecpy.h string/stpeprintf.c string/stpeprintf.h \
+	string/strftime.c string/strftime.h string/strncpy.h \
+	string/strtcpy.c string/strtcpy.h string/zustr2stp.h \
+	strtoday.c sub.c subordinateio.h subordinateio.c sulog.c \
+	time/day_to_str.c time/day_to_str.h ttytype.c tz.c ulimit.c \
+	user_busy.c valid.c write_full.c xgetpwnam.c \
+	xprefix_getpwnam.c xgetpwuid.c xgetgrnam.c xgetgrgid.c \
+	xgetspnam.c yesno.c tcbfuncs.c tcbfuncs.h btrfs.c log.c \
+	logind.c utmp.c freezero.h freezero.c readpassphrase.h \
+	readpassphrase.c
+am__dirstamp = $(am__leading_dot)dirstamp
 @WITH_TCB_TRUE@am__objects_1 = libshadow_la-tcbfuncs.lo
-am_libshadow_la_OBJECTS = libshadow_la-commonio.lo \
-	libshadow_la-encrypt.lo libshadow_la-fields.lo \
-	libshadow_la-fputsx.lo libshadow_la-getdef.lo \
-	libshadow_la-get_gid.lo libshadow_la-getlong.lo \
-	libshadow_la-get_pid.lo libshadow_la-get_uid.lo \
-	libshadow_la-getulong.lo libshadow_la-groupio.lo \
-	libshadow_la-groupmem.lo libshadow_la-gshadow.lo \
-	libshadow_la-lockpw.lo libshadow_la-nss.lo \
-	libshadow_la-nscd.lo libshadow_la-shadowlog.lo \
-	libshadow_la-sssd.lo libshadow_la-port.lo \
-	libshadow_la-pwauth.lo libshadow_la-pwio.lo \
-	libshadow_la-pwmem.lo libshadow_la-run_part.lo \
-	libshadow_la-subordinateio.lo libshadow_la-selinux.lo \
-	libshadow_la-semanage.lo libshadow_la-sgetgrent.lo \
-	libshadow_la-sgetpwent.lo libshadow_la-sgetspent.lo \
-	libshadow_la-sgroupio.lo libshadow_la-shadow.lo \
-	libshadow_la-shadowio.lo libshadow_la-shadowmem.lo \
-	libshadow_la-spawn.lo libshadow_la-utent.lo $(am__objects_1)
+@WITH_BTRFS_TRUE@am__objects_2 = libshadow_la-btrfs.lo
+@ENABLE_LASTLOG_TRUE@am__objects_3 = libshadow_la-log.lo
+@ENABLE_LOGIND_TRUE@am__objects_4 = libshadow_la-logind.lo
+@ENABLE_LOGIND_FALSE@am__objects_5 = libshadow_la-utmp.lo
+@WITH_LIBBSD_FALSE@am__objects_6 = libshadow_la-freezero.lo \
+@WITH_LIBBSD_FALSE@	libshadow_la-readpassphrase.lo
+am_libshadow_la_OBJECTS = libshadow_la-addgrps.lo libshadow_la-adds.lo \
+	libshadow_la-age.lo libshadow_la-agetpass.lo \
+	libshadow_la-alloc.lo atoi/libshadow_la-a2i.lo \
+	atoi/libshadow_la-str2i.lo atoi/libshadow_la-strtoi.lo \
+	atoi/libshadow_la-strtou_noneg.lo libshadow_la-audit_help.lo \
+	libshadow_la-basename.lo libshadow_la-bit.lo \
+	libshadow_la-chkname.lo libshadow_la-chowndir.lo \
+	libshadow_la-chowntty.lo libshadow_la-cleanup.lo \
+	libshadow_la-cleanup_group.lo libshadow_la-cleanup_user.lo \
+	libshadow_la-commonio.lo libshadow_la-console.lo \
+	libshadow_la-copydir.lo libshadow_la-csrand.lo \
+	libshadow_la-encrypt.lo libshadow_la-env.lo \
+	libshadow_la-failure.lo libshadow_la-fd.lo \
+	libshadow_la-fields.lo libshadow_la-find_new_gid.lo \
+	libshadow_la-find_new_uid.lo libshadow_la-find_new_sub_gids.lo \
+	libshadow_la-find_new_sub_uids.lo libshadow_la-fputsx.lo \
+	libshadow_la-get_gid.lo libshadow_la-get_pid.lo \
+	libshadow_la-get_uid.lo libshadow_la-getdate.lo \
+	libshadow_la-getdef.lo libshadow_la-getgr_nam_gid.lo \
+	libshadow_la-getrange.lo libshadow_la-gettime.lo \
+	libshadow_la-groupio.lo libshadow_la-groupmem.lo \
+	libshadow_la-gshadow.lo libshadow_la-hushed.lo \
+	libshadow_la-idmapping.lo libshadow_la-isexpired.lo \
+	libshadow_la-limits.lo libshadow_la-list.lo \
+	libshadow_la-lockpw.lo libshadow_la-loginprompt.lo \
+	libshadow_la-mail.lo libshadow_la-memzero.lo \
+	libshadow_la-motd.lo libshadow_la-myname.lo \
+	libshadow_la-nss.lo libshadow_la-nscd.lo \
+	libshadow_la-obscure.lo libshadow_la-pam_pass.lo \
+	libshadow_la-pam_pass_non_interactive.lo libshadow_la-port.lo \
+	libshadow_la-prefix_flag.lo libshadow_la-pwauth.lo \
+	libshadow_la-pwio.lo libshadow_la-pwd_init.lo \
+	libshadow_la-pwd2spwd.lo libshadow_la-pwdcheck.lo \
+	libshadow_la-pwmem.lo libshadow_la-remove_tree.lo \
+	libshadow_la-rlogin.lo libshadow_la-root_flag.lo \
+	libshadow_la-run_part.lo libshadow_la-salt.lo \
+	libshadow_la-selinux.lo libshadow_la-semanage.lo \
+	libshadow_la-setugid.lo libshadow_la-setupenv.lo \
+	libshadow_la-sgetgrent.lo libshadow_la-sgetpwent.lo \
+	libshadow_la-sgetspent.lo libshadow_la-sgroupio.lo \
+	libshadow_la-shadow.lo libshadow_la-shadowio.lo \
+	libshadow_la-shadowlog.lo libshadow_la-shadowmem.lo \
+	libshadow_la-shell.lo libshadow_la-spawn.lo \
+	libshadow_la-sssd.lo string/libshadow_la-sprintf.lo \
+	string/libshadow_la-stpecpy.lo \
+	string/libshadow_la-stpeprintf.lo \
+	string/libshadow_la-strftime.lo string/libshadow_la-strtcpy.lo \
+	libshadow_la-strtoday.lo libshadow_la-sub.lo \
+	libshadow_la-subordinateio.lo libshadow_la-sulog.lo \
+	time/libshadow_la-day_to_str.lo libshadow_la-ttytype.lo \
+	libshadow_la-tz.lo libshadow_la-ulimit.lo \
+	libshadow_la-user_busy.lo libshadow_la-valid.lo \
+	libshadow_la-write_full.lo libshadow_la-xgetpwnam.lo \
+	libshadow_la-xprefix_getpwnam.lo libshadow_la-xgetpwuid.lo \
+	libshadow_la-xgetgrnam.lo libshadow_la-xgetgrgid.lo \
+	libshadow_la-xgetspnam.lo libshadow_la-yesno.lo \
+	$(am__objects_1) $(am__objects_2) $(am__objects_3) \
+	$(am__objects_4) $(am__objects_5) $(am__objects_6)
 libshadow_la_OBJECTS = $(am_libshadow_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+libshadow_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libshadow_la_CFLAGS) \
+	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -159,29 +244,83 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/libshadow_la-commonio.Plo \
+am__depfiles_remade = ./$(DEPDIR)/libshadow_la-addgrps.Plo \
+	./$(DEPDIR)/libshadow_la-adds.Plo \
+	./$(DEPDIR)/libshadow_la-age.Plo \
+	./$(DEPDIR)/libshadow_la-agetpass.Plo \
+	./$(DEPDIR)/libshadow_la-alloc.Plo \
+	./$(DEPDIR)/libshadow_la-audit_help.Plo \
+	./$(DEPDIR)/libshadow_la-basename.Plo \
+	./$(DEPDIR)/libshadow_la-bit.Plo \
+	./$(DEPDIR)/libshadow_la-btrfs.Plo \
+	./$(DEPDIR)/libshadow_la-chkname.Plo \
+	./$(DEPDIR)/libshadow_la-chowndir.Plo \
+	./$(DEPDIR)/libshadow_la-chowntty.Plo \
+	./$(DEPDIR)/libshadow_la-cleanup.Plo \
+	./$(DEPDIR)/libshadow_la-cleanup_group.Plo \
+	./$(DEPDIR)/libshadow_la-cleanup_user.Plo \
+	./$(DEPDIR)/libshadow_la-commonio.Plo \
+	./$(DEPDIR)/libshadow_la-console.Plo \
+	./$(DEPDIR)/libshadow_la-copydir.Plo \
+	./$(DEPDIR)/libshadow_la-csrand.Plo \
 	./$(DEPDIR)/libshadow_la-encrypt.Plo \
+	./$(DEPDIR)/libshadow_la-env.Plo \
+	./$(DEPDIR)/libshadow_la-failure.Plo \
+	./$(DEPDIR)/libshadow_la-fd.Plo \
 	./$(DEPDIR)/libshadow_la-fields.Plo \
+	./$(DEPDIR)/libshadow_la-find_new_gid.Plo \
+	./$(DEPDIR)/libshadow_la-find_new_sub_gids.Plo \
+	./$(DEPDIR)/libshadow_la-find_new_sub_uids.Plo \
+	./$(DEPDIR)/libshadow_la-find_new_uid.Plo \
 	./$(DEPDIR)/libshadow_la-fputsx.Plo \
+	./$(DEPDIR)/libshadow_la-freezero.Plo \
 	./$(DEPDIR)/libshadow_la-get_gid.Plo \
 	./$(DEPDIR)/libshadow_la-get_pid.Plo \
 	./$(DEPDIR)/libshadow_la-get_uid.Plo \
+	./$(DEPDIR)/libshadow_la-getdate.Plo \
 	./$(DEPDIR)/libshadow_la-getdef.Plo \
-	./$(DEPDIR)/libshadow_la-getlong.Plo \
-	./$(DEPDIR)/libshadow_la-getulong.Plo \
+	./$(DEPDIR)/libshadow_la-getgr_nam_gid.Plo \
+	./$(DEPDIR)/libshadow_la-getrange.Plo \
+	./$(DEPDIR)/libshadow_la-gettime.Plo \
 	./$(DEPDIR)/libshadow_la-groupio.Plo \
 	./$(DEPDIR)/libshadow_la-groupmem.Plo \
 	./$(DEPDIR)/libshadow_la-gshadow.Plo \
+	./$(DEPDIR)/libshadow_la-hushed.Plo \
+	./$(DEPDIR)/libshadow_la-idmapping.Plo \
+	./$(DEPDIR)/libshadow_la-isexpired.Plo \
+	./$(DEPDIR)/libshadow_la-limits.Plo \
+	./$(DEPDIR)/libshadow_la-list.Plo \
 	./$(DEPDIR)/libshadow_la-lockpw.Plo \
+	./$(DEPDIR)/libshadow_la-log.Plo \
+	./$(DEPDIR)/libshadow_la-logind.Plo \
+	./$(DEPDIR)/libshadow_la-loginprompt.Plo \
+	./$(DEPDIR)/libshadow_la-mail.Plo \
+	./$(DEPDIR)/libshadow_la-memzero.Plo \
+	./$(DEPDIR)/libshadow_la-motd.Plo \
+	./$(DEPDIR)/libshadow_la-myname.Plo \
 	./$(DEPDIR)/libshadow_la-nscd.Plo \
 	./$(DEPDIR)/libshadow_la-nss.Plo \
+	./$(DEPDIR)/libshadow_la-obscure.Plo \
+	./$(DEPDIR)/libshadow_la-pam_pass.Plo \
+	./$(DEPDIR)/libshadow_la-pam_pass_non_interactive.Plo \
 	./$(DEPDIR)/libshadow_la-port.Plo \
+	./$(DEPDIR)/libshadow_la-prefix_flag.Plo \
 	./$(DEPDIR)/libshadow_la-pwauth.Plo \
+	./$(DEPDIR)/libshadow_la-pwd2spwd.Plo \
+	./$(DEPDIR)/libshadow_la-pwd_init.Plo \
+	./$(DEPDIR)/libshadow_la-pwdcheck.Plo \
 	./$(DEPDIR)/libshadow_la-pwio.Plo \
 	./$(DEPDIR)/libshadow_la-pwmem.Plo \
+	./$(DEPDIR)/libshadow_la-readpassphrase.Plo \
+	./$(DEPDIR)/libshadow_la-remove_tree.Plo \
+	./$(DEPDIR)/libshadow_la-rlogin.Plo \
+	./$(DEPDIR)/libshadow_la-root_flag.Plo \
 	./$(DEPDIR)/libshadow_la-run_part.Plo \
+	./$(DEPDIR)/libshadow_la-salt.Plo \
 	./$(DEPDIR)/libshadow_la-selinux.Plo \
 	./$(DEPDIR)/libshadow_la-semanage.Plo \
+	./$(DEPDIR)/libshadow_la-setugid.Plo \
+	./$(DEPDIR)/libshadow_la-setupenv.Plo \
 	./$(DEPDIR)/libshadow_la-sgetgrent.Plo \
 	./$(DEPDIR)/libshadow_la-sgetpwent.Plo \
 	./$(DEPDIR)/libshadow_la-sgetspent.Plo \
@@ -190,11 +329,38 @@ am__depfiles_remade = ./$(DEPDIR)/libshadow_la-commonio.Plo \
 	./$(DEPDIR)/libshadow_la-shadowio.Plo \
 	./$(DEPDIR)/libshadow_la-shadowlog.Plo \
 	./$(DEPDIR)/libshadow_la-shadowmem.Plo \
+	./$(DEPDIR)/libshadow_la-shell.Plo \
 	./$(DEPDIR)/libshadow_la-spawn.Plo \
 	./$(DEPDIR)/libshadow_la-sssd.Plo \
+	./$(DEPDIR)/libshadow_la-strtoday.Plo \
+	./$(DEPDIR)/libshadow_la-sub.Plo \
 	./$(DEPDIR)/libshadow_la-subordinateio.Plo \
+	./$(DEPDIR)/libshadow_la-sulog.Plo \
 	./$(DEPDIR)/libshadow_la-tcbfuncs.Plo \
-	./$(DEPDIR)/libshadow_la-utent.Plo
+	./$(DEPDIR)/libshadow_la-ttytype.Plo \
+	./$(DEPDIR)/libshadow_la-tz.Plo \
+	./$(DEPDIR)/libshadow_la-ulimit.Plo \
+	./$(DEPDIR)/libshadow_la-user_busy.Plo \
+	./$(DEPDIR)/libshadow_la-utmp.Plo \
+	./$(DEPDIR)/libshadow_la-valid.Plo \
+	./$(DEPDIR)/libshadow_la-write_full.Plo \
+	./$(DEPDIR)/libshadow_la-xgetgrgid.Plo \
+	./$(DEPDIR)/libshadow_la-xgetgrnam.Plo \
+	./$(DEPDIR)/libshadow_la-xgetpwnam.Plo \
+	./$(DEPDIR)/libshadow_la-xgetpwuid.Plo \
+	./$(DEPDIR)/libshadow_la-xgetspnam.Plo \
+	./$(DEPDIR)/libshadow_la-xprefix_getpwnam.Plo \
+	./$(DEPDIR)/libshadow_la-yesno.Plo \
+	atoi/$(DEPDIR)/libshadow_la-a2i.Plo \
+	atoi/$(DEPDIR)/libshadow_la-str2i.Plo \
+	atoi/$(DEPDIR)/libshadow_la-strtoi.Plo \
+	atoi/$(DEPDIR)/libshadow_la-strtou_noneg.Plo \
+	string/$(DEPDIR)/libshadow_la-sprintf.Plo \
+	string/$(DEPDIR)/libshadow_la-stpecpy.Plo \
+	string/$(DEPDIR)/libshadow_la-stpeprintf.Plo \
+	string/$(DEPDIR)/libshadow_la-strftime.Plo \
+	string/$(DEPDIR)/libshadow_la-strtcpy.Plo \
+	time/$(DEPDIR)/libshadow_la-day_to_str.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -214,6 +380,17 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
+@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
+am__yacc_c2h = sed -e s/cc$$/hh/ -e s/cpp$$/hpp/ -e s/cxx$$/hxx/ \
+		   -e s/c++$$/h++/ -e s/c$$/h/
+YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS)
+LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS)
+AM_V_YACC = $(am__v_YACC_@AM_V@)
+am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@)
+am__v_YACC_0 = @echo "  YACC    " $@;
+am__v_YACC_1 = 
+YLWRAP = $(top_srcdir)/ylwrap
 SOURCES = $(libshadow_la_SOURCES)
 DIST_SOURCES = $(am__libshadow_la_SOURCES_DIST)
 am__can_run_installinfo = \
@@ -238,7 +415,8 @@ am__define_uniq_tagged_files = \
   unique=`for i in $$list; do \
     if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
   done | $(am__uniquify_input)`
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+	$(top_srcdir)/ylwrap getdate.c
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -251,6 +429,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -269,6 +449,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -284,9 +465,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -302,6 +489,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -310,6 +498,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -332,6 +522,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -405,18 +598,46 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 AUTOMAKE_OPTIONS = 1.0 foreign
 noinst_LTLIBRARIES = libshadow.la
+@USE_PAM_FALSE@LIBCRYPT_PAM = 
+@USE_PAM_TRUE@LIBCRYPT_PAM = $(LIBCRYPT)
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
 libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS) $(am__append_1) \
 	-I$(top_srcdir)
-libshadow_la_SOURCES = commonio.c commonio.h defines.h encrypt.c \
-	exitcodes.h faillog.h fields.c fputsx.c getdef.c getdef.h \
-	get_gid.c getlong.c get_pid.c get_uid.c getulong.c groupio.c \
-	groupmem.c groupio.h gshadow.c lockpw.c nss.c nscd.c nscd.h \
-	shadowlog.c shadowlog.h shadowlog_internal.h sssd.c sssd.h \
-	pam_defs.h port.c port.h prototypes.h pwauth.c pwauth.h pwio.c \
-	pwio.h pwmem.c run_part.h run_part.c subordinateio.h \
-	subordinateio.c selinux.c semanage.c sgetgrent.c sgetpwent.c \
-	sgetspent.c sgroupio.c sgroupio.h shadow.c shadowio.c \
-	shadowio.h shadowmem.c spawn.c utent.c $(am__append_2)
+libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)
+libshadow_la_SOURCES = addgrps.c adds.c adds.h age.c agetpass.c \
+	agetpass.h alloc.c alloc.h atoi/a2i.c atoi/a2i.h atoi/str2i.c \
+	atoi/str2i.h atoi/strtoi.c atoi/strtoi.h atoi/strtou_noneg.c \
+	atoi/strtou_noneg.h attr.h audit_help.c basename.c bit.c bit.h \
+	cast.h chkname.c chkname.h chowndir.c chowntty.c cleanup.c \
+	cleanup_group.c cleanup_user.c commonio.c commonio.h console.c \
+	copydir.c csrand.c defines.h encrypt.c env.c exitcodes.h \
+	faillog.h failure.c failure.h fd.c fields.c find_new_gid.c \
+	find_new_uid.c find_new_sub_gids.c find_new_sub_uids.c \
+	fputsx.c get_gid.c get_pid.c get_uid.c getdate.h getdate.y \
+	getdef.c getdef.h getgr_nam_gid.c getrange.c gettime.c \
+	groupio.c groupmem.c groupio.h gshadow.c hushed.c idmapping.h \
+	idmapping.c isexpired.c limits.c list.c lockpw.c loginprompt.c \
+	mail.c memzero.c memzero.h motd.c must_be.h myname.c nss.c \
+	nscd.c nscd.h obscure.c pam_defs.h pam_pass.c \
+	pam_pass_non_interactive.c port.c port.h prefix_flag.c \
+	prototypes.h pwauth.c pwauth.h pwio.c pwio.h pwd_init.c \
+	pwd2spwd.c pwdcheck.c pwmem.c remove_tree.c rlogin.c \
+	root_flag.c run_part.h run_part.c salt.c selinux.c semanage.c \
+	setugid.c setupenv.c sgetgrent.c sgetpwent.c sgetspent.c \
+	sgroupio.c sgroupio.h shadow.c shadowio.c shadowio.h \
+	shadowlog.c shadowlog.h shadowlog_internal.h shadowmem.c \
+	shell.c sizeof.h spawn.c sssd.c sssd.h string/sprintf.c \
+	string/sprintf.h string/stpecpy.c string/stpecpy.h \
+	string/stpeprintf.c string/stpeprintf.h string/strftime.c \
+	string/strftime.h string/strncpy.h string/strtcpy.c \
+	string/strtcpy.h string/zustr2stp.h strtoday.c sub.c \
+	subordinateio.h subordinateio.c sulog.c time/day_to_str.c \
+	time/day_to_str.h ttytype.c tz.c ulimit.c user_busy.c valid.c \
+	write_full.c xgetpwnam.c xprefix_getpwnam.c xgetpwuid.c \
+	xgetgrnam.c xgetgrgid.c xgetspnam.c yesno.c $(am__append_2) \
+	$(am__append_3) $(am__append_4) $(am__append_5) \
+	$(am__append_6) $(am__append_7)
 
 # These files are unneeded for some reason, listed in
 # order of appearance:
@@ -424,12 +645,13 @@ libshadow_la_SOURCES = commonio.c commonio.h defines.h encrypt.c \
 # sources for dbm support (not yet used)
 EXTRA_DIST = \
 	.indent.pro \
-	gshadow_.h
+	gshadow_.h \
+	xgetXXbyYY.c
 
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
+.SUFFIXES: .c .lo .o .obj .y
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -470,39 +692,137 @@ clean-noinstLTLIBRARIES:
 	  echo rm -f $${locs}; \
 	  rm -f $${locs}; \
 	}
+atoi/$(am__dirstamp):
+	@$(MKDIR_P) atoi
+	@: > atoi/$(am__dirstamp)
+atoi/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) atoi/$(DEPDIR)
+	@: > atoi/$(DEPDIR)/$(am__dirstamp)
+atoi/libshadow_la-a2i.lo: atoi/$(am__dirstamp) \
+	atoi/$(DEPDIR)/$(am__dirstamp)
+atoi/libshadow_la-str2i.lo: atoi/$(am__dirstamp) \
+	atoi/$(DEPDIR)/$(am__dirstamp)
+atoi/libshadow_la-strtoi.lo: atoi/$(am__dirstamp) \
+	atoi/$(DEPDIR)/$(am__dirstamp)
+atoi/libshadow_la-strtou_noneg.lo: atoi/$(am__dirstamp) \
+	atoi/$(DEPDIR)/$(am__dirstamp)
+string/$(am__dirstamp):
+	@$(MKDIR_P) string
+	@: > string/$(am__dirstamp)
+string/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) string/$(DEPDIR)
+	@: > string/$(DEPDIR)/$(am__dirstamp)
+string/libshadow_la-sprintf.lo: string/$(am__dirstamp) \
+	string/$(DEPDIR)/$(am__dirstamp)
+string/libshadow_la-stpecpy.lo: string/$(am__dirstamp) \
+	string/$(DEPDIR)/$(am__dirstamp)
+string/libshadow_la-stpeprintf.lo: string/$(am__dirstamp) \
+	string/$(DEPDIR)/$(am__dirstamp)
+string/libshadow_la-strftime.lo: string/$(am__dirstamp) \
+	string/$(DEPDIR)/$(am__dirstamp)
+string/libshadow_la-strtcpy.lo: string/$(am__dirstamp) \
+	string/$(DEPDIR)/$(am__dirstamp)
+time/$(am__dirstamp):
+	@$(MKDIR_P) time
+	@: > time/$(am__dirstamp)
+time/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) time/$(DEPDIR)
+	@: > time/$(DEPDIR)/$(am__dirstamp)
+time/libshadow_la-day_to_str.lo: time/$(am__dirstamp) \
+	time/$(DEPDIR)/$(am__dirstamp)
 
 libshadow.la: $(libshadow_la_OBJECTS) $(libshadow_la_DEPENDENCIES) $(EXTRA_libshadow_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK)  $(libshadow_la_OBJECTS) $(libshadow_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(libshadow_la_LINK)  $(libshadow_la_OBJECTS) $(libshadow_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
+	-rm -f atoi/*.$(OBJEXT)
+	-rm -f atoi/*.lo
+	-rm -f string/*.$(OBJEXT)
+	-rm -f string/*.lo
+	-rm -f time/*.$(OBJEXT)
+	-rm -f time/*.lo
 
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-addgrps.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-adds.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-age.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-agetpass.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-alloc.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-audit_help.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-basename.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-bit.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-btrfs.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-chkname.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-chowndir.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-chowntty.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-cleanup.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-cleanup_group.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-cleanup_user.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-commonio.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-console.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-copydir.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-csrand.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-encrypt.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-env.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-failure.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-fd.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-fields.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-find_new_gid.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-find_new_sub_gids.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-find_new_sub_uids.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-find_new_uid.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-fputsx.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-freezero.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-get_gid.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-get_pid.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-get_uid.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-getdate.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-getdef.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-getlong.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-getulong.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-getgr_nam_gid.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-getrange.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-gettime.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-groupio.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-groupmem.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-gshadow.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-hushed.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-idmapping.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-isexpired.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-limits.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-list.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-lockpw.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-log.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-logind.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-loginprompt.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-mail.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-memzero.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-motd.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-myname.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-nscd.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-nss.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-obscure.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pam_pass.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pam_pass_non_interactive.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-port.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-prefix_flag.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pwauth.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pwd2spwd.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pwd_init.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pwdcheck.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pwio.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-pwmem.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-readpassphrase.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-remove_tree.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-rlogin.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-root_flag.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-run_part.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-salt.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-selinux.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-semanage.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-setugid.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-setupenv.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-sgetgrent.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-sgetpwent.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-sgetspent.Plo@am__quote@ # am--include-marker
@@ -511,11 +831,38 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-shadowio.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-shadowlog.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-shadowmem.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-shell.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-spawn.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-sssd.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-strtoday.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-sub.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-subordinateio.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-sulog.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-tcbfuncs.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-utent.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-ttytype.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-tz.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-ulimit.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-user_busy.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-utmp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-valid.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-write_full.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-xgetgrgid.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-xgetgrnam.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-xgetpwnam.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-xgetpwuid.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-xgetspnam.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-xprefix_getpwnam.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadow_la-yesno.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@atoi/$(DEPDIR)/libshadow_la-a2i.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@atoi/$(DEPDIR)/libshadow_la-str2i.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@atoi/$(DEPDIR)/libshadow_la-strtoi.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@atoi/$(DEPDIR)/libshadow_la-strtou_noneg.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@string/$(DEPDIR)/libshadow_la-sprintf.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@string/$(DEPDIR)/libshadow_la-stpecpy.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@string/$(DEPDIR)/libshadow_la-stpeprintf.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@string/$(DEPDIR)/libshadow_la-strftime.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@string/$(DEPDIR)/libshadow_la-strtcpy.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@time/$(DEPDIR)/libshadow_la-day_to_str.Plo@am__quote@ # am--include-marker
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
@@ -524,283 +871,859 @@ $(am__depfiles_remade):
 am--depfiles: $(am__depfiles_remade)
 
 .c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
+libshadow_la-addgrps.lo: addgrps.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-addgrps.lo -MD -MP -MF $(DEPDIR)/libshadow_la-addgrps.Tpo -c -o libshadow_la-addgrps.lo `test -f 'addgrps.c' || echo '$(srcdir)/'`addgrps.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-addgrps.Tpo $(DEPDIR)/libshadow_la-addgrps.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='addgrps.c' object='libshadow_la-addgrps.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-addgrps.lo `test -f 'addgrps.c' || echo '$(srcdir)/'`addgrps.c
+
+libshadow_la-adds.lo: adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-adds.lo -MD -MP -MF $(DEPDIR)/libshadow_la-adds.Tpo -c -o libshadow_la-adds.lo `test -f 'adds.c' || echo '$(srcdir)/'`adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-adds.Tpo $(DEPDIR)/libshadow_la-adds.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='adds.c' object='libshadow_la-adds.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-adds.lo `test -f 'adds.c' || echo '$(srcdir)/'`adds.c
+
+libshadow_la-age.lo: age.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-age.lo -MD -MP -MF $(DEPDIR)/libshadow_la-age.Tpo -c -o libshadow_la-age.lo `test -f 'age.c' || echo '$(srcdir)/'`age.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-age.Tpo $(DEPDIR)/libshadow_la-age.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='age.c' object='libshadow_la-age.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-age.lo `test -f 'age.c' || echo '$(srcdir)/'`age.c
+
+libshadow_la-agetpass.lo: agetpass.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-agetpass.lo -MD -MP -MF $(DEPDIR)/libshadow_la-agetpass.Tpo -c -o libshadow_la-agetpass.lo `test -f 'agetpass.c' || echo '$(srcdir)/'`agetpass.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-agetpass.Tpo $(DEPDIR)/libshadow_la-agetpass.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='agetpass.c' object='libshadow_la-agetpass.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-agetpass.lo `test -f 'agetpass.c' || echo '$(srcdir)/'`agetpass.c
+
+libshadow_la-alloc.lo: alloc.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-alloc.lo -MD -MP -MF $(DEPDIR)/libshadow_la-alloc.Tpo -c -o libshadow_la-alloc.lo `test -f 'alloc.c' || echo '$(srcdir)/'`alloc.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-alloc.Tpo $(DEPDIR)/libshadow_la-alloc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='alloc.c' object='libshadow_la-alloc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-alloc.lo `test -f 'alloc.c' || echo '$(srcdir)/'`alloc.c
+
+atoi/libshadow_la-a2i.lo: atoi/a2i.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT atoi/libshadow_la-a2i.lo -MD -MP -MF atoi/$(DEPDIR)/libshadow_la-a2i.Tpo -c -o atoi/libshadow_la-a2i.lo `test -f 'atoi/a2i.c' || echo '$(srcdir)/'`atoi/a2i.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) atoi/$(DEPDIR)/libshadow_la-a2i.Tpo atoi/$(DEPDIR)/libshadow_la-a2i.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='atoi/a2i.c' object='atoi/libshadow_la-a2i.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o atoi/libshadow_la-a2i.lo `test -f 'atoi/a2i.c' || echo '$(srcdir)/'`atoi/a2i.c
+
+atoi/libshadow_la-str2i.lo: atoi/str2i.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT atoi/libshadow_la-str2i.lo -MD -MP -MF atoi/$(DEPDIR)/libshadow_la-str2i.Tpo -c -o atoi/libshadow_la-str2i.lo `test -f 'atoi/str2i.c' || echo '$(srcdir)/'`atoi/str2i.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) atoi/$(DEPDIR)/libshadow_la-str2i.Tpo atoi/$(DEPDIR)/libshadow_la-str2i.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='atoi/str2i.c' object='atoi/libshadow_la-str2i.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o atoi/libshadow_la-str2i.lo `test -f 'atoi/str2i.c' || echo '$(srcdir)/'`atoi/str2i.c
+
+atoi/libshadow_la-strtoi.lo: atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT atoi/libshadow_la-strtoi.lo -MD -MP -MF atoi/$(DEPDIR)/libshadow_la-strtoi.Tpo -c -o atoi/libshadow_la-strtoi.lo `test -f 'atoi/strtoi.c' || echo '$(srcdir)/'`atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) atoi/$(DEPDIR)/libshadow_la-strtoi.Tpo atoi/$(DEPDIR)/libshadow_la-strtoi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='atoi/strtoi.c' object='atoi/libshadow_la-strtoi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o atoi/libshadow_la-strtoi.lo `test -f 'atoi/strtoi.c' || echo '$(srcdir)/'`atoi/strtoi.c
+
+atoi/libshadow_la-strtou_noneg.lo: atoi/strtou_noneg.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT atoi/libshadow_la-strtou_noneg.lo -MD -MP -MF atoi/$(DEPDIR)/libshadow_la-strtou_noneg.Tpo -c -o atoi/libshadow_la-strtou_noneg.lo `test -f 'atoi/strtou_noneg.c' || echo '$(srcdir)/'`atoi/strtou_noneg.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) atoi/$(DEPDIR)/libshadow_la-strtou_noneg.Tpo atoi/$(DEPDIR)/libshadow_la-strtou_noneg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='atoi/strtou_noneg.c' object='atoi/libshadow_la-strtou_noneg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o atoi/libshadow_la-strtou_noneg.lo `test -f 'atoi/strtou_noneg.c' || echo '$(srcdir)/'`atoi/strtou_noneg.c
+
+libshadow_la-audit_help.lo: audit_help.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-audit_help.lo -MD -MP -MF $(DEPDIR)/libshadow_la-audit_help.Tpo -c -o libshadow_la-audit_help.lo `test -f 'audit_help.c' || echo '$(srcdir)/'`audit_help.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-audit_help.Tpo $(DEPDIR)/libshadow_la-audit_help.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='audit_help.c' object='libshadow_la-audit_help.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-audit_help.lo `test -f 'audit_help.c' || echo '$(srcdir)/'`audit_help.c
+
+libshadow_la-basename.lo: basename.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-basename.lo -MD -MP -MF $(DEPDIR)/libshadow_la-basename.Tpo -c -o libshadow_la-basename.lo `test -f 'basename.c' || echo '$(srcdir)/'`basename.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-basename.Tpo $(DEPDIR)/libshadow_la-basename.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='basename.c' object='libshadow_la-basename.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-basename.lo `test -f 'basename.c' || echo '$(srcdir)/'`basename.c
+
+libshadow_la-bit.lo: bit.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-bit.lo -MD -MP -MF $(DEPDIR)/libshadow_la-bit.Tpo -c -o libshadow_la-bit.lo `test -f 'bit.c' || echo '$(srcdir)/'`bit.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-bit.Tpo $(DEPDIR)/libshadow_la-bit.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='bit.c' object='libshadow_la-bit.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-bit.lo `test -f 'bit.c' || echo '$(srcdir)/'`bit.c
+
+libshadow_la-chkname.lo: chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-chkname.lo -MD -MP -MF $(DEPDIR)/libshadow_la-chkname.Tpo -c -o libshadow_la-chkname.lo `test -f 'chkname.c' || echo '$(srcdir)/'`chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-chkname.Tpo $(DEPDIR)/libshadow_la-chkname.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='chkname.c' object='libshadow_la-chkname.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-chkname.lo `test -f 'chkname.c' || echo '$(srcdir)/'`chkname.c
+
+libshadow_la-chowndir.lo: chowndir.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-chowndir.lo -MD -MP -MF $(DEPDIR)/libshadow_la-chowndir.Tpo -c -o libshadow_la-chowndir.lo `test -f 'chowndir.c' || echo '$(srcdir)/'`chowndir.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-chowndir.Tpo $(DEPDIR)/libshadow_la-chowndir.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='chowndir.c' object='libshadow_la-chowndir.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-chowndir.lo `test -f 'chowndir.c' || echo '$(srcdir)/'`chowndir.c
+
+libshadow_la-chowntty.lo: chowntty.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-chowntty.lo -MD -MP -MF $(DEPDIR)/libshadow_la-chowntty.Tpo -c -o libshadow_la-chowntty.lo `test -f 'chowntty.c' || echo '$(srcdir)/'`chowntty.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-chowntty.Tpo $(DEPDIR)/libshadow_la-chowntty.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='chowntty.c' object='libshadow_la-chowntty.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-chowntty.lo `test -f 'chowntty.c' || echo '$(srcdir)/'`chowntty.c
+
+libshadow_la-cleanup.lo: cleanup.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-cleanup.lo -MD -MP -MF $(DEPDIR)/libshadow_la-cleanup.Tpo -c -o libshadow_la-cleanup.lo `test -f 'cleanup.c' || echo '$(srcdir)/'`cleanup.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-cleanup.Tpo $(DEPDIR)/libshadow_la-cleanup.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='cleanup.c' object='libshadow_la-cleanup.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-cleanup.lo `test -f 'cleanup.c' || echo '$(srcdir)/'`cleanup.c
+
+libshadow_la-cleanup_group.lo: cleanup_group.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-cleanup_group.lo -MD -MP -MF $(DEPDIR)/libshadow_la-cleanup_group.Tpo -c -o libshadow_la-cleanup_group.lo `test -f 'cleanup_group.c' || echo '$(srcdir)/'`cleanup_group.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-cleanup_group.Tpo $(DEPDIR)/libshadow_la-cleanup_group.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='cleanup_group.c' object='libshadow_la-cleanup_group.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-cleanup_group.lo `test -f 'cleanup_group.c' || echo '$(srcdir)/'`cleanup_group.c
+
+libshadow_la-cleanup_user.lo: cleanup_user.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-cleanup_user.lo -MD -MP -MF $(DEPDIR)/libshadow_la-cleanup_user.Tpo -c -o libshadow_la-cleanup_user.lo `test -f 'cleanup_user.c' || echo '$(srcdir)/'`cleanup_user.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-cleanup_user.Tpo $(DEPDIR)/libshadow_la-cleanup_user.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='cleanup_user.c' object='libshadow_la-cleanup_user.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-cleanup_user.lo `test -f 'cleanup_user.c' || echo '$(srcdir)/'`cleanup_user.c
+
 libshadow_la-commonio.lo: commonio.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-commonio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-commonio.Tpo -c -o libshadow_la-commonio.lo `test -f 'commonio.c' || echo '$(srcdir)/'`commonio.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-commonio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-commonio.Tpo -c -o libshadow_la-commonio.lo `test -f 'commonio.c' || echo '$(srcdir)/'`commonio.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-commonio.Tpo $(DEPDIR)/libshadow_la-commonio.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='commonio.c' object='libshadow_la-commonio.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-commonio.lo `test -f 'commonio.c' || echo '$(srcdir)/'`commonio.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-commonio.lo `test -f 'commonio.c' || echo '$(srcdir)/'`commonio.c
+
+libshadow_la-console.lo: console.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-console.lo -MD -MP -MF $(DEPDIR)/libshadow_la-console.Tpo -c -o libshadow_la-console.lo `test -f 'console.c' || echo '$(srcdir)/'`console.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-console.Tpo $(DEPDIR)/libshadow_la-console.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='console.c' object='libshadow_la-console.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-console.lo `test -f 'console.c' || echo '$(srcdir)/'`console.c
+
+libshadow_la-copydir.lo: copydir.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-copydir.lo -MD -MP -MF $(DEPDIR)/libshadow_la-copydir.Tpo -c -o libshadow_la-copydir.lo `test -f 'copydir.c' || echo '$(srcdir)/'`copydir.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-copydir.Tpo $(DEPDIR)/libshadow_la-copydir.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='copydir.c' object='libshadow_la-copydir.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-copydir.lo `test -f 'copydir.c' || echo '$(srcdir)/'`copydir.c
+
+libshadow_la-csrand.lo: csrand.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-csrand.lo -MD -MP -MF $(DEPDIR)/libshadow_la-csrand.Tpo -c -o libshadow_la-csrand.lo `test -f 'csrand.c' || echo '$(srcdir)/'`csrand.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-csrand.Tpo $(DEPDIR)/libshadow_la-csrand.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='csrand.c' object='libshadow_la-csrand.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-csrand.lo `test -f 'csrand.c' || echo '$(srcdir)/'`csrand.c
 
 libshadow_la-encrypt.lo: encrypt.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-encrypt.lo -MD -MP -MF $(DEPDIR)/libshadow_la-encrypt.Tpo -c -o libshadow_la-encrypt.lo `test -f 'encrypt.c' || echo '$(srcdir)/'`encrypt.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-encrypt.lo -MD -MP -MF $(DEPDIR)/libshadow_la-encrypt.Tpo -c -o libshadow_la-encrypt.lo `test -f 'encrypt.c' || echo '$(srcdir)/'`encrypt.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-encrypt.Tpo $(DEPDIR)/libshadow_la-encrypt.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='encrypt.c' object='libshadow_la-encrypt.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-encrypt.lo `test -f 'encrypt.c' || echo '$(srcdir)/'`encrypt.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-encrypt.lo `test -f 'encrypt.c' || echo '$(srcdir)/'`encrypt.c
+
+libshadow_la-env.lo: env.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-env.lo -MD -MP -MF $(DEPDIR)/libshadow_la-env.Tpo -c -o libshadow_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-env.Tpo $(DEPDIR)/libshadow_la-env.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='env.c' object='libshadow_la-env.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c
+
+libshadow_la-failure.lo: failure.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-failure.lo -MD -MP -MF $(DEPDIR)/libshadow_la-failure.Tpo -c -o libshadow_la-failure.lo `test -f 'failure.c' || echo '$(srcdir)/'`failure.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-failure.Tpo $(DEPDIR)/libshadow_la-failure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='failure.c' object='libshadow_la-failure.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-failure.lo `test -f 'failure.c' || echo '$(srcdir)/'`failure.c
+
+libshadow_la-fd.lo: fd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-fd.lo -MD -MP -MF $(DEPDIR)/libshadow_la-fd.Tpo -c -o libshadow_la-fd.lo `test -f 'fd.c' || echo '$(srcdir)/'`fd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-fd.Tpo $(DEPDIR)/libshadow_la-fd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='fd.c' object='libshadow_la-fd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-fd.lo `test -f 'fd.c' || echo '$(srcdir)/'`fd.c
 
 libshadow_la-fields.lo: fields.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-fields.lo -MD -MP -MF $(DEPDIR)/libshadow_la-fields.Tpo -c -o libshadow_la-fields.lo `test -f 'fields.c' || echo '$(srcdir)/'`fields.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-fields.lo -MD -MP -MF $(DEPDIR)/libshadow_la-fields.Tpo -c -o libshadow_la-fields.lo `test -f 'fields.c' || echo '$(srcdir)/'`fields.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-fields.Tpo $(DEPDIR)/libshadow_la-fields.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='fields.c' object='libshadow_la-fields.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-fields.lo `test -f 'fields.c' || echo '$(srcdir)/'`fields.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-fields.lo `test -f 'fields.c' || echo '$(srcdir)/'`fields.c
+
+libshadow_la-find_new_gid.lo: find_new_gid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-find_new_gid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-find_new_gid.Tpo -c -o libshadow_la-find_new_gid.lo `test -f 'find_new_gid.c' || echo '$(srcdir)/'`find_new_gid.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-find_new_gid.Tpo $(DEPDIR)/libshadow_la-find_new_gid.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='find_new_gid.c' object='libshadow_la-find_new_gid.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-find_new_gid.lo `test -f 'find_new_gid.c' || echo '$(srcdir)/'`find_new_gid.c
+
+libshadow_la-find_new_uid.lo: find_new_uid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-find_new_uid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-find_new_uid.Tpo -c -o libshadow_la-find_new_uid.lo `test -f 'find_new_uid.c' || echo '$(srcdir)/'`find_new_uid.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-find_new_uid.Tpo $(DEPDIR)/libshadow_la-find_new_uid.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='find_new_uid.c' object='libshadow_la-find_new_uid.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-find_new_uid.lo `test -f 'find_new_uid.c' || echo '$(srcdir)/'`find_new_uid.c
+
+libshadow_la-find_new_sub_gids.lo: find_new_sub_gids.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-find_new_sub_gids.lo -MD -MP -MF $(DEPDIR)/libshadow_la-find_new_sub_gids.Tpo -c -o libshadow_la-find_new_sub_gids.lo `test -f 'find_new_sub_gids.c' || echo '$(srcdir)/'`find_new_sub_gids.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-find_new_sub_gids.Tpo $(DEPDIR)/libshadow_la-find_new_sub_gids.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='find_new_sub_gids.c' object='libshadow_la-find_new_sub_gids.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-find_new_sub_gids.lo `test -f 'find_new_sub_gids.c' || echo '$(srcdir)/'`find_new_sub_gids.c
+
+libshadow_la-find_new_sub_uids.lo: find_new_sub_uids.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-find_new_sub_uids.lo -MD -MP -MF $(DEPDIR)/libshadow_la-find_new_sub_uids.Tpo -c -o libshadow_la-find_new_sub_uids.lo `test -f 'find_new_sub_uids.c' || echo '$(srcdir)/'`find_new_sub_uids.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-find_new_sub_uids.Tpo $(DEPDIR)/libshadow_la-find_new_sub_uids.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='find_new_sub_uids.c' object='libshadow_la-find_new_sub_uids.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-find_new_sub_uids.lo `test -f 'find_new_sub_uids.c' || echo '$(srcdir)/'`find_new_sub_uids.c
 
 libshadow_la-fputsx.lo: fputsx.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-fputsx.lo -MD -MP -MF $(DEPDIR)/libshadow_la-fputsx.Tpo -c -o libshadow_la-fputsx.lo `test -f 'fputsx.c' || echo '$(srcdir)/'`fputsx.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-fputsx.lo -MD -MP -MF $(DEPDIR)/libshadow_la-fputsx.Tpo -c -o libshadow_la-fputsx.lo `test -f 'fputsx.c' || echo '$(srcdir)/'`fputsx.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-fputsx.Tpo $(DEPDIR)/libshadow_la-fputsx.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='fputsx.c' object='libshadow_la-fputsx.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-fputsx.lo `test -f 'fputsx.c' || echo '$(srcdir)/'`fputsx.c
-
-libshadow_la-getdef.lo: getdef.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-getdef.lo -MD -MP -MF $(DEPDIR)/libshadow_la-getdef.Tpo -c -o libshadow_la-getdef.lo `test -f 'getdef.c' || echo '$(srcdir)/'`getdef.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-getdef.Tpo $(DEPDIR)/libshadow_la-getdef.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='getdef.c' object='libshadow_la-getdef.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-getdef.lo `test -f 'getdef.c' || echo '$(srcdir)/'`getdef.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-fputsx.lo `test -f 'fputsx.c' || echo '$(srcdir)/'`fputsx.c
 
 libshadow_la-get_gid.lo: get_gid.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-get_gid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-get_gid.Tpo -c -o libshadow_la-get_gid.lo `test -f 'get_gid.c' || echo '$(srcdir)/'`get_gid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-get_gid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-get_gid.Tpo -c -o libshadow_la-get_gid.lo `test -f 'get_gid.c' || echo '$(srcdir)/'`get_gid.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-get_gid.Tpo $(DEPDIR)/libshadow_la-get_gid.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='get_gid.c' object='libshadow_la-get_gid.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-get_gid.lo `test -f 'get_gid.c' || echo '$(srcdir)/'`get_gid.c
-
-libshadow_la-getlong.lo: getlong.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-getlong.lo -MD -MP -MF $(DEPDIR)/libshadow_la-getlong.Tpo -c -o libshadow_la-getlong.lo `test -f 'getlong.c' || echo '$(srcdir)/'`getlong.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-getlong.Tpo $(DEPDIR)/libshadow_la-getlong.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='getlong.c' object='libshadow_la-getlong.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-getlong.lo `test -f 'getlong.c' || echo '$(srcdir)/'`getlong.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-get_gid.lo `test -f 'get_gid.c' || echo '$(srcdir)/'`get_gid.c
 
 libshadow_la-get_pid.lo: get_pid.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-get_pid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-get_pid.Tpo -c -o libshadow_la-get_pid.lo `test -f 'get_pid.c' || echo '$(srcdir)/'`get_pid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-get_pid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-get_pid.Tpo -c -o libshadow_la-get_pid.lo `test -f 'get_pid.c' || echo '$(srcdir)/'`get_pid.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-get_pid.Tpo $(DEPDIR)/libshadow_la-get_pid.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='get_pid.c' object='libshadow_la-get_pid.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-get_pid.lo `test -f 'get_pid.c' || echo '$(srcdir)/'`get_pid.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-get_pid.lo `test -f 'get_pid.c' || echo '$(srcdir)/'`get_pid.c
 
 libshadow_la-get_uid.lo: get_uid.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-get_uid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-get_uid.Tpo -c -o libshadow_la-get_uid.lo `test -f 'get_uid.c' || echo '$(srcdir)/'`get_uid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-get_uid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-get_uid.Tpo -c -o libshadow_la-get_uid.lo `test -f 'get_uid.c' || echo '$(srcdir)/'`get_uid.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-get_uid.Tpo $(DEPDIR)/libshadow_la-get_uid.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='get_uid.c' object='libshadow_la-get_uid.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-get_uid.lo `test -f 'get_uid.c' || echo '$(srcdir)/'`get_uid.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-get_uid.lo `test -f 'get_uid.c' || echo '$(srcdir)/'`get_uid.c
+
+libshadow_la-getdate.lo: getdate.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-getdate.lo -MD -MP -MF $(DEPDIR)/libshadow_la-getdate.Tpo -c -o libshadow_la-getdate.lo `test -f 'getdate.c' || echo '$(srcdir)/'`getdate.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-getdate.Tpo $(DEPDIR)/libshadow_la-getdate.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='getdate.c' object='libshadow_la-getdate.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-getdate.lo `test -f 'getdate.c' || echo '$(srcdir)/'`getdate.c
+
+libshadow_la-getdef.lo: getdef.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-getdef.lo -MD -MP -MF $(DEPDIR)/libshadow_la-getdef.Tpo -c -o libshadow_la-getdef.lo `test -f 'getdef.c' || echo '$(srcdir)/'`getdef.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-getdef.Tpo $(DEPDIR)/libshadow_la-getdef.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='getdef.c' object='libshadow_la-getdef.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-getdef.lo `test -f 'getdef.c' || echo '$(srcdir)/'`getdef.c
 
-libshadow_la-getulong.lo: getulong.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-getulong.lo -MD -MP -MF $(DEPDIR)/libshadow_la-getulong.Tpo -c -o libshadow_la-getulong.lo `test -f 'getulong.c' || echo '$(srcdir)/'`getulong.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-getulong.Tpo $(DEPDIR)/libshadow_la-getulong.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='getulong.c' object='libshadow_la-getulong.lo' libtool=yes @AMDEPBACKSLASH@
+libshadow_la-getgr_nam_gid.lo: getgr_nam_gid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-getgr_nam_gid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-getgr_nam_gid.Tpo -c -o libshadow_la-getgr_nam_gid.lo `test -f 'getgr_nam_gid.c' || echo '$(srcdir)/'`getgr_nam_gid.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-getgr_nam_gid.Tpo $(DEPDIR)/libshadow_la-getgr_nam_gid.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='getgr_nam_gid.c' object='libshadow_la-getgr_nam_gid.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-getulong.lo `test -f 'getulong.c' || echo '$(srcdir)/'`getulong.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-getgr_nam_gid.lo `test -f 'getgr_nam_gid.c' || echo '$(srcdir)/'`getgr_nam_gid.c
+
+libshadow_la-getrange.lo: getrange.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-getrange.lo -MD -MP -MF $(DEPDIR)/libshadow_la-getrange.Tpo -c -o libshadow_la-getrange.lo `test -f 'getrange.c' || echo '$(srcdir)/'`getrange.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-getrange.Tpo $(DEPDIR)/libshadow_la-getrange.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='getrange.c' object='libshadow_la-getrange.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-getrange.lo `test -f 'getrange.c' || echo '$(srcdir)/'`getrange.c
+
+libshadow_la-gettime.lo: gettime.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-gettime.lo -MD -MP -MF $(DEPDIR)/libshadow_la-gettime.Tpo -c -o libshadow_la-gettime.lo `test -f 'gettime.c' || echo '$(srcdir)/'`gettime.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-gettime.Tpo $(DEPDIR)/libshadow_la-gettime.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='gettime.c' object='libshadow_la-gettime.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-gettime.lo `test -f 'gettime.c' || echo '$(srcdir)/'`gettime.c
 
 libshadow_la-groupio.lo: groupio.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-groupio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-groupio.Tpo -c -o libshadow_la-groupio.lo `test -f 'groupio.c' || echo '$(srcdir)/'`groupio.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-groupio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-groupio.Tpo -c -o libshadow_la-groupio.lo `test -f 'groupio.c' || echo '$(srcdir)/'`groupio.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-groupio.Tpo $(DEPDIR)/libshadow_la-groupio.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='groupio.c' object='libshadow_la-groupio.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-groupio.lo `test -f 'groupio.c' || echo '$(srcdir)/'`groupio.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-groupio.lo `test -f 'groupio.c' || echo '$(srcdir)/'`groupio.c
 
 libshadow_la-groupmem.lo: groupmem.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-groupmem.lo -MD -MP -MF $(DEPDIR)/libshadow_la-groupmem.Tpo -c -o libshadow_la-groupmem.lo `test -f 'groupmem.c' || echo '$(srcdir)/'`groupmem.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-groupmem.lo -MD -MP -MF $(DEPDIR)/libshadow_la-groupmem.Tpo -c -o libshadow_la-groupmem.lo `test -f 'groupmem.c' || echo '$(srcdir)/'`groupmem.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-groupmem.Tpo $(DEPDIR)/libshadow_la-groupmem.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='groupmem.c' object='libshadow_la-groupmem.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-groupmem.lo `test -f 'groupmem.c' || echo '$(srcdir)/'`groupmem.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-groupmem.lo `test -f 'groupmem.c' || echo '$(srcdir)/'`groupmem.c
 
 libshadow_la-gshadow.lo: gshadow.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-gshadow.lo -MD -MP -MF $(DEPDIR)/libshadow_la-gshadow.Tpo -c -o libshadow_la-gshadow.lo `test -f 'gshadow.c' || echo '$(srcdir)/'`gshadow.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-gshadow.lo -MD -MP -MF $(DEPDIR)/libshadow_la-gshadow.Tpo -c -o libshadow_la-gshadow.lo `test -f 'gshadow.c' || echo '$(srcdir)/'`gshadow.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-gshadow.Tpo $(DEPDIR)/libshadow_la-gshadow.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='gshadow.c' object='libshadow_la-gshadow.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-gshadow.lo `test -f 'gshadow.c' || echo '$(srcdir)/'`gshadow.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-gshadow.lo `test -f 'gshadow.c' || echo '$(srcdir)/'`gshadow.c
+
+libshadow_la-hushed.lo: hushed.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-hushed.lo -MD -MP -MF $(DEPDIR)/libshadow_la-hushed.Tpo -c -o libshadow_la-hushed.lo `test -f 'hushed.c' || echo '$(srcdir)/'`hushed.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-hushed.Tpo $(DEPDIR)/libshadow_la-hushed.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hushed.c' object='libshadow_la-hushed.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-hushed.lo `test -f 'hushed.c' || echo '$(srcdir)/'`hushed.c
+
+libshadow_la-idmapping.lo: idmapping.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-idmapping.lo -MD -MP -MF $(DEPDIR)/libshadow_la-idmapping.Tpo -c -o libshadow_la-idmapping.lo `test -f 'idmapping.c' || echo '$(srcdir)/'`idmapping.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-idmapping.Tpo $(DEPDIR)/libshadow_la-idmapping.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='idmapping.c' object='libshadow_la-idmapping.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-idmapping.lo `test -f 'idmapping.c' || echo '$(srcdir)/'`idmapping.c
+
+libshadow_la-isexpired.lo: isexpired.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-isexpired.lo -MD -MP -MF $(DEPDIR)/libshadow_la-isexpired.Tpo -c -o libshadow_la-isexpired.lo `test -f 'isexpired.c' || echo '$(srcdir)/'`isexpired.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-isexpired.Tpo $(DEPDIR)/libshadow_la-isexpired.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='isexpired.c' object='libshadow_la-isexpired.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-isexpired.lo `test -f 'isexpired.c' || echo '$(srcdir)/'`isexpired.c
+
+libshadow_la-limits.lo: limits.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-limits.lo -MD -MP -MF $(DEPDIR)/libshadow_la-limits.Tpo -c -o libshadow_la-limits.lo `test -f 'limits.c' || echo '$(srcdir)/'`limits.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-limits.Tpo $(DEPDIR)/libshadow_la-limits.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='limits.c' object='libshadow_la-limits.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-limits.lo `test -f 'limits.c' || echo '$(srcdir)/'`limits.c
+
+libshadow_la-list.lo: list.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-list.lo -MD -MP -MF $(DEPDIR)/libshadow_la-list.Tpo -c -o libshadow_la-list.lo `test -f 'list.c' || echo '$(srcdir)/'`list.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-list.Tpo $(DEPDIR)/libshadow_la-list.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='list.c' object='libshadow_la-list.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-list.lo `test -f 'list.c' || echo '$(srcdir)/'`list.c
 
 libshadow_la-lockpw.lo: lockpw.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-lockpw.lo -MD -MP -MF $(DEPDIR)/libshadow_la-lockpw.Tpo -c -o libshadow_la-lockpw.lo `test -f 'lockpw.c' || echo '$(srcdir)/'`lockpw.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-lockpw.lo -MD -MP -MF $(DEPDIR)/libshadow_la-lockpw.Tpo -c -o libshadow_la-lockpw.lo `test -f 'lockpw.c' || echo '$(srcdir)/'`lockpw.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-lockpw.Tpo $(DEPDIR)/libshadow_la-lockpw.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='lockpw.c' object='libshadow_la-lockpw.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-lockpw.lo `test -f 'lockpw.c' || echo '$(srcdir)/'`lockpw.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-lockpw.lo `test -f 'lockpw.c' || echo '$(srcdir)/'`lockpw.c
+
+libshadow_la-loginprompt.lo: loginprompt.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-loginprompt.lo -MD -MP -MF $(DEPDIR)/libshadow_la-loginprompt.Tpo -c -o libshadow_la-loginprompt.lo `test -f 'loginprompt.c' || echo '$(srcdir)/'`loginprompt.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-loginprompt.Tpo $(DEPDIR)/libshadow_la-loginprompt.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='loginprompt.c' object='libshadow_la-loginprompt.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-loginprompt.lo `test -f 'loginprompt.c' || echo '$(srcdir)/'`loginprompt.c
+
+libshadow_la-mail.lo: mail.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-mail.lo -MD -MP -MF $(DEPDIR)/libshadow_la-mail.Tpo -c -o libshadow_la-mail.lo `test -f 'mail.c' || echo '$(srcdir)/'`mail.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-mail.Tpo $(DEPDIR)/libshadow_la-mail.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mail.c' object='libshadow_la-mail.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-mail.lo `test -f 'mail.c' || echo '$(srcdir)/'`mail.c
+
+libshadow_la-memzero.lo: memzero.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-memzero.lo -MD -MP -MF $(DEPDIR)/libshadow_la-memzero.Tpo -c -o libshadow_la-memzero.lo `test -f 'memzero.c' || echo '$(srcdir)/'`memzero.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-memzero.Tpo $(DEPDIR)/libshadow_la-memzero.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='memzero.c' object='libshadow_la-memzero.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-memzero.lo `test -f 'memzero.c' || echo '$(srcdir)/'`memzero.c
+
+libshadow_la-motd.lo: motd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-motd.lo -MD -MP -MF $(DEPDIR)/libshadow_la-motd.Tpo -c -o libshadow_la-motd.lo `test -f 'motd.c' || echo '$(srcdir)/'`motd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-motd.Tpo $(DEPDIR)/libshadow_la-motd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='motd.c' object='libshadow_la-motd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-motd.lo `test -f 'motd.c' || echo '$(srcdir)/'`motd.c
+
+libshadow_la-myname.lo: myname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-myname.lo -MD -MP -MF $(DEPDIR)/libshadow_la-myname.Tpo -c -o libshadow_la-myname.lo `test -f 'myname.c' || echo '$(srcdir)/'`myname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-myname.Tpo $(DEPDIR)/libshadow_la-myname.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='myname.c' object='libshadow_la-myname.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-myname.lo `test -f 'myname.c' || echo '$(srcdir)/'`myname.c
 
 libshadow_la-nss.lo: nss.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-nss.lo -MD -MP -MF $(DEPDIR)/libshadow_la-nss.Tpo -c -o libshadow_la-nss.lo `test -f 'nss.c' || echo '$(srcdir)/'`nss.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-nss.lo -MD -MP -MF $(DEPDIR)/libshadow_la-nss.Tpo -c -o libshadow_la-nss.lo `test -f 'nss.c' || echo '$(srcdir)/'`nss.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-nss.Tpo $(DEPDIR)/libshadow_la-nss.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='nss.c' object='libshadow_la-nss.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-nss.lo `test -f 'nss.c' || echo '$(srcdir)/'`nss.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-nss.lo `test -f 'nss.c' || echo '$(srcdir)/'`nss.c
 
 libshadow_la-nscd.lo: nscd.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-nscd.lo -MD -MP -MF $(DEPDIR)/libshadow_la-nscd.Tpo -c -o libshadow_la-nscd.lo `test -f 'nscd.c' || echo '$(srcdir)/'`nscd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-nscd.lo -MD -MP -MF $(DEPDIR)/libshadow_la-nscd.Tpo -c -o libshadow_la-nscd.lo `test -f 'nscd.c' || echo '$(srcdir)/'`nscd.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-nscd.Tpo $(DEPDIR)/libshadow_la-nscd.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='nscd.c' object='libshadow_la-nscd.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-nscd.lo `test -f 'nscd.c' || echo '$(srcdir)/'`nscd.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-nscd.lo `test -f 'nscd.c' || echo '$(srcdir)/'`nscd.c
 
-libshadow_la-shadowlog.lo: shadowlog.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-shadowlog.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadowlog.Tpo -c -o libshadow_la-shadowlog.lo `test -f 'shadowlog.c' || echo '$(srcdir)/'`shadowlog.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-shadowlog.Tpo $(DEPDIR)/libshadow_la-shadowlog.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='shadowlog.c' object='libshadow_la-shadowlog.lo' libtool=yes @AMDEPBACKSLASH@
+libshadow_la-obscure.lo: obscure.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-obscure.lo -MD -MP -MF $(DEPDIR)/libshadow_la-obscure.Tpo -c -o libshadow_la-obscure.lo `test -f 'obscure.c' || echo '$(srcdir)/'`obscure.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-obscure.Tpo $(DEPDIR)/libshadow_la-obscure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='obscure.c' object='libshadow_la-obscure.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadowlog.lo `test -f 'shadowlog.c' || echo '$(srcdir)/'`shadowlog.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-obscure.lo `test -f 'obscure.c' || echo '$(srcdir)/'`obscure.c
 
-libshadow_la-sssd.lo: sssd.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-sssd.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sssd.Tpo -c -o libshadow_la-sssd.lo `test -f 'sssd.c' || echo '$(srcdir)/'`sssd.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sssd.Tpo $(DEPDIR)/libshadow_la-sssd.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sssd.c' object='libshadow_la-sssd.lo' libtool=yes @AMDEPBACKSLASH@
+libshadow_la-pam_pass.lo: pam_pass.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pam_pass.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pam_pass.Tpo -c -o libshadow_la-pam_pass.lo `test -f 'pam_pass.c' || echo '$(srcdir)/'`pam_pass.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pam_pass.Tpo $(DEPDIR)/libshadow_la-pam_pass.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pam_pass.c' object='libshadow_la-pam_pass.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-sssd.lo `test -f 'sssd.c' || echo '$(srcdir)/'`sssd.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pam_pass.lo `test -f 'pam_pass.c' || echo '$(srcdir)/'`pam_pass.c
+
+libshadow_la-pam_pass_non_interactive.lo: pam_pass_non_interactive.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pam_pass_non_interactive.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pam_pass_non_interactive.Tpo -c -o libshadow_la-pam_pass_non_interactive.lo `test -f 'pam_pass_non_interactive.c' || echo '$(srcdir)/'`pam_pass_non_interactive.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pam_pass_non_interactive.Tpo $(DEPDIR)/libshadow_la-pam_pass_non_interactive.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pam_pass_non_interactive.c' object='libshadow_la-pam_pass_non_interactive.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pam_pass_non_interactive.lo `test -f 'pam_pass_non_interactive.c' || echo '$(srcdir)/'`pam_pass_non_interactive.c
 
 libshadow_la-port.lo: port.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-port.lo -MD -MP -MF $(DEPDIR)/libshadow_la-port.Tpo -c -o libshadow_la-port.lo `test -f 'port.c' || echo '$(srcdir)/'`port.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-port.lo -MD -MP -MF $(DEPDIR)/libshadow_la-port.Tpo -c -o libshadow_la-port.lo `test -f 'port.c' || echo '$(srcdir)/'`port.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-port.Tpo $(DEPDIR)/libshadow_la-port.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='port.c' object='libshadow_la-port.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-port.lo `test -f 'port.c' || echo '$(srcdir)/'`port.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-port.lo `test -f 'port.c' || echo '$(srcdir)/'`port.c
+
+libshadow_la-prefix_flag.lo: prefix_flag.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-prefix_flag.lo -MD -MP -MF $(DEPDIR)/libshadow_la-prefix_flag.Tpo -c -o libshadow_la-prefix_flag.lo `test -f 'prefix_flag.c' || echo '$(srcdir)/'`prefix_flag.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-prefix_flag.Tpo $(DEPDIR)/libshadow_la-prefix_flag.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='prefix_flag.c' object='libshadow_la-prefix_flag.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-prefix_flag.lo `test -f 'prefix_flag.c' || echo '$(srcdir)/'`prefix_flag.c
 
 libshadow_la-pwauth.lo: pwauth.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-pwauth.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwauth.Tpo -c -o libshadow_la-pwauth.lo `test -f 'pwauth.c' || echo '$(srcdir)/'`pwauth.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pwauth.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwauth.Tpo -c -o libshadow_la-pwauth.lo `test -f 'pwauth.c' || echo '$(srcdir)/'`pwauth.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pwauth.Tpo $(DEPDIR)/libshadow_la-pwauth.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwauth.c' object='libshadow_la-pwauth.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwauth.lo `test -f 'pwauth.c' || echo '$(srcdir)/'`pwauth.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwauth.lo `test -f 'pwauth.c' || echo '$(srcdir)/'`pwauth.c
 
 libshadow_la-pwio.lo: pwio.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-pwio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwio.Tpo -c -o libshadow_la-pwio.lo `test -f 'pwio.c' || echo '$(srcdir)/'`pwio.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pwio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwio.Tpo -c -o libshadow_la-pwio.lo `test -f 'pwio.c' || echo '$(srcdir)/'`pwio.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pwio.Tpo $(DEPDIR)/libshadow_la-pwio.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwio.c' object='libshadow_la-pwio.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwio.lo `test -f 'pwio.c' || echo '$(srcdir)/'`pwio.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwio.lo `test -f 'pwio.c' || echo '$(srcdir)/'`pwio.c
+
+libshadow_la-pwd_init.lo: pwd_init.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pwd_init.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwd_init.Tpo -c -o libshadow_la-pwd_init.lo `test -f 'pwd_init.c' || echo '$(srcdir)/'`pwd_init.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pwd_init.Tpo $(DEPDIR)/libshadow_la-pwd_init.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwd_init.c' object='libshadow_la-pwd_init.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwd_init.lo `test -f 'pwd_init.c' || echo '$(srcdir)/'`pwd_init.c
+
+libshadow_la-pwd2spwd.lo: pwd2spwd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pwd2spwd.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwd2spwd.Tpo -c -o libshadow_la-pwd2spwd.lo `test -f 'pwd2spwd.c' || echo '$(srcdir)/'`pwd2spwd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pwd2spwd.Tpo $(DEPDIR)/libshadow_la-pwd2spwd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwd2spwd.c' object='libshadow_la-pwd2spwd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwd2spwd.lo `test -f 'pwd2spwd.c' || echo '$(srcdir)/'`pwd2spwd.c
+
+libshadow_la-pwdcheck.lo: pwdcheck.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pwdcheck.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwdcheck.Tpo -c -o libshadow_la-pwdcheck.lo `test -f 'pwdcheck.c' || echo '$(srcdir)/'`pwdcheck.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pwdcheck.Tpo $(DEPDIR)/libshadow_la-pwdcheck.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwdcheck.c' object='libshadow_la-pwdcheck.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwdcheck.lo `test -f 'pwdcheck.c' || echo '$(srcdir)/'`pwdcheck.c
 
 libshadow_la-pwmem.lo: pwmem.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-pwmem.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwmem.Tpo -c -o libshadow_la-pwmem.lo `test -f 'pwmem.c' || echo '$(srcdir)/'`pwmem.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-pwmem.lo -MD -MP -MF $(DEPDIR)/libshadow_la-pwmem.Tpo -c -o libshadow_la-pwmem.lo `test -f 'pwmem.c' || echo '$(srcdir)/'`pwmem.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-pwmem.Tpo $(DEPDIR)/libshadow_la-pwmem.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwmem.c' object='libshadow_la-pwmem.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwmem.lo `test -f 'pwmem.c' || echo '$(srcdir)/'`pwmem.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-pwmem.lo `test -f 'pwmem.c' || echo '$(srcdir)/'`pwmem.c
+
+libshadow_la-remove_tree.lo: remove_tree.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-remove_tree.lo -MD -MP -MF $(DEPDIR)/libshadow_la-remove_tree.Tpo -c -o libshadow_la-remove_tree.lo `test -f 'remove_tree.c' || echo '$(srcdir)/'`remove_tree.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-remove_tree.Tpo $(DEPDIR)/libshadow_la-remove_tree.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='remove_tree.c' object='libshadow_la-remove_tree.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-remove_tree.lo `test -f 'remove_tree.c' || echo '$(srcdir)/'`remove_tree.c
+
+libshadow_la-rlogin.lo: rlogin.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-rlogin.lo -MD -MP -MF $(DEPDIR)/libshadow_la-rlogin.Tpo -c -o libshadow_la-rlogin.lo `test -f 'rlogin.c' || echo '$(srcdir)/'`rlogin.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-rlogin.Tpo $(DEPDIR)/libshadow_la-rlogin.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='rlogin.c' object='libshadow_la-rlogin.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-rlogin.lo `test -f 'rlogin.c' || echo '$(srcdir)/'`rlogin.c
+
+libshadow_la-root_flag.lo: root_flag.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-root_flag.lo -MD -MP -MF $(DEPDIR)/libshadow_la-root_flag.Tpo -c -o libshadow_la-root_flag.lo `test -f 'root_flag.c' || echo '$(srcdir)/'`root_flag.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-root_flag.Tpo $(DEPDIR)/libshadow_la-root_flag.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='root_flag.c' object='libshadow_la-root_flag.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-root_flag.lo `test -f 'root_flag.c' || echo '$(srcdir)/'`root_flag.c
 
 libshadow_la-run_part.lo: run_part.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-run_part.lo -MD -MP -MF $(DEPDIR)/libshadow_la-run_part.Tpo -c -o libshadow_la-run_part.lo `test -f 'run_part.c' || echo '$(srcdir)/'`run_part.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-run_part.lo -MD -MP -MF $(DEPDIR)/libshadow_la-run_part.Tpo -c -o libshadow_la-run_part.lo `test -f 'run_part.c' || echo '$(srcdir)/'`run_part.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-run_part.Tpo $(DEPDIR)/libshadow_la-run_part.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='run_part.c' object='libshadow_la-run_part.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-run_part.lo `test -f 'run_part.c' || echo '$(srcdir)/'`run_part.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-run_part.lo `test -f 'run_part.c' || echo '$(srcdir)/'`run_part.c
 
-libshadow_la-subordinateio.lo: subordinateio.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-subordinateio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-subordinateio.Tpo -c -o libshadow_la-subordinateio.lo `test -f 'subordinateio.c' || echo '$(srcdir)/'`subordinateio.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-subordinateio.Tpo $(DEPDIR)/libshadow_la-subordinateio.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='subordinateio.c' object='libshadow_la-subordinateio.lo' libtool=yes @AMDEPBACKSLASH@
+libshadow_la-salt.lo: salt.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-salt.lo -MD -MP -MF $(DEPDIR)/libshadow_la-salt.Tpo -c -o libshadow_la-salt.lo `test -f 'salt.c' || echo '$(srcdir)/'`salt.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-salt.Tpo $(DEPDIR)/libshadow_la-salt.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='salt.c' object='libshadow_la-salt.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-subordinateio.lo `test -f 'subordinateio.c' || echo '$(srcdir)/'`subordinateio.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-salt.lo `test -f 'salt.c' || echo '$(srcdir)/'`salt.c
 
 libshadow_la-selinux.lo: selinux.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-selinux.lo -MD -MP -MF $(DEPDIR)/libshadow_la-selinux.Tpo -c -o libshadow_la-selinux.lo `test -f 'selinux.c' || echo '$(srcdir)/'`selinux.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-selinux.lo -MD -MP -MF $(DEPDIR)/libshadow_la-selinux.Tpo -c -o libshadow_la-selinux.lo `test -f 'selinux.c' || echo '$(srcdir)/'`selinux.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-selinux.Tpo $(DEPDIR)/libshadow_la-selinux.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='selinux.c' object='libshadow_la-selinux.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-selinux.lo `test -f 'selinux.c' || echo '$(srcdir)/'`selinux.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-selinux.lo `test -f 'selinux.c' || echo '$(srcdir)/'`selinux.c
 
 libshadow_la-semanage.lo: semanage.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-semanage.lo -MD -MP -MF $(DEPDIR)/libshadow_la-semanage.Tpo -c -o libshadow_la-semanage.lo `test -f 'semanage.c' || echo '$(srcdir)/'`semanage.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-semanage.lo -MD -MP -MF $(DEPDIR)/libshadow_la-semanage.Tpo -c -o libshadow_la-semanage.lo `test -f 'semanage.c' || echo '$(srcdir)/'`semanage.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-semanage.Tpo $(DEPDIR)/libshadow_la-semanage.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='semanage.c' object='libshadow_la-semanage.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-semanage.lo `test -f 'semanage.c' || echo '$(srcdir)/'`semanage.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-semanage.lo `test -f 'semanage.c' || echo '$(srcdir)/'`semanage.c
+
+libshadow_la-setugid.lo: setugid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-setugid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-setugid.Tpo -c -o libshadow_la-setugid.lo `test -f 'setugid.c' || echo '$(srcdir)/'`setugid.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-setugid.Tpo $(DEPDIR)/libshadow_la-setugid.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='setugid.c' object='libshadow_la-setugid.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-setugid.lo `test -f 'setugid.c' || echo '$(srcdir)/'`setugid.c
+
+libshadow_la-setupenv.lo: setupenv.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-setupenv.lo -MD -MP -MF $(DEPDIR)/libshadow_la-setupenv.Tpo -c -o libshadow_la-setupenv.lo `test -f 'setupenv.c' || echo '$(srcdir)/'`setupenv.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-setupenv.Tpo $(DEPDIR)/libshadow_la-setupenv.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='setupenv.c' object='libshadow_la-setupenv.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-setupenv.lo `test -f 'setupenv.c' || echo '$(srcdir)/'`setupenv.c
 
 libshadow_la-sgetgrent.lo: sgetgrent.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-sgetgrent.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgetgrent.Tpo -c -o libshadow_la-sgetgrent.lo `test -f 'sgetgrent.c' || echo '$(srcdir)/'`sgetgrent.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-sgetgrent.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgetgrent.Tpo -c -o libshadow_la-sgetgrent.lo `test -f 'sgetgrent.c' || echo '$(srcdir)/'`sgetgrent.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sgetgrent.Tpo $(DEPDIR)/libshadow_la-sgetgrent.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sgetgrent.c' object='libshadow_la-sgetgrent.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgetgrent.lo `test -f 'sgetgrent.c' || echo '$(srcdir)/'`sgetgrent.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgetgrent.lo `test -f 'sgetgrent.c' || echo '$(srcdir)/'`sgetgrent.c
 
 libshadow_la-sgetpwent.lo: sgetpwent.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-sgetpwent.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgetpwent.Tpo -c -o libshadow_la-sgetpwent.lo `test -f 'sgetpwent.c' || echo '$(srcdir)/'`sgetpwent.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-sgetpwent.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgetpwent.Tpo -c -o libshadow_la-sgetpwent.lo `test -f 'sgetpwent.c' || echo '$(srcdir)/'`sgetpwent.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sgetpwent.Tpo $(DEPDIR)/libshadow_la-sgetpwent.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sgetpwent.c' object='libshadow_la-sgetpwent.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgetpwent.lo `test -f 'sgetpwent.c' || echo '$(srcdir)/'`sgetpwent.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgetpwent.lo `test -f 'sgetpwent.c' || echo '$(srcdir)/'`sgetpwent.c
 
 libshadow_la-sgetspent.lo: sgetspent.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-sgetspent.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgetspent.Tpo -c -o libshadow_la-sgetspent.lo `test -f 'sgetspent.c' || echo '$(srcdir)/'`sgetspent.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-sgetspent.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgetspent.Tpo -c -o libshadow_la-sgetspent.lo `test -f 'sgetspent.c' || echo '$(srcdir)/'`sgetspent.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sgetspent.Tpo $(DEPDIR)/libshadow_la-sgetspent.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sgetspent.c' object='libshadow_la-sgetspent.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgetspent.lo `test -f 'sgetspent.c' || echo '$(srcdir)/'`sgetspent.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgetspent.lo `test -f 'sgetspent.c' || echo '$(srcdir)/'`sgetspent.c
 
 libshadow_la-sgroupio.lo: sgroupio.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-sgroupio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgroupio.Tpo -c -o libshadow_la-sgroupio.lo `test -f 'sgroupio.c' || echo '$(srcdir)/'`sgroupio.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-sgroupio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sgroupio.Tpo -c -o libshadow_la-sgroupio.lo `test -f 'sgroupio.c' || echo '$(srcdir)/'`sgroupio.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sgroupio.Tpo $(DEPDIR)/libshadow_la-sgroupio.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sgroupio.c' object='libshadow_la-sgroupio.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgroupio.lo `test -f 'sgroupio.c' || echo '$(srcdir)/'`sgroupio.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-sgroupio.lo `test -f 'sgroupio.c' || echo '$(srcdir)/'`sgroupio.c
 
 libshadow_la-shadow.lo: shadow.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-shadow.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadow.Tpo -c -o libshadow_la-shadow.lo `test -f 'shadow.c' || echo '$(srcdir)/'`shadow.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-shadow.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadow.Tpo -c -o libshadow_la-shadow.lo `test -f 'shadow.c' || echo '$(srcdir)/'`shadow.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-shadow.Tpo $(DEPDIR)/libshadow_la-shadow.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='shadow.c' object='libshadow_la-shadow.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadow.lo `test -f 'shadow.c' || echo '$(srcdir)/'`shadow.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadow.lo `test -f 'shadow.c' || echo '$(srcdir)/'`shadow.c
 
 libshadow_la-shadowio.lo: shadowio.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-shadowio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadowio.Tpo -c -o libshadow_la-shadowio.lo `test -f 'shadowio.c' || echo '$(srcdir)/'`shadowio.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-shadowio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadowio.Tpo -c -o libshadow_la-shadowio.lo `test -f 'shadowio.c' || echo '$(srcdir)/'`shadowio.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-shadowio.Tpo $(DEPDIR)/libshadow_la-shadowio.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='shadowio.c' object='libshadow_la-shadowio.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadowio.lo `test -f 'shadowio.c' || echo '$(srcdir)/'`shadowio.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadowio.lo `test -f 'shadowio.c' || echo '$(srcdir)/'`shadowio.c
+
+libshadow_la-shadowlog.lo: shadowlog.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-shadowlog.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadowlog.Tpo -c -o libshadow_la-shadowlog.lo `test -f 'shadowlog.c' || echo '$(srcdir)/'`shadowlog.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-shadowlog.Tpo $(DEPDIR)/libshadow_la-shadowlog.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='shadowlog.c' object='libshadow_la-shadowlog.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadowlog.lo `test -f 'shadowlog.c' || echo '$(srcdir)/'`shadowlog.c
 
 libshadow_la-shadowmem.lo: shadowmem.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-shadowmem.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadowmem.Tpo -c -o libshadow_la-shadowmem.lo `test -f 'shadowmem.c' || echo '$(srcdir)/'`shadowmem.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-shadowmem.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shadowmem.Tpo -c -o libshadow_la-shadowmem.lo `test -f 'shadowmem.c' || echo '$(srcdir)/'`shadowmem.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-shadowmem.Tpo $(DEPDIR)/libshadow_la-shadowmem.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='shadowmem.c' object='libshadow_la-shadowmem.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadowmem.lo `test -f 'shadowmem.c' || echo '$(srcdir)/'`shadowmem.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-shadowmem.lo `test -f 'shadowmem.c' || echo '$(srcdir)/'`shadowmem.c
+
+libshadow_la-shell.lo: shell.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-shell.lo -MD -MP -MF $(DEPDIR)/libshadow_la-shell.Tpo -c -o libshadow_la-shell.lo `test -f 'shell.c' || echo '$(srcdir)/'`shell.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-shell.Tpo $(DEPDIR)/libshadow_la-shell.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='shell.c' object='libshadow_la-shell.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-shell.lo `test -f 'shell.c' || echo '$(srcdir)/'`shell.c
 
 libshadow_la-spawn.lo: spawn.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-spawn.lo -MD -MP -MF $(DEPDIR)/libshadow_la-spawn.Tpo -c -o libshadow_la-spawn.lo `test -f 'spawn.c' || echo '$(srcdir)/'`spawn.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-spawn.lo -MD -MP -MF $(DEPDIR)/libshadow_la-spawn.Tpo -c -o libshadow_la-spawn.lo `test -f 'spawn.c' || echo '$(srcdir)/'`spawn.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-spawn.Tpo $(DEPDIR)/libshadow_la-spawn.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='spawn.c' object='libshadow_la-spawn.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-spawn.lo `test -f 'spawn.c' || echo '$(srcdir)/'`spawn.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-spawn.lo `test -f 'spawn.c' || echo '$(srcdir)/'`spawn.c
+
+libshadow_la-sssd.lo: sssd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-sssd.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sssd.Tpo -c -o libshadow_la-sssd.lo `test -f 'sssd.c' || echo '$(srcdir)/'`sssd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sssd.Tpo $(DEPDIR)/libshadow_la-sssd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sssd.c' object='libshadow_la-sssd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-sssd.lo `test -f 'sssd.c' || echo '$(srcdir)/'`sssd.c
+
+string/libshadow_la-sprintf.lo: string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT string/libshadow_la-sprintf.lo -MD -MP -MF string/$(DEPDIR)/libshadow_la-sprintf.Tpo -c -o string/libshadow_la-sprintf.lo `test -f 'string/sprintf.c' || echo '$(srcdir)/'`string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) string/$(DEPDIR)/libshadow_la-sprintf.Tpo string/$(DEPDIR)/libshadow_la-sprintf.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='string/sprintf.c' object='string/libshadow_la-sprintf.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o string/libshadow_la-sprintf.lo `test -f 'string/sprintf.c' || echo '$(srcdir)/'`string/sprintf.c
+
+string/libshadow_la-stpecpy.lo: string/stpecpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT string/libshadow_la-stpecpy.lo -MD -MP -MF string/$(DEPDIR)/libshadow_la-stpecpy.Tpo -c -o string/libshadow_la-stpecpy.lo `test -f 'string/stpecpy.c' || echo '$(srcdir)/'`string/stpecpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) string/$(DEPDIR)/libshadow_la-stpecpy.Tpo string/$(DEPDIR)/libshadow_la-stpecpy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='string/stpecpy.c' object='string/libshadow_la-stpecpy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o string/libshadow_la-stpecpy.lo `test -f 'string/stpecpy.c' || echo '$(srcdir)/'`string/stpecpy.c
+
+string/libshadow_la-stpeprintf.lo: string/stpeprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT string/libshadow_la-stpeprintf.lo -MD -MP -MF string/$(DEPDIR)/libshadow_la-stpeprintf.Tpo -c -o string/libshadow_la-stpeprintf.lo `test -f 'string/stpeprintf.c' || echo '$(srcdir)/'`string/stpeprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) string/$(DEPDIR)/libshadow_la-stpeprintf.Tpo string/$(DEPDIR)/libshadow_la-stpeprintf.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='string/stpeprintf.c' object='string/libshadow_la-stpeprintf.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o string/libshadow_la-stpeprintf.lo `test -f 'string/stpeprintf.c' || echo '$(srcdir)/'`string/stpeprintf.c
+
+string/libshadow_la-strftime.lo: string/strftime.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT string/libshadow_la-strftime.lo -MD -MP -MF string/$(DEPDIR)/libshadow_la-strftime.Tpo -c -o string/libshadow_la-strftime.lo `test -f 'string/strftime.c' || echo '$(srcdir)/'`string/strftime.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) string/$(DEPDIR)/libshadow_la-strftime.Tpo string/$(DEPDIR)/libshadow_la-strftime.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='string/strftime.c' object='string/libshadow_la-strftime.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o string/libshadow_la-strftime.lo `test -f 'string/strftime.c' || echo '$(srcdir)/'`string/strftime.c
+
+string/libshadow_la-strtcpy.lo: string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT string/libshadow_la-strtcpy.lo -MD -MP -MF string/$(DEPDIR)/libshadow_la-strtcpy.Tpo -c -o string/libshadow_la-strtcpy.lo `test -f 'string/strtcpy.c' || echo '$(srcdir)/'`string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) string/$(DEPDIR)/libshadow_la-strtcpy.Tpo string/$(DEPDIR)/libshadow_la-strtcpy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='string/strtcpy.c' object='string/libshadow_la-strtcpy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o string/libshadow_la-strtcpy.lo `test -f 'string/strtcpy.c' || echo '$(srcdir)/'`string/strtcpy.c
+
+libshadow_la-strtoday.lo: strtoday.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-strtoday.lo -MD -MP -MF $(DEPDIR)/libshadow_la-strtoday.Tpo -c -o libshadow_la-strtoday.lo `test -f 'strtoday.c' || echo '$(srcdir)/'`strtoday.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-strtoday.Tpo $(DEPDIR)/libshadow_la-strtoday.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strtoday.c' object='libshadow_la-strtoday.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-strtoday.lo `test -f 'strtoday.c' || echo '$(srcdir)/'`strtoday.c
 
-libshadow_la-utent.lo: utent.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-utent.lo -MD -MP -MF $(DEPDIR)/libshadow_la-utent.Tpo -c -o libshadow_la-utent.lo `test -f 'utent.c' || echo '$(srcdir)/'`utent.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-utent.Tpo $(DEPDIR)/libshadow_la-utent.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utent.c' object='libshadow_la-utent.lo' libtool=yes @AMDEPBACKSLASH@
+libshadow_la-sub.lo: sub.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-sub.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sub.Tpo -c -o libshadow_la-sub.lo `test -f 'sub.c' || echo '$(srcdir)/'`sub.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sub.Tpo $(DEPDIR)/libshadow_la-sub.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sub.c' object='libshadow_la-sub.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-utent.lo `test -f 'utent.c' || echo '$(srcdir)/'`utent.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-sub.lo `test -f 'sub.c' || echo '$(srcdir)/'`sub.c
+
+libshadow_la-subordinateio.lo: subordinateio.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-subordinateio.lo -MD -MP -MF $(DEPDIR)/libshadow_la-subordinateio.Tpo -c -o libshadow_la-subordinateio.lo `test -f 'subordinateio.c' || echo '$(srcdir)/'`subordinateio.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-subordinateio.Tpo $(DEPDIR)/libshadow_la-subordinateio.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='subordinateio.c' object='libshadow_la-subordinateio.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-subordinateio.lo `test -f 'subordinateio.c' || echo '$(srcdir)/'`subordinateio.c
+
+libshadow_la-sulog.lo: sulog.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-sulog.lo -MD -MP -MF $(DEPDIR)/libshadow_la-sulog.Tpo -c -o libshadow_la-sulog.lo `test -f 'sulog.c' || echo '$(srcdir)/'`sulog.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-sulog.Tpo $(DEPDIR)/libshadow_la-sulog.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sulog.c' object='libshadow_la-sulog.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-sulog.lo `test -f 'sulog.c' || echo '$(srcdir)/'`sulog.c
+
+time/libshadow_la-day_to_str.lo: time/day_to_str.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT time/libshadow_la-day_to_str.lo -MD -MP -MF time/$(DEPDIR)/libshadow_la-day_to_str.Tpo -c -o time/libshadow_la-day_to_str.lo `test -f 'time/day_to_str.c' || echo '$(srcdir)/'`time/day_to_str.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) time/$(DEPDIR)/libshadow_la-day_to_str.Tpo time/$(DEPDIR)/libshadow_la-day_to_str.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='time/day_to_str.c' object='time/libshadow_la-day_to_str.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o time/libshadow_la-day_to_str.lo `test -f 'time/day_to_str.c' || echo '$(srcdir)/'`time/day_to_str.c
+
+libshadow_la-ttytype.lo: ttytype.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-ttytype.lo -MD -MP -MF $(DEPDIR)/libshadow_la-ttytype.Tpo -c -o libshadow_la-ttytype.lo `test -f 'ttytype.c' || echo '$(srcdir)/'`ttytype.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-ttytype.Tpo $(DEPDIR)/libshadow_la-ttytype.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ttytype.c' object='libshadow_la-ttytype.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-ttytype.lo `test -f 'ttytype.c' || echo '$(srcdir)/'`ttytype.c
+
+libshadow_la-tz.lo: tz.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-tz.lo -MD -MP -MF $(DEPDIR)/libshadow_la-tz.Tpo -c -o libshadow_la-tz.lo `test -f 'tz.c' || echo '$(srcdir)/'`tz.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-tz.Tpo $(DEPDIR)/libshadow_la-tz.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tz.c' object='libshadow_la-tz.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-tz.lo `test -f 'tz.c' || echo '$(srcdir)/'`tz.c
+
+libshadow_la-ulimit.lo: ulimit.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-ulimit.lo -MD -MP -MF $(DEPDIR)/libshadow_la-ulimit.Tpo -c -o libshadow_la-ulimit.lo `test -f 'ulimit.c' || echo '$(srcdir)/'`ulimit.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-ulimit.Tpo $(DEPDIR)/libshadow_la-ulimit.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ulimit.c' object='libshadow_la-ulimit.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-ulimit.lo `test -f 'ulimit.c' || echo '$(srcdir)/'`ulimit.c
+
+libshadow_la-user_busy.lo: user_busy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-user_busy.lo -MD -MP -MF $(DEPDIR)/libshadow_la-user_busy.Tpo -c -o libshadow_la-user_busy.lo `test -f 'user_busy.c' || echo '$(srcdir)/'`user_busy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-user_busy.Tpo $(DEPDIR)/libshadow_la-user_busy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='user_busy.c' object='libshadow_la-user_busy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-user_busy.lo `test -f 'user_busy.c' || echo '$(srcdir)/'`user_busy.c
+
+libshadow_la-valid.lo: valid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-valid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-valid.Tpo -c -o libshadow_la-valid.lo `test -f 'valid.c' || echo '$(srcdir)/'`valid.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-valid.Tpo $(DEPDIR)/libshadow_la-valid.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='valid.c' object='libshadow_la-valid.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-valid.lo `test -f 'valid.c' || echo '$(srcdir)/'`valid.c
+
+libshadow_la-write_full.lo: write_full.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-write_full.lo -MD -MP -MF $(DEPDIR)/libshadow_la-write_full.Tpo -c -o libshadow_la-write_full.lo `test -f 'write_full.c' || echo '$(srcdir)/'`write_full.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-write_full.Tpo $(DEPDIR)/libshadow_la-write_full.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='write_full.c' object='libshadow_la-write_full.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-write_full.lo `test -f 'write_full.c' || echo '$(srcdir)/'`write_full.c
+
+libshadow_la-xgetpwnam.lo: xgetpwnam.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-xgetpwnam.lo -MD -MP -MF $(DEPDIR)/libshadow_la-xgetpwnam.Tpo -c -o libshadow_la-xgetpwnam.lo `test -f 'xgetpwnam.c' || echo '$(srcdir)/'`xgetpwnam.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-xgetpwnam.Tpo $(DEPDIR)/libshadow_la-xgetpwnam.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='xgetpwnam.c' object='libshadow_la-xgetpwnam.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-xgetpwnam.lo `test -f 'xgetpwnam.c' || echo '$(srcdir)/'`xgetpwnam.c
+
+libshadow_la-xprefix_getpwnam.lo: xprefix_getpwnam.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-xprefix_getpwnam.lo -MD -MP -MF $(DEPDIR)/libshadow_la-xprefix_getpwnam.Tpo -c -o libshadow_la-xprefix_getpwnam.lo `test -f 'xprefix_getpwnam.c' || echo '$(srcdir)/'`xprefix_getpwnam.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-xprefix_getpwnam.Tpo $(DEPDIR)/libshadow_la-xprefix_getpwnam.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='xprefix_getpwnam.c' object='libshadow_la-xprefix_getpwnam.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-xprefix_getpwnam.lo `test -f 'xprefix_getpwnam.c' || echo '$(srcdir)/'`xprefix_getpwnam.c
+
+libshadow_la-xgetpwuid.lo: xgetpwuid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-xgetpwuid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-xgetpwuid.Tpo -c -o libshadow_la-xgetpwuid.lo `test -f 'xgetpwuid.c' || echo '$(srcdir)/'`xgetpwuid.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-xgetpwuid.Tpo $(DEPDIR)/libshadow_la-xgetpwuid.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='xgetpwuid.c' object='libshadow_la-xgetpwuid.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-xgetpwuid.lo `test -f 'xgetpwuid.c' || echo '$(srcdir)/'`xgetpwuid.c
+
+libshadow_la-xgetgrnam.lo: xgetgrnam.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-xgetgrnam.lo -MD -MP -MF $(DEPDIR)/libshadow_la-xgetgrnam.Tpo -c -o libshadow_la-xgetgrnam.lo `test -f 'xgetgrnam.c' || echo '$(srcdir)/'`xgetgrnam.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-xgetgrnam.Tpo $(DEPDIR)/libshadow_la-xgetgrnam.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='xgetgrnam.c' object='libshadow_la-xgetgrnam.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-xgetgrnam.lo `test -f 'xgetgrnam.c' || echo '$(srcdir)/'`xgetgrnam.c
+
+libshadow_la-xgetgrgid.lo: xgetgrgid.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-xgetgrgid.lo -MD -MP -MF $(DEPDIR)/libshadow_la-xgetgrgid.Tpo -c -o libshadow_la-xgetgrgid.lo `test -f 'xgetgrgid.c' || echo '$(srcdir)/'`xgetgrgid.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-xgetgrgid.Tpo $(DEPDIR)/libshadow_la-xgetgrgid.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='xgetgrgid.c' object='libshadow_la-xgetgrgid.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-xgetgrgid.lo `test -f 'xgetgrgid.c' || echo '$(srcdir)/'`xgetgrgid.c
+
+libshadow_la-xgetspnam.lo: xgetspnam.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-xgetspnam.lo -MD -MP -MF $(DEPDIR)/libshadow_la-xgetspnam.Tpo -c -o libshadow_la-xgetspnam.lo `test -f 'xgetspnam.c' || echo '$(srcdir)/'`xgetspnam.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-xgetspnam.Tpo $(DEPDIR)/libshadow_la-xgetspnam.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='xgetspnam.c' object='libshadow_la-xgetspnam.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-xgetspnam.lo `test -f 'xgetspnam.c' || echo '$(srcdir)/'`xgetspnam.c
+
+libshadow_la-yesno.lo: yesno.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-yesno.lo -MD -MP -MF $(DEPDIR)/libshadow_la-yesno.Tpo -c -o libshadow_la-yesno.lo `test -f 'yesno.c' || echo '$(srcdir)/'`yesno.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-yesno.Tpo $(DEPDIR)/libshadow_la-yesno.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='yesno.c' object='libshadow_la-yesno.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-yesno.lo `test -f 'yesno.c' || echo '$(srcdir)/'`yesno.c
 
 libshadow_la-tcbfuncs.lo: tcbfuncs.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libshadow_la-tcbfuncs.lo -MD -MP -MF $(DEPDIR)/libshadow_la-tcbfuncs.Tpo -c -o libshadow_la-tcbfuncs.lo `test -f 'tcbfuncs.c' || echo '$(srcdir)/'`tcbfuncs.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-tcbfuncs.lo -MD -MP -MF $(DEPDIR)/libshadow_la-tcbfuncs.Tpo -c -o libshadow_la-tcbfuncs.lo `test -f 'tcbfuncs.c' || echo '$(srcdir)/'`tcbfuncs.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-tcbfuncs.Tpo $(DEPDIR)/libshadow_la-tcbfuncs.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tcbfuncs.c' object='libshadow_la-tcbfuncs.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libshadow_la-tcbfuncs.lo `test -f 'tcbfuncs.c' || echo '$(srcdir)/'`tcbfuncs.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-tcbfuncs.lo `test -f 'tcbfuncs.c' || echo '$(srcdir)/'`tcbfuncs.c
+
+libshadow_la-btrfs.lo: btrfs.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-btrfs.lo -MD -MP -MF $(DEPDIR)/libshadow_la-btrfs.Tpo -c -o libshadow_la-btrfs.lo `test -f 'btrfs.c' || echo '$(srcdir)/'`btrfs.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-btrfs.Tpo $(DEPDIR)/libshadow_la-btrfs.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='btrfs.c' object='libshadow_la-btrfs.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-btrfs.lo `test -f 'btrfs.c' || echo '$(srcdir)/'`btrfs.c
+
+libshadow_la-log.lo: log.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-log.lo -MD -MP -MF $(DEPDIR)/libshadow_la-log.Tpo -c -o libshadow_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-log.Tpo $(DEPDIR)/libshadow_la-log.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='log.c' object='libshadow_la-log.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
+
+libshadow_la-logind.lo: logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-logind.lo -MD -MP -MF $(DEPDIR)/libshadow_la-logind.Tpo -c -o libshadow_la-logind.lo `test -f 'logind.c' || echo '$(srcdir)/'`logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-logind.Tpo $(DEPDIR)/libshadow_la-logind.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logind.c' object='libshadow_la-logind.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-logind.lo `test -f 'logind.c' || echo '$(srcdir)/'`logind.c
+
+libshadow_la-utmp.lo: utmp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-utmp.lo -MD -MP -MF $(DEPDIR)/libshadow_la-utmp.Tpo -c -o libshadow_la-utmp.lo `test -f 'utmp.c' || echo '$(srcdir)/'`utmp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-utmp.Tpo $(DEPDIR)/libshadow_la-utmp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utmp.c' object='libshadow_la-utmp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-utmp.lo `test -f 'utmp.c' || echo '$(srcdir)/'`utmp.c
+
+libshadow_la-freezero.lo: freezero.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-freezero.lo -MD -MP -MF $(DEPDIR)/libshadow_la-freezero.Tpo -c -o libshadow_la-freezero.lo `test -f 'freezero.c' || echo '$(srcdir)/'`freezero.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-freezero.Tpo $(DEPDIR)/libshadow_la-freezero.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='freezero.c' object='libshadow_la-freezero.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-freezero.lo `test -f 'freezero.c' || echo '$(srcdir)/'`freezero.c
+
+libshadow_la-readpassphrase.lo: readpassphrase.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -MT libshadow_la-readpassphrase.lo -MD -MP -MF $(DEPDIR)/libshadow_la-readpassphrase.Tpo -c -o libshadow_la-readpassphrase.lo `test -f 'readpassphrase.c' || echo '$(srcdir)/'`readpassphrase.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libshadow_la-readpassphrase.Tpo $(DEPDIR)/libshadow_la-readpassphrase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='readpassphrase.c' object='libshadow_la-readpassphrase.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libshadow_la_CPPFLAGS) $(CPPFLAGS) $(libshadow_la_CFLAGS) $(CFLAGS) -c -o libshadow_la-readpassphrase.lo `test -f 'readpassphrase.c' || echo '$(srcdir)/'`readpassphrase.c
+
+.y.c:
+	$(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h `echo $@ | $(am__yacc_c2h)` y.output $*.output -- $(YACCCOMPILE)
 
 mostlyclean-libtool:
 	-rm -f *.lo
 
 clean-libtool:
 	-rm -rf .libs _libs
+	-rm -rf atoi/.libs atoi/_libs
+	-rm -rf string/.libs string/_libs
+	-rm -rf time/.libs time/_libs
 
 ID: $(am__tagged_files)
 	$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -916,39 +1839,100 @@ clean-generic:
 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f atoi/$(DEPDIR)/$(am__dirstamp)
+	-rm -f atoi/$(am__dirstamp)
+	-rm -f string/$(DEPDIR)/$(am__dirstamp)
+	-rm -f string/$(am__dirstamp)
+	-rm -f time/$(DEPDIR)/$(am__dirstamp)
+	-rm -f time/$(am__dirstamp)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
+	-rm -f getdate.c
 clean: clean-am
 
 clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/libshadow_la-commonio.Plo
+		-rm -f ./$(DEPDIR)/libshadow_la-addgrps.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-adds.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-age.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-agetpass.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-alloc.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-audit_help.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-basename.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-bit.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-btrfs.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-chkname.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-chowndir.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-chowntty.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-cleanup.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-cleanup_group.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-cleanup_user.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-commonio.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-console.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-copydir.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-csrand.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-encrypt.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-env.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-failure.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-fd.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-fields.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_gid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_sub_gids.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_sub_uids.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_uid.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-fputsx.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-freezero.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-get_gid.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-get_pid.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-get_uid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-getdate.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-getdef.Plo
-	-rm -f ./$(DEPDIR)/libshadow_la-getlong.Plo
-	-rm -f ./$(DEPDIR)/libshadow_la-getulong.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-getgr_nam_gid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-getrange.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-gettime.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-groupio.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-groupmem.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-gshadow.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-hushed.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-idmapping.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-isexpired.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-limits.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-list.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-lockpw.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-log.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-logind.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-loginprompt.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-mail.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-memzero.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-motd.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-myname.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-nscd.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-nss.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-obscure.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pam_pass.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pam_pass_non_interactive.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-port.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-prefix_flag.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-pwauth.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pwd2spwd.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pwd_init.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pwdcheck.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-pwio.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-pwmem.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-readpassphrase.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-remove_tree.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-rlogin.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-root_flag.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-run_part.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-salt.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-selinux.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-semanage.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-setugid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-setupenv.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sgetgrent.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sgetpwent.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sgetspent.Plo
@@ -957,11 +1941,38 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/libshadow_la-shadowio.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-shadowlog.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-shadowmem.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-shell.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-spawn.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sssd.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-strtoday.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-sub.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-subordinateio.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-sulog.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-tcbfuncs.Plo
-	-rm -f ./$(DEPDIR)/libshadow_la-utent.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-ttytype.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-tz.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-ulimit.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-user_busy.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-utmp.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-valid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-write_full.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetgrgid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetgrnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetpwnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetpwuid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetspnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xprefix_getpwnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-yesno.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-a2i.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-str2i.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-strtoi.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-strtou_noneg.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-sprintf.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-stpecpy.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-stpeprintf.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-strftime.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-strtcpy.Plo
+	-rm -f time/$(DEPDIR)/libshadow_la-day_to_str.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1007,29 +2018,83 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/libshadow_la-commonio.Plo
+		-rm -f ./$(DEPDIR)/libshadow_la-addgrps.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-adds.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-age.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-agetpass.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-alloc.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-audit_help.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-basename.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-bit.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-btrfs.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-chkname.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-chowndir.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-chowntty.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-cleanup.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-cleanup_group.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-cleanup_user.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-commonio.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-console.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-copydir.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-csrand.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-encrypt.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-env.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-failure.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-fd.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-fields.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_gid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_sub_gids.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_sub_uids.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-find_new_uid.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-fputsx.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-freezero.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-get_gid.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-get_pid.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-get_uid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-getdate.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-getdef.Plo
-	-rm -f ./$(DEPDIR)/libshadow_la-getlong.Plo
-	-rm -f ./$(DEPDIR)/libshadow_la-getulong.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-getgr_nam_gid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-getrange.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-gettime.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-groupio.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-groupmem.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-gshadow.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-hushed.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-idmapping.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-isexpired.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-limits.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-list.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-lockpw.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-log.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-logind.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-loginprompt.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-mail.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-memzero.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-motd.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-myname.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-nscd.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-nss.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-obscure.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pam_pass.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pam_pass_non_interactive.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-port.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-prefix_flag.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-pwauth.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pwd2spwd.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pwd_init.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-pwdcheck.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-pwio.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-pwmem.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-readpassphrase.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-remove_tree.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-rlogin.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-root_flag.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-run_part.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-salt.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-selinux.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-semanage.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-setugid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-setupenv.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sgetgrent.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sgetpwent.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sgetspent.Plo
@@ -1038,11 +2103,38 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/libshadow_la-shadowio.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-shadowlog.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-shadowmem.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-shell.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-spawn.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-sssd.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-strtoday.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-sub.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-subordinateio.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-sulog.Plo
 	-rm -f ./$(DEPDIR)/libshadow_la-tcbfuncs.Plo
-	-rm -f ./$(DEPDIR)/libshadow_la-utent.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-ttytype.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-tz.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-ulimit.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-user_busy.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-utmp.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-valid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-write_full.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetgrgid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetgrnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetpwnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetpwuid.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xgetspnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-xprefix_getpwnam.Plo
+	-rm -f ./$(DEPDIR)/libshadow_la-yesno.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-a2i.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-str2i.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-strtoi.Plo
+	-rm -f atoi/$(DEPDIR)/libshadow_la-strtou_noneg.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-sprintf.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-stpecpy.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-stpeprintf.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-strftime.Plo
+	-rm -f string/$(DEPDIR)/libshadow_la-strtcpy.Plo
+	-rm -f time/$(DEPDIR)/libshadow_la-day_to_str.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
diff --git a/libmisc/addgrps.c b/lib/addgrps.c
index 845d383..dae3dba 100644
--- a/libmisc/addgrps.c
+++ b/lib/addgrps.c
@@ -17,6 +17,8 @@
 #include <stdio.h>
 #include <grp.h>
 #include <errno.h>
+
+#include "alloc.h"
 #include "shadowlog.h"
 
 #ident "$Id$"
@@ -29,7 +31,7 @@
  */
 int add_groups (const char *list)
 {
-	GETGROUPS_T *grouplist, *tmp;
+	GETGROUPS_T *grouplist;
 	size_t i;
 	int ngroups;
 	bool added;
@@ -46,7 +48,7 @@ int add_groups (const char *list)
 
 	i = 16;
 	for (;;) {
-		grouplist = (gid_t *) malloc (i * sizeof (GETGROUPS_T));
+		grouplist = MALLOC(i, GETGROUPS_T);
 		if (NULL == grouplist) {
 			return -1;
 		}
@@ -88,19 +90,17 @@ int add_groups (const char *list)
 			fputs (_("Warning: too many groups\n"), shadow_logfd);
 			break;
 		}
-		tmp = (gid_t *) realloc (grouplist, (size_t)(ngroups + 1) * sizeof (GETGROUPS_T));
-		if (NULL == tmp) {
-			free (grouplist);
+		grouplist = REALLOCF(grouplist, (size_t) ngroups + 1, GETGROUPS_T);
+		if (grouplist == NULL) {
 			return -1;
 		}
-		tmp[ngroups] = grp->gr_gid;
+		grouplist[ngroups] = grp->gr_gid;
 		ngroups++;
-		grouplist = tmp;
 		added = true;
 	}
 
 	if (added) {
-		ret = setgroups ((size_t)ngroups, grouplist);
+		ret = setgroups (ngroups, grouplist);
 		free (grouplist);
 		return ret;
 	}
@@ -109,6 +109,6 @@ int add_groups (const char *list)
 	return 0;
 }
 #else				/* HAVE_SETGROUPS && !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* HAVE_SETGROUPS && !USE_PAM */
 
diff --git a/lib/adds.c b/lib/adds.c
new file mode 100644
index 0000000..5d8c153
--- /dev/null
+++ b/lib/adds.c
@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "adds.h"
+
+#include <stddef.h>
+
+
+extern inline long addsl2(long a, long b);
+extern inline long addslN(size_t n, long addend[n]);
+
+extern inline int cmpl(const void *p1, const void *p2);
diff --git a/lib/adds.h b/lib/adds.h
new file mode 100644
index 0000000..6544ce5
--- /dev/null
+++ b/lib/adds.h
@@ -0,0 +1,86 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ADDS_H_
+#define SHADOW_INCLUDE_LIB_ADDS_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "sizeof.h"
+
+
+#define addsl(a, b, ...)                                                      \
+({                                                                            \
+	long  addend_[] = {a, b, __VA_ARGS__};                                \
+                                                                              \
+	addslN(NITEMS(addend_), addend_);                                     \
+})
+
+
+inline long addsl2(long a, long b);
+inline long addslN(size_t n, long addend[n]);
+
+inline int cmpl(const void *p1, const void *p2);
+
+
+inline long
+addsl2(long a, long b)
+{
+	if (a > 0 && b > LONG_MAX - a) {
+		errno = EOVERFLOW;
+		return LONG_MAX;
+	}
+	if (a < 0 && b < LONG_MIN - a) {
+		errno = EOVERFLOW;
+		return LONG_MIN;
+	}
+	return a + b;
+}
+
+
+inline long
+addslN(size_t n, long addend[n])
+{
+	int   e;
+
+	if (n == 0) {
+		errno = EDOM;
+		return 0;
+	}
+
+	e = errno;
+	while (n > 1) {
+		qsort(addend, n, sizeof(addend[0]), cmpl);
+
+		errno = 0;
+		addend[0] = addsl2(addend[0], addend[--n]);
+		if (errno == EOVERFLOW)
+			return addend[0];
+	}
+	errno = e;
+	return addend[0];
+}
+
+
+inline int
+cmpl(const void *p1, const void *p2)
+{
+	const long  *l1 = p1;
+	const long  *l2 = p2;
+
+	if (*l1 < *l2)
+		return -1;
+	if (*l1 > *l2)
+		return +1;
+	return 0;
+}
+
+
+#endif  // include guard
diff --git a/libmisc/age.c b/lib/age.c
index d10f71b..72a13ea 100644
--- a/libmisc/age.c
+++ b/lib/age.c
@@ -13,12 +13,15 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include "prototypes.h"
-#include "defines.h"
-#include "exitcodes.h"
 #include <pwd.h>
 #include <grp.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "exitcodes.h"
+#include "prototypes.h"
+
+
 #ident "$Id$"
 
 #ifndef PASSWD_PROGRAM
@@ -112,7 +115,7 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 			_exit (126);
 		}
 
-		(void) execl (PASSWD_PROGRAM, PASSWD_PROGRAM, pw->pw_name, (char *) 0);
+		(void) execl (PASSWD_PROGRAM, PASSWD_PROGRAM, pw->pw_name, (char *) NULL);
 		err = errno;
 		perror ("Can't execute " PASSWD_PROGRAM);
 		_exit ((ENOENT == err) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -139,7 +142,7 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 void agecheck (/*@null@*/const struct spwd *sp)
 {
-	long now = (long) time ((time_t *) 0) / SCALE;
+	long now = time(NULL) / DAY;
 	long remain;
 
 	if (NULL == sp) {
@@ -162,9 +165,9 @@ void agecheck (/*@null@*/const struct spwd *sp)
 		return;
 	}
 
-	remain = sp->sp_lstchg + sp->sp_max - now;
+	remain = addsl(sp->sp_lstchg, sp->sp_max, -now);
+
 	if (remain <= sp->sp_warn) {
-		remain /= DAY / SCALE;
 		if (remain > 1) {
 			(void) printf (_("Your password will expire in %ld days.\n"),
 			               remain);
diff --git a/lib/agetpass.c b/lib/agetpass.c
new file mode 100644
index 0000000..5d9f928
--- /dev/null
+++ b/lib/agetpass.c
@@ -0,0 +1,145 @@
+/*
+ * SPDX-FileCopyrightText:  2022, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include "agetpass.h"
+
+#include <limits.h>
+#include <readpassphrase.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ident "$Id$"
+
+#include "alloc.h"
+
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
+
+
+/*
+ * SYNOPSIS
+ *	[[gnu::malloc(erase_pass)]]
+ *	char *agetpass(const char *prompt);
+ *	char *agetpass_stdin();
+ *
+ *	void erase_pass(char *pass);
+ *
+ * ARGUMENTS
+ *   agetpass()
+ *	prompt	String to be printed before reading a password.
+ *
+ *   erase_pass()
+ *	pass	password previously returned by agetpass().
+ *
+ * DESCRIPTION
+ *   agetpass()
+ *	This function is very similar to getpass(3).  It has several
+ *	advantages compared to getpass(3):
+ *
+ *	- Instead of using a static buffer, agetpass() allocates memory
+ *	  through malloc(3).  This makes the function thread-safe, and
+ *	  also reduces the visibility of the buffer.
+ *
+ *	- agetpass() doesn't reallocate internally.  Some
+ *	  implementations of getpass(3), such as glibc, do that, as a
+ *	  consequence of calling getline(3).  That's a bug in glibc,
+ *	  which allows leaking prefixes of passwords in freed memory.
+ *
+ *	- agetpass() doesn't overrun the output buffer.  If the input
+ *	  password is too long, it simply fails.  Some implementations
+ *	  of getpass(3), share the same bug that gets(3) has.
+ *
+ *	As soon as possible, the password obtained from agetpass() be
+ *	erased by calling erase_pass(), to avoid possibly leaking the
+ *	password.
+ *
+ *   agetpass_stdin()
+ *	This function is the same as previous one (agetpass). Just the
+ *	password is read from stdin and terminal is not required.
+ *
+ *   erase_pass()
+ *	This function first clears the password, by calling
+ *	explicit_bzero(3) (or an equivalent call), and then frees the
+ *	allocated memory by calling free(3).
+ *
+ *	NULL is a valid input pointer, and in such a case, this call is
+ *	a no-op.
+ *
+ * RETURN VALUE
+ *	agetpass() returns a newly allocated buffer containing the
+ *	password on success.  On error, errno is set to indicate the
+ *	error, and NULL is returned.
+ *
+ * ERRORS
+ *   agetpass()
+ *	This function may fail for any errors that malloc(3) or
+ *	readpassphrase(3) may fail, and in addition it may fail for the
+ *	following errors:
+ *
+ *	ENOBUFS
+ *		The input password was longer than PASS_MAX.
+ *
+ * CAVEATS
+ *	If a password is passed twice to erase_pass(), the behavior is
+ *	undefined.
+ */
+
+
+static char *
+agetpass_internal(const char *prompt, int flags)
+{
+	char    *pass;
+	size_t  len;
+
+	/*
+	 * Since we want to support passwords upto PASS_MAX, we need
+	 * PASS_MAX bytes for the password itself, and one more byte for
+	 * the terminating '\0'.  We also want to detect truncation, and
+	 * readpassphrase(3) doesn't detect it, so we need some trick.
+	 * Let's add one more byte, and if the password uses it, it
+	 * means the introduced password was longer than PASS_MAX.
+	 */
+	pass = MALLOC(PASS_MAX + 2, char);
+	if (pass == NULL)
+		return NULL;
+
+	if (readpassphrase(prompt, pass, PASS_MAX + 2, flags) == NULL)
+		goto fail;
+
+	len = strlen(pass);
+	if (len == PASS_MAX + 1) {
+		errno = ENOBUFS;
+		goto fail;
+	}
+
+	return pass;
+
+fail:
+	freezero(pass, PASS_MAX + 2);
+	return NULL;
+}
+
+char *
+agetpass(const char *prompt)
+{
+	return agetpass_internal(prompt, RPP_REQUIRE_TTY);
+}
+
+char *
+agetpass_stdin()
+{
+	return agetpass_internal(NULL, RPP_STDIN);
+}
+
+void
+erase_pass(char *pass)
+{
+	freezero(pass, PASS_MAX + 2);
+}
diff --git a/lib/agetpass.h b/lib/agetpass.h
new file mode 100644
index 0000000..4a4444e
--- /dev/null
+++ b/lib/agetpass.h
@@ -0,0 +1,23 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_AGETPASS_H_
+#define SHADOW_INCLUDE_LIB_AGETPASS_H_
+
+
+#include <config.h>
+
+#include "attr.h"
+#include "defines.h"
+
+
+void erase_pass(char *pass);
+ATTR_MALLOC(erase_pass)
+char *agetpass(const char *prompt);
+char *agetpass_stdin();
+
+
+#endif  // include guard
diff --git a/libmisc/xmalloc.c b/lib/alloc.c
index 056d472..962f45a 100644
--- a/libmisc/xmalloc.c
+++ b/lib/alloc.c
@@ -3,6 +3,7 @@
  * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
  * SPDX-FileCopyrightText: 2003 - 2006, Tomasz KÅ‚oczko
  * SPDX-FileCopyrightText: 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2023       , Alejandro Colomar <alx@kernel.org>
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -11,7 +12,7 @@
    to be worth copyrighting :-).  I did that because a lot of code used
    malloc and strdup without checking for NULL pointer, and I like some
    message better than a core dump...  --marekm
-   
+
    Yeh, but.  Remember that bailing out might leave the system in some
    bizarre state.  You really want to put in error checking, then add
    some back-out failure recovery code. -- jfh */
@@ -20,27 +21,53 @@
 
 #ident "$Id$"
 
-#include <stdio.h>
+#include "alloc.h"
+
 #include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
 
-/*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size)
+
+extern inline void *xmalloc(size_t size);
+extern inline void *xmallocarray(size_t nmemb, size_t size);
+extern inline void *mallocarray(size_t nmemb, size_t size);
+extern inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
+extern inline char *xstrdup(const char *str);
+
+
+void *
+xcalloc(size_t nmemb, size_t size)
 {
-	void *ptr;
-
-	ptr = malloc (size);
-	if (NULL == ptr) {
-		(void) fprintf (log_get_logfd(),
-		                _("%s: failed to allocate memory: %s\n"),
-		                log_get_progname(), strerror (errno));
-		exit (13);
-	}
-	return ptr;
+	void  *p;
+
+	p = calloc(nmemb, size);
+	if (p == NULL)
+		goto x;
+
+	return p;
+
+x:
+	fprintf(log_get_logfd(), _("%s: %s\n"),
+	        log_get_progname(), strerror(errno));
+	exit(13);
 }
 
-/*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *str)
+
+void *
+xreallocarray(void *p, size_t nmemb, size_t size)
 {
-	return strcpy (xmalloc (strlen (str) + 1), str);
+	p = reallocarrayf(p, nmemb, size);
+	if (p == NULL)
+		goto x;
+
+	return p;
+
+x:
+	fprintf(log_get_logfd(), _("%s: %s\n"),
+	        log_get_progname(), strerror(errno));
+	exit(13);
 }
diff --git a/lib/alloc.h b/lib/alloc.h
new file mode 100644
index 0000000..39405a5
--- /dev/null
+++ b/lib/alloc.h
@@ -0,0 +1,101 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_MALLOC_H_
+#define SHADOW_INCLUDE_LIB_MALLOC_H_
+
+
+#include <config.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "attr.h"
+#include "defines.h"
+
+
+#define CALLOC(n, type)   ((type *) calloc(n, sizeof(type)))
+#define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
+#define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
+#define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
+
+#define REALLOC(ptr, n, type)                                                 \
+(                                                                             \
+	_Generic(ptr, type *:  (type *) reallocarray(ptr, n, sizeof(type)))   \
+)
+
+#define REALLOCF(ptr, n, type)                                                \
+(                                                                             \
+	_Generic(ptr, type *:  (type *) reallocarrayf(ptr, n, sizeof(type)))  \
+)
+
+#define XREALLOC(ptr, n, type)                                                \
+(                                                                             \
+	_Generic(ptr, type *:  (type *) xreallocarray(ptr, n, sizeof(type)))  \
+)
+
+
+ATTR_MALLOC(free)
+inline void *xmalloc(size_t size);
+ATTR_MALLOC(free)
+inline void *xmallocarray(size_t nmemb, size_t size);
+ATTR_MALLOC(free)
+inline void *mallocarray(size_t nmemb, size_t size);
+ATTR_MALLOC(free)
+inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
+ATTR_MALLOC(free)
+inline char *xstrdup(const char *str);
+
+ATTR_MALLOC(free)
+void *xcalloc(size_t nmemb, size_t size);
+ATTR_MALLOC(free)
+void *xreallocarray(void *p, size_t nmemb, size_t size);
+
+
+inline void *
+xmalloc(size_t size)
+{
+	return xmallocarray(1, size);
+}
+
+
+inline void *
+xmallocarray(size_t nmemb, size_t size)
+{
+	return xreallocarray(NULL, nmemb, size);
+}
+
+
+inline void *
+mallocarray(size_t nmemb, size_t size)
+{
+	return reallocarray(NULL, nmemb, size);
+}
+
+
+inline void *
+reallocarrayf(void *p, size_t nmemb, size_t size)
+{
+	void  *q;
+
+	q = reallocarray(p, nmemb, size);
+
+	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
+	if (q == NULL && nmemb != 0 && size != 0)
+		free(p);
+	return q;
+}
+
+
+inline char *
+xstrdup(const char *str)
+{
+	return strcpy(XMALLOC(strlen(str) + 1, char), str);
+}
+
+
+#endif  // include guard
diff --git a/lib/atoi/a2i.c b/lib/atoi/a2i.c
new file mode 100644
index 0000000..a2cf872
--- /dev/null
+++ b/lib/atoi/a2i.c
@@ -0,0 +1,46 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i.h"
+
+
+extern inline int a2sh_c(short *restrict n, const char *s,
+    const char **restrict endp, int base, short min, short max);
+extern inline int a2si_c(int *restrict n, const char *s,
+    const char **restrict endp, int base, int min, int max);
+extern inline int a2sl_c(long *restrict n, const char *s,
+    const char **restrict endp, int base, long min, long max);
+extern inline int a2sll_c(long long *restrict n, const char *s,
+    const char **restrict endp, int base, long long min, long long max);
+extern inline int a2uh_c(unsigned short *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned short min,
+    unsigned short max);
+extern inline int a2ui_c(unsigned int *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned int min, unsigned int max);
+extern inline int a2ul_c(unsigned long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long min, unsigned long max);
+extern inline int a2ull_c(unsigned long long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);
+
+
+extern inline int a2sh_nc(short *restrict n, char *s,
+    char **restrict endp, int base, short min, short max);
+extern inline int a2si_nc(int *restrict n, char *s,
+    char **restrict endp, int base, int min, int max);
+extern inline int a2sl_nc(long *restrict n, char *s,
+    char **restrict endp, int base, long min, long max);
+extern inline int a2sll_nc(long long *restrict n, char *s,
+    char **restrict endp, int base, long long min, long long max);
+extern inline int a2uh_nc(unsigned short *restrict n, char *s,
+    char **restrict endp, int base, unsigned short min, unsigned short max);
+extern inline int a2ui_nc(unsigned int *restrict n, char *s,
+    char **restrict endp, int base, unsigned int min, unsigned int max);
+extern inline int a2ul_nc(unsigned long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long min, unsigned long max);
+extern inline int a2ull_nc(unsigned long long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);
diff --git a/lib/atoi/a2i.h b/lib/atoi/a2i.h
new file mode 100644
index 0000000..64f775a
--- /dev/null
+++ b/lib/atoi/a2i.h
@@ -0,0 +1,386 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+
+#include "atoi/strtoi.h"
+#include "atoi/strtou_noneg.h"
+#include "attr.h"
+
+
+/*
+ * See the manual of these macros in liba2i's documentation:
+ * <http://www.alejandro-colomar.es/share/dist/liba2i/git/HEAD/liba2i-HEAD.pdf>
+ */
+
+
+#define a2i(TYPE, n, s, ...)                                                  \
+(                                                                             \
+	_Generic((void (*)(TYPE, typeof(s))) 0,                               \
+		void (*)(short,              const char *):  a2sh_c,          \
+		void (*)(short,              const void *):  a2sh_c,          \
+		void (*)(short,              char *):        a2sh_nc,         \
+		void (*)(short,              void *):        a2sh_nc,         \
+		void (*)(int,                const char *):  a2si_c,          \
+		void (*)(int,                const void *):  a2si_c,          \
+		void (*)(int,                char *):        a2si_nc,         \
+		void (*)(int,                void *):        a2si_nc,         \
+		void (*)(long,               const char *):  a2sl_c,          \
+		void (*)(long,               const void *):  a2sl_c,          \
+		void (*)(long,               char *):        a2sl_nc,         \
+		void (*)(long,               void *):        a2sl_nc,         \
+		void (*)(long long,          const char *):  a2sll_c,         \
+		void (*)(long long,          const void *):  a2sll_c,         \
+		void (*)(long long,          char *):        a2sll_nc,        \
+		void (*)(long long,          void *):        a2sll_nc,        \
+		void (*)(unsigned short,     const char *):  a2uh_c,          \
+		void (*)(unsigned short,     const void *):  a2uh_c,          \
+		void (*)(unsigned short,     char *):        a2uh_nc,         \
+		void (*)(unsigned short,     void *):        a2uh_nc,         \
+		void (*)(unsigned int,       const char *):  a2ui_c,          \
+		void (*)(unsigned int,       const void *):  a2ui_c,          \
+		void (*)(unsigned int,       char *):        a2ui_nc,         \
+		void (*)(unsigned int,       void *):        a2ui_nc,         \
+		void (*)(unsigned long,      const char *):  a2ul_c,          \
+		void (*)(unsigned long,      const void *):  a2ul_c,          \
+		void (*)(unsigned long,      char *):        a2ul_nc,         \
+		void (*)(unsigned long,      void *):        a2ul_nc,         \
+		void (*)(unsigned long long, const char *):  a2ull_c,         \
+		void (*)(unsigned long long, const void *):  a2ull_c,         \
+		void (*)(unsigned long long, char *):        a2ull_nc,        \
+		void (*)(unsigned long long, void *):        a2ull_nc         \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+
+#define a2sh(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2sh_c,                                        \
+		const void *:  a2sh_c,                                        \
+		char *:        a2sh_nc,                                       \
+		void *:        a2sh_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2si(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2si_c,                                        \
+		const void *:  a2si_c,                                        \
+		char *:        a2si_nc,                                       \
+		void *:        a2si_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2sl(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2sl_c,                                        \
+		const void *:  a2sl_c,                                        \
+		char *:        a2sl_nc,                                       \
+		void *:        a2sl_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2sll(n, s, ...)                                                      \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2sll_c,                                       \
+		const void *:  a2sll_c,                                       \
+		char *:        a2sll_nc,                                      \
+		void *:        a2sll_nc                                       \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2uh(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2uh_c,                                        \
+		const void *:  a2uh_c,                                        \
+		char *:        a2uh_nc,                                       \
+		void *:        a2uh_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2ui(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2ui_c,                                        \
+		const void *:  a2ui_c,                                        \
+		char *:        a2ui_nc,                                       \
+		void *:        a2ui_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2ul(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2ul_c,                                        \
+		const void *:  a2ul_c,                                        \
+		char *:        a2ul_nc,                                       \
+		void *:        a2ul_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2ull(n, s, ...)                                                      \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2ull_c,                                       \
+		const void *:  a2ull_c,                                       \
+		char *:        a2ull_nc,                                      \
+		void *:        a2ull_nc                                       \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sh_c(short *restrict n, const char *s,
+    const char **restrict endp, int base, short min, short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2si_c(int *restrict n, const char *s,
+    const char **restrict endp, int base, int min, int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sl_c(long *restrict n, const char *s,
+    const char **restrict endp, int base, long min, long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sll_c(long long *restrict n, const char *s,
+    const char **restrict endp, int base, long long min, long long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2uh_c(unsigned short *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned short min,
+    unsigned short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ui_c(unsigned int *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned int min, unsigned int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ul_c(unsigned long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long min, unsigned long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ull_c(unsigned long long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sh_nc(short *restrict n, char *s,
+    char **restrict endp, int base, short min, short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2si_nc(int *restrict n, char *s,
+    char **restrict endp, int base, int min, int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sl_nc(long *restrict n, char *s,
+    char **restrict endp, int base, long min, long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sll_nc(long long *restrict n, char *s,
+    char **restrict endp, int base, long long min, long long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2uh_nc(unsigned short *restrict n, char *s,
+    char **restrict endp, int base, unsigned short min, unsigned short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ui_nc(unsigned int *restrict n, char *s,
+    char **restrict endp, int base, unsigned int min, unsigned int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ul_nc(unsigned long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long min, unsigned long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ull_nc(unsigned long long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);
+
+
+inline int
+a2sh_c(short *restrict n, const char *s,
+    const char **restrict endp, int base, short min, short max)
+{
+	return a2sh(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2si_c(int *restrict n, const char *s,
+    const char **restrict endp, int base, int min, int max)
+{
+	return a2si(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2sl_c(long *restrict n, const char *s,
+    const char **restrict endp, int base, long min, long max)
+{
+	return a2sl(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2sll_c(long long *restrict n, const char *s,
+    const char **restrict endp, int base, long long min, long long max)
+{
+	return a2sll(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2uh_c(unsigned short *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned short min,
+    unsigned short max)
+{
+	return a2uh(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2ui_c(unsigned int *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned int min, unsigned int max)
+{
+	return a2ui(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2ul_c(unsigned long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long min, unsigned long max)
+{
+	return a2ul(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2ull_c(unsigned long long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long long min,
+    unsigned long long max)
+{
+	return a2ull(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2sh_nc(short *restrict n, char *s,
+    char **restrict endp, int base, short min, short max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2si_nc(int *restrict n, char *s,
+    char **restrict endp, int base, int min, int max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2sl_nc(long *restrict n, char *s,
+    char **restrict endp, int base, long min, long max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2sll_nc(long long *restrict n, char *s,
+    char **restrict endp, int base, long long min, long long max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2uh_nc(unsigned short *restrict n, char *s,
+    char **restrict endp, int base, unsigned short min,
+    unsigned short max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2ui_nc(unsigned int *restrict n, char *s,
+    char **restrict endp, int base, unsigned int min, unsigned int max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2ul_nc(unsigned long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long min, unsigned long max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2ull_nc(unsigned long long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long long min,
+    unsigned long long max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+#endif  // include guard
diff --git a/lib/atoi/str2i.c b/lib/atoi/str2i.c
new file mode 100644
index 0000000..25ce360
--- /dev/null
+++ b/lib/atoi/str2i.c
@@ -0,0 +1,18 @@
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/str2i.h"
+
+
+extern inline int str2sh(short *restrict n, const char *restrict s);
+extern inline int str2si(int *restrict n, const char *restrict s);
+extern inline int str2sl(long *restrict n, const char *restrict s);
+extern inline int str2sll(long long *restrict n, const char *restrict s);
+extern inline int str2uh(unsigned short *restrict n, const char *restrict s);
+extern inline int str2ui(unsigned int *restrict n, const char *restrict s);
+extern inline int str2ul(unsigned long *restrict n, const char *restrict s);
+extern inline int str2ull(unsigned long long *restrict n, const char *restrict s);
diff --git a/lib/atoi/str2i.h b/lib/atoi/str2i.h
new file mode 100644
index 0000000..b3ded03
--- /dev/null
+++ b/lib/atoi/str2i.h
@@ -0,0 +1,108 @@
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STR2I_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STR2I_H_
+
+
+#include <config.h>
+
+#include <limits.h>
+#include <stddef.h>
+
+#include "atoi/a2i.h"
+#include "attr.h"
+
+
+#define str2i(TYPE, ...)                                                      \
+(                                                                             \
+	_Generic((TYPE) 0,                                                    \
+		short:              str2sh,                                   \
+		int:                str2si,                                   \
+		long:               str2sl,                                   \
+		long long:          str2sll,                                  \
+		unsigned short:     str2uh,                                   \
+		unsigned int:       str2ui,                                   \
+		unsigned long:      str2ul,                                   \
+		unsigned long long: str2ull                                   \
+	)(__VA_ARGS__)                                                        \
+)
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2sh(short *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2si(int *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2sl(long *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2sll(long long *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2uh(unsigned short *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2ui(unsigned int *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2ul(unsigned long *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2ull(unsigned long long *restrict n, const char *restrict s);
+
+
+inline int
+str2sh(short *restrict n, const char *restrict s)
+{
+	return a2sh(n, s, NULL, 0, SHRT_MIN, SHRT_MAX);
+}
+
+
+inline int
+str2si(int *restrict n, const char *restrict s)
+{
+	return a2si(n, s, NULL, 0, INT_MIN, INT_MAX);
+}
+
+
+inline int
+str2sl(long *restrict n, const char *restrict s)
+{
+	return a2sl(n, s, NULL, 0, LONG_MIN, LONG_MAX);
+}
+
+
+inline int
+str2sll(long long *restrict n, const char *restrict s)
+{
+	return a2sll(n, s, NULL, 0, LLONG_MIN, LLONG_MAX);
+}
+
+
+inline int
+str2uh(unsigned short *restrict n, const char *restrict s)
+{
+	return a2uh(n, s, NULL, 0, 0, USHRT_MAX);
+}
+
+
+inline int
+str2ui(unsigned int *restrict n, const char *restrict s)
+{
+	return a2ui(n, s, NULL, 0, 0, UINT_MAX);
+}
+
+
+inline int
+str2ul(unsigned long *restrict n, const char *restrict s)
+{
+	return a2ul(n, s, NULL, 0, 0, ULONG_MAX);
+}
+
+
+inline int
+str2ull(unsigned long long *restrict n, const char *restrict s)
+{
+	return a2ull(n, s, NULL, 0, 0, ULLONG_MAX);
+}
+
+
+#endif  // include guard
diff --git a/lib/atoi/strtoi.c b/lib/atoi/strtoi.c
new file mode 100644
index 0000000..197707b
--- /dev/null
+++ b/lib/atoi/strtoi.c
@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/strtoi.h"
+
+#include <stdint.h>
+
+
+extern inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status);
+extern inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status);
diff --git a/lib/atoi/strtoi.h b/lib/atoi/strtoi.h
new file mode 100644
index 0000000..1f061fc
--- /dev/null
+++ b/lib/atoi/strtoi.h
@@ -0,0 +1,96 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOI_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STRTOI_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <inttypes.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <sys/param.h>
+
+#include "attr.h"
+
+
+#define strtoNmax(TYPE, ...)                                                  \
+(                                                                             \
+	_Generic((TYPE) 0,                                                    \
+		intmax_t:  strtoimax,                                         \
+		uintmax_t: strtoumax                                          \
+	)(__VA_ARGS__)                                                        \
+)
+
+
+#define strtoN(s, endp, base, min, max, status, TYPE)                         \
+({                                                                            \
+	const char  *s_ = s;                                                  \
+	char        **endp_ = endp;                                           \
+	int         base_ = base;                                             \
+	TYPE        min_ = min;                                               \
+	TYPE        max_ = max;                                               \
+	int         *status_ = status;                                        \
+                                                                              \
+	int         e_, st_;                                                  \
+	char        *end_;                                                    \
+	TYPE        n_;                                                       \
+                                                                              \
+	if (endp_ == NULL)                                                    \
+		endp_ = &end_;                                                \
+	if (status_ == NULL)                                                  \
+		status_ = &st_;                                               \
+                                                                              \
+	if (base_ != 0 && (base_ < 0 || base_ > 36)) {                        \
+		*status_ = EINVAL;                                            \
+		n_ = 0;                                                       \
+                                                                              \
+	} else {                                                              \
+		e_ = errno;                                                   \
+		errno = 0;                                                    \
+		n_ = strtoNmax(TYPE, s_, endp_, base_);                       \
+                                                                              \
+		if (*endp_ == s_)                                             \
+			*status_ = ECANCELED;                                 \
+		else if (errno == ERANGE || n_ < min_ || n_ > max_)           \
+			*status_ = ERANGE;                                    \
+		else if (**endp_ != '\0')                                     \
+			*status_ = ENOTSUP;                                   \
+		else                                                          \
+			*status_ = 0;                                         \
+                                                                              \
+		errno = e_;                                                   \
+	}                                                                     \
+	MAX(min_, MIN(max_, n_));                                             \
+})
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status);
+
+
+inline intmax_t
+strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status)
+{
+	return strtoN(s, endp, base, min, max, status, intmax_t);
+}
+
+
+inline uintmax_t
+strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status)
+{
+	return strtoN(s, endp, base, min, max, status, uintmax_t);
+}
+
+
+#endif  // include guard
diff --git a/lib/atoi/strtou_noneg.c b/lib/atoi/strtou_noneg.c
new file mode 100644
index 0000000..71cacbd
--- /dev/null
+++ b/lib/atoi/strtou_noneg.c
@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/strtou_noneg.h"
+
+#include <stdint.h>
+
+
+extern inline uintmax_t strtou_noneg(const char *s, char **restrict endp,
+    int base, uintmax_t min, uintmax_t max, int *restrict status);
diff --git a/lib/atoi/strtou_noneg.h b/lib/atoi/strtou_noneg.h
new file mode 100644
index 0000000..6d77adf
--- /dev/null
+++ b/lib/atoi/strtou_noneg.h
@@ -0,0 +1,39 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOU_NONEG_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STRTOU_NONEG_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "atoi/strtoi.h"
+#include "attr.h"
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline uintmax_t strtou_noneg(const char *s, char **restrict endp,
+    int base, uintmax_t min, uintmax_t max, int *restrict status);
+
+
+inline uintmax_t
+strtou_noneg(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status)
+{
+	int  st;
+
+	if (status == NULL)
+		status = &st;
+	if (strtoi_(s, endp, base, 0, 1, status) == 0 && *status == ERANGE)
+		return min;
+
+	return strtou_(s, endp, base, min, max, status);
+}
+
+
+#endif  // include guard
diff --git a/lib/attr.h b/lib/attr.h
new file mode 100644
index 0000000..3835848
--- /dev/null
+++ b/lib/attr.h
@@ -0,0 +1,33 @@
+#ifndef SHADOW_INCLUDE_LIB_ATTR_H_
+#define SHADOW_INCLUDE_LIB_ATTR_H_
+
+
+#include "config.h"
+
+
+#if defined(__GNUC__)
+# define MAYBE_UNUSED                __attribute__((unused))
+# define NORETURN                    __attribute__((__noreturn__))
+# define format_attr(type, fmt, va)  __attribute__((format(type, fmt, va)))
+# define ATTR_ACCESS(...)            __attribute__((access(__VA_ARGS__)))
+#else
+# define MAYBE_UNUSED
+# define NORETURN
+# define format_attr(type, fmt, va)
+# define ATTR_ACCESS(...)
+#endif
+
+#if (__GNUC__ >= 11) && !defined(__clang__)
+# define ATTR_MALLOC(deallocator)    [[gnu::malloc(deallocator)]]
+#else
+# define ATTR_MALLOC(deallocator)
+#endif
+
+#if (__GNUC__ >= 14)
+# define ATTR_STRING(...)       [[gnu::null_terminated_string_arg(__VA_ARGS__)]]
+#else
+# define ATTR_STRING(...)
+#endif
+
+
+#endif  // include guard
diff --git a/libmisc/audit_help.c b/lib/audit_help.c
index e6c2006..54109f0 100644
--- a/libmisc/audit_help.c
+++ b/lib/audit_help.c
@@ -21,6 +21,8 @@
 #include <libaudit.h>
 #include <errno.h>
 #include <stdio.h>
+
+#include "attr.h"
 #include "prototypes.h"
 #include "shadowlog.h"
 int audit_fd;
@@ -54,7 +56,7 @@ void audit_help_open (void)
  * id  -  uid or gid that the operation is being performed on. This is used
  *	  only when user is NULL.
  */
-void audit_logger (int type, unused const char *pgname, const char *op,
+void audit_logger (int type, MAYBE_UNUSED const char *pgname, const char *op,
                    const char *name, unsigned int id,
                    shadow_audit_result result)
 {
@@ -62,7 +64,7 @@ void audit_logger (int type, unused const char *pgname, const char *op,
 		return;
 	} else {
 		audit_log_acct_message (audit_fd, type, NULL, op, name, id,
-		                        NULL, NULL, NULL, (int) result);
+		                        NULL, NULL, NULL, result);
 	}
 }
 
@@ -77,11 +79,11 @@ void audit_logger_message (const char *message, shadow_audit_result result)
 		                        NULL, /* hostname */
 		                        NULL, /* addr */
 		                        NULL, /* tty */
-		                        (int) result);
+		                        result);
 	}
 }
 
 #else				/* WITH_AUDIT */
-extern int errno;	/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* WITH_AUDIT */
 
diff --git a/libmisc/basename.c b/lib/basename.c
index fe91653..95a2f85 100644
--- a/libmisc/basename.c
+++ b/lib/basename.c
@@ -21,6 +21,10 @@
 #include "prototypes.h"
 /*@observer@*/const char *Basename (const char *str)
 {
+	if (str == NULL) {
+		abort ();
+	}
+
 	char *cp = strrchr (str, '/');
 
 	return (NULL != cp) ? cp + 1 : str;
diff --git a/lib/bit.c b/lib/bit.c
new file mode 100644
index 0000000..1ffc6dc
--- /dev/null
+++ b/lib/bit.c
@@ -0,0 +1,19 @@
+/*
+ * SPDX-FileCopyrightText:  2022 - 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include "bit.h"
+
+#include <limits.h>
+
+
+extern inline unsigned long bit_ceilul(unsigned long x);
+extern inline unsigned long bit_ceil_wrapul(unsigned long x);
+extern inline int leading_zerosul(unsigned long x);
diff --git a/lib/bit.h b/lib/bit.h
new file mode 100644
index 0000000..7f09eb4
--- /dev/null
+++ b/lib/bit.h
@@ -0,0 +1,53 @@
+/*
+ * SPDX-FileCopyrightText:  2022 - 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_BIT_H_
+#define SHADOW_INCLUDE_LIB_BIT_H_
+
+
+#include <config.h>
+
+#include <limits.h>
+
+
+#ifndef ULONG_WIDTH
+#define ULONG_WIDTH (sizeof(unsigned long) * CHAR_BIT)
+#endif
+
+
+inline unsigned long bit_ceilul(unsigned long x);
+inline unsigned long bit_ceil_wrapul(unsigned long x);
+inline int leading_zerosul(unsigned long x);
+
+
+/* stdc_bit_ceilul(3) */
+inline unsigned long
+bit_ceilul(unsigned long x)
+{
+	return 1 + (ULONG_MAX >> leading_zerosul(x));
+}
+
+
+/* stdc_bit_ceilul(3), but wrap instead of having Undefined Behavior */
+inline unsigned long
+bit_ceil_wrapul(unsigned long x)
+{
+	if (x == 0)
+		return 0;
+
+	return bit_ceilul(x);
+}
+
+/* stdc_leading_zerosul(3) */
+inline int
+leading_zerosul(unsigned long x)
+{
+	return (x == 0) ? ULONG_WIDTH : __builtin_clzl(x);
+}
+
+
+#endif  // include guard
diff --git a/libmisc/btrfs.c b/lib/btrfs.c
index a2563f7..0391598 100644
--- a/libmisc/btrfs.c
+++ b/lib/btrfs.c
@@ -39,7 +39,7 @@ static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const c
 		NULL
 	};
 
-	if (access(cmd, X_OK)) {
+	if (!cmd || access(cmd, X_OK)) {
 		return 1;
 	}
 
diff --git a/lib/cast.h b/lib/cast.h
new file mode 100644
index 0000000..5cbbcf6
--- /dev/null
+++ b/lib/cast.h
@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: 2022-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_CAST_H_
+#define SHADOW_INCLUDE_LIB_CAST_H_
+
+
+#include <config.h>
+
+
+#define const_cast(T, p)  _Generic(p, const T:  (T) (p))
+
+
+#endif  // include guard
diff --git a/libmisc/chkname.c b/lib/chkname.c
index e31ee8c..995562f 100644
--- a/libmisc/chkname.c
+++ b/lib/chkname.c
@@ -1,11 +1,10 @@
-/*
- * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2001 - 2005, Tomasz KÅ‚oczko
- * SPDX-FileCopyrightText: 2005 - 2008, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-2000, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2001-2005, Tomasz KÅ‚oczko
+// SPDX-FileCopyrightText: 2005-2008, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
 
 /*
  * is_valid_user_name(), is_valid_group_name() - check the new user/group
@@ -15,16 +14,39 @@
  *   false - bad name
  */
 
+
 #include <config.h>
 
 #ident "$Id$"
 
 #include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <unistd.h>
+
 #include "defines.h"
 #include "chkname.h"
 
+
 int allow_bad_names = false;
 
+
+size_t
+login_name_max_size(void)
+{
+	long  conf;
+
+	errno = 0;
+	conf = sysconf(_SC_LOGIN_NAME_MAX);
+	if (conf == -1 && errno != 0)
+		return LOGIN_NAME_MAX;
+
+	return conf;
+}
+
+
 static bool is_valid_name (const char *name)
 {
 	if (allow_bad_names) {
@@ -32,8 +54,8 @@ static bool is_valid_name (const char *name)
 	}
 
 	/*
-         * User/group names must match gnu e-regex:
-         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+         * User/group names must match BRE regex:
+         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\?
          *
          * as a non-POSIX, extension, allow "$" as the last char for
          * sake of Samba 3.x "add machine script"
@@ -72,19 +94,17 @@ static bool is_valid_name (const char *name)
 	return !numeric;
 }
 
-bool is_valid_user_name (const char *name)
+
+bool
+is_valid_user_name(const char *name)
 {
-	/*
-	 * User names are limited by whatever utmp can
-	 * handle.
-	 */
-	if (strlen (name) > USER_NAME_MAX_LENGTH) {
+	if (strlen(name) >= login_name_max_size())
 		return false;
-	}
 
-	return is_valid_name (name);
+	return is_valid_name(name);
 }
 
+
 bool is_valid_group_name (const char *name)
 {
 	/*
@@ -98,4 +118,3 @@ bool is_valid_group_name (const char *name)
 
 	return is_valid_name (name);
 }
-
diff --git a/libmisc/chkname.h b/lib/chkname.h
index 0771347..4306a8a 100644
--- a/libmisc/chkname.h
+++ b/lib/chkname.h
@@ -11,6 +11,7 @@
 #ifndef _CHKNAME_H_
 #define _CHKNAME_H_
 
+
 /*
  * is_valid_user_name(), is_valid_group_name() - check the new user/group
  * name for validity;
@@ -19,8 +20,14 @@
  *   false - bad name
  */
 
-#include "defines.h"
 
+#include <config.h>
+
+#include <stdbool.h>
+#include <stddef.h>
+
+
+extern size_t login_name_max_size(void);
 extern bool is_valid_user_name (const char *name);
 extern bool is_valid_group_name (const char *name);
 
diff --git a/libmisc/chowndir.c b/lib/chowndir.c
index d31618a..d31618a 100644
--- a/libmisc/chowndir.c
+++ b/lib/chowndir.c
diff --git a/libmisc/chowntty.c b/lib/chowntty.c
index 8043d8c..70127f3 100644
--- a/libmisc/chowntty.c
+++ b/lib/chowntty.c
@@ -51,7 +51,7 @@ void chown_tty (const struct passwd *info)
 	 */
 
 	if (   (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
-	    || (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) {
+	    || (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) {
 		int err = errno;
 		FILE *shadow_logfd = log_get_logfd();
 
diff --git a/libmisc/cleanup.c b/lib/cleanup.c
index c16f1bc..c16f1bc 100644
--- a/libmisc/cleanup.c
+++ b/lib/cleanup.c
diff --git a/libmisc/cleanup_group.c b/lib/cleanup_group.c
index df3ebfd..50c7084 100644
--- a/libmisc/cleanup_group.c
+++ b/lib/cleanup_group.c
@@ -9,6 +9,7 @@
 #include <assert.h>
 #include <stdio.h>
 
+#include "attr.h"
 #include "defines.h"
 #include "groupio.h"
 #include "sgroupio.h"
@@ -22,7 +23,7 @@
  */
 void cleanup_report_add_group (void *group_name)
 {
-	const char *name = (const char *)group_name;
+	const char *name = group_name;
 
 	SYSLOG ((LOG_ERR, "failed to add group %s", name));
 #ifdef WITH_AUDIT
@@ -40,7 +41,7 @@ void cleanup_report_add_group (void *group_name)
  */
 void cleanup_report_del_group (void *group_name)
 {
-	const char *name = (const char *)group_name;
+	const char *name = group_name;
 
 	SYSLOG ((LOG_ERR, "failed to remove group %s", name));
 #ifdef WITH_AUDIT
@@ -95,7 +96,7 @@ void cleanup_report_mod_gshadow (void *cleanup_info)
  */
 void cleanup_report_add_group_group (void *group_name)
 {
-	const char *name = (const char *)group_name;
+	const char *name = group_name;
 
 	SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ()));
 #ifdef WITH_AUDIT
@@ -115,7 +116,7 @@ void cleanup_report_add_group_group (void *group_name)
  */
 void cleanup_report_add_group_gshadow (void *group_name)
 {
-	const char *name = (const char *)group_name;
+	const char *name = group_name;
 
 	SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ()));
 #ifdef WITH_AUDIT
@@ -136,7 +137,7 @@ void cleanup_report_add_group_gshadow (void *group_name)
  */
 void cleanup_report_del_group_group (void *group_name)
 {
-	const char *name = (const char *)group_name;
+	const char *name = group_name;
 
 	SYSLOG ((LOG_ERR,
 	         "failed to remove group %s from %s",
@@ -159,7 +160,7 @@ void cleanup_report_del_group_group (void *group_name)
  */
 void cleanup_report_del_group_gshadow (void *group_name)
 {
-	const char *name = (const char *)group_name;
+	const char *name = group_name;
 
 	SYSLOG ((LOG_ERR,
 	         "failed to remove group %s from %s",
@@ -178,7 +179,7 @@ void cleanup_report_del_group_gshadow (void *group_name)
  *
  * It should be registered after the group file is successfully locked.
  */
-void cleanup_unlock_group (unused void *arg)
+void cleanup_unlock_group (MAYBE_UNUSED void *arg)
 {
 	if (gr_unlock () == 0) {
 		fprintf (log_get_logfd(),
@@ -198,7 +199,7 @@ void cleanup_unlock_group (unused void *arg)
  *
  * It should be registered after the gshadow file is successfully locked.
  */
-void cleanup_unlock_gshadow (unused void *arg)
+void cleanup_unlock_gshadow (MAYBE_UNUSED void *arg)
 {
 	if (sgr_unlock () == 0) {
 		fprintf (log_get_logfd(),
diff --git a/libmisc/cleanup_user.c b/lib/cleanup_user.c
index 26675c6..9c4bda9 100644
--- a/libmisc/cleanup_user.c
+++ b/lib/cleanup_user.c
@@ -9,6 +9,7 @@
 #include <assert.h>
 #include <stdio.h>
 
+#include "attr.h"
 #include "defines.h"
 #include "pwio.h"
 #include "shadowio.h"
@@ -16,13 +17,13 @@
 #include "shadowlog.h"
 
 /*
- * cleanup_report_add_user - Report failure to add an user to the system
+ * cleanup_report_add_user - Report failure to add a user to the system
  *
- * It should be registered when it is decided to add an user to the system.
+ * It should be registered when it is decided to add a user to the system.
  */
 void cleanup_report_add_user (void *user_name)
 {
-	const char *name = (const char *)user_name;
+	const char *name = user_name;
 
 	SYSLOG ((LOG_ERR, "failed to add user %s", name));
 #ifdef WITH_AUDIT
@@ -51,15 +52,15 @@ void cleanup_report_mod_passwd (void *cleanup_info)
 }
 
 /*
- * cleanup_report_add_user_passwd - Report failure to add an user to
+ * cleanup_report_add_user_passwd - Report failure to add a user to
  * /etc/passwd
  *
- * It should be registered when it is decided to add an user to the
+ * It should be registered when it is decided to add a user to the
  * /etc/passwd database.
  */
 void cleanup_report_add_user_passwd (void *user_name)
 {
-	const char *name = (const char *)user_name;
+	const char *name = user_name;
 
 	SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ()));
 #ifdef WITH_AUDIT
@@ -71,15 +72,15 @@ void cleanup_report_add_user_passwd (void *user_name)
 }
 
 /*
- * cleanup_report_add_user_shadow - Report failure to add an user to
+ * cleanup_report_add_user_shadow - Report failure to add a user to
  * /etc/shadow
  *
- * It should be registered when it is decided to add an user to the
+ * It should be registered when it is decided to add a user to the
  * /etc/shadow database.
  */
 void cleanup_report_add_user_shadow (void *user_name)
 {
-	const char *name = (const char *)user_name;
+	const char *name = user_name;
 
 	SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ()));
 #ifdef WITH_AUDIT
@@ -95,7 +96,7 @@ void cleanup_report_add_user_shadow (void *user_name)
  *
  * It should be registered after the passwd database is successfully locked.
  */
-void cleanup_unlock_passwd (unused void *arg)
+void cleanup_unlock_passwd (MAYBE_UNUSED void *arg)
 {
 	if (pw_unlock () == 0) {
 		fprintf (log_get_logfd(),
@@ -114,7 +115,7 @@ void cleanup_unlock_passwd (unused void *arg)
  *
  * It should be registered after the shadow database is successfully locked.
  */
-void cleanup_unlock_shadow (unused void *arg)
+void cleanup_unlock_shadow (MAYBE_UNUSED void *arg)
 {
 	if (spw_unlock () == 0) {
 		fprintf (log_get_logfd(),
diff --git a/lib/commonio.c b/lib/commonio.c
index 9a02ce1..01a26c9 100644
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -21,6 +21,9 @@
 #include <errno.h>
 #include <stdio.h>
 #include <signal.h>
+
+#include "alloc.h"
+#include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"
 #ifdef WITH_TCB
@@ -29,6 +32,8 @@
 #include "prototypes.h"
 #include "commonio.h"
 #include "shadowlog_internal.h"
+#include "string/sprintf.h"
+
 
 /* local function prototypes */
 static int lrename (const char *, const char *);
@@ -106,9 +111,9 @@ static int check_link_count (const char *file, bool log)
 
 	if (sb.st_nlink != 2) {
 		if (log) {
-			(void) fprintf (shadow_logfd,
-			                "%s: %s: lock file already used (nlink: %u)\n",
-			                shadow_progname, file, sb.st_nlink);
+			fprintf(shadow_logfd,
+			        "%s: %s: lock file already used (nlink: %ju)\n",
+			        shadow_progname, file, (uintmax_t) sb.st_nlink);
 		}
 		return 0;
 	}
@@ -119,11 +124,11 @@ static int check_link_count (const char *file, bool log)
 
 static int do_lock_file (const char *file, const char *lock, bool log)
 {
-	int fd;
-	pid_t pid;
-	ssize_t len;
-	int retval;
-	char buf[32];
+	int      fd;
+	int      retval;
+	char     buf[32];
+	pid_t    pid;
+	ssize_t  len;
 
 	fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
 	if (-1 == fd) {
@@ -136,9 +141,9 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	}
 
 	pid = getpid ();
-	snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
+	SNPRINTF(buf, "%lu", (unsigned long) pid);
 	len = (ssize_t) strlen (buf) + 1;
-	if (write (fd, buf, (size_t) len) != len) {
+	if (write_full(fd, buf, len) == -1) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file write error: %s\n",
@@ -190,7 +195,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		return 0;
 	}
 	buf[len] = '\0';
-	if (get_pid (buf, &pid) == 0) {
+	if (get_pid(buf, &pid) == -1) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s with an invalid PID '%s'\n",
@@ -251,25 +256,13 @@ static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
 		return NULL;
 	}
 
-#ifdef HAVE_FCHOWN
 	if (fchown (fileno (fp), sb->st_uid, sb->st_gid) != 0) {
 		goto fail;
 	}
-#else				/* !HAVE_FCHOWN */
-	if (chown (name, sb->st_mode) != 0) {
-		goto fail;
-	}
-#endif				/* !HAVE_FCHOWN */
-
-#ifdef HAVE_FCHMOD
 	if (fchmod (fileno (fp), sb->st_mode & 0664) != 0) {
 		goto fail;
 	}
-#else				/* !HAVE_FCHMOD */
-	if (chmod (name, sb->st_mode & 0664) != 0) {
-		goto fail;
-	}
-#endif				/* !HAVE_FCHMOD */
+
 	return fp;
 
       fail:
@@ -349,7 +342,7 @@ static void free_linked_list (struct commonio_db *db)
 
 int commonio_setname (struct commonio_db *db, const char *name)
 {
-	snprintf (db->filename, sizeof (db->filename), "%s", name);
+	SNPRINTF(db->filename, "%s", name);
 	db->setname = true;
 	return 1;
 }
@@ -363,33 +356,25 @@ bool commonio_present (const struct commonio_db *db)
 
 int commonio_lock_nowait (struct commonio_db *db, bool log)
 {
-	char* file = NULL;
-	char* lock = NULL;
-	size_t lock_file_len;
-	size_t file_len;
-	int err = 0;
+	int   err = 0;
+	char  *file = NULL;
+	char  *lock = NULL;
 
 	if (db->locked) {
 		return 1;
 	}
-	file_len = strlen(db->filename) + 11;/* %lu max size */
-	lock_file_len = strlen(db->filename) + 6; /* sizeof ".lock" */
-	file = (char*)malloc(file_len);
-	if (file == NULL) {
+
+	if (asprintf(&file, "%s.%ju", db->filename, (uintmax_t) getpid()) == -1)
 		goto cleanup_ENOMEM;
-	}
-	lock = (char*)malloc(lock_file_len);
-	if (lock == NULL) {
+	if (asprintf(&lock, "%s.lock", db->filename) == -1)
 		goto cleanup_ENOMEM;
-	}
-	snprintf (file, file_len, "%s.%lu",
-	          db->filename, (unsigned long) getpid ());
-	snprintf (lock, lock_file_len, "%s.lock", db->filename);
+
 	if (do_lock_file (file, lock, log) != 0) {
 		db->locked = true;
 		lock_count++;
 		err = 1;
 	}
+
 cleanup_ENOMEM:
 	free(file);
 	free(lock);
@@ -483,7 +468,7 @@ static void dec_lock_count (void)
 
 int commonio_unlock (struct commonio_db *db)
 {
-	char lock[1024];
+	char  lock[1029];
 
 	if (db->isopen) {
 		db->readonly = true;
@@ -500,7 +485,7 @@ int commonio_unlock (struct commonio_db *db)
 		 * then call ulckpwdf() (if used) on last unlock.
 		 */
 		db->locked = false;
-		snprintf (lock, sizeof lock, "%s.lock", db->filename);
+		SNPRINTF(lock, "%s.lock", db->filename);
 		unlink (lock);
 		dec_lock_count ();
 		return 1;
@@ -618,7 +603,7 @@ int commonio_open (struct commonio_db *db, int mode)
 
 	fd = open (db->filename,
 	             (db->readonly ? O_RDONLY : O_RDWR)
-	           | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
+	           | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
 	saved_errno = errno;
 	db->fp = NULL;
 	if (fd >= 0) {
@@ -649,22 +634,19 @@ int commonio_open (struct commonio_db *db, int mode)
 		return 0;
 	}
 
-	/* Do not inherit fd in spawned processes (e.g. nscd) */
-	fcntl (fileno (db->fp), F_SETFD, FD_CLOEXEC);
-
 	buflen = BUFLEN;
-	buf = (char *) malloc (buflen);
+	buf = MALLOC(buflen, char);
 	if (NULL == buf) {
 		goto cleanup_ENOMEM;
 	}
 
-	while (db->ops->fgets (buf, (int) buflen, db->fp) == buf) {
-		while (   ((cp = strrchr (buf, '\n')) == NULL)
+	while (db->ops->fgets (buf, buflen, db->fp) == buf) {
+		while (   (strrchr (buf, '\n') == NULL)
 		       && (feof (db->fp) == 0)) {
 			size_t len;
 
 			buflen += BUFLEN;
-			cp = (char *) realloc (buf, buflen);
+			cp = REALLOC(buf, buflen, char);
 			if (NULL == cp) {
 				goto cleanup_buf;
 			}
@@ -698,7 +680,7 @@ int commonio_open (struct commonio_db *db, int mode)
 			}
 		}
 
-		p = (struct commonio_entry *) malloc (sizeof *p);
+		p = MALLOC(1, struct commonio_entry);
 		if (NULL == p) {
 			goto cleanup_entry;
 		}
@@ -775,7 +757,7 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
 		return 0;
 	}
 
-	entries = malloc (n * sizeof (struct commonio_entry *));
+	entries = MALLOC(n, struct commonio_entry *);
 	if (entries == NULL) {
 		return -1;
 	}
@@ -912,9 +894,9 @@ static int write_all (const struct commonio_db *db)
 
 int commonio_close (struct commonio_db *db)
 {
-	char buf[1024];
-	int errors = 0;
-	struct stat sb;
+	int          errors = 0;
+	char         buf[1024];
+	struct stat  sb;
 
 	if (!db->isopen) {
 		errno = EINVAL;
@@ -945,7 +927,11 @@ int commonio_close (struct commonio_db *db)
 		/*
 		 * Create backup file.
 		 */
-		snprintf (buf, sizeof buf, "%s-", db->filename);
+		if (SNPRINTF(buf, "%s-", db->filename) == -1) {
+			(void) fclose (db->fp);
+			db->fp = NULL;
+			goto fail;
+		}
 
 #ifdef WITH_SELINUX
 		if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
@@ -960,15 +946,15 @@ int commonio_close (struct commonio_db *db)
 			errors++;
 		}
 
+		db->fp = NULL;
+
 #ifdef WITH_SELINUX
 		if (reset_selinux_file_context () != 0) {
 			errors++;
 		}
 #endif
-		if (errors != 0) {
-			db->fp = NULL;
+		if (errors != 0)
 			goto fail;
-		}
 	} else {
 		/*
 		 * Default permissions for new [g]shadow files.
@@ -978,7 +964,8 @@ int commonio_close (struct commonio_db *db)
 		sb.st_gid = db->st_gid;
 	}
 
-	snprintf (buf, sizeof buf, "%s+", db->filename);
+	if (SNPRINTF(buf, "%s+", db->filename) == -1)
+		goto fail;
 
 #ifdef WITH_SELINUX
 	if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
@@ -998,13 +985,11 @@ int commonio_close (struct commonio_db *db)
 	if (fflush (db->fp) != 0) {
 		errors++;
 	}
-#ifdef HAVE_FSYNC
+
 	if (fsync (fileno (db->fp)) != 0) {
 		errors++;
 	}
-#else				/* !HAVE_FSYNC */
-	sync ();
-#endif				/* !HAVE_FSYNC */
+
 	if (fclose (db->fp) != 0) {
 		errors++;
 	}
@@ -1096,7 +1081,7 @@ int commonio_update (struct commonio_db *db, const void *eptr)
 		return 1;
 	}
 	/* not found, new entry */
-	p = (struct commonio_entry *) malloc (sizeof *p);
+	p = MALLOC(1, struct commonio_entry);
 	if (NULL == p) {
 		db->ops->free (nentry);
 		errno = ENOMEM;
@@ -1133,7 +1118,7 @@ int commonio_append (struct commonio_db *db, const void *eptr)
 		return 0;
 	}
 	/* new entry */
-	p = (struct commonio_entry *) malloc (sizeof *p);
+	p = MALLOC(1, struct commonio_entry);
 	if (NULL == p) {
 		db->ops->free (nentry);
 		errno = ENOMEM;
@@ -1200,6 +1185,8 @@ int commonio_remove (struct commonio_db *db, const char *name)
 		db->ops->free (p->eptr);
 	}
 
+	free(p);
+
 	return 1;
 }
 
diff --git a/lib/commonio.h b/lib/commonio.h
index e63c5b4..fedbefa 100644
--- a/lib/commonio.h
+++ b/lib/commonio.h
@@ -11,8 +11,11 @@
 #ifndef COMMONIO_H
 #define COMMONIO_H
 
+
+#include "attr.h"
 #include "defines.h" /* bool */
 
+
 /*
  * Linked list entry.
  */
@@ -37,7 +40,7 @@ struct commonio_ops {
 	/*
 	 * free() the object including any strings pointed by it.
 	 */
-	void (*free) (/*@out@*/ /*@only@*/void *);
+	void (*free)(/*@only@*/void *);
 
 	/*
 	 * Return the name of the object (for example, pw_name
@@ -61,7 +64,9 @@ struct commonio_ops {
 	 * fgets and fputs (can be replaced by versions that
 	 * understand line continuation conventions).
 	 */
-	/*@null@*/char *(*fgets) (/*@returned@*/ /*@out@*/char *s, int n, FILE *stream);
+	ATTR_ACCESS(write_only, 1, 2)
+	/*@null@*/char *(*fgets)(/*@returned@*/char *restrict s, int n,
+	                         FILE *restrict stream);
 	int (*fputs) (const char *, FILE *);
 
 	/*
@@ -123,6 +128,7 @@ extern int commonio_setname (struct commonio_db *, const char *);
 extern bool commonio_present (const struct commonio_db *db);
 extern int commonio_lock (struct commonio_db *);
 extern int commonio_lock_nowait (struct commonio_db *, bool log);
+extern int do_fcntl_lock (const char *file, bool log, short type);
 extern int commonio_open (struct commonio_db *, int);
 extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *);
 extern int commonio_update (struct commonio_db *, const void *);
diff --git a/libmisc/console.c b/lib/console.c
index c475aa2..92065d9 100644
--- a/libmisc/console.c
+++ b/lib/console.c
@@ -13,6 +13,7 @@
 #include <stdio.h>
 #include "getdef.h"
 #include "prototypes.h"
+#include "string/strtcpy.h"
 
 #ident "$Id$"
 
@@ -44,8 +45,7 @@ static bool is_listed (const char *cfgin, const char *tty, bool def)
 
 	if (*cons != '/') {
 		char *pbuf;
-		strncpy (buf, cons, sizeof (buf));
-		buf[sizeof (buf) - 1] = '\0';
+		STRTCPY(buf, cons);
 		pbuf = &buf[0];
 		while ((s = strtok (pbuf, ":")) != NULL) {
 			if (strcmp (s, tty) == 0) {
@@ -71,8 +71,9 @@ static bool is_listed (const char *cfgin, const char *tty, bool def)
 	 * See if this tty is listed in the console file.
 	 */
 
-	while (fgets (buf, (int) sizeof (buf), fp) != NULL) {
-		buf[strlen (buf) - 1] = '\0';
+	while (fgets (buf, sizeof (buf), fp) != NULL) {
+		/* Remove optional trailing '\n'. */
+		buf[strcspn (buf, "\n")] = '\0';
 		if (strcmp (buf, tty) == 0) {
 			(void) fclose (fp);
 			return true;
diff --git a/libmisc/copydir.c b/lib/copydir.c
index b692aa9..926033a 100644
--- a/libmisc/copydir.c
+++ b/lib/copydir.c
@@ -17,6 +17,9 @@
 #include <sys/time.h>
 #include <fcntl.h>
 #include <stdio.h>
+
+#include "alloc.h"
+#include "attr.h"
 #include "prototypes.h"
 #include "defines.h"
 #ifdef WITH_SELINUX
@@ -33,6 +36,7 @@
 #include <attr/libattr.h>
 #endif				/* WITH_ATTR */
 #include "shadowlog.h"
+#include "string/sprintf.h"
 
 
 static /*@null@*/const char *src_orig;
@@ -64,12 +68,12 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
                      gid_t old_gid, gid_t new_gid);
 static /*@null@*/char *readlink_malloc (const char *filename);
 static int copy_symlink (const struct path_info *src, const struct path_info *dst,
-                         unused bool reset_selinux,
+                         MAYBE_UNUSED bool reset_selinux,
                          const struct stat *statp, const struct timespec mt[],
                          uid_t old_uid, uid_t new_uid,
                          gid_t old_gid, gid_t new_gid);
 static int copy_hardlink (const struct path_info *dst,
-                          unused bool reset_selinux,
+                          MAYBE_UNUSED bool reset_selinux,
                           struct link_name *lp);
 static int copy_special (const struct path_info *src, const struct path_info *dst,
                          bool reset_selinux,
@@ -93,7 +97,7 @@ static int fchown_if_needed (int fdst, const struct stat *statp,
  * error_acl - format the error messages for the ACL and EQ libraries.
  */
 format_attr(printf, 2, 3)
-static void error_acl (unused struct error_context *ctx, const char *fmt, ...)
+static void error_acl (MAYBE_UNUSED struct error_context *ctx, const char *fmt, ...)
 {
 	va_list ap;
 	FILE *shadow_logfd = log_get_logfd();
@@ -206,11 +210,7 @@ static void remove_link (/*@only@*/struct link_name *ln)
 
 static /*@exposed@*/ /*@null@*/struct link_name *check_link (const char *name, const struct stat *sb)
 {
-	struct link_name *lp;
-	size_t src_len;
-	size_t dst_len;
-	size_t name_len;
-	size_t len;
+	struct link_name  *lp;
 
 	/* copy_tree () must be the entry point */
 	assert (NULL != src_orig);
@@ -226,16 +226,11 @@ static /*@exposed@*/ /*@null@*/struct link_name *check_link (const char *name, c
 		return NULL;
 	}
 
-	lp = (struct link_name *) xmalloc (sizeof *lp);
-	src_len = strlen (src_orig);
-	dst_len = strlen (dst_orig);
-	name_len = strlen (name);
+	lp = XMALLOC(1, struct link_name);
 	lp->ln_dev = sb->st_dev;
 	lp->ln_ino = sb->st_ino;
 	lp->ln_count = sb->st_nlink;
-	len = name_len - src_len + dst_len + 1;
-	lp->ln_name = (char *) xmalloc (len);
-	(void) snprintf (lp->ln_name, len, "%s%s", dst_orig, name + src_len);
+	xasprintf(&lp->ln_name, "%s%s", dst_orig, name + strlen(src_orig));
 	lp->ln_next = links;
 	links = lp;
 
@@ -312,51 +307,43 @@ static int copy_tree_impl (const struct path_info *src, const struct path_info *
 		set_orig = true;
 	}
 	while ((0 == err) && (ent = readdir (dir)) != NULL) {
+		char              *src_name = NULL;
+		char              *dst_name;
+		struct path_info  src_entry, dst_entry;
 		/*
 		 * Skip the "." and ".." entries
 		 */
-		if ((strcmp (ent->d_name, ".") != 0) &&
-		    (strcmp (ent->d_name, "..") != 0)) {
-			char *src_name;
-			char *dst_name;
-			size_t src_len = strlen (ent->d_name) + 2;
-			size_t dst_len = strlen (ent->d_name) + 2;
-			src_len += strlen (src->full_path);
-			dst_len += strlen (dst->full_path);
-
-			src_name = (char *) malloc (src_len);
-			dst_name = (char *) malloc (dst_len);
-
-			if ((NULL == src_name) || (NULL == dst_name)) {
-				err = -1;
-			} else {
-				/*
-				 * Build the filename for both the source and
-				 * the destination files.
-				 */
-				struct path_info src_entry, dst_entry;
-
-				(void) snprintf (src_name, src_len, "%s/%s",
-				                 src->full_path, ent->d_name);
-				(void) snprintf (dst_name, dst_len, "%s/%s",
-				                 dst->full_path, ent->d_name);
-
-				src_entry.full_path = src_name;
-				src_entry.dirfd = dirfd(dir);
-				src_entry.name = ent->d_name;
-
-				dst_entry.full_path = dst_name;
-				dst_entry.dirfd = dst_fd;
-				dst_entry.name = ent->d_name;
-
-				err = copy_entry (&src_entry, &dst_entry,
-				                  reset_selinux,
-				                  old_uid, new_uid,
-				                  old_gid, new_gid);
-			}
-			free (src_name);
-			free (dst_name);
+		if (strcmp(ent->d_name, ".") == 0 ||
+		    strcmp(ent->d_name, "..") == 0)
+		{
+			continue;
+		}
+
+		if (asprintf(&src_name, "%s/%s", src->full_path, ent->d_name) == -1)
+		{
+			err = -1;
+			continue;
+		}
+		if (asprintf(&dst_name, "%s/%s", dst->full_path, ent->d_name) == -1)
+		{
+			err = -1;
+			goto skip;
 		}
+
+		src_entry.full_path = src_name;
+		src_entry.dirfd = dirfd(dir);
+		src_entry.name = ent->d_name;
+
+		dst_entry.full_path = dst_name;
+		dst_entry.dirfd = dst_fd;
+		dst_entry.name = ent->d_name;
+
+		err = copy_entry(&src_entry, &dst_entry, reset_selinux,
+				 old_uid, new_uid, old_gid, new_gid);
+
+		free(dst_name);
+skip:
+		free(src_name);
 	}
 	(void) closedir (dir);
 	(void) close (dst_fd);
@@ -413,78 +400,70 @@ static int copy_entry (const struct path_info *src, const struct path_info *dst,
 {
 	int err = 0;
 	struct stat sb;
+	struct stat tmp_sb;
 	struct link_name *lp;
 	struct timespec mt[2];
 
 	if (fstatat(src->dirfd, src->name, &sb, AT_SYMLINK_NOFOLLOW) == -1) {
 		/* If we cannot stat the file, do not care. */
-	} else {
-#ifdef HAVE_STRUCT_STAT_ST_ATIM
-		mt[0].tv_sec  = sb.st_atim.tv_sec;
-		mt[0].tv_nsec = sb.st_atim.tv_nsec;
-#else				/* !HAVE_STRUCT_STAT_ST_ATIM */
-		mt[0].tv_sec  = sb.st_atime;
-# ifdef HAVE_STRUCT_STAT_ST_ATIMENSEC
-		mt[0].tv_nsec = sb.st_atimensec;
-# else				/* !HAVE_STRUCT_STAT_ST_ATIMENSEC */
-		mt[0].tv_nsec = 0;
-# endif				/* !HAVE_STRUCT_STAT_ST_ATIMENSEC */
-#endif				/* !HAVE_STRUCT_STAT_ST_ATIM */
-
-#ifdef HAVE_STRUCT_STAT_ST_MTIM
-		mt[1].tv_sec  = sb.st_mtim.tv_sec;
-		mt[1].tv_nsec = sb.st_mtim.tv_nsec;
-#else				/* !HAVE_STRUCT_STAT_ST_MTIM */
-		mt[1].tv_sec  = sb.st_mtime;
-# ifdef HAVE_STRUCT_STAT_ST_MTIMENSEC
-		mt[1].tv_nsec = sb.st_mtimensec;
-# else				/* !HAVE_STRUCT_STAT_ST_MTIMENSEC */
-		mt[1].tv_nsec = 0;
-# endif				/* !HAVE_STRUCT_STAT_ST_MTIMENSEC */
-#endif				/* !HAVE_STRUCT_STAT_ST_MTIM */
-
-		if (S_ISDIR (sb.st_mode)) {
-			err = copy_dir (src, dst, reset_selinux, &sb, mt,
-			                old_uid, new_uid, old_gid, new_gid);
-		}
+		return 0;
+	}
 
-		/*
-		 * Copy any symbolic links
-		 */
+	mt[0].tv_sec  = sb.st_atim.tv_sec;
+	mt[0].tv_nsec = sb.st_atim.tv_nsec;
 
-		else if (S_ISLNK (sb.st_mode)) {
-			err = copy_symlink (src, dst, reset_selinux, &sb, mt,
-			                    old_uid, new_uid, old_gid, new_gid);
-		}
+	mt[1].tv_sec  = sb.st_mtim.tv_sec;
+	mt[1].tv_nsec = sb.st_mtim.tv_nsec;
 
-		/*
-		 * See if this is a previously copied link
-		 */
+	if (S_ISDIR (sb.st_mode)) {
+		err = copy_dir (src, dst, reset_selinux, &sb, mt,
+				old_uid, new_uid, old_gid, new_gid);
+	}
 
-		else if ((lp = check_link (src->full_path, &sb)) != NULL) {
-			err = copy_hardlink (dst, reset_selinux, lp);
-		}
+	/*
+	* If the destination already exists do nothing.
+	* This is after the copy_dir above to still iterate into subdirectories.
+	*/
+	if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) {
+		return err;
+	}
 
-		/*
-		 * Deal with FIFOs and special files.  The user really
-		 * shouldn't have any of these, but it seems like it
-		 * would be nice to copy everything ...
-		 */
+	/*
+	* Copy any symbolic links
+	*/
 
-		else if (!S_ISREG (sb.st_mode)) {
-			err = copy_special (src, dst, reset_selinux, &sb, mt,
-			                    old_uid, new_uid, old_gid, new_gid);
-		}
+	else if (S_ISLNK (sb.st_mode)) {
+		err = copy_symlink (src, dst, reset_selinux, &sb, mt,
+				    old_uid, new_uid, old_gid, new_gid);
+	}
 
-		/*
-		 * Create the new file and copy the contents.  The new
-		 * file will be owned by the provided UID and GID values.
-		 */
+	/*
+	* See if this is a previously copied link
+	*/
 
-		else {
-			err = copy_file (src, dst, reset_selinux, &sb, mt,
-			                 old_uid, new_uid, old_gid, new_gid);
-		}
+	else if ((lp = check_link (src->full_path, &sb)) != NULL) {
+		err = copy_hardlink (dst, reset_selinux, lp);
+	}
+
+	/*
+	* Deal with FIFOs and special files.  The user really
+	* shouldn't have any of these, but it seems like it
+	* would be nice to copy everything ...
+	*/
+
+	else if (!S_ISREG (sb.st_mode)) {
+		err = copy_special (src, dst, reset_selinux, &sb, mt,
+				    old_uid, new_uid, old_gid, new_gid);
+	}
+
+	/*
+	* Create the new file and copy the contents.  The new
+	* file will be owned by the provided UID and GID values.
+	*/
+
+	else {
+		err = copy_file (src, dst, reset_selinux, &sb, mt,
+				 old_uid, new_uid, old_gid, new_gid);
 	}
 
 	return err;
@@ -507,6 +486,7 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
                      gid_t old_gid, gid_t new_gid)
 {
 	int err = 0;
+	struct stat dst_sb;
 
 	/*
 	 * Create a new target directory, make it owned by
@@ -518,6 +498,15 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
+        /*
+         * If the destination is already a directory, don't change it
+         * but copy into it (recursively).
+        */
+        if (fstatat(dst->dirfd, dst->name, &dst_sb, AT_SYMLINK_NOFOLLOW) == 0 && S_ISDIR(dst_sb.st_mode)) {
+            return (copy_tree_impl (src, dst, false, reset_selinux,
+                           old_uid, new_uid, old_gid, new_gid) != 0);
+        }
+
 	if (   (mkdirat (dst->dirfd, dst->name, 0700) != 0)
 	    || (chownat_if_needed (dst, statp,
 	                         old_uid, new_uid, old_gid, new_gid) != 0)
@@ -559,7 +548,7 @@ static /*@null@*/char *readlink_malloc (const char *filename)
 
 	while (true) {
 		ssize_t nchars;
-		char *buffer = (char *) malloc (size);
+		char *buffer = MALLOC(size, char);
 		if (NULL == buffer) {
 			return NULL;
 		}
@@ -594,7 +583,7 @@ static /*@null@*/char *readlink_malloc (const char *filename)
  *	Return 0 on success, -1 on error.
  */
 static int copy_symlink (const struct path_info *src, const struct path_info *dst,
-                         unused bool reset_selinux,
+                         MAYBE_UNUSED bool reset_selinux,
                          const struct stat *statp, const struct timespec mt[],
                          uid_t old_uid, uid_t new_uid,
                          gid_t old_gid, gid_t new_gid)
@@ -622,13 +611,11 @@ static int copy_symlink (const struct path_info *src, const struct path_info *ds
 	 * create a link to the corresponding entry in the dst_orig
 	 * directory.
 	 */
-	if (strncmp (oldlink, src_orig, strlen (src_orig)) == 0) {
-		size_t len = strlen (dst_orig) + strlen (oldlink) - strlen (src_orig) + 1;
-		char *dummy = (char *) xmalloc (len);
-		(void) snprintf (dummy, len, "%s%s",
-		                 dst_orig,
-		                 oldlink + strlen (src_orig));
-		free (oldlink);
+	if (strncmp(oldlink, src_orig, strlen(src_orig)) == 0) {
+		char  *dummy;
+
+		xasprintf(&dummy, "%s%s", dst_orig, oldlink + strlen(src_orig));
+		free(oldlink);
 		oldlink = dummy;
 	}
 
@@ -668,7 +655,7 @@ static int copy_symlink (const struct path_info *src, const struct path_info *ds
  *	Return 0 on success, -1 on error.
  */
 static int copy_hardlink (const struct path_info *dst,
-                          unused bool reset_selinux,
+                          MAYBE_UNUSED bool reset_selinux,
                           struct link_name *lp)
 {
 	/* FIXME: selinux, ACL, Extended Attributes needed? */
@@ -687,6 +674,7 @@ static int copy_hardlink (const struct path_info *dst,
 	return 0;
 }
 
+
 /*
  * copy_special - copy a special file
  *
@@ -697,29 +685,33 @@ static int copy_hardlink (const struct path_info *dst,
  *
  *	Return 0 on success, -1 on error.
  */
-static int copy_special (const struct path_info *src, const struct path_info *dst,
-                         bool reset_selinux,
-                         const struct stat *statp, const struct timespec mt[],
-                         uid_t old_uid, uid_t new_uid,
-                         gid_t old_gid, gid_t new_gid)
+static int
+copy_special(const struct path_info *src, const struct path_info *dst,
+             bool reset_selinux,
+             const struct stat *statp, const struct timespec mt[],
+             uid_t old_uid, uid_t new_uid,
+             gid_t old_gid, gid_t new_gid)
 {
-	int err = 0;
+#if defined(WITH_SELINUX)
+	if (set_selinux_file_context(dst->full_path, statp->st_mode & S_IFMT) != 0)
+		return -1;
+#endif
 
-#ifdef WITH_SELINUX
-	if (set_selinux_file_context (dst->full_path, statp->st_mode & S_IFMT) != 0) {
+	if (mknodat(dst->dirfd, dst->name, statp->st_mode & ~07777U, statp->st_rdev) == -1)
 		return -1;
-	}
-#endif				/* WITH_SELINUX */
 
-	if (   (mknodat (dst->dirfd, dst->name, statp->st_mode & ~07777U, statp->st_rdev) != 0)
-	    || (chownat_if_needed (dst, statp,
-	                         old_uid, new_uid, old_gid, new_gid) != 0)
-	    || (fchmodat (dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) != 0)
-#ifdef WITH_ACL
-	    || (   (perm_copy_path (src, dst, &ctx) != 0)
-	        && (errno != 0))
-#endif				/* WITH_ACL */
-#ifdef WITH_ATTR
+	if (chownat_if_needed(dst, statp, old_uid, new_uid, old_gid, new_gid) == -1)
+		return -1;
+
+	if (fchmodat(dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) == -1)
+		return -1;
+
+#if defined(WITH_ACL)
+	if (perm_copy_path(src, dst, &ctx) == -1 && errno != 0)
+		return -1;
+#endif
+
+#if defined(WITH_ATTR)
 	/*
 	 * If the third parameter is NULL, all extended attributes
 	 * except those that define Access Control Lists are copied.
@@ -727,51 +719,16 @@ static int copy_special (const struct path_info *src, const struct path_info *ds
 	 * file systems with and without ACL support needs some
 	 * additional logic so that no unexpected permissions result.
 	 */
-	    || (   !reset_selinux
-	        && (attr_copy_path (src, dst, NULL, &ctx) != 0)
-	        && (errno != 0))
-#endif				/* WITH_ATTR */
-		|| (utimensat (dst->dirfd, dst->name, mt, AT_SYMLINK_NOFOLLOW) != 0)) {
-		err = -1;
+	if (!reset_selinux) {
+		if (attr_copy_path(src, dst, NULL, &ctx) == -1 && errno != 0)
+			return -1;
 	}
+#endif
 
-	return err;
-}
-
-/*
- * full_write - write entire buffer
- *
- * Write up to count bytes from the buffer starting at buf to the
- * file referred to by the file descriptor fd.
- * Retry in case of a short write.
- *
- * Returns the number of bytes written on success, -1 on error.
- */
-static ssize_t full_write(int fd, const void *buf, size_t count) {
-	ssize_t written = 0;
-
-	while (count > 0) {
-		ssize_t res;
-
-		res = write(fd, buf, count);
-		if (res < 0) {
-			if (errno == EINTR) {
-				continue;
-			}
-
-			return res;
-		}
-
-		if (res == 0) {
-			break;
-		}
-
-		written += res;
-		buf = (const unsigned char*)buf + res;
-		count -= (size_t)res;
-	}
+	if (utimensat(dst->dirfd, dst->name, mt, AT_SYMLINK_NOFOLLOW) == -1)
+		return -1;
 
-	return written;
+	return 0;
 }
 
 /*
@@ -850,7 +807,7 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 			break;
 		}
 
-		if (full_write (ofd, buf, (size_t)cnt) < 0) {
+		if (write_full(ofd, buf, cnt) == -1) {
 			(void) close (ofd);
 			(void) close (ifd);
 			return -1;
@@ -858,7 +815,7 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 	}
 
 	(void) close (ifd);
-	if (close (ofd) != 0) {
+	if (close (ofd) != 0 && errno != EINTR) {
 		return -1;
 	}
 
diff --git a/lib/csrand.c b/lib/csrand.c
new file mode 100644
index 0000000..8ded343
--- /dev/null
+++ b/lib/csrand.c
@@ -0,0 +1,150 @@
+/*
+ * SPDX-FileCopyrightText:  Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <limits.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#if HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
+#include "bit.h"
+#include "defines.h"
+#include "prototypes.h"
+#include "shadowlog.h"
+#include "sizeof.h"
+
+
+static uint32_t csrand32(void);
+static uint32_t csrand_uniform32(uint32_t n);
+static unsigned long csrand_uniform_slow(unsigned long n);
+
+
+/*
+ * Return a uniformly-distributed CS random u_long value.
+ */
+unsigned long
+csrand(void)
+{
+	FILE           *fp;
+	unsigned long  r;
+
+#ifdef HAVE_GETENTROPY
+	/* getentropy may exist but lack kernel support.  */
+	if (getentropy(&r, sizeof(r)) == 0)
+		return r;
+#endif
+
+#ifdef HAVE_GETRANDOM
+	/* Likewise getrandom.  */
+	if (getrandom(&r, sizeof(r), 0) == sizeof(r))
+		return r;
+#endif
+
+#ifdef HAVE_ARC4RANDOM_BUF
+	/* arc4random_buf can never fail.  */
+	arc4random_buf(&r, sizeof(r));
+	return r;
+#endif
+
+	/* Use /dev/urandom as a last resort.  */
+	fp = fopen("/dev/urandom", "r");
+	if (NULL == fp) {
+		goto fail;
+	}
+
+	if (fread(&r, sizeof(r), 1, fp) != 1) {
+		fclose(fp);
+		goto fail;
+	}
+
+	fclose(fp);
+	return r;
+
+fail:
+	fprintf(log_get_logfd(), _("Unable to obtain random bytes.\n"));
+	exit(1);
+}
+
+
+/*
+ * Return a uniformly-distributed CS random value in the interval [0, n-1].
+ */
+unsigned long
+csrand_uniform(unsigned long n)
+{
+	if (n == 0 || n > UINT32_MAX)
+		return csrand_uniform_slow(n);
+
+	return csrand_uniform32(n);
+}
+
+
+/*
+ * Return a uniformly-distributed CS random value in the interval [min, max].
+ */
+unsigned long
+csrand_interval(unsigned long min, unsigned long max)
+{
+	return csrand_uniform(max - min + 1) + min;
+}
+
+
+static uint32_t
+csrand32(void)
+{
+	return csrand();
+}
+
+
+/*
+ * Fast Random Integer Generation in an Interval
+ * ACM Transactions on Modeling and Computer Simulation 29 (1), 2019
+ * <https://arxiv.org/abs/1805.10941>
+ */
+static uint32_t
+csrand_uniform32(uint32_t n)
+{
+	uint32_t  bound, rem;
+	uint64_t  r, mult;
+
+	if (n == 0)
+		return csrand32();
+
+	bound = -n % n;  // analogous to `2^32 % n`, since `x % y == (x-y) % y`
+
+	do {
+		r = csrand32();
+		mult = r * n;
+		rem = mult;  // analogous to `mult % 2^32`
+	} while (rem < bound);  // p = (2^32 % n) / 2^32;  W.C.: n=2^31+1, p=0.5
+
+	r = mult >> WIDTHOF(n);  // analogous to `mult / 2^32`
+
+	return r;
+}
+
+
+static unsigned long
+csrand_uniform_slow(unsigned long n)
+{
+	unsigned long  r, max, mask;
+
+	max = n - 1;
+	mask = bit_ceil_wrapul(n) - 1;
+
+	do {
+		r = csrand();
+		r &= mask;  // optimization
+	} while (r > max);  // p = ((mask+1) % n) / (mask+1);  W.C.: p=0.5
+
+	return r;
+}
diff --git a/lib/defines.h b/lib/defines.h
index d01f691..8c55ddd 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -6,41 +6,8 @@
 
 #include "config.h"
 
-#if HAVE_STDBOOL_H
-# include <stdbool.h>
-#else
-# if ! HAVE__BOOL
-#  ifdef __cplusplus
-typedef bool _Bool;
-#  else
-typedef unsigned char _Bool;
-#  endif
-# endif
-# define bool _Bool
-# define false (0)
-# define true  (1)
-# define __bool_true_false_are_defined 1
-#endif
-
-/* Take care of NLS matters.  */
-#ifdef S_SPLINT_S
-extern char *setlocale(int categories, const char *locale);
-# define LC_ALL		(6)
-extern char * bindtextdomain (const char * domainname, const char * dirname);
-extern char * textdomain (const char * domainname);
-# define _(Text) Text
-# define ngettext(Msgid1, Msgid2, N) \
-    ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
-#else
-#ifdef HAVE_LOCALE_H
-# include <locale.h>
-#else
-# undef setlocale
-# define setlocale(category, locale)	(NULL)
-# ifndef LC_ALL
-#  define LC_ALL	6
-# endif
-#endif
+#include <stdbool.h>
+#include <locale.h>
 
 #define gettext_noop(String) (String)
 /* #define gettext_def(String) "#define String" */
@@ -57,22 +24,18 @@ extern char * textdomain (const char * domainname);
 # define ngettext(Msgid1, Msgid2, N) \
     ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
 #endif
-#endif
 
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
-#if HAVE_ERRNO_H
-# include <errno.h>
-#endif
+#include <errno.h>
 
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
+#include <unistd.h>
 
 /*
  * crypt(3), crypt_gensalt(3), and their
@@ -85,22 +48,6 @@ extern char * textdomain (const char * domainname);
 #include <sys/time.h>
 #include <time.h>
 
-#ifdef HAVE_MEMSET_S
-# define memzero(ptr, size) memset_s((ptr), 0, (size))
-#elif defined HAVE_EXPLICIT_BZERO	/* !HAVE_MEMSET_S */
-# define memzero(ptr, size) explicit_bzero((ptr), (size))
-#else					/* !HAVE_MEMSET_S && HAVE_EXPLICIT_BZERO */
-static inline void memzero(void *ptr, size_t size)
-{
-	volatile unsigned char * volatile p = ptr;
-	while (size--) {
-		*p++ = '\0';
-	}
-}
-#endif					/* !HAVE_MEMSET_S && !HAVE_EXPLICIT_BZERO */
-
-#define strzero(s) memzero(s, strlen(s))	/* warning: evaluates twice */
-
 #include <dirent.h>
 
 /*
@@ -123,7 +70,6 @@ static inline void memzero(void *ptr, size_t size)
 #endif
 #endif
 
-#ifdef USE_SYSLOG
 #include <syslog.h>
 
 #ifndef LOG_WARN
@@ -170,14 +116,6 @@ static inline void memzero(void *ptr, size_t size)
 #define SYSLOG(x) syslog x
 #endif				/* !ENABLE_NLS */
 
-#else				/* !USE_SYSLOG */
-
-#define SYSLOG(x)		/* empty */
-#define openlog(a,b,c)		/* empty */
-#define closelog()		/* empty */
-
-#endif				/* !USE_SYSLOG */
-
 /* The default syslog settings can now be changed here,
    in just one place.  */
 
@@ -192,63 +130,25 @@ static inline void memzero(void *ptr, size_t size)
 
 #define OPENLOG(progname) openlog(progname, SYSLOG_OPTIONS, SYSLOG_FACILITY)
 
-#ifndef F_OK
-# define F_OK 0
-# define X_OK 1
-# define W_OK 2
-# define R_OK 4
-#endif
-
-#ifndef SEEK_SET
-# define SEEK_SET 0
-# define SEEK_CUR 1
-# define SEEK_END 2
-#endif
-
-#if HAVE_TERMIOS_H
-# include <termios.h>
-# define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio)
-# define GTTY(fd, termio) tcgetattr(fd, termio)
-# define TERMIO struct termios
-# define USE_TERMIOS
-#else				/* assumed HAVE_TERMIO_H */
-# include <sys/ioctl.h>
-# include <termio.h>
-# define STTY(fd, termio) ioctl(fd, TCSETA, termio)
-# define GTTY(fd, termio) ioctl(fd, TCGETA, termio)
-# define TEMRIO struct termio
-# define USE_TERMIO
-#endif
+#include <termios.h>
+#define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio)
+#define GTTY(fd, termio) tcgetattr(fd, termio)
+#define TERMIO struct termios
 
 /*
  * Password aging constants
  *
  * DAY - seconds / day
  * WEEK - seconds / week
- * SCALE - seconds / aging unit
  */
 
 /* Solaris defines this in shadow.h */
 #ifndef DAY
-#define DAY (24L*3600L)
+#define DAY  ((time_t) 24 * 3600)
 #endif
 
 #define WEEK (7*DAY)
 
-#ifdef ITI_AGING
-#define SCALE 1
-#else
-#define SCALE DAY
-#endif
-
-/* Copy string pointed by B to array A with size checking.  It was originally
-   in lmain.c but is _very_ useful elsewhere.  Some setuid root programs with
-   very sloppy coding used to assume that BUFSIZ will always be enough...  */
-
-					/* danger - side effects */
-#define STRFCPY(A,B) \
-	(strncpy((A), (B), sizeof(A) - 1), (A)[sizeof(A) - 1] = '\0')
-
 #ifndef PASSWD_FILE
 #define PASSWD_FILE "/etc/passwd"
 #endif
@@ -261,22 +161,18 @@ static inline void memzero(void *ptr, size_t size)
 #define SHADOW_FILE "/etc/shadow"
 #endif
 
-#ifdef SHADOWGRP
-#ifndef SGROUP_FILE
-#define SGROUP_FILE "/etc/gshadow"
-#endif
+#ifndef SUBUID_FILE
+#define SUBUID_FILE "/etc/subuid"
 #endif
 
-#ifndef NULL
-#define NULL ((void *) 0)
+#ifndef SUBGID_FILE
+#define SUBGID_FILE "/etc/subgid"
 #endif
 
-#ifdef sun			/* hacks for compiling on SunOS */
-# ifndef SOLARIS
-extern int fputs ();
-extern char *strdup ();
-extern char *strerror ();
-# endif
+#ifdef SHADOWGRP
+#ifndef SGROUP_FILE
+#define SGROUP_FILE "/etc/gshadow"
+#endif
 #endif
 
 /*
@@ -288,45 +184,16 @@ extern char *strerror ();
 #define SHADOW_PASSWD_STRING "x"
 #endif
 
-#define SHADOW_SP_FLAG_UNSET ((unsigned long int)-1)
+#define SHADOW_SP_FLAG_UNSET ((unsigned long)-1)
 
 #ifdef WITH_AUDIT
-#ifdef __u8			/* in case we use pam < 0.80 */
+/* in case we use pam < 0.80 */
 #undef __u8
-#endif
-#ifdef __u32
 #undef __u32
-#endif
 
 #include <libaudit.h>
 #endif
 
-/* To be used for verified unused parameters */
-#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
-# define unused __attribute__((unused))
-# define format_attr(type, index, check) __attribute__((format (type, index, check)))
-#else
-# define unused
-# define format_attr(type, index, check)
-#endif
-
-/* Maximum length of usernames */
-#ifdef HAVE_UTMPX_H
-# include <utmpx.h>
-# define USER_NAME_MAX_LENGTH (sizeof (((struct utmpx *)NULL)->ut_user))
-#else
-# include <utmp.h>
-# ifdef HAVE_STRUCT_UTMP_UT_USER
-#  define USER_NAME_MAX_LENGTH (sizeof (((struct utmp *)NULL)->ut_user))
-# else
-#  ifdef HAVE_STRUCT_UTMP_UT_NAME
-#   define USER_NAME_MAX_LENGTH (sizeof (((struct utmp *)NULL)->ut_name))
-#  else
-#   define USER_NAME_MAX_LENGTH 32
-#  endif
-# endif
-#endif
-
 /* Maximum length of passwd entry */
 #define PASSWD_ENTRY_MAX_LENGTH 32768
 
@@ -336,4 +203,14 @@ extern char *strerror ();
 #  define shadow_getenv(name) getenv(name)
 #endif
 
+/*
+ * Maximum password length
+ *
+ * Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE)
+ * currently set to 512.
+ */
+#if !defined(PASS_MAX)
+#define PASS_MAX  BUFSIZ - 1
+#endif
+
 #endif				/* _DEFINES_H_ */
diff --git a/libmisc/env.c b/lib/env.c
index fc6dbce..9b5fd32 100644
--- a/libmisc/env.c
+++ b/lib/env.c
@@ -15,9 +15,14 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
+
 /*
  * NEWENVP_STEP must be a power of two.  This is the number
  * of (char *) pointers to allocate at a time, to avoid using
@@ -26,7 +31,6 @@
 #define NEWENVP_STEP 16
 size_t newenvc = 0;
 /*@null@*/char **newenvp = NULL;
-extern char **environ;
 
 static const char *const forbid[] = {
 	"_RLD_=",
@@ -42,7 +46,7 @@ static const char *const forbid[] = {
 	"PATH=",
 	"SHELL=",
 	"SHLIB_PATH=",
-	(char *) 0
+	NULL
 };
 
 /* these are allowed, but with no slashes inside
@@ -51,7 +55,7 @@ static const char *const noslash[] = {
 	"LANG=",
 	"LANGUAGE=",
 	"LC_",			/* anything with the LC_ prefix */
-	(char *) 0
+	NULL
 };
 
 /*
@@ -59,23 +63,18 @@ static const char *const noslash[] = {
  */
 void initenv (void)
 {
-	newenvp = (char **) xmalloc (NEWENVP_STEP * sizeof (char *));
+	newenvp = XMALLOC(NEWENVP_STEP, char *);
 	*newenvp = NULL;
 }
 
 
 void addenv (const char *string, /*@null@*/const char *value)
 {
-	char *cp, *newstring;
-	size_t i;
-	size_t n;
+	char    *cp, *newstring;
+	size_t  i, n;
 
 	if (NULL != value) {
-		size_t len = strlen (string) + strlen (value) + 2;
-		int wlen;
-		newstring = xmalloc (len);
-		wlen = snprintf (newstring, len, "%s=%s", string, value);
-		assert (wlen == (int) len -1);
+		xasprintf(&newstring, "%s=%s", string, value);
 	} else {
 		newstring = xstrdup (string);
 	}
@@ -87,7 +86,7 @@ void addenv (const char *string, /*@null@*/const char *value)
 
 	cp = strchr (newstring, '=');
 	if (NULL == cp) {
-		free (newstring);
+		free(newstring);
 		return;
 	}
 
@@ -104,7 +103,7 @@ void addenv (const char *string, /*@null@*/const char *value)
 	}
 
 	if (i < newenvc) {
-		free (newenvp[i]);
+		free(newenvp[i]);
 		newenvp[i] = newstring;
 		return;
 	}
@@ -127,32 +126,19 @@ void addenv (const char *string, /*@null@*/const char *value)
 	 */
 
 	if ((newenvc & (NEWENVP_STEP - 1)) == 0) {
-		char **__newenvp;
-		size_t newsize;
+		bool  update_environ;
+
+		update_environ = (environ == newenvp);
+
+		newenvp = XREALLOC(newenvp, newenvc + NEWENVP_STEP, char *);
 
 		/*
-		 * If the resize operation succeeds we can
-		 * happily go on, else print a message.
+		 * If this is our current environment, update
+		 * environ so that it doesn't point to some
+		 * free memory area (realloc() could move it).
 		 */
-
-		newsize = (newenvc + NEWENVP_STEP) * sizeof (char *);
-		__newenvp = (char **) realloc (newenvp, newsize);
-
-		if (NULL != __newenvp) {
-			/*
-			 * If this is our current environment, update
-			 * environ so that it doesn't point to some
-			 * free memory area (realloc() could move it).
-			 */
-			if (environ == newenvp) {
-				environ = __newenvp;
-			}
-			newenvp = __newenvp;
-		} else {
-			(void) fputs (_("Environment overflow\n"), log_get_logfd());
-			newenvc--;
-			free (newenvp[newenvc]);
-		}
+		if (update_environ)
+			environ = newenvp;
 	}
 
 	/*
@@ -168,9 +154,9 @@ void addenv (const char *string, /*@null@*/const char *value)
  */
 void set_env (int argc, char *const *argv)
 {
-	int noname = 1;
-	char variable[1024];
-	char *cp;
+	int   noname = 1;
+	char  variable[1024];
+	char  *cp;
 
 	for (; argc > 0; argc--, argv++) {
 		if (strlen (*argv) >= sizeof variable) {
@@ -179,9 +165,7 @@ void set_env (int argc, char *const *argv)
 
 		cp = strchr (*argv, '=');
 		if (NULL == cp) {
-			int wlen;
-			wlen = snprintf (variable, sizeof variable, "L%d", noname);
-			assert (wlen < (int) sizeof(variable));
+			assert(SNPRINTF(variable, "L%d", noname) != -1);
 			noname++;
 			addenv (variable, *argv);
 		} else {
@@ -194,8 +178,7 @@ void set_env (int argc, char *const *argv)
 			}
 
 			if (NULL != *p) {
-				strncpy (variable, *argv, (size_t)(cp - *argv));
-				variable[cp - *argv] = '\0';
+				stpcpy(mempcpy(variable, *argv, (size_t)(cp - *argv)), "");
 				printf (_("You may not change $%s\n"),
 					variable);
 				continue;
diff --git a/libmisc/failure.c b/lib/failure.c
index 1aab299..e42e710 100644
--- a/libmisc/failure.c
+++ b/lib/failure.c
@@ -14,10 +14,16 @@
 #include <fcntl.h>
 #include <stdio.h>
 #include <unistd.h>
+
 #include "defines.h"
 #include "faillog.h"
-#include "getdef.h"
 #include "failure.h"
+#include "memzero.h"
+#include "prototypes.h"
+#include "string/strftime.h"
+#include "string/strtcpy.h"
+
+
 #define	YEAR	(365L*DAY)
 /*
  * failure - make failure entry
@@ -41,7 +47,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	fd = open (FAILLOG_FILE, O_RDWR);
 	if (fd < 0) {
 		SYSLOG ((LOG_WARN,
-		         "Can't write faillog entry for UID %lu in %s.",
+		         "Can't write faillog entry for UID %lu in %s: %m",
 		         (unsigned long) uid, FAILLOG_FILE));
 		return;
 	}
@@ -53,7 +59,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	 */
 
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (read (fd, (char *) fl, sizeof *fl) != (ssize_t) sizeof *fl)) {
+	    || (read (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)) {
 		/* This is not necessarily a failure. The file is
 		 * initially zero length.
 		 *
@@ -75,7 +81,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 		fl->fail_cnt++;
 	}
 
-	strncpy (fl->fail_line, tty, sizeof (fl->fail_line) - 1);
+	STRTCPY(fl->fail_line, tty);
 	(void) time (&fl->fail_time);
 
 	/*
@@ -86,13 +92,26 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	 */
 
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, (char *) fl, sizeof *fl) != (ssize_t) sizeof *fl)
-	    || (close (fd) != 0)) {
-		SYSLOG ((LOG_WARN,
-		         "Can't write faillog entry for UID %lu in %s.",
-		         (unsigned long) uid, FAILLOG_FILE));
+	    || (write_full(fd, fl, sizeof *fl) == -1)) {
+		goto err_write;
+	}
+
+	if (close (fd) != 0 && errno != EINTR) {
+		goto err_close;
+	}
+
+	return;
+
+err_write:
+	{
+		int saved_errno = errno;
 		(void) close (fd);
+		errno = saved_errno;
 	}
+err_close:
+	SYSLOG ((LOG_WARN,
+	         "Can't write faillog entry for UID %lu to %s: %m",
+	         (unsigned long) uid, FAILLOG_FILE));
 }
 
 static bool too_many_failures (const struct faillog *fl)
@@ -144,7 +163,7 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 	fd = open (FAILLOG_FILE, failed?O_RDONLY:O_RDWR);
 	if (fd < 0) {
 		SYSLOG ((LOG_WARN,
-		         "Can't open the faillog file (%s) to check UID %lu. "
+		         "Can't open the faillog file (%s) to check UID %lu: %m; "
 		         "User access authorized.",
 		         FAILLOG_FILE, (unsigned long) uid));
 		return 1;
@@ -163,7 +182,7 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 	 */
 
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (read (fd, (char *) fl, sizeof *fl) != (ssize_t) sizeof *fl)) {
+	    || (read (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)) {
 		(void) close (fd);
 		return 1;
 	}
@@ -185,18 +204,30 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 		fail.fail_cnt = 0;
 
 		if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-		    || (write (fd, (const void *) &fail, sizeof fail) != (ssize_t) sizeof fail)
-		    || (close (fd) != 0)) {
-			SYSLOG ((LOG_WARN,
-			         "Can't reset faillog entry for UID %lu in %s.",
-			         (unsigned long) uid, FAILLOG_FILE));
-			(void) close (fd);
+		    || (write_full(fd, &fail, sizeof fail) == -1)) {
+			    goto err_write;
+		}
+
+		if (close (fd) != 0 && errno != EINTR) {
+			goto err_close;
 		}
 	} else {
 		(void) close (fd);
 	}
 
 	return 1;
+
+err_write:
+	{
+		int saved_errno = errno;
+		(void) close (fd);
+		errno = saved_errno;
+	}
+err_close:
+	SYSLOG ((LOG_WARN,
+	         "Can't reset faillog entry for UID %lu in %s: %m",
+	         (unsigned long) uid, FAILLOG_FILE));
+	return 1;
 }
 
 /*
@@ -223,7 +254,7 @@ void failprint (const struct faillog *fail)
 	/*
 	 * Print all information we have.
 	 */
-	(void) strftime (lasttimeb, sizeof lasttimeb, "%c", tp);
+	STRFTIME(lasttimeb, "%c", tp);
 
 	/*@-formatconst@*/
 	(void) printf (ngettext ("%d failure since last login.\n"
@@ -234,62 +265,3 @@ void failprint (const struct faillog *fail)
 	               fail->fail_cnt, lasttime, fail->fail_line);
 	/*@=formatconst@*/
 }
-
-/*
- * failtmp - update the cumulative failure log
- *
- *	failtmp updates the (struct utmp) formatted failure log which
- *	maintains a record of all login failures.
- */
-
-void failtmp (const char *username,
-#ifdef USE_UTMPX
-		     const struct utmpx *failent
-#else				/* !USE_UTMPX */
-		     const struct utmp *failent
-#endif				/* !USE_UTMPX */
-    )
-{
-	const char *ftmp;
-	int fd;
-
-	/*
-	 * Get the name of the failure file.  If no file has been defined
-	 * in login.defs, don't do this.
-	 */
-
-	ftmp = getdef_str ("FTMP_FILE");
-	if (NULL == ftmp) {
-		return;
-	}
-
-	/*
-	 * Open the file for append.  It must already exist for this
-	 * feature to be used.
-	 */
-
-	if (access (ftmp, F_OK) != 0) {
-		return;
-	}
-
-	fd = open (ftmp, O_WRONLY | O_APPEND);
-	if (-1 == fd) {
-		SYSLOG ((LOG_WARN,
-		         "Can't append failure of user %s to %s.",
-		         username, ftmp));
-		return;
-	}
-
-	/*
-	 * Append the new failure record and close the log file.
-	 */
-
-	if (   (write (fd, (const void *) failent, sizeof *failent) != (ssize_t) sizeof *failent)
-	    || (close (fd) != 0)) {
-		SYSLOG ((LOG_WARN,
-		         "Can't append failure of user %s to %s.",
-		         username, ftmp));
-		(void) close (fd);
-	}
-}
-
diff --git a/libmisc/failure.h b/lib/failure.h
index 2ac30d7..1352b68 100644
--- a/libmisc/failure.h
+++ b/lib/failure.h
@@ -13,11 +13,6 @@
 
 #include "defines.h"
 #include "faillog.h"
-#ifdef USE_UTMPX
-#include <utmpx.h>
-#else					/* !USE_UTMPX */
-#include <utmp.h>
-#endif					/* !USE_UTMPX */
 
 /*
  * failure - make failure entry
@@ -45,17 +40,5 @@ extern int failcheck (uid_t uid, struct faillog *fl, bool failed);
  */
 extern void failprint (const struct faillog *);
 
-/*
- * failtmp - update the cumulative failure log
- *
- *	failtmp updates the (struct utmp) formatted failure log which
- *	maintains a record of all login failures.
- */
-#ifdef USE_UTMPX
-extern void failtmp (const char *username, const struct utmpx *);
-#else				/* !USE_UTMPX */
-extern void failtmp (const char *username, const struct utmp *);
-#endif				/* !USE_UTMPX */
-
 #endif
 
diff --git a/lib/fd.c b/lib/fd.c
new file mode 100644
index 0000000..bcfa374
--- /dev/null
+++ b/lib/fd.c
@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2024, Skyler Ferrante <sjf5462@rit.edu>
+// SPDX-License-Identifier: BSD-3-Clause
+
+/**
+ * To protect against file descriptor omission attacks, we open the std file
+ * descriptors with /dev/null if they are not already open. Code is based on
+ * fix_fds from sudo.c.
+ */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "prototypes.h"
+
+static void check_fd(int fd);
+
+void
+check_fds(void)
+{
+	/**
+	 * Make sure stdin, stdout, stderr are open
+	 * If they are closed, set them to /dev/null
+	 */
+	check_fd(STDIN_FILENO);
+	check_fd(STDOUT_FILENO);
+	check_fd(STDERR_FILENO);
+}
+
+static void
+check_fd(int fd)
+{
+	int  devnull;
+
+	if (fcntl(fd, F_GETFL, 0) != -1)
+		return;
+
+	devnull = open("/dev/null", O_RDWR);
+	if (devnull != fd)
+		abort();
+}
diff --git a/lib/fields.c b/lib/fields.c
index 8a56035..5392924 100644
--- a/lib/fields.c
+++ b/lib/fields.c
@@ -21,9 +21,9 @@
  *
  * The supplied field is scanned for non-printable and other illegal
  * characters.
- *  + -1 is returned if an illegal character is present.
- *  +  1 is returned if no illegal characters are present, but the field
- *       contains a non-printable character.
+ *  + -1 is returned if an illegal or control character is present.
+ *  +  1 is returned if no illegal or control characters are present,
+ *       but the field contains a non-printable character.
  *  +  0 is returned otherwise.
  */
 int valid_field (const char *field, const char *illegal)
@@ -37,23 +37,22 @@ int valid_field (const char *field, const char *illegal)
 
 	/* For each character of field, search if it appears in the list
 	 * of illegal characters. */
+	if (illegal && NULL != strpbrk (field, illegal)) {
+		return -1;
+	}
+
+	/* Search if there are non-printable or control characters */
 	for (cp = field; '\0' != *cp; cp++) {
-		if (strchr (illegal, *cp) != NULL) {
+		unsigned char c = *cp;
+		if (!isprint (c)) {
+			err = 1;
+		}
+		if (iscntrl (c)) {
 			err = -1;
 			break;
 		}
 	}
 
-	if (0 == err) {
-		/* Search if there are some non-printable characters */
-		for (cp = field; '\0' != *cp; cp++) {
-			if (!isprint (*cp)) {
-				err = 1;
-				break;
-			}
-		}
-	}
-
 	return err;
 }
 
@@ -74,7 +73,7 @@ void change_field (char *buf, size_t maxsize, const char *prompt)
 
 	printf ("\t%s [%s]: ", prompt, buf);
 	(void) fflush (stdout);
-	if (fgets (newf, (int) maxsize, stdin) != newf) {
+	if (fgets (newf, maxsize, stdin) != newf) {
 		return;
 	}
 
@@ -91,17 +90,16 @@ void change_field (char *buf, size_t maxsize, const char *prompt)
 		 * entering a space.  --marekm
 		 */
 
-		while (--cp >= newf && isspace (*cp));
-		cp++;
+		while (newf < cp && isspace (cp[-1])) {
+			cp--;
+		}
 		*cp = '\0';
 
 		cp = newf;
-		while (('\0' != *cp) && isspace (*cp)) {
+		while (isspace (*cp)) {
 			cp++;
 		}
 
-		strncpy (buf, cp, maxsize - 1);
-		buf[maxsize - 1] = '\0';
+		strcpy (buf, cp);
 	}
 }
-
diff --git a/libmisc/find_new_gid.c b/lib/find_new_gid.c
index 65ab5d0..cfd5609 100644
--- a/libmisc/find_new_gid.c
+++ b/lib/find_new_gid.c
@@ -12,6 +12,7 @@
 #include <stdio.h>
 #include <errno.h>
 
+#include "alloc.h"
 #include "prototypes.h"
 #include "groupio.h"
 #include "getdef.h"
@@ -40,15 +41,14 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
 		*preferred_min = (gid_t) 1;
 
 		/* Get the minimum ID range from login.defs or default to 101 */
-		*min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
+		*min_id = getdef_ulong ("SYS_GID_MIN", 101UL);
 
 		/*
 		 * If SYS_GID_MAX is unspecified, we should assume it to be one
 		 * less than the GID_MIN (which is reserved for non-system accounts)
 		 */
-		gid_def_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
-		*max_id = (gid_t) getdef_ulong ("SYS_GID_MAX",
-				(unsigned long) gid_def_max);
+		gid_def_max = getdef_ulong ("GID_MIN", 1000UL) - 1;
+		*max_id = getdef_ulong ("SYS_GID_MAX", gid_def_max);
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
@@ -71,8 +71,8 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
 		/* Non-system groups */
 
 		/* Get the values from login.defs or use reasonable defaults */
-		*min_id = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
-		*max_id = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
+		*min_id = getdef_ulong ("GID_MIN", 1000UL);
+		*max_id = getdef_ulong ("GID_MAX", 60000UL);
 
 		/*
 		 * The preferred minimum should match the standard ID minimum
@@ -99,6 +99,7 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
  *
  * On success, return 0
  * If the ID is in use, return EEXIST
+ * If the ID might clash with -1, return EINVAL
  * If the ID is outside the range, return ERANGE
  * In other cases, return errno from getgrgid()
  */
@@ -112,6 +113,11 @@ static int check_gid (const gid_t gid,
 		return ERANGE;
 	}
 
+	/* Check for compatibility with 16b and 32b gid_t error codes */
+	if (gid == UINT16_MAX || gid == UINT32_MAX) {
+		return EINVAL;
+	}
+
 	/*
 	 * Check whether we already detected this GID
 	 * using the gr_next() loop
@@ -183,10 +189,10 @@ int find_new_gid (bool sys_group,
 			 * gr_locate_gid() found the GID in an as-yet uncommitted
 			 * entry. We'll proceed below and auto-set a GID.
 			 */
-		} else if (result == EEXIST || result == ERANGE) {
+		} else if (result == EEXIST || result == ERANGE || result == EINVAL) {
 			/*
 			 * Continue on below. At this time, we won't
-			 * treat these two cases differently.
+			 * treat these three cases differently.
 			 */
 		} else {
 			/*
@@ -226,14 +232,13 @@ int find_new_gid (bool sys_group,
 	 */
 
 	/* Create an array to hold all of the discovered GIDs */
-	used_gids = malloc (sizeof (bool) * (gid_max +1));
+	used_gids = CALLOC (gid_max + 1, bool);
 	if (NULL == used_gids) {
 		fprintf (log_get_logfd(),
 			 _("%s: failed to allocate memory: %s\n"),
 			 log_get_progname(), strerror (errno));
 		return -1;
 	}
-	memset (used_gids, false, sizeof (bool) * (gid_max + 1));
 
 	/* First look for the lowest and highest value in the local database */
 	(void) gr_rewind ();
@@ -297,8 +302,11 @@ int find_new_gid (bool sys_group,
 				*gid = id;
 				free (used_gids);
 				return 0;
-			} else if (result == EEXIST) {
-				/* This GID is in use, we'll continue to the next */
+			} else if (result == EEXIST || result == EINVAL) {
+				/*
+				 * This GID is in use or unusable, we'll
+				 * continue to the next.
+				 */
 			} else {
 				/*
 				 * An unexpected error occurred.
@@ -340,8 +348,11 @@ int find_new_gid (bool sys_group,
 					*gid = id;
 					free (used_gids);
 					return 0;
-				} else if (result == EEXIST) {
-					/* This GID is in use, we'll continue to the next */
+				} else if (result == EEXIST || result == EINVAL) {
+					/*
+					 * This GID is in use or unusable, we'll
+					 * continue to the next.
+					 */
 				} else {
 					/*
 					 * An unexpected error occurred.
@@ -400,8 +411,11 @@ int find_new_gid (bool sys_group,
 				*gid = id;
 				free (used_gids);
 				return 0;
-			} else if (result == EEXIST) {
-				/* This GID is in use, we'll continue to the next */
+			} else if (result == EEXIST || result == EINVAL) {
+				/*
+				 * This GID is in use or unusable, we'll
+				 * continue to the next.
+				 */
 			} else {
 				/*
 				 * An unexpected error occurred.
@@ -443,8 +457,11 @@ int find_new_gid (bool sys_group,
 					*gid = id;
 					free (used_gids);
 					return 0;
-				} else if (result == EEXIST) {
-					/* This GID is in use, we'll continue to the next */
+				} else if (result == EEXIST || result == EINVAL) {
+					/*
+					 * This GID is in use or unusable, we'll
+					 * continue to the next.
+					 */
 				} else {
 					/*
 					 * An unexpected error occurred.
diff --git a/libmisc/find_new_sub_gids.c b/lib/find_new_sub_gids.c
index bbd4570..74c9d8f 100644
--- a/libmisc/find_new_sub_gids.c
+++ b/lib/find_new_sub_gids.c
@@ -59,6 +59,6 @@ int find_new_sub_gids (gid_t *range_start, unsigned long *range_count)
 	return 0;
 }
 #else				/* !ENABLE_SUBIDS */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !ENABLE_SUBIDS */
 
diff --git a/libmisc/find_new_sub_uids.c b/lib/find_new_sub_uids.c
index a86b311..cc4b0cf 100644
--- a/libmisc/find_new_sub_uids.c
+++ b/lib/find_new_sub_uids.c
@@ -59,6 +59,6 @@ int find_new_sub_uids (uid_t *range_start, unsigned long *range_count)
 	return 0;
 }
 #else				/* !ENABLE_SUBIDS */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !ENABLE_SUBIDS */
 
diff --git a/libmisc/find_new_uid.c b/lib/find_new_uid.c
index 5f7e74b..45ce712 100644
--- a/libmisc/find_new_uid.c
+++ b/lib/find_new_uid.c
@@ -12,6 +12,7 @@
 #include <stdio.h>
 #include <errno.h>
 
+#include "alloc.h"
 #include "prototypes.h"
 #include "pwio.h"
 #include "getdef.h"
@@ -40,15 +41,14 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
 		*preferred_min = (uid_t) 1;
 
 		/* Get the minimum ID range from login.defs or default to 101 */
-		*min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
+		*min_id = getdef_ulong ("SYS_UID_MIN", 101UL);
 
 		/*
 		 * If SYS_UID_MAX is unspecified, we should assume it to be one
 		 * less than the UID_MIN (which is reserved for non-system accounts)
 		 */
-		uid_def_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
-		*max_id = (uid_t) getdef_ulong ("SYS_UID_MAX",
-				(unsigned long) uid_def_max);
+		uid_def_max = getdef_ulong ("UID_MIN", 1000UL) - 1;
+		*max_id = getdef_ulong ("SYS_UID_MAX", uid_def_max);
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
@@ -71,8 +71,8 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
 		/* Non-system users */
 
 		/* Get the values from login.defs or use reasonable defaults */
-		*min_id = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-		*max_id = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+		*min_id = getdef_ulong ("UID_MIN", 1000UL);
+		*max_id = getdef_ulong ("UID_MAX", 60000UL);
 
 		/*
 		 * The preferred minimum should match the standard ID minimum
@@ -99,6 +99,7 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
  *
  * On success, return 0
  * If the ID is in use, return EEXIST
+ * If the ID might clash with -1, return EINVAL
  * If the ID is outside the range, return ERANGE
  * In other cases, return errno from getpwuid()
  */
@@ -112,6 +113,11 @@ static int check_uid(const uid_t uid,
 		return ERANGE;
 	}
 
+	/* Check for compatibility with 16b and 32b uid_t error codes */
+	if (uid == UINT16_MAX || uid == UINT32_MAX) {
+		return EINVAL;
+	}
+
 	/*
 	 * Check whether we already detected this UID
 	 * using the pw_next() loop
@@ -183,10 +189,10 @@ int find_new_uid(bool sys_user,
 			 * pw_locate_uid() found the UID in an as-yet uncommitted
 			 * entry. We'll proceed below and auto-set an UID.
 			 */
-		} else if (result == EEXIST || result == ERANGE) {
+		} else if (result == EEXIST || result == ERANGE || result == EINVAL) {
 			/*
 			 * Continue on below. At this time, we won't
-			 * treat these two cases differently.
+			 * treat these three cases differently.
 			 */
 		} else {
 			/*
@@ -226,14 +232,13 @@ int find_new_uid(bool sys_user,
 	 */
 
 	/* Create an array to hold all of the discovered UIDs */
-	used_uids = malloc (sizeof (bool) * (uid_max +1));
+	used_uids = CALLOC(uid_max + 1, bool);
 	if (NULL == used_uids) {
 		fprintf (log_get_logfd(),
 			 _("%s: failed to allocate memory: %s\n"),
 			 log_get_progname(), strerror (errno));
 		return -1;
 	}
-	memset (used_uids, false, sizeof (bool) * (uid_max + 1));
 
 	/* First look for the lowest and highest value in the local database */
 	(void) pw_rewind ();
@@ -297,8 +302,11 @@ int find_new_uid(bool sys_user,
 				*uid = id;
 				free (used_uids);
 				return 0;
-			} else if (result == EEXIST) {
-				/* This UID is in use, we'll continue to the next */
+			} else if (result == EEXIST || result == EINVAL) {
+				/*
+				 * This GID is in use or unusable, we'll
+				 * continue to the next.
+				 */
 			} else {
 				/*
 				 * An unexpected error occurred.
@@ -340,8 +348,11 @@ int find_new_uid(bool sys_user,
 					*uid = id;
 					free (used_uids);
 					return 0;
-				} else if (result == EEXIST) {
-					/* This UID is in use, we'll continue to the next */
+				} else if (result == EEXIST || result == EINVAL) {
+					/*
+					 * This GID is in use or unusable, we'll
+					 * continue to the next.
+					 */
 				} else {
 					/*
 					 * An unexpected error occurred.
@@ -400,8 +411,11 @@ int find_new_uid(bool sys_user,
 				*uid = id;
 				free (used_uids);
 				return 0;
-			} else if (result == EEXIST) {
-				/* This UID is in use, we'll continue to the next */
+			} else if (result == EEXIST || result == EINVAL) {
+				/*
+				 * This GID is in use or unusable, we'll
+				 * continue to the next.
+				 */
 			} else {
 				/*
 				 * An unexpected error occurred.
@@ -443,8 +457,11 @@ int find_new_uid(bool sys_user,
 					*uid = id;
 					free (used_uids);
 					return 0;
-				} else if (result == EEXIST) {
-					/* This UID is in use, we'll continue to the next */
+				} else if (result == EEXIST || result == EINVAL) {
+					/*
+					 * This GID is in use or unusable, we'll
+					 * continue to the next.
+					 */
 				} else {
 					/*
 					 * An unexpected error occurred.
diff --git a/lib/fputsx.c b/lib/fputsx.c
index bb71ab2..0565310 100644
--- a/lib/fputsx.c
+++ b/lib/fputsx.c
@@ -16,7 +16,8 @@
 #ident "$Id$"
 
 
-/*@null@*/char *fgetsx (/*@returned@*/ /*@out@*/char *buf, int cnt, FILE * f)
+/*@null@*/char *
+fgetsx(/*@returned@*/char *restrict buf, int cnt, FILE *restrict f)
 {
 	char *cp = buf;
 	char *ep;
diff --git a/lib/freezero.c b/lib/freezero.c
new file mode 100644
index 0000000..c565f43
--- /dev/null
+++ b/lib/freezero.c
@@ -0,0 +1,30 @@
+/*	$OpenBSD: malloc.c,v 1.267 2020/11/23 15:42:11 otto Exp $	*/
+/*
+ * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+void
+freezero(void *ptr, size_t sz)
+{
+	/* This is legal. */
+	if (ptr == NULL)
+		return;
+
+	explicit_bzero(ptr, sz);
+	free(ptr);
+}
diff --git a/lib/freezero.h b/lib/freezero.h
new file mode 100644
index 0000000..8dbcd7c
--- /dev/null
+++ b/lib/freezero.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright © 2005 Aurelien Jarno
+ * Copyright © 2006 Robert Millan
+ * Copyright © 2008-2011 Guillem Jover <guillem@hadrons.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LIBBSD_FREEZERO_H
+#define LIBBSD_FREEZERO_H
+
+void freezero(void *ptr, size_t size);
+
+#endif
diff --git a/lib/get_gid.c b/lib/get_gid.c
index cbcd6f4..2420137 100644
--- a/lib/get_gid.c
+++ b/lib/get_gid.c
@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
 #include <config.h>
 
 #ident "$Id$"
@@ -11,21 +12,23 @@
 #include "prototypes.h"
 #include "defines.h"
 
-int get_gid (const char *gidstr, gid_t *gid)
+
+int
+get_gid(const char *gidstr, gid_t *gid)
 {
-	long long int val;
-	char *endptr;
+	char       *end;
+	long long  val;
 
 	errno = 0;
-	val = strtoll (gidstr, &endptr, 10);
+	val = strtoll(gidstr, &end, 10);
 	if (   ('\0' == *gidstr)
-	    || ('\0' != *endptr)
-	    || (ERANGE == errno)
+	    || ('\0' != *end)
+	    || (0 != errno)
 	    || (/*@+longintegral@*/val != (gid_t)val)/*@=longintegral@*/) {
-		return 0;
+		return -1;
 	}
 
-	*gid = (gid_t)val;
-	return 1;
+	*gid = val;
+	return 0;
 }
 
diff --git a/lib/get_pid.c b/lib/get_pid.c
index 383eb69..af3f2f8 100644
--- a/lib/get_pid.c
+++ b/lib/get_pid.c
@@ -10,22 +10,94 @@
 
 #include "prototypes.h"
 #include "defines.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 
-int get_pid (const char *pidstr, pid_t *pid)
+#include "string/sprintf.h"
+
+
+int
+get_pid(const char *pidstr, pid_t *pid)
 {
-	long long int val;
-	char *endptr;
+	char       *end;
+	long long  val;
 
 	errno = 0;
-	val = strtoll (pidstr, &endptr, 10);
+	val = strtoll(pidstr, &end, 10);
 	if (   ('\0' == *pidstr)
-	    || ('\0' != *endptr)
-	    || (ERANGE == errno)
+	    || ('\0' != *end)
+	    || (0 != errno)
+	    || (val < 1)
 	    || (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
-		return 0;
+		return -1;
 	}
 
-	*pid = (pid_t)val;
-	return 1;
+	*pid = val;
+	return 0;
 }
 
+/*
+ * If use passed in fd:4 as an argument, then return the
+ * value '4', the fd to use.
+ * On error, return -1.
+ */
+int get_pidfd_from_fd(const char *pidfdstr)
+{
+	char         *end;
+	long long    val;
+	struct stat  st;
+	dev_t proc_st_dev, proc_st_rdev;
+
+	errno = 0;
+	val = strtoll(pidfdstr, &end, 10);
+	if (   ('\0' == *pidfdstr)
+	    || ('\0' != *end)
+	    || (0 != errno)
+	    || (val < 0)
+	    || (/*@+longintegral@*/val != (int)val)/*@=longintegral@*/) {
+		return -1;
+	}
+
+	if (stat("/proc/self/uid_map", &st) < 0) {
+		return -1;
+	}
+
+	proc_st_dev = st.st_dev;
+	proc_st_rdev = st.st_rdev;
+
+	if (fstat(val, &st) < 0) {
+		return -1;
+	}
+
+	if (st.st_dev != proc_st_dev || st.st_rdev != proc_st_rdev) {
+		return -1;
+	}
+
+	return (int)val;
+}
+
+int open_pidfd(const char *pidstr)
+{
+	int    proc_dir_fd;
+	char   proc_dir_name[32];
+	pid_t  target;
+
+	if (get_pid(pidstr, &target) == -1)
+		return -ENOENT;
+
+	/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
+	if (SNPRINTF(proc_dir_name, "/proc/%u/", target) == -1) {
+		fprintf(stderr, "snprintf of proc path failed for %u: %s\n",
+			target, strerror(errno));
+		return -EINVAL;
+	}
+
+	proc_dir_fd = open(proc_dir_name, O_DIRECTORY);
+	if (proc_dir_fd < 0) {
+		fprintf(stderr, _("Could not open proc directory for target %u: %s\n"),
+			target, strerror(errno));
+		return -EINVAL;
+	}
+	return proc_dir_fd;
+}
diff --git a/lib/get_uid.c b/lib/get_uid.c
index 50f9922..77fe966 100644
--- a/lib/get_uid.c
+++ b/lib/get_uid.c
@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
 #include <config.h>
 
 #ident "$Id$"
@@ -11,21 +12,23 @@
 #include "prototypes.h"
 #include "defines.h"
 
-int get_uid (const char *uidstr, uid_t *uid)
+
+int
+get_uid(const char *uidstr, uid_t *uid)
 {
-	long long int val;
-	char *endptr;
+	char       *end;
+	long long  val;
 
 	errno = 0;
-	val = strtoll (uidstr, &endptr, 10);
+	val = strtoll(uidstr, &end, 10);
 	if (   ('\0' == *uidstr)
-	    || ('\0' != *endptr)
-	    || (ERANGE == errno)
+	    || ('\0' != *end)
+	    || (0 != errno)
 	    || (/*@+longintegral@*/val != (uid_t)val)/*@=longintegral@*/) {
-		return 0;
+		return -1;
 	}
 
-	*uid = (uid_t)val;
-	return 1;
+	*uid = val;
+	return 0;
 }
 
diff --git a/libmisc/getdate.c b/lib/getdate.c
index fc17c18..556ce62 100644
--- a/libmisc/getdate.c
+++ b/lib/getdate.c
@@ -82,9 +82,6 @@
 
 #ifdef HAVE_CONFIG_H
 # include <config.h>
-# ifdef FORCE_ALLOCA_H
-#  include <alloca.h>
-# endif
 #endif
 
 /* Since the code of getdate.y is not included in the Emacs executable
@@ -101,6 +98,7 @@
 #include <ctype.h>
 #include <time.h>
 
+#include "attr.h"
 #include "getdate.h"
 
 #include <string.h>
@@ -215,7 +213,7 @@ static int	yyRelSeconds;
 static int	yyRelYear;
 
 
-#line 219 "getdate.c"
+#line 217 "getdate.c"
 
 # ifndef YY_CAST
 #  ifdef __cplusplus
@@ -301,12 +299,12 @@ extern int yydebug;
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
 union YYSTYPE
 {
-#line 149 "getdate.y"
+#line 147 "getdate.y"
 
     int			Number;
     enum _MERIDIAN	Meridian;
 
-#line 310 "getdate.c"
+#line 308 "getdate.c"
 
 };
 typedef union YYSTYPE YYSTYPE;
@@ -746,12 +744,12 @@ static const yytype_int8 yytranslate[] =
 /* YYRLINE[YYN] -- Source line where rule number YYN was defined.  */
 static const yytype_int16 yyrline[] =
 {
-       0,   165,   165,   166,   169,   172,   175,   178,   181,   184,
-     187,   193,   199,   208,   214,   226,   229,   233,   238,   242,
-     246,   252,   256,   274,   280,   286,   290,   295,   299,   306,
-     314,   317,   320,   323,   326,   329,   332,   335,   338,   341,
-     344,   347,   350,   353,   356,   359,   362,   365,   368,   373,
-     407,   410
+       0,   163,   163,   164,   167,   170,   173,   176,   179,   182,
+     185,   191,   197,   206,   212,   224,   227,   231,   236,   240,
+     244,   250,   254,   272,   278,   284,   288,   293,   297,   304,
+     312,   315,   318,   321,   324,   327,   330,   333,   336,   339,
+     342,   345,   348,   351,   354,   357,   360,   363,   366,   371,
+     405,   408
 };
 #endif
 
@@ -1352,69 +1350,69 @@ yyreduce:
   switch (yyn)
     {
   case 4: /* item: time  */
-#line 169 "getdate.y"
+#line 167 "getdate.y"
                {
 	    yyHaveTime++;
 	}
-#line 1360 "getdate.c"
+#line 1358 "getdate.c"
     break;
 
   case 5: /* item: zone  */
-#line 172 "getdate.y"
+#line 170 "getdate.y"
                {
 	    yyHaveZone++;
 	}
-#line 1368 "getdate.c"
+#line 1366 "getdate.c"
     break;
 
   case 6: /* item: date  */
-#line 175 "getdate.y"
+#line 173 "getdate.y"
                {
 	    yyHaveDate++;
 	}
-#line 1376 "getdate.c"
+#line 1374 "getdate.c"
     break;
 
   case 7: /* item: day  */
-#line 178 "getdate.y"
+#line 176 "getdate.y"
               {
 	    yyHaveDay++;
 	}
-#line 1384 "getdate.c"
+#line 1382 "getdate.c"
     break;
 
   case 8: /* item: rel  */
-#line 181 "getdate.y"
+#line 179 "getdate.y"
               {
 	    yyHaveRel++;
 	}
-#line 1392 "getdate.c"
+#line 1390 "getdate.c"
     break;
 
   case 10: /* time: tUNUMBER tMERIDIAN  */
-#line 187 "getdate.y"
+#line 185 "getdate.y"
                              {
 	    yyHour = (yyvsp[-1].Number);
 	    yyMinutes = 0;
 	    yySeconds = 0;
 	    yyMeridian = (yyvsp[0].Meridian);
 	}
-#line 1403 "getdate.c"
+#line 1401 "getdate.c"
     break;
 
   case 11: /* time: tUNUMBER ':' tUNUMBER o_merid  */
-#line 193 "getdate.y"
+#line 191 "getdate.y"
                                         {
 	    yyHour = (yyvsp[-3].Number);
 	    yyMinutes = (yyvsp[-1].Number);
 	    yySeconds = 0;
 	    yyMeridian = (yyvsp[0].Meridian);
 	}
-#line 1414 "getdate.c"
+#line 1412 "getdate.c"
     break;
 
   case 12: /* time: tUNUMBER ':' tUNUMBER tSNUMBER  */
-#line 199 "getdate.y"
+#line 197 "getdate.y"
                                          {
 	    yyHour = (yyvsp[-3].Number);
 	    yyMinutes = (yyvsp[-1].Number);
@@ -1424,22 +1422,22 @@ yyreduce:
 			  ? -(yyvsp[0].Number) % 100 + (-(yyvsp[0].Number) / 100) * 60
 			  : - ((yyvsp[0].Number) % 100 + ((yyvsp[0].Number) / 100) * 60));
 	}
-#line 1428 "getdate.c"
+#line 1426 "getdate.c"
     break;
 
   case 13: /* time: tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid  */
-#line 208 "getdate.y"
+#line 206 "getdate.y"
                                                      {
 	    yyHour = (yyvsp[-5].Number);
 	    yyMinutes = (yyvsp[-3].Number);
 	    yySeconds = (yyvsp[-1].Number);
 	    yyMeridian = (yyvsp[0].Meridian);
 	}
-#line 1439 "getdate.c"
+#line 1437 "getdate.c"
     break;
 
   case 14: /* time: tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER  */
-#line 214 "getdate.y"
+#line 212 "getdate.y"
                                                       {
 	    yyHour = (yyvsp[-5].Number);
 	    yyMinutes = (yyvsp[-3].Number);
@@ -1450,71 +1448,71 @@ yyreduce:
 			  ? -(yyvsp[0].Number) % 100 + (-(yyvsp[0].Number) / 100) * 60
 			  : - ((yyvsp[0].Number) % 100 + ((yyvsp[0].Number) / 100) * 60));
 	}
-#line 1454 "getdate.c"
+#line 1452 "getdate.c"
     break;
 
   case 15: /* zone: tZONE  */
-#line 226 "getdate.y"
+#line 224 "getdate.y"
                 {
 	    yyTimezone = (yyvsp[0].Number);
 	}
-#line 1462 "getdate.c"
+#line 1460 "getdate.c"
     break;
 
   case 16: /* zone: tDAYZONE  */
-#line 229 "getdate.y"
+#line 227 "getdate.y"
                    {
 	    yyTimezone = (yyvsp[0].Number) - 60;
 	}
-#line 1470 "getdate.c"
+#line 1468 "getdate.c"
     break;
 
   case 17: /* zone: tZONE tDST  */
-#line 233 "getdate.y"
+#line 231 "getdate.y"
                      {
 	    yyTimezone = (yyvsp[-1].Number) - 60;
 	}
-#line 1478 "getdate.c"
+#line 1476 "getdate.c"
     break;
 
   case 18: /* day: tDAY  */
-#line 238 "getdate.y"
+#line 236 "getdate.y"
                {
 	    yyDayOrdinal = 1;
 	    yyDayNumber = (yyvsp[0].Number);
 	}
-#line 1487 "getdate.c"
+#line 1485 "getdate.c"
     break;
 
   case 19: /* day: tDAY ','  */
-#line 242 "getdate.y"
+#line 240 "getdate.y"
                    {
 	    yyDayOrdinal = 1;
 	    yyDayNumber = (yyvsp[-1].Number);
 	}
-#line 1496 "getdate.c"
+#line 1494 "getdate.c"
     break;
 
   case 20: /* day: tUNUMBER tDAY  */
-#line 246 "getdate.y"
+#line 244 "getdate.y"
                         {
 	    yyDayOrdinal = (yyvsp[-1].Number);
 	    yyDayNumber = (yyvsp[0].Number);
 	}
-#line 1505 "getdate.c"
+#line 1503 "getdate.c"
     break;
 
   case 21: /* date: tUNUMBER '/' tUNUMBER  */
-#line 252 "getdate.y"
+#line 250 "getdate.y"
                                 {
 	    yyMonth = (yyvsp[-2].Number);
 	    yyDay = (yyvsp[0].Number);
 	}
-#line 1514 "getdate.c"
+#line 1512 "getdate.c"
     break;
 
   case 22: /* date: tUNUMBER '/' tUNUMBER '/' tUNUMBER  */
-#line 256 "getdate.y"
+#line 254 "getdate.y"
                                              {
 	  /* Interpret as YYYY/MM/DD if $1 >= 1000, otherwise as MM/DD/YY.
 	     The goal in recognizing YYYY/MM/DD is solely to support legacy
@@ -1533,71 +1531,71 @@ yyreduce:
 	      yyYear = (yyvsp[0].Number);
 	    }
 	}
-#line 1537 "getdate.c"
+#line 1535 "getdate.c"
     break;
 
   case 23: /* date: tUNUMBER tSNUMBER tSNUMBER  */
-#line 274 "getdate.y"
+#line 272 "getdate.y"
                                      {
 	    /* ISO 8601 format.  yyyy-mm-dd.  */
 	    yyYear = (yyvsp[-2].Number);
 	    yyMonth = -(yyvsp[-1].Number);
 	    yyDay = -(yyvsp[0].Number);
 	}
-#line 1548 "getdate.c"
+#line 1546 "getdate.c"
     break;
 
   case 24: /* date: tUNUMBER tMONTH tSNUMBER  */
-#line 280 "getdate.y"
+#line 278 "getdate.y"
                                    {
 	    /* e.g. 17-JUN-1992.  */
 	    yyDay = (yyvsp[-2].Number);
 	    yyMonth = (yyvsp[-1].Number);
 	    yyYear = -(yyvsp[0].Number);
 	}
-#line 1559 "getdate.c"
+#line 1557 "getdate.c"
     break;
 
   case 25: /* date: tMONTH tUNUMBER  */
-#line 286 "getdate.y"
+#line 284 "getdate.y"
                           {
 	    yyMonth = (yyvsp[-1].Number);
 	    yyDay = (yyvsp[0].Number);
 	}
-#line 1568 "getdate.c"
+#line 1566 "getdate.c"
     break;
 
   case 26: /* date: tMONTH tUNUMBER ',' tUNUMBER  */
-#line 290 "getdate.y"
+#line 288 "getdate.y"
                                        {
 	    yyMonth = (yyvsp[-3].Number);
 	    yyDay = (yyvsp[-2].Number);
 	    yyYear = (yyvsp[0].Number);
 	}
-#line 1578 "getdate.c"
+#line 1576 "getdate.c"
     break;
 
   case 27: /* date: tUNUMBER tMONTH  */
-#line 295 "getdate.y"
+#line 293 "getdate.y"
                           {
 	    yyMonth = (yyvsp[0].Number);
 	    yyDay = (yyvsp[-1].Number);
 	}
-#line 1587 "getdate.c"
+#line 1585 "getdate.c"
     break;
 
   case 28: /* date: tUNUMBER tMONTH tUNUMBER  */
-#line 299 "getdate.y"
+#line 297 "getdate.y"
                                    {
 	    yyMonth = (yyvsp[-1].Number);
 	    yyDay = (yyvsp[-2].Number);
 	    yyYear = (yyvsp[0].Number);
 	}
-#line 1597 "getdate.c"
+#line 1595 "getdate.c"
     break;
 
   case 29: /* rel: relunit tAGO  */
-#line 306 "getdate.y"
+#line 304 "getdate.y"
                        {
 	    yyRelSeconds = -yyRelSeconds;
 	    yyRelMinutes = -yyRelMinutes;
@@ -1606,155 +1604,155 @@ yyreduce:
 	    yyRelMonth = -yyRelMonth;
 	    yyRelYear = -yyRelYear;
 	}
-#line 1610 "getdate.c"
+#line 1608 "getdate.c"
     break;
 
   case 31: /* relunit: tUNUMBER tYEAR_UNIT  */
-#line 317 "getdate.y"
+#line 315 "getdate.y"
                               {
 	    yyRelYear += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1618 "getdate.c"
+#line 1616 "getdate.c"
     break;
 
   case 32: /* relunit: tSNUMBER tYEAR_UNIT  */
-#line 320 "getdate.y"
+#line 318 "getdate.y"
                               {
 	    yyRelYear += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1626 "getdate.c"
+#line 1624 "getdate.c"
     break;
 
   case 33: /* relunit: tYEAR_UNIT  */
-#line 323 "getdate.y"
+#line 321 "getdate.y"
                      {
-	    yyRelYear++;
+	    yyRelYear += (yyvsp[0].Number);
 	}
-#line 1634 "getdate.c"
+#line 1632 "getdate.c"
     break;
 
   case 34: /* relunit: tUNUMBER tMONTH_UNIT  */
-#line 326 "getdate.y"
+#line 324 "getdate.y"
                                {
 	    yyRelMonth += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1642 "getdate.c"
+#line 1640 "getdate.c"
     break;
 
   case 35: /* relunit: tSNUMBER tMONTH_UNIT  */
-#line 329 "getdate.y"
+#line 327 "getdate.y"
                                {
 	    yyRelMonth += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1650 "getdate.c"
+#line 1648 "getdate.c"
     break;
 
   case 36: /* relunit: tMONTH_UNIT  */
-#line 332 "getdate.y"
+#line 330 "getdate.y"
                       {
-	    yyRelMonth++;
+	    yyRelMonth += (yyvsp[0].Number);
 	}
-#line 1658 "getdate.c"
+#line 1656 "getdate.c"
     break;
 
   case 37: /* relunit: tUNUMBER tDAY_UNIT  */
-#line 335 "getdate.y"
+#line 333 "getdate.y"
                              {
 	    yyRelDay += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1666 "getdate.c"
+#line 1664 "getdate.c"
     break;
 
   case 38: /* relunit: tSNUMBER tDAY_UNIT  */
-#line 338 "getdate.y"
+#line 336 "getdate.y"
                              {
 	    yyRelDay += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1674 "getdate.c"
+#line 1672 "getdate.c"
     break;
 
   case 39: /* relunit: tDAY_UNIT  */
-#line 341 "getdate.y"
+#line 339 "getdate.y"
                     {
-	    yyRelDay++;
+	    yyRelDay += (yyvsp[0].Number);
 	}
-#line 1682 "getdate.c"
+#line 1680 "getdate.c"
     break;
 
   case 40: /* relunit: tUNUMBER tHOUR_UNIT  */
-#line 344 "getdate.y"
+#line 342 "getdate.y"
                               {
 	    yyRelHour += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1690 "getdate.c"
+#line 1688 "getdate.c"
     break;
 
   case 41: /* relunit: tSNUMBER tHOUR_UNIT  */
-#line 347 "getdate.y"
+#line 345 "getdate.y"
                               {
 	    yyRelHour += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1698 "getdate.c"
+#line 1696 "getdate.c"
     break;
 
   case 42: /* relunit: tHOUR_UNIT  */
-#line 350 "getdate.y"
+#line 348 "getdate.y"
                      {
-	    yyRelHour++;
+	    yyRelHour += (yyvsp[0].Number);
 	}
-#line 1706 "getdate.c"
+#line 1704 "getdate.c"
     break;
 
   case 43: /* relunit: tUNUMBER tMINUTE_UNIT  */
-#line 353 "getdate.y"
+#line 351 "getdate.y"
                                 {
 	    yyRelMinutes += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1714 "getdate.c"
+#line 1712 "getdate.c"
     break;
 
   case 44: /* relunit: tSNUMBER tMINUTE_UNIT  */
-#line 356 "getdate.y"
+#line 354 "getdate.y"
                                 {
 	    yyRelMinutes += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1722 "getdate.c"
+#line 1720 "getdate.c"
     break;
 
   case 45: /* relunit: tMINUTE_UNIT  */
-#line 359 "getdate.y"
+#line 357 "getdate.y"
                        {
-	    yyRelMinutes++;
+	    yyRelMinutes += (yyvsp[0].Number);
 	}
-#line 1730 "getdate.c"
+#line 1728 "getdate.c"
     break;
 
   case 46: /* relunit: tUNUMBER tSEC_UNIT  */
-#line 362 "getdate.y"
+#line 360 "getdate.y"
                              {
 	    yyRelSeconds += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1738 "getdate.c"
+#line 1736 "getdate.c"
     break;
 
   case 47: /* relunit: tSNUMBER tSEC_UNIT  */
-#line 365 "getdate.y"
+#line 363 "getdate.y"
                              {
 	    yyRelSeconds += (yyvsp[-1].Number) * (yyvsp[0].Number);
 	}
-#line 1746 "getdate.c"
+#line 1744 "getdate.c"
     break;
 
   case 48: /* relunit: tSEC_UNIT  */
-#line 368 "getdate.y"
+#line 366 "getdate.y"
                     {
-	    yyRelSeconds++;
+	    yyRelSeconds += (yyvsp[0].Number);
 	}
-#line 1754 "getdate.c"
+#line 1752 "getdate.c"
     break;
 
   case 49: /* number: tUNUMBER  */
-#line 374 "getdate.y"
+#line 372 "getdate.y"
           {
 	    if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0))
 	      yyYear = (yyvsp[0].Number);
@@ -1785,27 +1783,27 @@ yyreduce:
 		  }
 	      }
 	  }
-#line 1789 "getdate.c"
+#line 1787 "getdate.c"
     break;
 
   case 50: /* o_merid: %empty  */
-#line 407 "getdate.y"
+#line 405 "getdate.y"
           {
 	    (yyval.Meridian) = MER24;
 	  }
-#line 1797 "getdate.c"
+#line 1795 "getdate.c"
     break;
 
   case 51: /* o_merid: tMERIDIAN  */
-#line 411 "getdate.y"
+#line 409 "getdate.y"
           {
 	    (yyval.Meridian) = (yyvsp[0].Meridian);
 	  }
-#line 1805 "getdate.c"
+#line 1803 "getdate.c"
     break;
 
 
-#line 1809 "getdate.c"
+#line 1807 "getdate.c"
 
       default: break;
     }
@@ -1998,7 +1996,7 @@ yyreturnlab:
   return yyresult;
 }
 
-#line 416 "getdate.y"
+#line 414 "getdate.y"
 
 
 /* Month and day table. */
@@ -2158,7 +2156,7 @@ static TABLE const MilitaryTable[] = {
 
 
 
-static int yyerror (unused const char *s)
+static int yyerror (MAYBE_UNUSED const char *s)
 {
   return 0;
 }
@@ -2511,11 +2509,8 @@ time_t get_date (const char *p, const time_t *now)
 
 #if	defined (TEST)
 
-/* ARGSUSED */
 int
-main (ac, av)
-     int ac;
-     char *av[];
+main(void)
 {
   char buff[MAX_BUFF_LEN + 1];
   time_t d;
diff --git a/libmisc/getdate.h b/lib/getdate.h
index eae56f6..eae56f6 100644
--- a/libmisc/getdate.h
+++ b/lib/getdate.h
diff --git a/libmisc/getdate.y b/lib/getdate.y
index 0c07f74..8cea2cc 100644
--- a/libmisc/getdate.y
+++ b/lib/getdate.y
@@ -12,9 +12,6 @@
 
 #ifdef HAVE_CONFIG_H
 # include <config.h>
-# ifdef FORCE_ALLOCA_H
-#  include <alloca.h>
-# endif
 #endif
 
 /* Since the code of getdate.y is not included in the Emacs executable
@@ -31,6 +28,7 @@
 #include <ctype.h>
 #include <time.h>
 
+#include "attr.h"
 #include "getdate.h"
 
 #include <string.h>
@@ -321,7 +319,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelYear += $1 * $2;
 	}
 	| tYEAR_UNIT {
-	    yyRelYear++;
+	    yyRelYear += $1;
 	}
 	| tUNUMBER tMONTH_UNIT {
 	    yyRelMonth += $1 * $2;
@@ -330,7 +328,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMonth += $1 * $2;
 	}
 	| tMONTH_UNIT {
-	    yyRelMonth++;
+	    yyRelMonth += $1;
 	}
 	| tUNUMBER tDAY_UNIT {
 	    yyRelDay += $1 * $2;
@@ -339,7 +337,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelDay += $1 * $2;
 	}
 	| tDAY_UNIT {
-	    yyRelDay++;
+	    yyRelDay += $1;
 	}
 	| tUNUMBER tHOUR_UNIT {
 	    yyRelHour += $1 * $2;
@@ -348,7 +346,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelHour += $1 * $2;
 	}
 	| tHOUR_UNIT {
-	    yyRelHour++;
+	    yyRelHour += $1;
 	}
 	| tUNUMBER tMINUTE_UNIT {
 	    yyRelMinutes += $1 * $2;
@@ -357,7 +355,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMinutes += $1 * $2;
 	}
 	| tMINUTE_UNIT {
-	    yyRelMinutes++;
+	    yyRelMinutes += $1;
 	}
 	| tUNUMBER tSEC_UNIT {
 	    yyRelSeconds += $1 * $2;
@@ -366,7 +364,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelSeconds += $1 * $2;
 	}
 	| tSEC_UNIT {
-	    yyRelSeconds++;
+	    yyRelSeconds += $1;
 	}
 	;
 
@@ -572,7 +570,7 @@ static TABLE const MilitaryTable[] = {
 
 
 
-static int yyerror (unused const char *s)
+static int yyerror (MAYBE_UNUSED const char *s)
 {
   return 0;
 }
@@ -925,11 +923,8 @@ time_t get_date (const char *p, const time_t *now)
 
 #if	defined (TEST)
 
-/* ARGSUSED */
 int
-main (ac, av)
-     int ac;
-     char *av[];
+main(void)
 {
   char buff[MAX_BUFF_LEN + 1];
   time_t d;
diff --git a/lib/getdef.c b/lib/getdef.c
index dcd1fe7..30f54ba 100644
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -13,6 +13,7 @@
 
 #include "prototypes.h"
 #include "defines.h"
+#include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <ctype.h>
@@ -20,8 +21,14 @@
 #ifdef USE_ECONF
 #include <libeconf.h>
 #endif
+
+#include "alloc.h"
+#include "atoi/str2i.h"
 #include "getdef.h"
 #include "shadowlog_internal.h"
+#include "string/sprintf.h"
+
+
 /*
  * A configuration item definition.
  */
@@ -33,7 +40,6 @@ struct itemdef {
 #define PAMDEFS					\
 	{"CHFN_AUTH", NULL},			\
 	{"CHSH_AUTH", NULL},			\
-	{"CRACKLIB_DICTPATH", NULL},		\
 	{"ENV_HZ", NULL},			\
 	{"ENVIRON_FILE", NULL},			\
 	{"ENV_TZ", NULL},			\
@@ -132,10 +138,8 @@ static struct itemdef def_table[] = {
 #ifndef USE_PAM
 	PAMDEFS
 #endif
-#ifdef USE_SYSLOG
 	{"SYSLOG_SG_ENAB", NULL},
 	{"SYSLOG_SU_ENAB", NULL},
-#endif
 #ifdef WITH_TCB
 	{"TCB_AUTH_GROUP", NULL},
 	{"TCB_SYMLINKS", NULL},
@@ -173,7 +177,7 @@ static const char* def_fname = LOGINDEFS;	/* login config defs file       */
 static bool def_loaded = false;		/* are defs already loaded?     */
 
 /* local function prototypes */
-static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *);
+static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *, const char *);
 static void def_load (void);
 
 
@@ -192,8 +196,8 @@ static void def_load (void);
 		def_load ();
 	}
 
-	d = def_find (item);
-	return ((NULL == d)? (const char *) NULL : d->value);
+	d = def_find (item, NULL);
+	return (NULL == d) ? NULL : d->value;
 }
 
 
@@ -211,7 +215,7 @@ bool getdef_bool (const char *item)
 		def_load ();
 	}
 
-	d = def_find (item);
+	d = def_find (item, NULL);
 	if ((NULL == d) || (NULL == d->value)) {
 		return false;
 	}
@@ -237,21 +241,21 @@ int getdef_num (const char *item, int dflt)
 		def_load ();
 	}
 
-	d = def_find (item);
+	d = def_find (item, NULL);
 	if ((NULL == d) || (NULL == d->value)) {
 		return dflt;
 	}
 
-	if (   (getlong (d->value, &val) == 0)
+	if (   (str2sl(&val, d->value) == -1)
 	    || (val > INT_MAX)
-	    || (val < INT_MIN)) {
+	    || (val < -1)) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
 	}
 
-	return (int) val;
+	return val;
 }
 
 
@@ -272,12 +276,12 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
 		def_load ();
 	}
 
-	d = def_find (item);
+	d = def_find (item, NULL);
 	if ((NULL == d) || (NULL == d->value)) {
 		return dflt;
 	}
 
-	if (   (getlong (d->value, &val) == 0)
+	if (   (str2sl(&val, d->value) == -1)
 	    || (val < 0)
 	    || (val > INT_MAX)) {
 		fprintf (shadow_logfd,
@@ -286,7 +290,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
 		return dflt;
 	}
 
-	return (unsigned int) val;
+	return val;
 }
 
 
@@ -307,12 +311,12 @@ long getdef_long (const char *item, long dflt)
 		def_load ();
 	}
 
-	d = def_find (item);
+	d = def_find (item, NULL);
 	if ((NULL == d) || (NULL == d->value)) {
 		return dflt;
 	}
 
-	if (getlong (d->value, &val) == 0) {
+	if (str2sl(&val, d->value) == -1 || val < -1) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -339,12 +343,12 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
 		def_load ();
 	}
 
-	d = def_find (item);
+	d = def_find (item, NULL);
 	if ((NULL == d) || (NULL == d->value)) {
 		return dflt;
 	}
 
-	if (getulong (d->value, &val) == 0) {
+	if (str2ul(&val, d->value) == -1) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -359,7 +363,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
  * (also used when loading the initial defaults)
  */
 
-int putdef_str (const char *name, const char *value)
+int putdef_str (const char *name, const char *value, const char *srcfile)
 {
 	struct itemdef *d;
 	char *cp;
@@ -372,10 +376,9 @@ int putdef_str (const char *name, const char *value)
 	 * Locate the slot to save the value.  If this parameter
 	 * is unknown then "def_find" will print an err message.
 	 */
-	d = def_find (name);
-	if (NULL == d) {
+	d = def_find (name, srcfile);
+	if (NULL == d)
 		return -1;
-	}
 
 	/*
 	 * Save off the value.
@@ -399,9 +402,12 @@ int putdef_str (const char *name, const char *value)
  *
  * Search through a table of configurable items to locate the
  * specified configuration option.
+ *
+ * If srcfile is not NULL, and the item is not found, then report an error saying
+ * the unknown item was used in this file.
  */
 
-static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
+static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name, const char *srcfile)
 {
 	struct itemdef *ptr;
 
@@ -427,10 +433,11 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
 	fprintf (shadow_logfd,
 	         _("configuration error - unknown item '%s' (notify administrator)\n"),
 	         name);
-	SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
+	if (srcfile != NULL)
+		SYSLOG ((LOG_CRIT, "shadow: unknown configuration item '%s' in '%s'", name, srcfile));
 
 out:
-	return (struct itemdef *) NULL;
+	return NULL;
 }
 
 /*
@@ -442,21 +449,12 @@ out:
 void setdef_config_file (const char* file)
 {
 #ifdef USE_ECONF
-	size_t len;
-	char* cp;
-
-	len = strlen(file) + strlen(sysconfdir) + 2;
-	cp = malloc(len);
-	if (cp == NULL)
-		exit (13);
-	snprintf(cp, len, "%s/%s", file, sysconfdir);
+	char  *cp;
+
+	xasprintf(&cp, "%s/%s", file, sysconfdir);
 	sysconfdir = cp;
 #ifdef VENDORDIR
-	len = strlen(file) + strlen(vendordir) + 2;
-	cp = malloc(len);
-	if (cp == NULL)
-		exit (13);
-	snprintf(cp, len, "%s/%s", file, vendordir);
+	xasprintf(&cp, "%s/%s", file, vendordir);
 	vendordir = cp;
 #endif
 #else
@@ -470,18 +468,13 @@ void setdef_config_file (const char* file)
  * Loads the user-configured options from the default configuration file
  */
 
+#ifdef USE_ECONF
 static void def_load (void)
 {
-#ifdef USE_ECONF
 	econf_file *defs_file = NULL;
 	econf_err error;
 	char **keys;
 	size_t key_number;
-#else
-	int i;
-	FILE *fp;
-	char buf[1024], *name, *value, *s;
-#endif
 
 	/*
 	 * Set the initialized flag.
@@ -489,8 +482,6 @@ static void def_load (void)
 	 */
 	def_loaded = true;
 
-#ifdef USE_ECONF
-
 	error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
 	if (error) {
 		if (error == ECONF_NOFILE)
@@ -510,7 +501,12 @@ static void def_load (void)
 	for (size_t i = 0; i < key_number; i++) {
 		char *value;
 
-		econf_getStringValue(defs_file, NULL, keys[i], &value);
+		error = econf_getStringValue(defs_file, NULL, keys[i], &value);
+		if (error) {
+			SYSLOG ((LOG_CRIT, "failed reading key %zu from econf [%s]",
+				i, econf_errString(error)));
+			exit (EXIT_FAILURE);
+		}
 
 		/*
 		 * Store the value in def_table.
@@ -519,12 +515,27 @@ static void def_load (void)
 		 * The error was already reported to the user and to
 		 * syslog. The tools will just use their default values.
 		 */
-		(void)putdef_str (keys[i], value);
+		(void)putdef_str (keys[i], value, econf_getPath(defs_file));
+
+		free(value);
 	}
 
 	econf_free (keys);
 	econf_free (defs_file);
-#else
+}
+#else /* USE_ECONF */
+static void def_load (void)
+{
+	int i;
+	FILE *fp;
+	char buf[1024], *name, *value, *s;
+
+	/*
+	 * Set the initialized flag.
+	 * (do it early to prevent recursion in putdef_str())
+	 */
+	def_loaded = true;
+
 	/*
 	 * Open the configuration definitions file.
 	 */
@@ -542,12 +553,12 @@ static void def_load (void)
 	/*
 	 * Go through all of the lines in the file.
 	 */
-	while (fgets (buf, (int) sizeof (buf), fp) != NULL) {
+	while (fgets (buf, sizeof (buf), fp) != NULL) {
 
 		/*
 		 * Trim trailing whitespace.
 		 */
-		for (i = (int) strlen (buf) - 1; i >= 0; --i) {
+		for (i = (ptrdiff_t) strlen (buf) - 1; i >= 0; --i) {
 			if (!isspace (buf[i])) {
 				break;
 			}
@@ -577,7 +588,7 @@ static void def_load (void)
 		 * The error was already reported to the user and to
 		 * syslog. The tools will just use their default values.
 		 */
-		(void)putdef_str (name, value);
+		(void)putdef_str (name, value, def_fname);
 	}
 
 	if (ferror (fp) != 0) {
@@ -588,8 +599,8 @@ static void def_load (void)
 	}
 
 	(void) fclose (fp);
-#endif
 }
+#endif /* USE_ECONF */
 
 
 #ifdef CKDEFS
@@ -602,7 +613,7 @@ int main (int argc, char **argv)
 	def_load ();
 
 	for (i = 0; i < NUMDEFS; ++i) {
-		d = def_find (def_table[i].name);
+		d = def_find (def_table[i].name, NULL);
 		if (NULL == d) {
 			printf ("error - lookup '%s' failed\n",
 			        def_table[i].name);
diff --git a/lib/getdef.h b/lib/getdef.h
index 2bd3fc5..f55e28b 100644
--- a/lib/getdef.h
+++ b/lib/getdef.h
@@ -16,7 +16,7 @@ extern int getdef_num (const char *, int);
 extern unsigned long getdef_ulong (const char *, unsigned long);
 extern unsigned int getdef_unum (const char *, unsigned int);
 extern /*@observer@*/ /*@null@*/const char *getdef_str (const char *);
-extern int putdef_str (const char *, const char *);
+extern int putdef_str (const char *, const char *, const char *);
 extern void setdef_config_file (const char* file);
 
 /* default UMASK value if not specified in /etc/login.defs */
diff --git a/libmisc/getgr_nam_gid.c b/lib/getgr_nam_gid.c
index 5294f50..fd0c217 100644
--- a/libmisc/getgr_nam_gid.c
+++ b/lib/getgr_nam_gid.c
@@ -23,20 +23,20 @@
  */
 extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname)
 {
-	long long int gid;
-	char *endptr;
+	char       *end;
+	long long  gid;
 
 	if (NULL == grname) {
 		return NULL;
 	}
 
 	errno = 0;
-	gid = strtoll (grname, &endptr, 10);
+	gid = strtoll(grname, &end, 10);
 	if (   ('\0' != *grname)
-	    && ('\0' == *endptr)
-	    && (ERANGE != errno)
+	    && ('\0' == *end)
+	    && (0 == errno)
 	    && (/*@+longintegral@*/gid == (gid_t)gid)/*@=longintegral@*/) {
-		return xgetgrgid ((gid_t) gid);
+		return xgetgrgid (gid);
 	}
 	return xgetgrnam (grname);
 }
diff --git a/lib/getlong.c b/lib/getlong.c
deleted file mode 100644
index ec4aa54..0000000
--- a/lib/getlong.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <stdlib.h>
-#include <errno.h>
-#include "prototypes.h"
-
-/*
- * getlong - extract a long integer provided by the numstr string in *result
- *
- * It supports decimal, hexadecimal or octal representations.
- *
- * Returns 0 on failure, 1 on success.
- */
-int getlong (const char *numstr, /*@out@*/long int *result)
-{
-	long val;
-	char *endptr;
-
-	errno = 0;
-	val = strtol (numstr, &endptr, 0);
-	if (('\0' == *numstr) || ('\0' != *endptr) || (ERANGE == errno)) {
-		return 0;
-	}
-
-	*result = val;
-	return 1;
-}
-
diff --git a/lib/getrange.c b/lib/getrange.c
new file mode 100644
index 0000000..466e908
--- /dev/null
+++ b/lib/getrange.c
@@ -0,0 +1,71 @@
+// SPDX-FileCopyrightText: 2008, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#ident "$Id: $"
+
+#include <ctype.h>
+#include <stdlib.h>
+
+#include "atoi/a2i.h"
+#include "defines.h"
+#include "prototypes.h"
+
+
+/*
+ * Parse a range and indicate if the range is valid.
+ * Valid ranges are in the form:
+ *     <long>          -> min=max=long         has_min  has_max
+ *     -<long>         -> max=long            !has_min  has_max
+ *     <long>-         -> min=long             has_min !has_max
+ *     <long1>-<long2> -> min=long1 max=long2  has_min  has_max
+ */
+int
+getrange(const char *range,
+         unsigned long *min, bool *has_min,
+         unsigned long *max, bool *has_max)
+{
+	const char  *end;
+
+	if (NULL == range)
+		return -1;
+
+	*min = 0;
+	*has_min = false;
+	*has_max = false;
+
+	if ('-' == range[0]) {
+		end = range + 1;
+		goto parse_max;
+	}
+
+	if (a2ul(min, range, &end, 10, 0, ULONG_MAX) == -1 && errno != ENOTSUP)
+		return -1;
+	*has_min = true;
+
+	switch (*end++) {
+	case '\0':
+		*has_max = true;
+		*max = *min;
+		return 0;  /* <long> */
+
+	case '-':
+		if ('\0' == *end)
+			return 0;  /* <long>- */
+parse_max:
+		if (!isdigit((unsigned char) *end))
+			return -1;
+
+		if (a2ul(max, end, NULL, 10, *min, ULONG_MAX) == -1)
+			return -1;
+		*has_max = true;
+
+		return 0;  /* <long>-<long>, or -<long> */
+
+	default:
+		return -1;
+	}
+}
diff --git a/lib/gettime.c b/lib/gettime.c
new file mode 100644
index 0000000..c61c88c
--- /dev/null
+++ b/lib/gettime.c
@@ -0,0 +1,47 @@
+// SPDX-FileCopyrightText: 2017, Chris Lamb
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+
+#include "atoi/a2i.h"
+#include "defines.h"
+#include "prototypes.h"
+#include "shadowlog.h"
+
+
+/*
+ * gettime() returns the time as the number of seconds since the Epoch
+ *
+ * Like time(), gettime() returns the time as the number of seconds since the
+ * Epoch, 1970-01-01 00:00:00 +0000 (UTC), except that if the SOURCE_DATE_EPOCH
+ * environment variable is exported it will use that instead.
+ */
+/*@observer@*/time_t
+gettime(void)
+{
+	char    *source_date_epoch;
+	FILE    *shadow_logfd = log_get_logfd();
+	time_t  fallback, epoch;
+
+	fallback = time (NULL);
+	source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");
+
+	if (!source_date_epoch)
+		return fallback;
+
+	if (a2i(time_t, &epoch, source_date_epoch, NULL, 10, 0, fallback) == -1) {
+		fprintf(shadow_logfd,
+		        _("Environment variable $SOURCE_DATE_EPOCH: a2i(\"%s\"): %s"),
+		        source_date_epoch, strerror(errno));
+		return fallback;
+	}
+	return epoch;
+}
diff --git a/lib/getulong.c b/lib/getulong.c
deleted file mode 100644
index 33250e3..0000000
--- a/lib/getulong.c
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ident "$Id: getlong.c 2763 2009-04-23 09:57:03Z nekral-guest $"
-
-#include <stdlib.h>
-#include <errno.h>
-#include "prototypes.h"
-
-/*
- * getulong - extract an unsigned long integer provided by the numstr string in *result
- *
- * It supports decimal, hexadecimal or octal representations.
- *
- * Returns 0 on failure, 1 on success.
- */
-int getulong (const char *numstr, /*@out@*/unsigned long int *result)
-{
-	unsigned long int val;
-	char *endptr;
-
-	errno = 0;
-	val = strtoul (numstr, &endptr, 0);
-	if (    ('\0' == *numstr)
-	     || ('\0' != *endptr)
-	     || (ERANGE == errno)
-	   ) {
-		return 0;
-	}
-
-	*result = val;
-	return 1;
-}
-
diff --git a/lib/groupio.c b/lib/groupio.c
index 357a30e..7b9d45f 100644
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -15,12 +15,14 @@
 #include <assert.h>
 #include <stdio.h>
 
+#include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "commonio.h"
 #include "getdef.h"
 #include "groupio.h"
 
+
 static /*@null@*/struct commonio_entry *merge_group_entries (
 	/*@null@*/ /*@returned@*/struct commonio_entry *gr1,
 	/*@null@*/struct commonio_entry *gr2);
@@ -34,7 +36,8 @@ static /*@null@*/ /*@only@*/void *group_dup (const void *ent)
 	return __gr_dup (gr);
 }
 
-static void group_free (/*@out@*/ /*@only@*/void *ent)
+static void
+group_free(/*@only@*/void *ent)
 {
 	struct group *gr = ent;
 
@@ -50,7 +53,7 @@ static const char *group_getname (const void *ent)
 
 static void *group_parse (const char *line)
 {
-	return (void *) sgetgrent (line);
+	return sgetgrent (line);
 }
 
 static int group_put (const void *ent, FILE * file)
@@ -159,7 +162,7 @@ int gr_open (int mode)
 
 int gr_update (const struct group *gr)
 {
-	return commonio_update (&group_db, (const void *) gr);
+	return commonio_update (&group_db, gr);
 }
 
 int gr_remove (const char *name)
@@ -209,17 +212,25 @@ void __gr_del_entry (const struct commonio_entry *ent)
 
 static int gr_cmp (const void *p1, const void *p2)
 {
+	const struct commonio_entry *const *ce1;
+	const struct commonio_entry *const *ce2;
+	const struct group *g1, *g2;
 	gid_t u1, u2;
 
-	if ((*(struct commonio_entry **) p1)->eptr == NULL) {
+	ce1 = p1;
+	g1 = (*ce1)->eptr;
+	if (g1 == NULL) {
 		return 1;
 	}
-	if ((*(struct commonio_entry **) p2)->eptr == NULL) {
+
+	ce2 = p2;
+	g2 = (*ce2)->eptr;
+	if (g2 == NULL) {
 		return -1;
 	}
 
-	u1 = ((struct group *) (*(struct commonio_entry **) p1)->eptr)->gr_gid;
-	u2 = ((struct group *) (*(struct commonio_entry **) p2)->eptr)->gr_gid;
+	u1 = g1->gr_gid;
+	u2 = g2->gr_gid;
 
 	if (u1 < u2) {
 		return -1;
@@ -247,8 +258,8 @@ static int group_open_hook (void)
 
 	for (gr1 = group_db.head; NULL != gr1; gr1 = gr1->next) {
 		for (gr2 = gr1->next; NULL != gr2; gr2 = gr2->next) {
-			struct group *g1 = (struct group *)gr1->eptr;
-			struct group *g2 = (struct group *)gr2->eptr;
+			struct group *g1 = gr1->eptr;
+			struct group *g2 = gr2->eptr;
 			if (NULL != g1 &&
 			    NULL != g2 &&
 			    0 == strcmp (g1->gr_name, g2->gr_name) &&
@@ -291,32 +302,28 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 	/*@null@*/ /*@returned@*/struct commonio_entry *gr1,
 	/*@null@*/struct commonio_entry *gr2)
 {
-	struct group *gptr1;
-	struct group *gptr2;
-	char **new_members;
-	size_t members = 0;
-	char *new_line;
-	size_t new_line_len, i;
+	char          *new_line;
+	char          **new_members;
+	size_t        i;
+	size_t        members = 0;
+	struct group  *gptr1;
+	struct group  *gptr2;
+
 	if (NULL == gr2 || NULL == gr1) {
 		errno = EINVAL;
 		return NULL;
 	}
 
-	gptr1 = (struct group *)gr1->eptr;
-	gptr2 = (struct group *)gr2->eptr;
+	gptr1 = gr1->eptr;
+	gptr2 = gr2->eptr;
 	if (NULL == gptr2 || NULL == gptr1) {
 		errno = EINVAL;
 		return NULL;
 	}
 
 	/* Concatenate the 2 lines */
-	new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
-	new_line = (char *)malloc (new_line_len + 1);
-	if (NULL == new_line) {
-		errno = ENOMEM;
+	if (asprintf(&new_line, "%s\n%s", gr1->line, gr2->line) == -1)
 		return NULL;
-	}
-	snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
 
 	/* Concatenate the 2 list of members */
 	for (i=0; NULL != gptr1->gr_mem[i]; i++);
@@ -333,10 +340,9 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 			members++;
 		}
 	}
-	new_members = (char **)calloc ( (members+1), sizeof(char*) );
+	new_members = CALLOC (members + 1, char *);
 	if (NULL == new_members) {
-		free (new_line);
-		errno = ENOMEM;
+		free(new_line);
 		return NULL;
 	}
 	for (i=0; NULL != gptr1->gr_mem[i]; i++) {
@@ -377,7 +383,7 @@ static int split_groups (unsigned int max_members)
 	struct commonio_entry *gr;
 
 	for (gr = group_db.head; NULL != gr; gr = gr->next) {
-		struct group *gptr = (struct group *)gr->eptr;
+		struct group *gptr = gr->eptr;
 		struct commonio_entry *new;
 		struct group *new_gptr;
 		unsigned int members = 0;
@@ -395,9 +401,8 @@ static int split_groups (unsigned int max_members)
 			continue;
 		}
 
-		new = (struct commonio_entry *) malloc (sizeof *new);
+		new = MALLOC(1, struct commonio_entry);
 		if (NULL == new) {
-			errno = ENOMEM;
 			return 0;
 		}
 		new->eptr = group_dup(gr->eptr);
@@ -406,7 +411,7 @@ static int split_groups (unsigned int max_members)
 			errno = ENOMEM;
 			return 0;
 		}
-		new_gptr = (struct group *)new->eptr;
+		new_gptr = new->eptr;
 		new->line = NULL;
 		new->changed = true;
 
diff --git a/lib/groupmem.c b/lib/groupmem.c
index c858b72..69d4435 100644
--- a/lib/groupmem.c
+++ b/lib/groupmem.c
@@ -12,6 +12,8 @@
 
 #ident "$Id$"
 
+#include "alloc.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "groupio.h"
@@ -21,12 +23,11 @@
 	struct group *gr;
 	int i;
 
-	gr = (struct group *) malloc (sizeof *gr);
+	gr = CALLOC(1, struct group);
 	if (NULL == gr) {
 		return NULL;
 	}
 	/* The libc might define other fields. They won't be copied. */
-	memset (gr, 0, sizeof *gr);
 	gr->gr_gid = grent->gr_gid;
 	/*@-mustfreeonly@*/
 	gr->gr_name = strdup (grent->gr_name);
@@ -46,7 +47,7 @@
 	for (i = 0; grent->gr_mem[i]; i++);
 
 	/*@-mustfreeonly@*/
-	gr->gr_mem = (char **) malloc ((i + 1) * sizeof (char *));
+	gr->gr_mem = MALLOC(i + 1, char *);
 	/*@=mustfreeonly@*/
 	if (NULL == gr->gr_mem) {
 		gr_free(gr);
@@ -76,7 +77,8 @@ void gr_free_members (struct group *grent)
 	}
 }
 
-void gr_free (/*@out@*/ /*@only@*/struct group *grent)
+void
+gr_free(/*@only@*/struct group *grent)
 {
 	free (grent->gr_name);
 	if (NULL != grent->gr_passwd) {
@@ -86,33 +88,3 @@ void gr_free (/*@out@*/ /*@only@*/struct group *grent)
 	gr_free_members(grent);
 	free (grent);
 }
-
-bool gr_append_member(struct group *grp, char *member)
-{
-	int i;
-
-	if (NULL == grp->gr_mem || grp->gr_mem[0] == NULL) {
-		grp->gr_mem = (char **)malloc(2 * sizeof(char *));
-		if (!grp->gr_mem) {
-			return false;
-		}
-		grp->gr_mem[0] = strdup(member);
-		if (!grp->gr_mem[0]) {
-			return false;
-		}
-		grp->gr_mem[1] = NULL;
-		return true;
-	}
-
-	for (i = 0; grp->gr_mem[i]; i++) ;
-	grp->gr_mem = realloc(grp->gr_mem, (i + 2) * sizeof(char *));
-	if (NULL == grp->gr_mem) {
-		return false;
-	}
-	grp->gr_mem[i] = strdup(member);
-	if (NULL == grp->gr_mem[i]) {
-		return false;
-	}
-	grp->gr_mem[i + 1] = NULL;
-	return true;
-}
diff --git a/lib/gshadow.c b/lib/gshadow.c
index 2e12923..3c71bea 100644
--- a/lib/gshadow.c
+++ b/lib/gshadow.c
@@ -15,8 +15,12 @@
 #ident "$Id$"
 
 #include <stdio.h>
+#include <string.h>
+
+#include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
+
 static /*@null@*/FILE *shadow;
 static /*@null@*//*@only@*/char **members = NULL;
 static size_t nmembers = 0;
@@ -26,34 +30,6 @@ static struct sgrp sgroup;
 
 #define	FIELDS	4
 
-#ifdef	USE_NIS
-static bool nis_used;
-static bool nis_ignore;
-static enum { native, start, middle, native2 } nis_state;
-static bool nis_bound;
-static char *nis_domain;
-static char *nis_key;
-static int nis_keylen;
-static char *nis_val;
-static int nis_vallen;
-
-#define	IS_NISCHAR(c) ((c)=='+')
-#endif
-
-#ifdef	USE_NIS
-/*
- * bind_nis - bind to NIS server
- */
-
-static int bind_nis (void)
-{
-	if (yp_get_default_domain (&nis_domain))
-		return -1;
-
-	nis_bound = true;
-	return 0;
-}
-#endif
 
 static /*@null@*/char **build_list (char *s, char **list[], size_t * nlist)
 {
@@ -62,21 +38,16 @@ static /*@null@*/char **build_list (char *s, char **list[], size_t * nlist)
 
 	while (s != NULL && *s != '\0') {
 		size = (nelem + 1) * sizeof (ptr);
-		ptr = realloc (*list, size);
+		ptr = REALLOC(*list, size, char *);
 		if (NULL != ptr) {
-			ptr[nelem] = s;
+			ptr[nelem] = strsep(&s, ",");
 			nelem++;
 			*list = ptr;
 			*nlist = nelem;
-			s = strchr (s, ',');
-			if (NULL != s) {
-				*s = '\0';
-				s++;
-			}
 		}
 	}
 	size = (nelem + 1) * sizeof (ptr);
-	ptr = realloc (*list, size);
+	ptr = REALLOC(*list, size, char *);
 	if (NULL != ptr) {
 		ptr[nelem] = NULL;
 		*list = ptr;
@@ -86,9 +57,6 @@ static /*@null@*/char **build_list (char *s, char **list[], size_t * nlist)
 
 void setsgent (void)
 {
-#ifdef	USE_NIS
-	nis_state = native;
-#endif
 	if (NULL != shadow) {
 		rewind (shadow);
 	} else {
@@ -102,7 +70,7 @@ void endsgent (void)
 		(void) fclose (shadow);
 	}
 
-	shadow = (FILE *) 0;
+	shadow = NULL;
 }
 
 /*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *string)
@@ -116,7 +84,7 @@ void endsgent (void)
 	size_t len = strlen (string) + 1;
 
 	if (len > sgrbuflen) {
-		char *buf = (char *) realloc (sgrbuf, sizeof (char) * len);
+		char *buf = REALLOC(sgrbuf, len, char);
 		if (NULL == buf) {
 			return NULL;
 		}
@@ -124,8 +92,7 @@ void endsgent (void)
 		sgrbuflen = len;
 	}
 
-	strncpy (sgrbuf, string, len);
-	sgrbuf[len-1] = '\0';
+	strcpy (sgrbuf, string);
 
 	cp = strrchr (sgrbuf, '\n');
 	if (NULL != cp) {
@@ -137,30 +104,16 @@ void endsgent (void)
 	 * all 4 of them and save the starting addresses in fields[].
 	 */
 
-	for (cp = sgrbuf, i = 0; (i < FIELDS) && (NULL != cp); i++) {
-		fields[i] = cp;
-		cp = strchr (cp, ':');
-		if (NULL != cp) {
-			*cp++ = '\0';
-		}
-	}
+	for (cp = sgrbuf, i = 0; (i < FIELDS) && (NULL != cp); i++)
+		fields[i] = strsep(&cp, ":");
 
 	/*
 	 * If there was an extra field somehow, or perhaps not enough,
 	 * the line is invalid.
 	 */
 
-	if ((NULL != cp) || (i != FIELDS)) {
-#ifdef	USE_NIS
-		if (!IS_NISCHAR (fields[0][0])) {
-			return 0;
-		} else {
-			nis_used = true;
-		}
-#else
+	if (NULL != cp || i != FIELDS)
 		return 0;
-#endif
-	}
 
 	sgroup.sg_name = fields[0];
 	sgroup.sg_passwd = fields[1];
@@ -195,7 +148,7 @@ void endsgent (void)
 	char *cp;
 
 	if (0 == buflen) {
-		buf = (char *) malloc (BUFSIZ);
+		buf = MALLOC(BUFSIZ, char);
 		if (NULL == buf) {
 			return NULL;
 		}
@@ -206,17 +159,12 @@ void endsgent (void)
 		return NULL;
 	}
 
-#ifdef	USE_NIS
-	while (fgetsx (buf, (int) buflen, fp) == buf)
-#else
-	if (fgetsx (buf, (int) buflen, fp) == buf)
-#endif
-	{
+	if (fgetsx(buf, buflen, fp) == buf) {
 		while (   ((cp = strrchr (buf, '\n')) == NULL)
 		       && (feof (fp) == 0)) {
 			size_t len;
 
-			cp = (char *) realloc (buf, buflen*2);
+			cp = REALLOC(buf, buflen * 2, char);
 			if (NULL == cp) {
 				return NULL;
 			}
@@ -234,11 +182,6 @@ void endsgent (void)
 		if (NULL != cp) {
 			*cp = '\0';
 		}
-#ifdef	USE_NIS
-		if (nis_ignore && IS_NISCHAR (buf[0])) {
-			continue;
-		}
-#endif
 		return (sgetsgent (buf));
 	}
 	return NULL;
@@ -250,96 +193,10 @@ void endsgent (void)
 
 /*@observer@*//*@null@*/struct sgrp *getsgent (void)
 {
-#ifdef	USE_NIS
-	bool nis_1_group = false;
-	struct sgrp *val;
-#endif
 	if (NULL == shadow) {
 		setsgent ();
 	}
-
-#ifdef	USE_NIS
-      again:
-	/*
-	 * See if we are reading from the local file.
-	 */
-
-	if (nis_state == native || nis_state == native2) {
-
-		/*
-		 * Get the next entry from the shadow group file.  Return
-		 * NULL right away if there is none.
-		 */
-
-		val = fgetsgent (shadow);
-		if (NULL == val) {
-			return 0;
-		}
-
-		/*
-		 * If this entry began with a NIS escape character, we have
-		 * to see if this is just a single group, or if the entire
-		 * map is being asked for.
-		 */
-
-		if (IS_NISCHAR (val->sg_name[0])) {
-			if ('\0' != val->sg_name[1]) {
-				nis_1_group = true;
-			} else {
-				nis_state = start;
-			}
-		}
-
-		/*
-		 * If this isn't a NIS group and this isn't an escape to go
-		 * use a NIS map, it must be a regular local group.
-		 */
-
-		if (!nis_1_group && (nis_state != start)) {
-			return val;
-		}
-
-		/*
-		 * If this is an escape to use an NIS map, switch over to
-		 * that bunch of code.
-		 */
-
-		if (nis_state == start) {
-			goto again;
-		}
-
-		/*
-		 * NEEDSWORK.  Here we substitute pieces-parts of this entry.
-		 */
-
-		return 0;
-	} else {
-		if (!nis_bound) {
-			if (bind_nis ()) {
-				nis_state = native2;
-				goto again;
-			}
-		}
-		if (nis_state == start) {
-			if (yp_first (nis_domain, "gshadow.byname", &nis_key,
-				      &nis_keylen, &nis_val, &nis_vallen)) {
-				nis_state = native2;
-				goto again;
-			}
-			nis_state = middle;
-		} else if (nis_state == middle) {
-			if (yp_next (nis_domain, "gshadow.byname", nis_key,
-				     nis_keylen, &nis_key, &nis_keylen,
-				     &nis_val, &nis_vallen)) {
-				nis_state = native2;
-				goto again;
-			}
-		}
-		return sgetsgent (nis_val);
-	}
-#else
 	return (fgetsgent (shadow));
-#endif
 }
 
 /*
@@ -350,63 +207,13 @@ void endsgent (void)
 {
 	struct sgrp *sgrp;
 
-#ifdef	USE_NIS
-	static char save_name[16];
-	int nis_disabled = 0;
-#endif
-
 	setsgent ();
 
-#ifdef	USE_NIS
-	if (nis_used) {
-	      again:
-
-		/*
-		 * Search the gshadow.byname map for this group.
-		 */
-
-		if (!nis_bound) {
-			bind_nis ();
-		}
-
-		if (nis_bound) {
-			char *cp;
-
-			if (yp_match (nis_domain, "gshadow.byname", name,
-				      strlen (name), &nis_val,
-				      &nis_vallen) == 0) {
-				cp = strchr (nis_val, '\n');
-				if (NULL != cp) {
-					*cp = '\0';
-				}
-
-				nis_state = middle;
-				sgrp = sgetsgent (nis_val);
-				if (NULL != sgrp) {
-					strcpy (save_name, sgrp->sg_name);
-					nis_key = save_name;
-					nis_keylen = strlen (save_name);
-				}
-				return sgrp;
-			}
-		}
-		nis_state = native2;
-	}
-#endif
-#ifdef	USE_NIS
-	if (nis_used) {
-		nis_ignore = true;
-		nis_disabled = true;
-	}
-#endif
-	while ((sgrp = getsgent ()) != (struct sgrp *) 0) {
+	while ((sgrp = getsgent ()) != NULL) {
 		if (strcmp (name, sgrp->sg_name) == 0) {
 			break;
 		}
 	}
-#ifdef	USE_NIS
-	nis_ignore = false;
-#endif
 	return sgrp;
 }
 
@@ -437,7 +244,7 @@ int putsgent (const struct sgrp *sgrp, FILE * fp)
 		size += strlen (sgrp->sg_mem[i]) + 1;
 	}
 
-	buf = malloc (size);
+	buf = MALLOC(size, char);
 	if (NULL == buf) {
 		return -1;
 	}
@@ -502,5 +309,5 @@ int putsgent (const struct sgrp *sgrp, FILE * fp)
 	return 0;
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/*} SHADOWGRP */
diff --git a/libmisc/hushed.c b/lib/hushed.c
index 84b2f55..86c224f 100644
--- a/libmisc/hushed.c
+++ b/lib/hushed.c
@@ -18,6 +18,9 @@
 #include "defines.h"
 #include "prototypes.h"
 #include "getdef.h"
+#include "string/sprintf.h"
+
+
 /*
  * hushed - determine if a user receives login messages
  *
@@ -26,11 +29,11 @@
  */
 bool hushed (const char *username)
 {
-	struct passwd *pw;
-	const char *hushfile;
-	char buf[BUFSIZ];
-	bool found;
-	FILE *fp;
+	bool           found;
+	char           buf[BUFSIZ];
+	FILE           *fp;
+	const char     *hushfile;
+	struct passwd  *pw;
 
 	/*
 	 * Get the name of the file to use.  If this option is not
@@ -53,7 +56,7 @@ bool hushed (const char *username)
 	 */
 
 	if (hushfile[0] != '/') {
-		(void) snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
+		SNPRINTF(buf, "%s/%s", pw->pw_dir, hushfile);
 		return (access (buf, F_OK) == 0);
 	}
 
@@ -66,7 +69,7 @@ bool hushed (const char *username)
 	if (NULL == fp) {
 		return false;
 	}
-	for (found = false; !found && (fgets (buf, (int) sizeof buf, fp) == buf);) {
+	for (found = false; !found && (fgets (buf, sizeof buf, fp) == buf);) {
 		buf[strcspn (buf, "\n")] = '\0';
 		found = (strcmp (buf, pw->pw_shell) == 0) ||
 		        (strcmp (buf, pw->pw_name) == 0);
diff --git a/libmisc/idmapping.c b/lib/idmapping.c
index 30eb89f..56c72ea 100644
--- a/libmisc/idmapping.c
+++ b/lib/idmapping.c
@@ -11,13 +11,20 @@
 #include <limits.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <strings.h>
+
+#include "alloc.h"
+#include "atoi/str2i.h"
 #include "prototypes.h"
+#include "string/stpeprintf.h"
 #include "idmapping.h"
 #if HAVE_SYS_CAPABILITY_H
 #include <sys/prctl.h>
 #include <sys/capability.h>
 #endif
 #include "shadowlog.h"
+#include "sizeof.h"
+
 
 struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 {
@@ -29,21 +36,12 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 		return NULL;
 	}
 
-	if (ranges != ((argc + 2) / 3)) {
+	if (ranges * 3 != argc) {
 		fprintf(log_get_logfd(), "%s: ranges: %u is wrong for argc: %d\n", log_get_progname(), ranges, argc);
 		return NULL;
 	}
 
-	if ((ranges * 3) > argc) {
-		fprintf(log_get_logfd(), "ranges: %u argc: %d\n",
-			ranges, argc);
-		fprintf(log_get_logfd(),
-			_( "%s: Not enough arguments to form %u mappings\n"),
-			log_get_progname(), ranges);
-		return NULL;
-	}
-
-	mappings = calloc(ranges, sizeof(*mappings));
+	mappings = CALLOC(ranges, struct map_range);
 	if (!mappings) {
 		fprintf(log_get_logfd(), _( "%s: Memory allocation failure\n"),
 			log_get_progname());
@@ -53,15 +51,15 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 	/* Gather up the ranges from the command line */
 	mapping = mappings;
 	for (idx = 0, argidx = 0; idx < ranges; idx++, argidx += 3, mapping++) {
-		if (!getulong(argv[argidx + 0], &mapping->upper)) {
+		if (str2ul(&mapping->upper, argv[argidx + 0]) == -1) {
 			free(mappings);
 			return NULL;
 		}
-		if (!getulong(argv[argidx + 1], &mapping->lower)) {
+		if (str2ul(&mapping->lower, argv[argidx + 1]) == -1) {
 			free(mappings);
 			return NULL;
 		}
-		if (!getulong(argv[argidx + 2], &mapping->count)) {
+		if (str2ul(&mapping->count, argv[argidx + 2]) == -1) {
 			free(mappings);
 			return NULL;
 		}
@@ -99,7 +97,7 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
  *  8bytes --> 21 ascii estimated -> 18446744073709551616 (20 real)
  * 16bytes --> 39 ascii estimated -> 340282366920938463463374607431768211456 (39 real)
  */
-#define ULONG_DIGITS ((((sizeof(unsigned long) * CHAR_BIT) + 9)/10)*3)
+#define ULONG_DIGITS (((WIDTHOF(unsigned long) + 9)/10)*3)
 
 #if HAVE_SYS_CAPABILITY_H
 static inline bool maps_lower_root(int cap, int ranges, const struct map_range *mappings)
@@ -141,7 +139,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 	int idx;
 	const struct map_range *mapping;
 	size_t bufsize;
-	char *buf, *pos;
+	char *buf, *pos, *end;
 	int fd;
 
 #if HAVE_SYS_CAPABILITY_H
@@ -172,7 +170,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 	}
 
 	/* Lockdown new{g,u}idmap by dropping all unneeded capabilities. */
-	memset(data, 0, sizeof(data));
+	bzero(data, sizeof(data));
 	data[0].effective = CAP_TO_MASK(cap);
 	/*
 	 * When uid 0 from the ancestor userns is supposed to be mapped into
@@ -187,23 +185,22 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 	}
 #endif
 
-	bufsize = ranges * ((ULONG_DIGITS + 1) * 3);
-	pos = buf = xmalloc(bufsize);
+	bufsize = (ULONG_DIGITS + 1) * 3 * ranges + 1;
+	pos = buf = XMALLOC(bufsize, char);
+	end = buf + bufsize;
 
 	/* Build the mapping command */
 	mapping = mappings;
 	for (idx = 0; idx < ranges; idx++, mapping++) {
 		/* Append this range to the string that will be written */
-		int written = snprintf(pos, bufsize - (pos - buf),
-			"%lu %lu %lu\n",
-			mapping->upper,
-			mapping->lower,
-			mapping->count);
-		if ((written <= 0) || (written >= (bufsize - (pos - buf)))) {
-			fprintf(log_get_logfd(), _("%s: snprintf failed!\n"), log_get_progname());
-			exit(EXIT_FAILURE);
-		}
-		pos += written;
+		pos = stpeprintf(pos, end, "%lu %lu %lu\n",
+		                 mapping->upper,
+		                 mapping->lower,
+		                 mapping->count);
+	}
+	if (pos == end || pos == NULL) {
+		fprintf(log_get_logfd(), _("%s: stpeprintf failed!\n"), log_get_progname());
+		exit(EXIT_FAILURE);
 	}
 
 	/* Write the mapping to the mapping file */
@@ -213,11 +210,15 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
-	if (write(fd, buf, pos - buf) != (pos - buf)) {
+	if (write_full(fd, buf, pos - buf) == -1) {
 		fprintf(log_get_logfd(), _("%s: write to %s failed: %s\n"),
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
-	close(fd);
+	if (close(fd) != 0 && errno != EINTR) {
+		fprintf(log_get_logfd(), _("%s: closing %s failed: %s\n"),
+			log_get_progname(), map_file, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
 	free(buf);
 }
diff --git a/libmisc/idmapping.h b/lib/idmapping.h
index 46d4631..46d4631 100644
--- a/libmisc/idmapping.h
+++ b/lib/idmapping.h
diff --git a/libmisc/isexpired.c b/lib/isexpired.c
index ff20396..c275691 100644
--- a/libmisc/isexpired.c
+++ b/lib/isexpired.c
@@ -15,11 +15,13 @@
 #include <config.h>
 
 #include <sys/types.h>
-#include "prototypes.h"
-#include "defines.h"
 #include <pwd.h>
 #include <time.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "prototypes.h"
+
 #ident "$Id$"
 
 
@@ -38,9 +40,9 @@
  */
 int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 {
-	long now;
+	long  now;
 
-	now = (long) time ((time_t *) 0) / SCALE;
+	now = time(NULL) / DAY;
 
 	if (NULL == sp) {
 		return 0;
@@ -72,7 +74,8 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	if (   (sp->sp_lstchg > 0)
 	    && (sp->sp_max >= 0)
 	    && (sp->sp_inact >= 0)
-	    && (now >= (sp->sp_lstchg + sp->sp_max + sp->sp_inact))) {
+	    && (now >= addsl(sp->sp_lstchg, sp->sp_max, sp->sp_inact)))
+	{
 		return 2;
 	}
 
@@ -84,7 +87,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 	if (   (-1 == sp->sp_lstchg)
 	    || (-1 == sp->sp_max)
-	    || (sp->sp_max >= ((10000L * DAY) / SCALE))) {
+	    || (sp->sp_max >= 10000)) {
 		return 0;
 	}
 
@@ -94,9 +97,9 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	 * the password has expired.
 	 */
 
-	if (now >= (sp->sp_lstchg + sp->sp_max)) {
+	if (now >= addsl(sp->sp_lstchg, sp->sp_max))
 		return 1;
-	}
+
 	return 0;
 }
 
diff --git a/libmisc/limits.c b/lib/limits.c
index fea85fe..813c082 100644
--- a/libmisc/limits.c
+++ b/lib/limits.c
@@ -28,11 +28,12 @@
 #include <pwd.h>
 #include "getdef.h"
 #include "shadowlog.h"
-#ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
-#define LIMITS
-#endif
-#ifdef LIMITS
+
+#include "atoi/str2i.h"
+#include "memzero.h"
+
+
 #ifndef LIMITS_FILE
 #define LIMITS_FILE "/etc/limits"
 #endif
@@ -48,8 +49,10 @@ static int setrlimit_value (unsigned int resource,
                             const char *value,
                             unsigned int multiplier)
 {
-	struct rlimit rlim;
-	rlim_t limit;
+	char           *end;
+	long           l;
+	rlim_t         limit;
+	struct rlimit  rlim;
 
 	/* The "-" is special, not belonging to a strange negative limit.
 	 * It is infinity, in a controlled way.
@@ -58,23 +61,18 @@ static int setrlimit_value (unsigned int resource,
 		limit = RLIM_INFINITY;
 	}
 	else {
-		/* We cannot use getlong here because it fails when there
+		/* We cannot use str2sl() here because it fails when there
 		 * is more to the value than just this number!
 		 * Also, we are limited to base 10 here (hex numbers will not
 		 * work with the limit string parser as is anyway)
 		 */
-		char *endptr;
-		long longlimit = strtol (value, &endptr, 10);
-		if ((0 == longlimit) && (value == endptr)) {
-			/* No argument at all. No-op.
-			 * FIXME: We could instead throw an error, though.
-			 */
-			return 0;
-		}
-		longlimit *= multiplier;
-		limit = (rlim_t)longlimit;
-		if (longlimit != limit)
-		{
+		errno = 0;
+		l = strtol(value, &end, 10);
+
+		if (value == end || errno != 0)
+			return 0;  // FIXME: We could instead throw an error, though.
+
+		if (__builtin_mul_overflow(l, multiplier, &limit)) {
 			/* FIXME: Again, silent error handling...
 			 * Wouldn't screaming make more sense?
 			 */
@@ -95,11 +93,11 @@ static int set_prio (const char *value)
 {
 	long prio;
 
-	if (   (getlong (value, &prio) == 0)
+	if (   (str2sl(&prio, value) == -1)
 	    || (prio != (int) prio)) {
 		return 0;
 	}
-	if (setpriority (PRIO_PROCESS, 0, (int) prio) != 0) {
+	if (setpriority (PRIO_PROCESS, 0, prio) != 0) {
 		return LOGIN_ERROR_RLIMIT;
 	}
 	return 0;
@@ -108,14 +106,14 @@ static int set_prio (const char *value)
 
 static int set_umask (const char *value)
 {
-	unsigned long int mask;
+	unsigned long  mask;
 
-	if (   (getulong (value, &mask) == 0)
+	if (   (str2ul(&mask, value) == -1)
 	    || (mask != (mode_t) mask)) {
 		return 0;
 	}
 
-	(void) umask ((mode_t) mask);
+	(void) umask (mask);
 	return 0;
 }
 
@@ -123,14 +121,9 @@ static int set_umask (const char *value)
 /* Counts the number of user logins and check against the limit */
 static int check_logins (const char *name, const char *maxlogins)
 {
-#ifdef USE_UTMPX
-	struct utmpx *ut;
-#else				/* !USE_UTMPX */
-	struct utmp *ut;
-#endif				/* !USE_UTMPX */
 	unsigned long limit, count;
 
-	if (getulong (maxlogins, &limit) == 0) {
+	if (str2ul(&limit, maxlogins) == -1) {
 		return 0;
 	}
 
@@ -139,38 +132,8 @@ static int check_logins (const char *name, const char *maxlogins)
 		return LOGIN_ERROR_LOGIN;
 	}
 
-	count = 0;
-#ifdef USE_UTMPX
-	setutxent ();
-	while ((ut = getutxent ()))
-#else				/* !USE_UTMPX */
-	setutent ();
-	while ((ut = getutent ()))
-#endif				/* !USE_UTMPX */
-	{
-		if (USER_PROCESS != ut->ut_type) {
-			continue;
-		}
-		if ('\0' == ut->ut_user[0]) {
-			continue;
-		}
-		if (strncmp (name, ut->ut_user, sizeof (ut->ut_user)) != 0) {
-			continue;
-		}
-		count++;
-		if (count > limit) {
-			break;
-		}
-	}
-#ifdef USE_UTMPX
-	endutxent ();
-#else				/* !USE_UTMPX */
-	endutent ();
-#endif				/* !USE_UTMPX */
-	/*
-	 * This is called after setutmp(), so the number of logins counted
-	 * includes the user who is currently trying to log in.
-	 */
+	count = active_sessions_count(name, limit);
+
 	if (count > limit) {
 		SYSLOG ((LOG_WARN,
 		         "Too many logins (max %lu) for %s\n",
@@ -243,34 +206,26 @@ static int do_user_limits (const char *buf, const char *name)
 
 	while ('\0' != *pp) {
 		switch (*pp++) {
-#ifdef RLIMIT_AS
 		case 'a':
 		case 'A':
 			/* RLIMIT_AS - max address space (KB) */
 			retval |= setrlimit_value (RLIMIT_AS, pp, 1024);
 			break;
-#endif
-#ifdef RLIMIT_CORE
 		case 'c':
 		case 'C':
 			/* RLIMIT_CORE - max core file size (KB) */
 			retval |= setrlimit_value (RLIMIT_CORE, pp, 1024);
 			break;
-#endif
-#ifdef RLIMIT_DATA
 		case 'd':
 		case 'D':
 			/* RLIMIT_DATA - max data size (KB) */
 			retval |= setrlimit_value (RLIMIT_DATA, pp, 1024);
 			break;
-#endif
-#ifdef RLIMIT_FSIZE
 		case 'f':
 		case 'F':
 			/* RLIMIT_FSIZE - Maximum filesize (KB) */
 			retval |= setrlimit_value (RLIMIT_FSIZE, pp, 1024);
 			break;
-#endif
 #ifdef RLIMIT_NICE
 		case 'i':
 		case 'I':
@@ -294,13 +249,11 @@ static int do_user_limits (const char *buf, const char *name)
 			retval |= setrlimit_value (RLIMIT_MEMLOCK, pp, 1024);
 			break;
 #endif
-#ifdef RLIMIT_NOFILE
 		case 'n':
 		case 'N':
 			/* RLIMIT_NOFILE - max number of open files */
 			retval |= setrlimit_value (RLIMIT_NOFILE, pp, 1);
 			break;
-#endif
 #ifdef RLIMIT_RTPRIO
 		case 'o':
 		case 'O':
@@ -319,20 +272,16 @@ static int do_user_limits (const char *buf, const char *name)
 			retval |= setrlimit_value (RLIMIT_RSS, pp, 1024);
 			break;
 #endif
-#ifdef RLIMIT_STACK
 		case 's':
 		case 'S':
 			/* RLIMIT_STACK - max stack size (KB) */
 			retval |= setrlimit_value (RLIMIT_STACK, pp, 1024);
 			break;
-#endif
-#ifdef RLIMIT_CPU
 		case 't':
 		case 'T':
 			/* RLIMIT_CPU - max CPU time (MIN) */
 			retval |= setrlimit_value (RLIMIT_CPU, pp, 60);
 			break;
-#endif
 #ifdef RLIMIT_NPROC
 		case 'u':
 		case 'U':
@@ -409,11 +358,11 @@ static int setup_user_limits (const char *uname)
 	char tempbuf[1024];
 
 	/* init things */
-	memzero (buf, sizeof (buf));
-	memzero (name, sizeof (name));
-	memzero (limits, sizeof (limits));
-	memzero (deflimits, sizeof (deflimits));
-	memzero (tempbuf, sizeof (tempbuf));
+	MEMZERO(buf);
+	MEMZERO(name);
+	MEMZERO(limits);
+	MEMZERO(deflimits);
+	MEMZERO(tempbuf);
 
 	/* start the checks */
 	fil = fopen (LIMITS_FILE, "r");
@@ -430,7 +379,7 @@ static int setup_user_limits (const char *uname)
 		if (('#' == buf[0]) || ('\n' == buf[0])) {
 			continue;
 		}
-		memzero (tempbuf, sizeof (tempbuf));
+		MEMZERO(tempbuf);
 		/* a valid line should have a username, then spaces,
 		 * then limits
 		 * we allow the format:
@@ -479,7 +428,6 @@ static int setup_user_limits (const char *uname)
 	}
 	return do_user_limits (limits, uname);
 }
-#endif				/* LIMITS */
 
 
 static void setup_usergroups (const struct passwd *info)
@@ -523,7 +471,6 @@ void setup_limits (const struct passwd *info)
 	 */
 
 	if (getdef_bool ("QUOTAS_ENAB")) {
-#ifdef LIMITS
 		if (info->pw_uid != 0) {
 			if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) {
 				(void) fputs (_("Too many logins.\n"), log_get_logfd());
@@ -531,18 +478,18 @@ void setup_limits (const struct passwd *info)
 				exit (EXIT_FAILURE);
 			}
 		}
-#endif
 		for (cp = info->pw_gecos; cp != NULL; cp = strchr (cp, ',')) {
 			if (',' == *cp) {
 				cp++;
 			}
 
 			if (strncmp (cp, "pri=", 4) == 0) {
-				long int inc;
-				if (   (getlong (cp + 4, &inc) == 1)
+				long  inc;
+
+				if (   (str2sl(&inc, cp + 4) == 0)
 				    && (inc >= -20) && (inc <= 20)) {
 					errno = 0;
-					if (   (nice ((int) inc) != -1)
+					if (   (nice (inc) != -1)
 					    || (0 != errno)) {
 						continue;
 					}
@@ -556,10 +503,10 @@ void setup_limits (const struct passwd *info)
 				continue;
 			}
 			if (strncmp (cp, "ulimit=", 7) == 0) {
-				long int blocks;
-				if (   (getlong (cp + 7, &blocks) == 0)
+				long  blocks;
+				if (   (str2sl(&blocks, cp + 7) == -1)
 				    || (blocks != (int) blocks)
-				    || (set_filesize_limit ((int) blocks) != 0)) {
+				    || (set_filesize_limit (blocks) != 0)) {
 					SYSLOG ((LOG_WARN,
 					         "Can't set the ulimit for user %s",
 					         info->pw_name));
@@ -567,14 +514,15 @@ void setup_limits (const struct passwd *info)
 				continue;
 			}
 			if (strncmp (cp, "umask=", 6) == 0) {
-				unsigned long int mask;
-				if (   (getulong (cp + 6, &mask) == 0)
+				unsigned long  mask;
+
+				if (   (str2ul(&mask, cp + 6) == -1)
 				    || (mask != (mode_t) mask)) {
 					SYSLOG ((LOG_WARN,
 					         "Can't set umask value for user %s",
 					         info->pw_name));
 				} else {
-					(void) umask ((mode_t) mask);
+					(void) umask (mask);
 				}
 
 				continue;
@@ -584,6 +532,6 @@ void setup_limits (const struct passwd *info)
 }
 
 #else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !USE_PAM */
 
diff --git a/libmisc/list.c b/lib/list.c
index 9d7ec77..9fc6608 100644
--- a/libmisc/list.c
+++ b/lib/list.c
@@ -11,6 +11,8 @@
 #ident "$Id$"
 
 #include <assert.h>
+
+#include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 /*
@@ -20,7 +22,8 @@
  *	name, and if not present it is added to a freshly allocated
  *	list of users.
  */
-/*@only@*/ /*@out@*/char **add_list (/*@returned@*/ /*@only@*/char **list, const char *member)
+/*@only@*/char **
+add_list(/*@returned@*/ /*@only@*/char **list, const char *member)
 {
 	int i;
 	char **tmp;
@@ -33,7 +36,7 @@
 	 * pointer if it is present.
 	 */
 
-	for (i = 0; list[i] != (char *) 0; i++) {
+	for (i = 0; list[i] != NULL; i++) {
 		if (strcmp (list[i], member) == 0) {
 			return list;
 		}
@@ -44,7 +47,7 @@
 	 * old entries, and the new entries as well.
 	 */
 
-	tmp = (char **) xmalloc ((i + 2) * sizeof member);
+	tmp = XMALLOC(i + 2, char *);
 
 	/*
 	 * Copy the original list to the new list, then append the
@@ -52,12 +55,12 @@
 	 * is returned to the invoker.
 	 */
 
-	for (i = 0; list[i] != (char *) 0; i++) {
+	for (i = 0; list[i] != NULL; i++) {
 		tmp[i] = list[i];
 	}
 
 	tmp[i] = xstrdup (member);
-	tmp[i+1] = (char *) 0;
+	tmp[i+1] = NULL;
 
 	return tmp;
 }
@@ -70,7 +73,8 @@
  *	list of users.
  */
 
-/*@only@*/ /*@out@*/char **del_list (/*@returned@*/ /*@only@*/char **list, const char *member)
+/*@only@*/char **
+del_list(/*@returned@*/ /*@only@*/char **list, const char *member)
 {
 	int i, j;
 	char **tmp;
@@ -83,7 +87,7 @@
 	 * pointer if it is not present.
 	 */
 
-	for (i = j = 0; list[i] != (char *) 0; i++) {
+	for (i = j = 0; list[i] != NULL; i++) {
 		if (strcmp (list[i], member) != 0) {
 			j++;
 		}
@@ -98,7 +102,7 @@
 	 * old entries.
 	 */
 
-	tmp = (char **) xmalloc ((j + 1) * sizeof member);
+	tmp = XMALLOC(j + 1, char *);
 
 	/*
 	 * Copy the original list except the deleted members to the
@@ -106,14 +110,14 @@
 	 * is returned to the invoker.
 	 */
 
-	for (i = j = 0; list[i] != (char *) 0; i++) {
+	for (i = j = 0; list[i] != NULL; i++) {
 		if (strcmp (list[i], member) != 0) {
 			tmp[j] = list[i];
 			j++;
 		}
 	}
 
-	tmp[j] = (char *) 0;
+	tmp[j] = NULL;
 
 	return tmp;
 }
@@ -124,7 +128,8 @@
  * function with list of members, the list elements are not enforced to be
  * constant strings here.
  */
-/*@only@*/ /*@out@*/char **dup_list (char *const *list)
+/*@only@*/char **
+dup_list(char *const *list)
 {
 	int i;
 	char **tmp;
@@ -133,7 +138,7 @@
 
 	for (i = 0; NULL != list[i]; i++);
 
-	tmp = (char **) xmalloc ((i + 1) * sizeof (char *));
+	tmp = XMALLOC(i + 1, char *);
 
 	i = 0;
 	while (NULL != *list) {
@@ -142,7 +147,7 @@
 		list++;
 	}
 
-	tmp[i] = (char *) 0;
+	tmp[i] = NULL;
 	return tmp;
 }
 
@@ -210,14 +215,14 @@ bool is_on_list (char *const *list, const char *member)
 	 * Allocate the array we're going to store the pointers into.
 	 */
 
-	array = (char **) xmalloc (sizeof (char *) * i);
+	array = XMALLOC(i, char *);
 
 	/*
 	 * Empty list is special - 0 members, not 1 empty member.  --marekm
 	 */
 
 	if ('\0' == *members) {
-		*array = (char *) 0;
+		*array = NULL;
 		free (members);
 		return array;
 	}
@@ -227,18 +232,9 @@ bool is_on_list (char *const *list, const char *member)
 	 * array of pointers.
 	 */
 
-	for (cp = members, i = 0;; i++) {
-		array[i] = cp;
-		cp2 = strchr (cp, ',');
-		if (NULL != cp2) {
-			*cp2 = '\0';
-			cp2++;
-			cp = cp2;
-		} else {
-			array[i + 1] = (char *) 0;
-			break;
-		}
-	}
+	for (cp = members, i = 0; cp != NULL; i++)
+		array[i] = strsep(&cp, ",");
+	array[i] = NULL;
 
 	/*
 	 * Return the new array of pointers
diff --git a/lib/lockpw.c b/lib/lockpw.c
index aaa317f..15e7c8f 100644
--- a/lib/lockpw.c
+++ b/lib/lockpw.c
@@ -81,5 +81,5 @@ int ulckpwdf (void)
 	return (pw_unlock () && spw_unlock ())? 0 : -1;
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
diff --git a/libmisc/log.c b/lib/log.c
index a220be0..9f54d45 100644
--- a/libmisc/log.c
+++ b/lib/log.c
@@ -17,14 +17,18 @@
 #include <time.h>
 #include "defines.h"
 #include <lastlog.h>
+#include "memzero.h"
 #include "prototypes.h"
+#include "string/strncpy.h"
+#include "string/strtcpy.h"
+
 
 /*
  * dolastlog - create lastlog entry
  *
  *	A "last login" entry is created for the user being logged in.  The
  *	UID is extracted from the global (struct passwd) entry and the
- *	TTY information is gotten from the (struct utmp).
+ *	TTY information is gotten from the (struct utmpx).
  */
 void dolastlog (
 	struct lastlog *ll,
@@ -67,7 +71,7 @@ void dolastlog (
 	 * the way we read the old one in.
 	 */
 
-	if (read (fd, (void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog) {
+	if (read (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog) {
 		memzero (&newlog, sizeof newlog);
 	}
 	if (NULL != ll) {
@@ -77,17 +81,29 @@ void dolastlog (
 	ll_time = newlog.ll_time;
 	(void) time (&ll_time);
 	newlog.ll_time = ll_time;
-	strncpy (newlog.ll_line, line, sizeof (newlog.ll_line) - 1);
+	STRTCPY(newlog.ll_line, line);
 #if HAVE_LL_HOST
-	strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
+	STRNCPY(newlog.ll_host, host);
 #endif
 	if (   (lseek (fd, offset, SEEK_SET) != offset)
-	    || (write (fd, (const void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
-	    || (close (fd) != 0)) {
-		SYSLOG ((LOG_WARN,
-		         "Can't write lastlog entry for UID %lu in %s.",
-		         (unsigned long) pw->pw_uid, LASTLOG_FILE));
+	    || (write_full(fd, &newlog, sizeof newlog) == -1)) {
+		goto err_write;
+	}
+
+	if (close (fd) != 0 && errno != EINTR) {
+		goto err_close;
+	}
+
+	return;
+
+err_write:
+	{
+		int saved_errno = errno;
 		(void) close (fd);
+		errno = saved_errno;
 	}
+err_close:
+	SYSLOG ((LOG_WARN,
+	         "Can't write lastlog entry for UID %lu in %s: %m",
+	         (unsigned long) pw->pw_uid, LASTLOG_FILE));
 }
-
diff --git a/lib/logind.c b/lib/logind.c
new file mode 100644
index 0000000..ba7278f
--- /dev/null
+++ b/lib/logind.c
@@ -0,0 +1,52 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include "attr.h"
+#include "defines.h"
+#include "prototypes.h"
+
+#include <systemd/sd-login.h>
+
+int get_session_host (char **out)
+{
+    char *host = NULL;
+    char *session = NULL;
+    int ret;
+
+    ret = sd_pid_get_session (getpid(), &session);
+    if (ret < 0) {
+        return ret;
+    }
+    ret = sd_session_get_remote_host (session, &host);
+    if (ret < 0) {
+        goto done;
+    }
+
+    *out = host;
+
+done:
+    free (session);
+    return ret;
+}
+
+unsigned long active_sessions_count(const char *name, MAYBE_UNUSED unsigned long limit)
+{
+    struct passwd *pw;
+    unsigned long count = 0;
+
+    pw = prefix_getpwnam(name);
+    if (pw == NULL) {
+        return 0;
+    }
+
+    count = sd_uid_get_sessions(pw->pw_uid, 0, NULL);
+
+    return count;
+}
diff --git a/lib/loginprompt.c b/lib/loginprompt.c
new file mode 100644
index 0000000..9b2aa25
--- /dev/null
+++ b/lib/loginprompt.c
@@ -0,0 +1,111 @@
+/*
+ * SPDX-FileCopyrightText: 1989 - 1993, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz KÅ‚oczko
+ * SPDX-FileCopyrightText: 2008 - 2011, Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <assert.h>
+#include <stdio.h>
+#include <signal.h>
+
+#include "alloc.h"
+#include "attr.h"
+#include "memzero.h"
+#include "prototypes.h"
+#include "defines.h"
+#include "getdef.h"
+
+static void login_exit (MAYBE_UNUSED int sig)
+{
+	_exit (EXIT_FAILURE);
+}
+
+/*
+ * login_prompt - prompt the user for their login name
+ *
+ * login_prompt() displays the standard login prompt.  If ISSUE_FILE
+ * is set in login.defs, this file is displayed before the prompt.
+ */
+
+void login_prompt (char *name, int namesize)
+{
+	char buf[1024];
+
+	char *cp;
+	int i;
+	FILE *fp;
+	const char *fname = getdef_str ("ISSUE_FILE");
+
+	sighandler_t sigquit;
+	sighandler_t sigtstp;
+
+	/*
+	 * There is a small chance that a QUIT character will be part of
+	 * some random noise during a prompt.  Deal with this by exiting
+	 * instead of core dumping.  Do the same thing for SIGTSTP.
+	 */
+
+	sigquit = signal (SIGQUIT, login_exit);
+	sigtstp = signal (SIGTSTP, login_exit);
+
+	/*
+	 * See if the user has configured the issue file to
+	 * be displayed and display it before the prompt.
+	 */
+
+	if (NULL != fname) {
+		fp = fopen (fname, "r");
+		if (NULL != fp) {
+			while ((i = getc (fp)) != EOF) {
+				(void) putc (i, stdout);
+			}
+
+			(void) fclose (fp);
+		}
+	}
+	(void) gethostname (buf, sizeof buf);
+	printf (_("\n%s login: "), buf);
+	(void) fflush (stdout);
+
+	/*
+	 * Read the user's response.  The trailing newline will be
+	 * removed.
+	 */
+
+	MEMZERO(buf);
+	if (fgets (buf, sizeof buf, stdin) != buf) {
+		exit (EXIT_FAILURE);
+	}
+
+	cp = strchr (buf, '\n');
+	if (NULL == cp) {
+		exit (EXIT_FAILURE);
+	}
+	*cp = '\0';		/* remove \n [ must be there ] */
+
+	/*
+	 * Skip leading whitespace.  This makes "  username" work right.
+	 * Then copy the rest (up to the end) into the username.
+	 */
+
+	for (cp = buf; *cp == ' ' || *cp == '\t'; cp++);
+
+	for (i = 0; i < namesize - 1 && *cp != '\0'; name[i++] = *cp++);
+
+	name[i] = '\0';
+
+	/*
+	 * Set the SIGQUIT handler back to its original value
+	 */
+
+	(void) signal (SIGQUIT, sigquit);
+	(void) signal (SIGTSTP, sigtstp);
+}
+
diff --git a/libmisc/mail.c b/lib/mail.c
index 647f879..d14bdb1 100644
--- a/libmisc/mail.c
+++ b/lib/mail.c
@@ -15,7 +15,9 @@
 #include <stdio.h>
 #include <string.h>
 
+#include "alloc.h"
 #include "getdef.h"
+#include "string/sprintf.h"
 
 #ident "$Id$"
 
@@ -34,22 +36,18 @@ void mailcheck (void)
 	 */
 	mailbox = getenv ("MAILDIR");
 	if (NULL != mailbox) {
-		char *newmail;
-		size_t len = strlen (mailbox) + 5;
-		int wlen;
+		char  *newmail;
 
-		newmail = xmalloc (len);
-		wlen = snprintf (newmail, len, "%s/new", mailbox);
-		assert (wlen == (int) len - 1);
+		xasprintf(&newmail, "%s/new", mailbox);
 
 		if (stat (newmail, &statbuf) != -1 && statbuf.st_size != 0) {
 			if (statbuf.st_mtime > statbuf.st_atime) {
-				free (newmail);
+				free(newmail);
 				(void) puts (_("You have new mail."));
 				return;
 			}
 		}
-		free (newmail);
+		free(newmail);
 	}
 
 	mailbox = getenv ("MAIL");
diff --git a/lib/memzero.c b/lib/memzero.c
new file mode 100644
index 0000000..8979e5f
--- /dev/null
+++ b/lib/memzero.c
@@ -0,0 +1,17 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <stddef.h>
+
+#include "memzero.h"
+
+
+extern inline void memzero(void *ptr, size_t size);
+extern inline void strzero(char *s);
diff --git a/lib/memzero.h b/lib/memzero.h
new file mode 100644
index 0000000..1137e83
--- /dev/null
+++ b/lib/memzero.h
@@ -0,0 +1,49 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Christian Göttsche <cgzones@googlemail.com>
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIBMISC_MEMZERO_H_
+#define SHADOW_INCLUDE_LIBMISC_MEMZERO_H_
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+#include <strings.h>
+
+#include "sizeof.h"
+
+
+#define MEMZERO(arr)  memzero(arr, SIZEOF_ARRAY(arr))
+
+
+inline void memzero(void *ptr, size_t size);
+inline void strzero(char *s);
+
+
+inline void
+memzero(void *ptr, size_t size)
+{
+#if defined(HAVE_MEMSET_EXPLICIT)
+	memset_explicit(ptr, 0, size);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(ptr, size);
+#else
+	bzero(ptr, size);
+	__asm__ __volatile__ ("" : : "r"(ptr) : "memory");
+#endif
+}
+
+
+inline void
+strzero(char *s)
+{
+	memzero(s, strlen(s));
+}
+
+
+#endif  // include guard
diff --git a/libmisc/motd.c b/lib/motd.c
index 7f7e523..d1d5bf6 100644
--- a/libmisc/motd.c
+++ b/lib/motd.c
@@ -12,9 +12,11 @@
 #ident "$Id$"
 
 #include <stdio.h>
-#include "prototypes.h"
+
+#include "alloc.h"
 #include "defines.h"
 #include "getdef.h"
+#include "prototypes.h"
 /*
  * motd -- output the /etc/motd file
  *
diff --git a/lib/must_be.h b/lib/must_be.h
new file mode 100644
index 0000000..a7365cb
--- /dev/null
+++ b/lib/must_be.h
@@ -0,0 +1,99 @@
+/*
+ * SPDX-FileCopyrightText: 2019-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIBMISC_MUST_BE_H_
+#define SHADOW_INCLUDE_LIBMISC_MUST_BE_H_
+
+
+#include <config.h>
+
+#include <assert.h>
+
+
+/*
+ * SYNOPSIS
+ *	int must_be(bool e);
+ *
+ * ARGUMENTS
+ *	e	Expression to be asserted.
+ *
+ * DESCRIPTION
+ *	This macro fails compilation if 'e' is false.  If 'e' is true,
+ *	it returns (int) 0, so it doesn't affect the expression in which
+ *	it is contained.
+ *
+ *	This macro is similar to static_assert(3).  While
+ *	static_assert(3) can only be used where a statement is allowed,
+ *	this must_be() macro can be used wherever an expression is
+ *	allowed.
+ *
+ * RETURN VALUE
+ *	0
+ *
+ * ERRORS
+ *	If 'e' is false, the compilation will fail, as when using
+ *	static_assert(3).
+ *
+ * EXAMPLES
+ *	#define must_be_array(a)  must_be(is_array(a))
+ *
+ *	#define NITEMS(a)  (sizeof(a) / sizeof(*(a)) + must_be_array(a))
+ *
+ *	int foo[42];
+ *	int bar[NITEMS(foo)];
+ */
+
+
+#define must_be(e)                                                            \
+(                                                                             \
+	0 * (int) sizeof(                                                     \
+		struct {                                                      \
+			static_assert(e, "");                                 \
+			int ISO_C_forbids_a_struct_with_no_members_;          \
+		}                                                             \
+	)                                                                     \
+)
+
+
+/*
+ * SYNOPSIS
+ *	int must_be_array(a);
+ *
+ * ARGUMENTS
+ *	a	Array.
+ *
+ * DESCRIPTION
+ *	This macro fails compilation if 'a' is not an array.  It is
+ *	useful in macros that accept an array as a parameter, where this
+ *	macro can validate the macro argument.  It prevent passing a
+ *	pointer to such macros, which would otherwise produce silent
+ *	bugs.
+ *
+ * RETURN VALUE
+ *	0
+ *
+ * ERRORS
+ *	If 'a' is not an array, the compilation will fail.
+ *
+ * EXAMPLES
+ *	int a[10];
+ *	int *p;
+ *
+ *	must_be_array(a);  // Ok
+ *	must_be_array(p);  // Compile-time error
+ *
+ * SEE ALSO
+ *	must_be()
+ */
+
+
+#define is_same_type(a, b)    __builtin_types_compatible_p(a, b)
+#define is_same_typeof(a, b)  is_same_type(typeof(a), typeof(b))
+#define is_array(a)           (!is_same_typeof((a), &(a)[0]))
+#define must_be_array(a)      must_be(is_array(a))
+
+
+#endif  // include guard
diff --git a/libmisc/myname.c b/lib/myname.c
index 1b02617..1b02617 100644
--- a/libmisc/myname.c
+++ b/lib/myname.c
diff --git a/lib/nscd.c b/lib/nscd.c
index 2c2251a..451a5a3 100644
--- a/lib/nscd.c
+++ b/lib/nscd.c
@@ -53,6 +53,6 @@ int nscd_flush_cache (const char *service)
 	return 0;
 }
 #else				/* USE_NSCD */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* USE_NSCD */
 
diff --git a/lib/nss.c b/lib/nss.c
index 23d0518..779d825 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1,3 +1,5 @@
+#include <config.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <dlfcn.h>
@@ -6,10 +8,14 @@
 #include <strings.h>
 #include <ctype.h>
 #include <stdatomic.h>
+
+#include "alloc.h"
 #include "prototypes.h"
 #include "../libsubid/subid.h"
 #include "shadowlog_internal.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 #define NSSWITCH "/etc/nsswitch.conf"
 
@@ -40,10 +46,12 @@ static void nss_exit(void) {
 
 // nsswitch_path is an argument only to support testing.
 void nss_init(const char *nsswitch_path) {
-	FILE *nssfp = NULL;
-	char *line = NULL, *p, *token, *saveptr;
-	size_t len = 0;
-	FILE *shadow_logfd = log_get_logfd();
+	char    *line = NULL, *p, *token, *saveptr;
+	char    libname[64];
+	FILE    *nssfp = NULL;
+	FILE    *shadow_logfd = log_get_logfd();
+	void    *h;
+	size_t  len = 0;
 
 	if (atomic_flag_test_and_set(&nss_init_started)) {
 		// Another thread has started nss_init, wait for it to complete
@@ -59,82 +67,78 @@ void nss_init(const char *nsswitch_path) {
 	//   subid:	files
 	nssfp = fopen(nsswitch_path, "r");
 	if (!nssfp) {
+		if (errno != ENOENT)
+			fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
+
 		atomic_store(&nss_init_completed, true);
 		return;
 	}
-	while ((getline(&line, &len, nssfp)) != -1) {
-		if (line[0] == '\0' || line[0] == '#')
+	p = NULL;
+	while (getline(&line, &len, nssfp) != -1) {
+		if (line[0] == '#')
 			continue;
 		if (strlen(line) < 8)
 			continue;
 		if (strncasecmp(line, "subid:", 6) != 0)
 			continue;
 		p = &line[6];
-		while ((*p) && isspace(*p))
+		while (isspace(*p))
 			p++;
-		if (!*p)
-			continue;
-		for (token = strtok_r(p, " \n\t", &saveptr);
-		     token;
-		     token = strtok_r(NULL, " \n\t", &saveptr)) {
-			char libname[65];
-			void *h;
-			if (strcmp(token, "files") == 0) {
-				subid_nss = NULL;
-				goto done;
-			}
-			if (strlen(token) > 50) {
-				fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
-				fprintf(shadow_logfd, "Using files\n");
-				subid_nss = NULL;
-				goto done;
-			}
-			snprintf(libname, 64,  "libsubid_%s.so", token);
-			h = dlopen(libname, RTLD_LAZY);
-			if (!h) {
-				fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
-				fprintf(shadow_logfd, "Using files\n");
-				subid_nss = NULL;
-				goto done;
-			}
-			subid_nss = malloc(sizeof(*subid_nss));
-			if (!subid_nss) {
-				dlclose(h);
-				goto done;
-			}
-			subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
-			if (!subid_nss->has_range) {
-				fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
-				dlclose(h);
-				free(subid_nss);
-				subid_nss = NULL;
-				goto done;
-			}
-			subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
-			if (!subid_nss->list_owner_ranges) {
-				fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
-				dlclose(h);
-				free(subid_nss);
-				subid_nss = NULL;
-				goto done;
-			}
-			subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
-			if (!subid_nss->find_subid_owners) {
-				fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
-				dlclose(h);
-				free(subid_nss);
-				subid_nss = NULL;
-				goto done;
-			}
-			subid_nss->handle = h;
-			goto done;
-		}
+		if (*p != '\0')
+			break;
+		p = NULL;
+	}
+	if (p == NULL) {
+		goto null_subid;
+	}
+	token = strtok_r(p, " \n\t", &saveptr);
+	if (token == NULL) {
 		fprintf(shadow_logfd, "No usable subid NSS module found, using files\n");
 		// subid_nss has to be null here, but to ease reviews:
-		free(subid_nss);
-		subid_nss = NULL;
-		goto done;
+		goto null_subid;
 	}
+	if (strcmp(token, "files") == 0) {
+		goto null_subid;
+	}
+	if (strlen(token) > 50) {
+		fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
+		fprintf(shadow_logfd, "Using files\n");
+		goto null_subid;
+	}
+	SNPRINTF(libname, "libsubid_%s.so", token);
+	h = dlopen(libname, RTLD_LAZY);
+	if (!h) {
+		fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
+		fprintf(shadow_logfd, "Using files\n");
+		goto null_subid;
+	}
+	subid_nss = MALLOC(1, struct subid_nss_ops);
+	if (!subid_nss) {
+		goto close_lib;
+	}
+	subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
+	if (!subid_nss->has_range) {
+		fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
+		goto close_lib;
+	}
+	subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
+	if (!subid_nss->list_owner_ranges) {
+		fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
+		goto close_lib;
+	}
+	subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
+	if (!subid_nss->find_subid_owners) {
+		fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
+		goto close_lib;
+	}
+	subid_nss->handle = h;
+	goto done;
+
+close_lib:
+	dlclose(h);
+	free(subid_nss);
+null_subid:
+	subid_nss = NULL;
 
 done:
 	atomic_store(&nss_init_completed, true);
diff --git a/libmisc/obscure.c b/lib/obscure.c
index 3daaa95..549c2a8 100644
--- a/libmisc/obscure.c
+++ b/lib/obscure.c
@@ -9,25 +9,27 @@
 
 #include <config.h>
 
-#ifndef USE_PAM
-
 #ident "$Id$"
 
 
-/*
- * This version of obscure.c contains modifications to support "cracklib"
- * by Alec Muffet (alec.muffett@uk.sun.com).  You must obtain the Cracklib
- * library source code for this function to operate.
- */
 #include <ctype.h>
 #include <stdio.h>
+
+#include "alloc.h"
+#include "attr.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
+
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
+
 /*
  * can't be a palindrome - like `R A D A R' or `M A D A M'
  */
-static bool palindrome (unused const char *old, const char *new)
+static bool palindrome (MAYBE_UNUSED const char *old, const char *new)
 {
 	size_t i, j;
 
@@ -73,57 +75,6 @@ static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new)
 	return true;
 }
 
-/*
- * a nice mix of characters.
- */
-
-static bool simple (unused const char *old, const char *new)
-{
-	bool digits = false;
-	bool uppers = false;
-	bool lowers = false;
-	bool others = false;
-	int size;
-	int i;
-
-	for (i = 0; '\0' != new[i]; i++) {
-		if (isdigit (new[i])) {
-			digits = true;
-		} else if (isupper (new[i])) {
-			uppers = true;
-		} else if (islower (new[i])) {
-			lowers = true;
-		} else {
-			others = true;
-		}
-	}
-
-	/*
-	 * The scam is this - a password of only one character type
-	 * must be 8 letters long.  Two types, 7, and so on.
-	 */
-
-	size = 9;
-	if (digits) {
-		size--;
-	}
-	if (uppers) {
-		size--;
-	}
-	if (lowers) {
-		size--;
-	}
-	if (others) {
-		size--;
-	}
-
-	if (size <= i) {
-		return false;
-	}
-
-	return true;
-}
-
 static char *str_lower (/*@returned@*/char *string)
 {
 	char *cp;
@@ -137,28 +88,18 @@ static char *str_lower (/*@returned@*/char *string)
 static /*@observer@*//*@null@*/const char *password_check (
 	/*@notnull@*/const char *old,
 	/*@notnull@*/const char *new,
-	/*@notnull@*/const struct passwd *pwdp)
+	/*@notnull@*/MAYBE_UNUSED const struct passwd *pwdp)
 {
 	const char *msg = NULL;
 	char *oldmono, *newmono, *wrapped;
 
-#ifdef HAVE_LIBCRACK
-	char *dictpath;
-
-#ifdef HAVE_LIBCRACK_PW
-	char *FascistCheckPw ();
-#else
-	char *FascistCheck ();
-#endif
-#endif
-
 	if (strcmp (new, old) == 0) {
 		return _("no change");
 	}
 
 	newmono = str_lower (xstrdup (new));
 	oldmono = str_lower (xstrdup (old));
-	wrapped = xmalloc (strlen (oldmono) * 2 + 1);
+	wrapped = XMALLOC(strlen(oldmono) * 2 + 1, char);
 	strcpy (wrapped, oldmono);
 	strcat (wrapped, oldmono);
 
@@ -168,25 +109,8 @@ static /*@observer@*//*@null@*/const char *password_check (
 		msg = _("case changes only");
 	} else if (similar (oldmono, newmono)) {
 		msg = _("too similar");
-	} else if (simple (old, new)) {
-		msg = _("too simple");
 	} else if (strstr (wrapped, newmono) != NULL) {
 		msg = _("rotated");
-	} else {
-#ifdef HAVE_LIBCRACK
-		/*
-		 * Invoke Alec Muffett's cracklib routines.
-		 */
-
-		dictpath = getdef_str ("CRACKLIB_DICTPATH");
-		if (NULL != dictpath) {
-#ifdef HAVE_LIBCRACK_PW
-			msg = FascistCheckPw (new, dictpath, pwdp);
-#else
-			msg = FascistCheck (new, dictpath);
-#endif
-		}
-#endif
 	}
 	strzero (newmono);
 	strzero (oldmono);
@@ -257,7 +181,7 @@ static /*@observer@*//*@null@*/const char *obscure_msg (
 		}
 
 	}
-	maxlen = (size_t) getdef_num ("PASS_MAX_LEN", 8);
+	maxlen = getdef_num ("PASS_MAX_LEN", 8);
 	if (   (oldlen <= maxlen)
 	    && (newlen <= maxlen)) {
 		return NULL;
@@ -274,10 +198,8 @@ static /*@observer@*//*@null@*/const char *obscure_msg (
 
 	msg = password_check (old1, new1, pwdp);
 
-	memzero (new1, newlen);
-	memzero (old1, oldlen);
-	free (new1);
-	free (old1);
+	freezero (new1, newlen);
+	freezero (old1, oldlen);
 
 	return msg;
 }
@@ -300,7 +222,3 @@ bool obscure (const char *old, const char *new, const struct passwd *pwdp)
 	}
 	return true;
 }
-
-#else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
-#endif				/* !USE_PAM */
diff --git a/lib/pam_defs.h b/lib/pam_defs.h
index 2dcda3c..dd016e5 100644
--- a/lib/pam_defs.h
+++ b/lib/pam_defs.h
@@ -15,7 +15,7 @@
 #endif
 
 
-static struct pam_conv conv = {
+static const struct pam_conv conv = {
 	SHADOW_PAM_CONVERSATION,
 	NULL
 };
diff --git a/libmisc/pam_pass.c b/lib/pam_pass.c
index 166a42e..ff49173 100644
--- a/libmisc/pam_pass.c
+++ b/lib/pam_pass.c
@@ -55,5 +55,5 @@ void do_pam_passwd (const char *user, bool silent, bool change_expired)
 	(void) pam_end (pamh, PAM_SUCCESS);
 }
 #else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !USE_PAM */
diff --git a/libmisc/pam_pass_non_interactive.c b/lib/pam_pass_non_interactive.c
index 34cdc1f..3d10908 100644
--- a/libmisc/pam_pass_non_interactive.c
+++ b/lib/pam_pass_non_interactive.c
@@ -13,7 +13,13 @@
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <strings.h>
+
 #include <security/pam_appl.h>
+
+#include "alloc.h"
+#include "attr.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "shadowlog.h"
 
@@ -21,7 +27,7 @@
 static int ni_conv (int num_msg,
                     const struct pam_message **msg,
                     struct pam_response **resp,
-                    unused void *appdata_ptr);
+                    MAYBE_UNUSED void *appdata_ptr);
 static const struct pam_conv non_interactive_pam_conv = {
 	ni_conv,
 	NULL
@@ -32,7 +38,7 @@ static const struct pam_conv non_interactive_pam_conv = {
 static int ni_conv (int num_msg,
                     const struct pam_message **msg,
                     struct pam_response **resp,
-                    unused void *appdata_ptr)
+                    MAYBE_UNUSED void *appdata_ptr)
 {
 	struct pam_response *responses;
 	int count;
@@ -43,8 +49,7 @@ static int ni_conv (int num_msg,
 		return PAM_CONV_ERR;
 	}
 
-	responses = (struct pam_response *) calloc ((size_t) num_msg,
-	                                            sizeof (*responses));
+	responses = CALLOC (num_msg, struct pam_response);
 	if (NULL == responses) {
 		return PAM_CONV_ERR;
 	}
@@ -93,9 +98,8 @@ static int ni_conv (int num_msg,
 failed_conversation:
 	for (count=0; count < num_msg; count++) {
 		if (NULL != responses[count].resp) {
-			memset (responses[count].resp, 0,
-			        strlen (responses[count].resp));
-			free (responses[count].resp);
+			strzero(responses[count].resp);
+			free(responses[count].resp);
 			responses[count].resp = NULL;
 		}
 	}
@@ -141,5 +145,5 @@ int do_pam_passwd_non_interactive (const char *pam_service,
 	return ((PAM_SUCCESS == ret) ? 0 : 1);
 }
 #else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !USE_PAM */
diff --git a/lib/port.c b/lib/port.c
index 0bea2ef..60ff898 100644
--- a/lib/port.c
+++ b/lib/port.c
@@ -79,7 +79,7 @@ static void endportent (void)
 		(void) fclose (ports);
 	}
 
-	ports = (FILE *) 0;
+	ports = NULL;
 }
 
 /*
@@ -127,14 +127,14 @@ static struct port *getportent (void)
 	 *      - parse off a list of days and times
 	 */
 
-      again:
+again:
 
 	/*
-	 * Get the next line and remove the last character, which
-	 * is a '\n'.  Lines which begin with '#' are all ignored.
+	 * Get the next line and remove optional trailing '\n'.
+	 * Lines which begin with '#' are all ignored.
 	 */
 
-	if (fgets (buf, (int) sizeof buf, ports) == 0) {
+	if (fgets (buf, sizeof buf, ports) == 0) {
 		errno = saveerr;
 		return 0;
 	}
@@ -149,18 +149,14 @@ static struct port *getportent (void)
 	 * TTY devices.
 	 */
 
-	buf[strlen (buf) - 1] = 0;
+	buf[strcspn (buf, "\n")] = 0;
 
 	port.pt_names = ttys;
 	for (cp = buf, j = 0; j < PORT_TTY; j++) {
 		port.pt_names[j] = cp;
-		while (('\0' != *cp) && (':' != *cp) && (',' != *cp)) {
-			cp++;
-		}
-
-		if ('\0' == *cp) {
+		cp = strpbrk(cp, ":,");
+		if (cp == NULL)
 			goto again;	/* line format error */
-		}
 
 		if (':' == *cp) {	/* end of tty name list */
 			break;
@@ -172,13 +168,13 @@ static struct port *getportent (void)
 	}
 	*cp = '\0';
 	cp++;
-	port.pt_names[j + 1] = (char *) 0;
+	port.pt_names[j] = NULL;
 
 	/*
 	 * Get the list of user names.  It is the second colon
 	 * separated field, and is a comma separated list of user
 	 * names.  The entry '*' is used to specify all usernames.
-	 * The last entry in the list is a (char *) 0 pointer.
+	 * The last entry in the list is a NULL pointer.
 	 */
 
 	if (':' != *cp) {
@@ -243,9 +239,7 @@ static struct port *getportent (void)
 		 * week or the other two values.
 		 */
 
-		for (i = 0;
-		     ('\0' != cp[i]) && ('\0' != cp[i + 1]) && isalpha (cp[i]);
-		     i += 2) {
+		for (i = 0; isalpha(cp[i]) && ('\0' != cp[i + 1]); i += 2) {
 			switch ((cp[i] << 8) | (cp[i + 1])) {
 			case ('S' << 8) | 'u':
 				port.pt_times[j].t_days |= 01;
@@ -294,7 +288,7 @@ static struct port *getportent (void)
 		 * representing the times of day.
 		 */
 
-		for (dtime = 0; ('\0' != cp[i]) && isdigit (cp[i]); i++) {
+		for (dtime = 0; isdigit (cp[i]); i++) {
 			dtime = dtime * 10 + cp[i] - '0';
 		}
 
@@ -304,9 +298,7 @@ static struct port *getportent (void)
 		port.pt_times[j].t_start = dtime;
 		cp = cp + i + 1;
 
-		for (dtime = 0, i = 0;
-		     ('\0' != cp[i]) && isdigit (cp[i]);
-		     i++) {
+		for (dtime = 0, i = 0; isdigit (cp[i]); i++) {
 			dtime = dtime * 10 + cp[i] - '0';
 		}
 
diff --git a/libmisc/prefix_flag.c b/lib/prefix_flag.c
index 4eb5154..bba7102 100644
--- a/libmisc/prefix_flag.c
+++ b/lib/prefix_flag.c
@@ -11,7 +11,9 @@
 
 #include <stdio.h>
 #include <assert.h>
+
 #include "defines.h"
+#include "alloc.h"
 #include "prototypes.h"
 /*@-exitarg@*/
 #include "exitcodes.h"
@@ -26,6 +28,8 @@
 #endif				/* ENABLE_SUBIDS */
 #include "getdef.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 static char *passwd_db_file = NULL;
 static char *spw_db_file = NULL;
@@ -83,6 +87,15 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
 
 
 	if (prefix != NULL) {
+		/* Drop privileges */
+		if (   (setregid (getgid (), getgid ()) != 0)
+		    || (setreuid (getuid (), getuid ()) != 0)) {
+			fprintf (log_get_logfd(),
+			         _("%s: failed to drop privileges (%s)\n"),
+			         log_get_progname(), strerror (errno));
+			exit (EXIT_FAILURE);
+		}
+
 		if ( prefix[0] == '\0' || !strcmp(prefix, "/"))
 			return ""; /* if prefix is "/" then we ignore the flag option */
 		/* should we prevent symbolic link from being used as a prefix? */
@@ -93,50 +106,33 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
 				 log_get_progname());
 			exit (E_BAD_ARG);
 		}
-		size_t len;
-		len = strlen(prefix) + strlen(PASSWD_FILE) + 2;
-		passwd_db_file = xmalloc(len);
-		snprintf(passwd_db_file, len, "%s/%s", prefix, PASSWD_FILE);
+
+		xasprintf(&passwd_db_file, "%s/%s", prefix, PASSWD_FILE);
 		pw_setdbname(passwd_db_file);
 
-		len = strlen(prefix) + strlen(GROUP_FILE) + 2;
-		group_db_file = xmalloc(len);
-		snprintf(group_db_file, len, "%s/%s", prefix, GROUP_FILE);
+		xasprintf(&group_db_file, "%s/%s", prefix, GROUP_FILE);
 		gr_setdbname(group_db_file);
 
 #ifdef  SHADOWGRP
-		len = strlen(prefix) + strlen(SGROUP_FILE) + 2;
-		sgroup_db_file = xmalloc(len);
-		snprintf(sgroup_db_file, len, "%s/%s", prefix, SGROUP_FILE);
+		xasprintf(&sgroup_db_file, "%s/%s", prefix, SGROUP_FILE);
 		sgr_setdbname(sgroup_db_file);
 #endif
-#ifdef	USE_NIS
-		__setspNIS(0); /* disable NIS for now, at least until it is properly supporting a "prefix" */
-#endif
 
-		len = strlen(prefix) + strlen(SHADOW_FILE) + 2;
-		spw_db_file = xmalloc(len);
-		snprintf(spw_db_file, len, "%s/%s", prefix, SHADOW_FILE);
+		xasprintf(&spw_db_file, "%s/%s", prefix, SHADOW_FILE);
 		spw_setdbname(spw_db_file);
 
 #ifdef ENABLE_SUBIDS
-		len = strlen(prefix) + strlen("/etc/subuid") + 2;
-		suid_db_file = xmalloc(len);
-		snprintf(suid_db_file, len, "%s/%s", prefix, "/etc/subuid");
+		xasprintf(&suid_db_file, "%s/%s", prefix, SUBUID_FILE);
 		sub_uid_setdbname(suid_db_file);
 
-		len = strlen(prefix) + strlen("/etc/subgid") + 2;
-		sgid_db_file = xmalloc(len);
-		snprintf(sgid_db_file, len, "%s/%s", prefix, "/etc/subgid");
+		xasprintf(&sgid_db_file, "%s/%s", prefix, SUBGID_FILE);
 		sub_gid_setdbname(sgid_db_file);
 #endif
 
 #ifdef USE_ECONF
 		setdef_config_file(prefix);
 #else
-		len = strlen(prefix) + strlen("/etc/login.defs") + 2;
-		def_conf_file = xmalloc(len);
-		snprintf(def_conf_file, len, "%s/%s", prefix, "/etc/login.defs");
+		xasprintf(&def_conf_file, "%s/%s", prefix, "/etc/login.defs");
 		setdef_config_file(def_conf_file);
 #endif
 	}
@@ -227,6 +223,29 @@ extern struct passwd *prefix_getpwnam(const char* name)
 		return getpwnam(name);
 	}
 }
+#if HAVE_FGETPWENT_R
+extern int prefix_getpwnam_r(const char* name, struct passwd* pwd,
+                             char* buf, size_t buflen, struct passwd** result)
+{
+	if (passwd_db_file) {
+		FILE* fg;
+		int ret = 0;
+
+		fg = fopen(passwd_db_file, "rt");
+		if (!fg)
+			return errno;
+		while ((ret = fgetpwent_r(fg, pwd, buf, buflen, result)) == 0) {
+			if (!strcmp(name, pwd->pw_name))
+				break;
+		}
+		fclose(fg);
+		return ret;
+	}
+	else {
+		return getpwnam_r(name, pwd, buf, buflen, result);
+	}
+}
+#endif
 extern struct spwd *prefix_getspnam(const char* name)
 {
 	if (spw_db_file) {
@@ -315,26 +334,27 @@ extern void prefix_endgrent(void)
 
 extern struct group *prefix_getgr_nam_gid(const char *grname)
 {
-	long long int gid;
-	char *endptr;
-	struct group *g;
+	char          *end;
+	long long     gid;
+	struct group  *g;
 
 	if (NULL == grname) {
 		return NULL;
 	}
 
-	if (group_db_file) {
-		errno = 0;
-		gid = strtoll (grname, &endptr, 10);
-		if (   ('\0' != *grname)
-	    	&& ('\0' == *endptr)
-	    	&& (ERANGE != errno)
-	    	&& (gid == (gid_t)gid)) {
-			return prefix_getgrgid ((gid_t) gid);
-		}
-		g = prefix_getgrnam (grname);
-		return g ? __gr_dup(g) : NULL;
-	}
-	else
+	if (!group_db_file)
 		return getgr_nam_gid(grname);
+
+	errno = 0;
+	gid = strtoll(grname, &end, 10);
+	if (   ('\0' != *grname)
+	    && ('\0' == *end)
+	    && (0 == errno)
+	    && (gid == (gid_t)gid))
+	{
+		return prefix_getgrgid(gid);
+	}
+
+	g = prefix_getgrnam(grname);
+	return g ? __gr_dup(g) : NULL;
 }
diff --git a/lib/prototypes.h b/lib/prototypes.h
index 1172b5d..5c56e77 100644
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -10,7 +10,7 @@
 /*
  * prototypes.h
  *
- * prototypes of libmisc functions, and private lib functions.
+ * prototypes of some lib functions, and private lib functions.
  *
  * $Id$
  *
@@ -21,18 +21,17 @@
 
 #include <config.h>
 
+#include <sys/socket.h>
 #include <sys/stat.h>
-#ifdef USE_UTMPX
-#include <utmpx.h>
-#else
-#include <utmp.h>
-#endif
 #include <sys/types.h>
 #include <pwd.h>
 #include <grp.h>
 #include <shadow.h>
+#ifdef ENABLE_LASTLOG
 #include <lastlog.h>
+#endif /* ENABLE_LASTLOG */
 
+#include "attr.h"
 #include "defines.h"
 #include "commonio.h"
 
@@ -44,6 +43,7 @@ extern int add_groups (const char *);
 /* age.c */
 extern void agecheck (/*@null@*/const struct spwd *);
 extern int expire (const struct passwd *, /*@null@*/const struct spwd *);
+
 /* isexpired.c */
 extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
 
@@ -92,11 +92,11 @@ void cleanup_report_del_group_gshadow (void *group_name);
 void cleanup_report_mod_passwd (void *cleanup_info);
 void cleanup_report_mod_group (void *cleanup_info);
 void cleanup_report_mod_gshadow (void *cleanup_info);
-void cleanup_unlock_group (/*@null@*/void *unused);
+void cleanup_unlock_group (/*@null@*/void *MAYBE_UNUSED);
 #ifdef SHADOWGRP
-void cleanup_unlock_gshadow (/*@null@*/void *unused);
+void cleanup_unlock_gshadow (/*@null@*/void *MAYBE_UNUSED);
 #endif
-void cleanup_unlock_passwd (/*@null@*/void *unused);
+void cleanup_unlock_passwd (/*@null@*/void *MAYBE_UNUSED);
 
 /* console.c */
 extern bool console (const char *);
@@ -108,21 +108,18 @@ extern int copy_tree (const char *src_root, const char *dst_root,
                       uid_t old_uid, uid_t new_uid,
                       gid_t old_gid, gid_t new_gid);
 
-/* date_to_str.c */
-extern void date_to_str (size_t size, char buf[size], long date);
-
 /* encrypt.c */
 extern /*@exposed@*//*@null@*/char *pw_encrypt (const char *, const char *);
 
-/* entry.c */
-extern void pw_entry (const char *, struct passwd *);
-
 /* env.c */
 extern void addenv (const char *, /*@null@*/const char *);
 extern void initenv (void);
 extern void set_env (int, char *const *);
 extern void sanitize_env (void);
 
+/* fd.c */
+extern void check_fds (void);
+
 /* fields.c */
 extern void change_field (char *, size_t, const char *);
 extern int valid_field (const char *, const char *);
@@ -152,11 +149,10 @@ extern int get_gid (const char *gidstr, gid_t *gid);
 /* getgr_nam_gid.c */
 extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname);
 
-/* getlong.c */
-extern int getlong (const char *numstr, /*@out@*/long int *result);
-
 /* get_pid.c */
 extern int get_pid (const char *pidstr, pid_t *pid);
+extern int get_pidfd_from_fd(const char *pidfdstr);
+extern int open_pidfd(const char *pidstr);
 
 /* getrange */
 extern int getrange (const char *range,
@@ -169,11 +165,9 @@ extern time_t gettime (void);
 /* get_uid.c */
 extern int get_uid (const char *uidstr, uid_t *uid);
 
-/* getulong.c */
-extern int getulong (const char *numstr, /*@out@*/unsigned long int *result);
-
 /* fputsx.c */
-extern /*@null@*/char *fgetsx (/*@returned@*/ /*@out@*/char *, int, FILE *);
+ATTR_ACCESS(write_only, 1, 2)
+extern /*@null@*/char *fgetsx(/*@returned@*/char *restrict, int, FILE *restrict);
 extern int fputsx (const char *, FILE *);
 
 /* groupio.c */
@@ -185,8 +179,7 @@ extern void __gr_set_changed (void);
 /* groupmem.c */
 extern /*@null@*/ /*@only@*/struct group *__gr_dup (const struct group *grent);
 extern void gr_free_members (struct group *grent);
-extern void gr_free (/*@out@*/ /*@only@*/struct group *grent);
-extern bool gr_append_member (struct group *grp, char *member);
+extern void gr_free(/*@only@*/struct group *grent);
 
 /* hushed.c */
 extern bool hushed (const char *username);
@@ -212,24 +205,26 @@ extern void setup_limits (const struct passwd *);
 #endif
 
 /* list.c */
-extern /*@only@*/ /*@out@*/char **add_list (/*@returned@*/ /*@only@*/char **, const char *);
-extern /*@only@*/ /*@out@*/char **del_list (/*@returned@*/ /*@only@*/char **, const char *);
-extern /*@only@*/ /*@out@*/char **dup_list (char *const *);
+extern /*@only@*/char **add_list (/*@returned@*/ /*@only@*/char **, const char *);
+extern /*@only@*/char **del_list (/*@returned@*/ /*@only@*/char **, const char *);
+extern /*@only@*/char **dup_list (char *const *);
 extern bool is_on_list (char *const *list, const char *member);
 extern /*@only@*/char **comma_to_list (const char *);
 
+#ifdef ENABLE_LASTLOG
 /* log.c */
 extern void dolastlog (
 	struct lastlog *ll,
 	const struct passwd *pw,
 	/*@unique@*/const char *line,
 	/*@unique@*/const char *host);
+#endif /* ENABLE_LASTLOG */
 
 /* login_nopam.c */
 extern int login_access (const char *user, const char *from);
 
 /* loginprompt.c */
-extern void login_prompt (const char *, char *, int);
+extern void login_prompt (char *, int);
 
 /* mail.c */
 extern void mailcheck (void);
@@ -304,9 +299,7 @@ extern int do_pam_passwd_non_interactive (const char *pam_service,
 #endif				/* USE_PAM */
 
 /* obscure.c */
-#ifndef USE_PAM
 extern bool obscure (const char *, const char *, const struct passwd *);
-#endif
 
 /* pam_pass.c */
 #ifdef USE_PAM
@@ -322,6 +315,10 @@ extern struct group *prefix_getgrnam(const char *name);
 extern struct group *prefix_getgrgid(gid_t gid);
 extern struct passwd *prefix_getpwuid(uid_t uid);
 extern struct passwd *prefix_getpwnam(const char* name);
+#if HAVE_FGETPWENT_R
+extern int prefix_getpwnam_r(const char* name, struct passwd* pwd,
+                             char* buf, size_t buflen, struct passwd** result);
+#endif
 extern struct spwd *prefix_getspnam(const char* name);
 extern struct group *prefix_getgr_nam_gid(const char *grname);
 extern void prefix_setpwent(void);
@@ -332,9 +329,7 @@ extern struct group* prefix_getgrent(void);
 extern void prefix_endgrent(void);
 
 /* pwd2spwd.c */
-#ifndef USE_PAM
 extern struct spwd *pwd_to_spwd (const struct passwd *);
-#endif
 
 /* pwdcheck.c */
 #ifndef USE_PAM
@@ -351,14 +346,19 @@ extern /*@dependent@*/ /*@null@*/struct commonio_entry *__pw_get_head (void);
 
 /* pwmem.c */
 extern /*@null@*/ /*@only@*/struct passwd *__pw_dup (const struct passwd *pwent);
-extern void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent);
+extern void pw_free(/*@only@*/struct passwd *pwent);
+
+/* csrand.c */
+unsigned long csrand (void);
+unsigned long csrand_uniform (unsigned long n);
+unsigned long csrand_interval (unsigned long min, unsigned long max);
 
 /* remove_tree.c */
 extern int remove_tree (const char *root, bool remove_root);
 
 /* rlogin.c */
-extern int do_rlogin (const char *remote_host, char *name, size_t namelen,
-                      char *term, size_t termlen);
+extern int do_rlogin(const char *remote_host, char *name, size_t namesize,
+                     char *term, size_t termsize);
 
 /* root_flag.c */
 extern void process_root_flag (const char* short_opt, int argc, char **argv);
@@ -376,7 +376,7 @@ extern int check_selinux_permit (const char *perm_name);
 
 /* semanage.c */
 #ifdef WITH_SELINUX
-extern int set_seuser(const char *login_name, const char *seuser_name);
+extern int set_seuser(const char *login_name, const char *seuser_name, const char *serange);
 extern int del_seuser(const char *login_name);
 #endif
 
@@ -409,7 +409,7 @@ extern struct spwd *sgetspent (const char *string);
 /* sgroupio.c */
 extern void __sgr_del_entry (const struct commonio_entry *ent);
 extern /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent);
-extern void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent);
+extern void sgr_free(/*@only@*/struct sgrp *sgent);
 extern /*@dependent@*/ /*@null@*/struct commonio_entry *__sgr_get_head (void);
 extern void __sgr_set_changed (void);
 
@@ -419,14 +419,15 @@ extern void __spw_del_entry (const struct commonio_entry *ent);
 
 /* shadowmem.c */
 extern /*@null@*/ /*@only@*/struct spwd *__spw_dup (const struct spwd *spent);
-extern void spw_free (/*@out@*/ /*@only@*/struct spwd *spent);
+extern void spw_free(/*@only@*/struct spwd *spent);
 
 /* shell.c */
 extern int shell (const char *file, /*@null@*/const char *arg, char *const envp[]);
 
 /* spawn.c */
-extern int run_command (const char *cmd, const char *argv[],
-                        /*@null@*/const char *envp[], /*@out@*/int *status);
+ATTR_ACCESS(write_only, 4)
+extern int run_command(const char *cmd, const char *argv[],
+                       /*@null@*/const char *envp[], int *restrict status);
 
 /* strtoday.c */
 extern long strtoday (const char *);
@@ -459,33 +460,68 @@ extern int set_filesize_limit (int blocks);
 /* user_busy.c */
 extern int user_busy (const char *name, uid_t uid);
 
-/* utmp.c */
-#ifndef USE_UTMPX
-extern /*@null@*/struct utmp *get_current_utmp (void);
-extern struct utmp *prepare_utmp (const char *name,
-                                  const char *line,
-                                  const char *host,
-                                  /*@null@*/const struct utmp *ut);
-extern int setutmp (struct utmp *ut);
-#else
-extern /*@null@*/struct utmpx *get_current_utmp (void);
-extern struct utmpx *prepare_utmpx (const char *name,
-                                    const char *line,
-                                    const char *host,
-                                    /*@null@*/const struct utmpx *ut);
-extern int setutmpx (struct utmpx *utx);
-#endif				/* USE_UTMPX */
+/*
+ * Session management: utmp.c or logind.c
+ */
+
+/**
+ * @brief Get host for the current session
+ *
+ * @param[out] out Host name
+ *
+ * @return 0 or a positive integer if the host was obtained properly,
+ *         another value on error.
+ */
+extern int get_session_host (char **out);
+#ifndef ENABLE_LOGIND
+/**
+ * @brief Update or create an utmp entry in utmp, wtmp, utmpw, or wtmpx
+ *
+ * @param[in] user username
+ * @param[in] tty tty
+ * @param[in] host hostname
+ *
+ * @return 0 if utmp was updated properly,
+ *         1 on error.
+ */
+extern int update_utmp (const char *user,
+                        const char *tty,
+                        const char *host);
+/**
+ * @brief Update the cumulative failure log
+ *
+ * @param[in] failent_user username
+ * @param[in] tty tty
+ * @param[in] host hostname
+ *
+ */
+extern void record_failure(const char *failent_user,
+                           const char *tty,
+                           const char *hostname);
+#endif /* ENABLE_LOGIND */
+
+/**
+ * @brief Number of active user sessions
+ *
+ * @param[in] name username
+ * @param[in] limit maximum number of active sessions
+ *
+ * @return number of active sessions.
+ *
+ */
+extern unsigned long active_sessions_count(const char *name,
+                                           unsigned long limit);
 
 /* valid.c */
 extern bool valid (const char *, const struct passwd *);
 
-/* xmalloc.c */
-extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size)
-  /*@ensures MaxSet(result) == (size - 1); @*/;
-extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
+/* write_full.c */
+extern int write_full(int fd, const void *buf, size_t count);
 
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
+/* xprefix_getpwnam.c */
+extern /*@null@*/ /*@only@*/struct passwd *xprefix_getpwnam (const char *);
 /* xgetpwuid.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwuid (uid_t);
 /* xgetgrnam.c */
diff --git a/lib/pwauth.c b/lib/pwauth.c
index 62de472..0cd3412 100644
--- a/lib/pwauth.c
+++ b/lib/pwauth.c
@@ -18,21 +18,26 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include "prototypes.h"
+
+#include "agetpass.h"
 #include "defines.h"
+#include "memzero.h"
+#include "prototypes.h"
 #include "pwauth.h"
 #include "getdef.h"
+#include "string/sprintf.h"
+
 #ifdef SKEY
 #include <skey.h>
 #endif
+
+
 #ifdef __linux__		/* standard password prompt by default */
 static const char *PROMPT = gettext_noop ("Password: ");
 #else
 static const char *PROMPT = gettext_noop ("%s's Password: ");
 #endif
 
-bool wipe_clear_pass = true;
-/*@null@*/char *clear_pass = NULL;
 
 /*
  * pw_auth - perform getpass/crypt authentication
@@ -47,16 +52,16 @@ int pw_auth (const char *cipher,
              int reason,
              /*@null@*/const char *input)
 {
-	char prompt[1024];
-	char *clear = NULL;
-	const char *cp;
-	const char *encrypted;
-	int retval;
+	int          retval;
+	char         prompt[1024];
+	char         *clear = NULL;
+	const char   *cp;
+	const char   *encrypted;
 
 #ifdef	SKEY
-	bool use_skey = false;
-	char challenge_info[40];
-	struct skey skey;
+	bool         use_skey = false;
+	char         challenge_info[40];
+	struct skey  skey;
 #endif
 
 	/*
@@ -137,15 +142,9 @@ int pw_auth (const char *cipher,
 		}
 #endif
 
-		snprintf (prompt, sizeof prompt, cp, user);
-		clear = getpass (prompt);
-		if (NULL == clear) {
-			static char c[1];
-
-			c[0] = '\0';
-			clear = c;
-		}
-		input = clear;
+		SNPRINTF(prompt, cp, user);
+		clear = agetpass(prompt);
+		input = (clear == NULL) ? "" : clear;
 	}
 
 	/*
@@ -171,14 +170,9 @@ int pw_auth (const char *cipher,
 	 * -- AR 8/22/1999
 	 */
 	if ((0 != retval) && ('\0' == input[0]) && use_skey) {
-		clear = getpass (prompt);
-		if (NULL == clear) {
-			static char c[1];
-
-			c[0] = '\0';
-			clear = c;
-		}
-		input = clear;
+		erase_pass(clear);
+		clear = agetpass(prompt);
+		input = (clear == NULL) ? "" : clear;
 	}
 
 	if ((0 != retval) && use_skey) {
@@ -192,20 +186,10 @@ int pw_auth (const char *cipher,
 		}
 	}
 #endif
+	erase_pass(clear);
 
-	/*
-	 * Things like RADIUS authentication may need the password -
-	 * if the external variable wipe_clear_pass is zero, we will
-	 * not wipe it (the caller should wipe clear_pass when it is
-	 * no longer needed).  --marekm
-	 */
-
-	clear_pass = clear;
-	if (wipe_clear_pass && (NULL != clear) && ('\0' != *clear)) {
-		strzero (clear);
-	}
 	return retval;
 }
 #else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !USE_PAM */
diff --git a/libmisc/pwd2spwd.c b/lib/pwd2spwd.c
index 139a024..eea9519 100644
--- a/libmisc/pwd2spwd.c
+++ b/lib/pwd2spwd.c
@@ -11,8 +11,6 @@
 
 #ident "$Id$"
 
-#ifndef USE_PAM
-
 #include <sys/types.h>
 #include "prototypes.h"
 #include "defines.h"
@@ -41,8 +39,8 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 		 * Defaults used if there is no pw_age information.
 		 */
 		sp.sp_min = 0;
-		sp.sp_max = (10000L * DAY) / SCALE;
-		sp.sp_lstchg = (long) gettime () / SCALE;
+		sp.sp_max = 10000;
+		sp.sp_lstchg = gettime () / DAY;
 		if (0 == sp.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
@@ -61,7 +59,4 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 
 	return &sp;
 }
-#else				/* USE_PAM */
-extern int errno;	/* warning: ANSI C forbids an empty source file */
-#endif				/* !USE_PAM */
 
diff --git a/libmisc/pwd_init.c b/lib/pwd_init.c
index 63c71e2..b3f94e1 100644
--- a/libmisc/pwd_init.c
+++ b/lib/pwd_init.c
@@ -15,9 +15,7 @@
 #include <signal.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
-#endif
 
 #include "prototypes.h"
 
@@ -28,39 +26,22 @@
  */
 void pwd_init (void)
 {
-#ifdef HAVE_SYS_RESOURCE_H
 	struct rlimit rlim;
 
-#ifdef RLIMIT_CORE
 	rlim.rlim_cur = rlim.rlim_max = 0;
 	setrlimit (RLIMIT_CORE, &rlim);
-#endif
+
 	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
-#ifdef RLIMIT_AS
 	setrlimit (RLIMIT_AS, &rlim);
-#endif
-#ifdef RLIMIT_CPU
+
 	setrlimit (RLIMIT_CPU, &rlim);
-#endif
-#ifdef RLIMIT_DATA
 	setrlimit (RLIMIT_DATA, &rlim);
-#endif
-#ifdef RLIMIT_FSIZE
 	setrlimit (RLIMIT_FSIZE, &rlim);
-#endif
-#ifdef RLIMIT_NOFILE
 	setrlimit (RLIMIT_NOFILE, &rlim);
-#endif
 #ifdef RLIMIT_RSS
 	setrlimit (RLIMIT_RSS, &rlim);
 #endif
-#ifdef RLIMIT_STACK
 	setrlimit (RLIMIT_STACK, &rlim);
-#endif
-#else				/* !HAVE_SYS_RESOURCE_H */
-	set_filesize_limit (30000);
-	/* don't know how to set the other limits... */
-#endif				/* !HAVE_SYS_RESOURCE_H */
 
 	signal (SIGALRM, SIG_IGN);
 	signal (SIGHUP, SIG_IGN);
@@ -68,12 +49,8 @@ void pwd_init (void)
 	signal (SIGPIPE, SIG_IGN);
 	signal (SIGQUIT, SIG_IGN);
 	signal (SIGTERM, SIG_IGN);
-#ifdef SIGTSTP
 	signal (SIGTSTP, SIG_IGN);
-#endif
-#ifdef SIGTTOU
 	signal (SIGTTOU, SIG_IGN);
-#endif
 
 	umask (077);
 }
diff --git a/libmisc/pwdcheck.c b/lib/pwdcheck.c
index 15fc3a3..93c9f5c 100644
--- a/libmisc/pwdcheck.c
+++ b/lib/pwdcheck.c
@@ -13,12 +13,14 @@
 
 #include <stdio.h>
 #include <shadow.h>
+
+#include "attr.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "pwauth.h"
 #include "shadowlog.h"
 
-void passwd_check (const char *user, const char *passwd, unused const char *progname)
+void passwd_check (const char *user, const char *passwd, MAYBE_UNUSED const char *progname)
 {
 	struct spwd *sp;
 
@@ -26,7 +28,7 @@ void passwd_check (const char *user, const char *passwd, unused const char *prog
 	if (NULL != sp) {
 		passwd = sp->sp_pwdp;
 	}
-	if (pw_auth (passwd, user, PW_LOGIN, (char *) 0) != 0) {
+	if (pw_auth (passwd, user, PW_LOGIN, NULL) != 0) {
 		SYSLOG ((LOG_WARN, "incorrect password for `%s'", user));
 		(void) sleep (1);
 		fprintf (log_get_logfd(), _("Incorrect password for %s.\n"), user);
@@ -34,5 +36,5 @@ void passwd_check (const char *user, const char *passwd, unused const char *prog
 	}
 }
 #else			/* USE_PAM */
-extern int errno;	/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif			/* USE_PAM */
diff --git a/lib/pwio.c b/lib/pwio.c
index e59b473..3497c75 100644
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -26,7 +26,8 @@ static /*@null@*/ /*@only@*/void *passwd_dup (const void *ent)
 	return __pw_dup (pw);
 }
 
-static void passwd_free (/*@out@*/ /*@only@*/void *ent)
+static void
+passwd_free(/*@only@*/void *ent)
 {
 	struct passwd *pw = ent;
 
@@ -42,7 +43,7 @@ static const char *passwd_getname (const void *ent)
 
 static void *passwd_parse (const char *line)
 {
-	return (void *) sgetpwent (line);
+	return sgetpwent (line);
 }
 
 static int passwd_put (const void *ent, FILE * file)
@@ -137,7 +138,7 @@ int pw_open (int mode)
 
 int pw_update (const struct passwd *pw)
 {
-	return commonio_update (&passwd_db, (const void *) pw);
+	return commonio_update (&passwd_db, pw);
 }
 
 int pw_remove (const char *name)
@@ -182,15 +183,23 @@ struct commonio_db *__pw_get_db (void)
 
 static int pw_cmp (const void *p1, const void *p2)
 {
+	const struct commonio_entry *const *ce1;
+	const struct commonio_entry *const *ce2;
+	const struct passwd *pw1, *pw2;
 	uid_t u1, u2;
 
-	if ((*(struct commonio_entry **) p1)->eptr == NULL)
+	ce1 = p1;
+	pw1 = (*ce1)->eptr;
+	if (pw1 == NULL)
 		return 1;
-	if ((*(struct commonio_entry **) p2)->eptr == NULL)
+
+	ce2 = p2;
+	pw2 = (*ce2)->eptr;
+	if (pw2 == NULL)
 		return -1;
 
-	u1 = ((struct passwd *) (*(struct commonio_entry **) p1)->eptr)->pw_uid;
-	u2 = ((struct passwd *) (*(struct commonio_entry **) p2)->eptr)->pw_uid;
+	u1 = pw1->pw_uid;
+	u2 = pw2->pw_uid;
 
 	if (u1 < u2)
 		return -1;
diff --git a/lib/pwmem.c b/lib/pwmem.c
index 867e3f7..9c6e58d 100644
--- a/lib/pwmem.c
+++ b/lib/pwmem.c
@@ -13,7 +13,10 @@
 #ident "$Id$"
 
 #include <stdio.h>
+
+#include "alloc.h"
 #include "defines.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "pwio.h"
 
@@ -21,12 +24,11 @@
 {
 	struct passwd *pw;
 
-	pw = (struct passwd *) malloc (sizeof *pw);
+	pw = CALLOC (1, struct passwd);
 	if (NULL == pw) {
 		return NULL;
 	}
 	/* The libc might define other fields. They won't be copied. */
-	memset (pw, 0, sizeof *pw);
 	pw->pw_uid = pwent->pw_uid;
 	pw->pw_gid = pwent->pw_gid;
 	/*@-mustfreeonly@*/
@@ -68,7 +70,8 @@
 	return pw;
 }
 
-void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent)
+void
+pw_free(/*@only@*/struct passwd *pwent)
 {
 	if (pwent != NULL) {
 		free (pwent->pw_name);
diff --git a/lib/readpassphrase.c b/lib/readpassphrase.c
new file mode 100644
index 0000000..5ff060c
--- /dev/null
+++ b/lib/readpassphrase.c
@@ -0,0 +1,198 @@
+/*	$OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000-2002, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <readpassphrase.h>
+
+#ifndef TCSASOFT
+#define TCSASOFT 0
+#endif
+
+#ifndef _NSIG
+#if defined(NSIG)
+#define _NSIG NSIG
+#else
+/* The SIGRTMAX define might be set to a function such as sysconf(). */
+#define _NSIG (SIGRTMAX + 1)
+#endif
+#endif
+
+static volatile sig_atomic_t signo[_NSIG];
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	ssize_t nr;
+	int input, output, save_errno, i, need_restart;
+	char ch, *p, *end;
+	struct termios term, oterm;
+	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou, savepipe;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+restart:
+	for (i = 0; i < _NSIG; i++)
+		signo[i] = 0;
+	nr = -1;
+	save_errno = 0;
+	need_restart = 0;
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((flags & RPP_STDIN) ||
+	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * Turn off echo if possible.
+	 * If we are using a tty but are not the foreground pgrp this will
+	 * generate SIGTTOU, so do it *before* installing the signal handlers.
+	 */
+	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON))
+			term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		term.c_lflag |= ECHO;
+		memset(&oterm, 0, sizeof(oterm));
+		oterm.c_lflag |= ECHO;
+	}
+
+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGXCPU and SIGVTALRM for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)sigaction(SIGALRM, &sa, &savealrm);
+	(void)sigaction(SIGHUP, &sa, &savehup);
+	(void)sigaction(SIGINT, &sa, &saveint);
+	(void)sigaction(SIGPIPE, &sa, &savepipe);
+	(void)sigaction(SIGQUIT, &sa, &savequit);
+	(void)sigaction(SIGTERM, &sa, &saveterm);
+	(void)sigaction(SIGTSTP, &sa, &savetstp);
+	(void)sigaction(SIGTTIN, &sa, &savettin);
+	(void)sigaction(SIGTTOU, &sa, &savettou);
+
+	if (!(flags & RPP_STDIN))
+		(void)write(output, prompt, strlen(prompt));
+	end = buf + bufsiz - 1;
+	p = buf;
+	while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+		if (p < end) {
+			if ((flags & RPP_SEVENBIT))
+				ch &= 0x7f;
+			if (isalpha((unsigned char)ch)) {
+				if ((flags & RPP_FORCELOWER))
+					ch = (char)tolower((unsigned char)ch);
+				if ((flags & RPP_FORCEUPPER))
+					ch = (char)toupper((unsigned char)ch);
+			}
+			*p++ = ch;
+		}
+	}
+	*p = '\0';
+	save_errno = errno;
+	if (!(term.c_lflag & ECHO))
+		(void)write(output, "\n", 1);
+
+	/* Restore old terminal settings and signals. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		const int sigttou = signo[SIGTTOU];
+
+		/* Ignore SIGTTOU generated when we are not the fg pgrp. */
+		while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
+		    errno == EINTR && !signo[SIGTTOU])
+			continue;
+		signo[SIGTTOU] = sigttou;
+	}
+	(void)sigaction(SIGALRM, &savealrm, NULL);
+	(void)sigaction(SIGHUP, &savehup, NULL);
+	(void)sigaction(SIGINT, &saveint, NULL);
+	(void)sigaction(SIGQUIT, &savequit, NULL);
+	(void)sigaction(SIGPIPE, &savepipe, NULL);
+	(void)sigaction(SIGTERM, &saveterm, NULL);
+	(void)sigaction(SIGTSTP, &savetstp, NULL);
+	(void)sigaction(SIGTTIN, &savettin, NULL);
+	(void)sigaction(SIGTTOU, &savettou, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	/*
+	 * If we were interrupted by a signal, resend it to ourselves
+	 * now that we have restored the signal handlers.
+	 */
+	for (i = 0; i < _NSIG; i++) {
+		if (signo[i]) {
+			kill(getpid(), i);
+			switch (i) {
+			case SIGTSTP:
+			case SIGTTIN:
+			case SIGTTOU:
+				need_restart = 1;
+			}
+		}
+	}
+	if (need_restart)
+		goto restart;
+
+	if (save_errno)
+		errno = save_errno;
+	return(nr == -1 ? NULL : buf);
+}
+
+static void handler(int s)
+{
+
+	signo[s] = 1;
+}
diff --git a/lib/readpassphrase.h b/lib/readpassphrase.h
new file mode 100644
index 0000000..2530b7f
--- /dev/null
+++ b/lib/readpassphrase.h
@@ -0,0 +1,47 @@
+/*	$OpenBSD: readpassphrase.h,v 1.4 2003/06/03 01:52:39 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef LIBBSD_READPASSPHRASE_H
+#define LIBBSD_READPASSPHRASE_H
+
+#define RPP_ECHO_OFF    0x00		/* Turn off echo (default). */
+#define RPP_ECHO_ON     0x01		/* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02		/* Fail if there is no tty. */
+#define RPP_FORCELOWER  0x04		/* Force input to lower case. */
+#define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
+#define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
+#define RPP_STDIN       0x20		/* Read from stdin, not /dev/tty */
+
+#ifdef LIBBSD_OVERLAY
+#include <sys/cdefs.h>
+#endif
+#include <sys/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+char * readpassphrase(const char *, char *, size_t, int);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !LIBBSD_READPASSPHRASE_H */
diff --git a/libmisc/remove_tree.c b/lib/remove_tree.c
index 3d76b95..3d76b95 100644
--- a/libmisc/remove_tree.c
+++ b/lib/remove_tree.c
diff --git a/libmisc/rlogin.c b/lib/rlogin.c
index fa67dc3..cbc05dd 100644
--- a/libmisc/rlogin.c
+++ b/lib/rlogin.c
@@ -18,76 +18,36 @@
 #include <stdio.h>
 #include <pwd.h>
 #include <netdb.h>
+
+#include "atoi/str2i.h"
+
+
 static struct {
 	int spd_name;
 	int spd_baud;
 } speed_table[] =
 {
-#ifdef B50
-	{
-	B50, 50},
-#endif
-#ifdef B75
-	{
-	B75, 75},
-#endif
-#ifdef B110
-	{
-	B110, 110},
-#endif
-#ifdef B134
-	{
-	B134, 134},
-#endif
-#ifdef B150
-	{
-	B150, 150},
-#endif
-#ifdef B200
-	{
-	B200, 200},
-#endif
-#ifdef B300
-	{
-	B300, 300},
-#endif
-#ifdef B600
-	{
-	B600, 600},
-#endif
-#ifdef B1200
-	{
-	B1200, 1200},
-#endif
-#ifdef B1800
-	{
-	B1800, 1800},
-#endif
-#ifdef B2400
-	{
-	B2400, 2400},
-#endif
-#ifdef B4800
-	{
-	B4800, 4800},
-#endif
-#ifdef B9600
-	{
-	B9600, 9600},
-#endif
-#ifdef B19200
-	{
-	B19200, 19200},
-#endif
-#ifdef B38400
-	{
-	B38400, 38400},
-#endif
-	{
-	-1, -1}
+	{ B50, 50},
+	{ B75, 75},
+	{ B110, 110},
+	{ B134, 134},
+	{ B150, 150},
+	{ B200, 200},
+	{ B300, 300},
+	{ B600, 600},
+	{ B1200, 1200},
+	{ B1800, 1800},
+	{ B2400, 2400},
+	{ B4800, 4800},
+	{ B9600, 9600},
+	{ B19200, 19200},
+	{ B38400, 38400},
+	{ -1, -1}
 };
 
-static void get_remote_string (char *buf, size_t size)
+
+static void
+get_remote_string(char *buf, size_t size)
 {
 	for (;;) {
 		if (read (0, buf, 1) != 1) {
@@ -101,11 +61,13 @@ static void get_remote_string (char *buf, size_t size)
 			++buf;
 		}
 	}
- /*NOTREACHED*/}
+	/*NOTREACHED*/
+}
+
 
 int
-do_rlogin (const char *remote_host, char *name, size_t namelen, char *term,
-           size_t termlen)
+do_rlogin(const char *remote_host, char *name, size_t namesize, char *term,
+          size_t termsize)
 {
 	struct passwd *pwd;
 	char remote_name[32];
@@ -115,18 +77,17 @@ do_rlogin (const char *remote_host, char *name, size_t namelen, char *term,
 	int i;
 	TERMIO termio;
 
-	get_remote_string (remote_name, sizeof remote_name);
-	get_remote_string (name, namelen);
-	get_remote_string (term, termlen);
+	get_remote_string(remote_name, sizeof(remote_name));
+	get_remote_string(name, namesize);
+	get_remote_string(term, termsize);
 
 	cp = strchr (term, '/');
 	if (NULL != cp) {
 		*cp = '\0';
 		cp++;
 
-		if (getulong (cp, &remote_speed) == 0) {
+		if (str2ul(&remote_speed, cp) == -1)
 			remote_speed = 9600;
-		}
 	}
 	for (i = 0;
 	     (   (speed_table[i].spd_baud != remote_speed)
@@ -172,4 +133,3 @@ do_rlogin (const char *remote_host, char *name, size_t namelen, char *term,
 #endif
 }
 #endif				/* RLOGIN */
-
diff --git a/libmisc/root_flag.c b/lib/root_flag.c
index 62915b0..5572831 100644
--- a/libmisc/root_flag.c
+++ b/lib/root_flag.c
@@ -91,16 +91,16 @@ static void change_root (const char* newroot)
 		exit (E_BAD_ARG);
 	}
 
-	if (chdir (newroot) != 0) {
+	if (chroot (newroot) != 0) {
 		fprintf(log_get_logfd(),
-				_("%s: cannot chdir to chroot directory %s: %s\n"),
+			        _("%s: unable to chroot to directory %s: %s\n"),
 				log_get_progname(), newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
 
-	if (chroot (newroot) != 0) {
+	if (chdir ("/") != 0) {
 		fprintf(log_get_logfd(),
-		        _("%s: unable to chroot to directory %s: %s\n"),
+			_("%s: cannot chdir in chroot directory %s: %s\n"),
 		        log_get_progname(), newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
diff --git a/lib/run_part.c b/lib/run_part.c
index bce11d3..670d815 100644
--- a/lib/run_part.c
+++ b/lib/run_part.c
@@ -1,3 +1,5 @@
+#include <config.h>
+
 #include <dirent.h>
 #include <errno.h>
 #include <stdio.h>
@@ -8,9 +10,12 @@
 #include <sys/wait.h>
 #include <unistd.h>
 #include <lib/prototypes.h>
+
+#include "alloc.h"
 #include "run_part.h"
 #include "shadowlog_internal.h"
 
+
 int run_part (char *script_path, const char *name, const char *action)
 {
 	int pid;
@@ -53,25 +58,22 @@ int run_parts (const char *directory, const char *name, const char *action)
 	}
 
 	for (n=0; n<scanlist; n++) {
-		int path_length;
-		struct stat sb;
+		char         *s;
+		struct stat  sb;
 
-		path_length=strlen(directory) + strlen(namelist[n]->d_name) + 2;
-		char *s = (char*)malloc(path_length);
-		if (!s) {
-			printf ("could not allocate memory\n");
+		if (asprintf(&s, "%s/%s", directory, namelist[n]->d_name) == -1) {
+			fprintf(stderr, "could not allocate memory\n");
 			for (; n<scanlist; n++) {
-				free (namelist[n]);
+				free(namelist[n]);
 			}
-			free (namelist);
+			free(namelist);
 			return (1);
 		}
-		snprintf (s, path_length, "%s/%s", directory, namelist[n]->d_name);
 
 		execute_result = 0;
 		if (stat (s, &sb) == -1) {
 			perror ("stat");
-			free (s);
+			free(s);
 			for (; n<scanlist; n++) {
 				free (namelist[n]);
 			}
@@ -83,7 +85,7 @@ int run_parts (const char *directory, const char *name, const char *action)
 			execute_result = run_part (s, name, action);
 		}
 
-		free (s);
+		free(s);
 
 		if (execute_result!=0) {
 			fprintf (shadow_logfd,
diff --git a/libmisc/salt.c b/lib/salt.c
index e5f633a..529d59c 100644
--- a/libmisc/salt.c
+++ b/lib/salt.c
@@ -10,8 +10,6 @@
  *
  * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,
  * it is in the public domain.
- *
- * l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain.
  */
 
 #include <config.h>
@@ -22,9 +20,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#if HAVE_SYS_RANDOM_H
-#include <sys/random.h>
-#endif
+#include <strings.h>
+
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
@@ -91,13 +88,9 @@
 #define GENSALT_SETTING_SIZE 100
 
 /* local function prototypes */
-static long read_random_bytes (void);
 #if !USE_XCRYPT_GENSALT
 static /*@observer@*/const char *gensalt (size_t salt_size);
 #endif /* !USE_XCRYPT_GENSALT */
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
-static long shadow_random (long min, long max);
-#endif /* USE_SHA_CRYPT || USE_BCRYPT */
 #ifdef USE_SHA_CRYPT
 static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds);
 static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds);
@@ -111,113 +104,6 @@ static /*@observer@*/unsigned long YESCRYPT_get_salt_cost (/*@null@*/const int *
 static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, unsigned long cost);
 #endif /* USE_YESCRYPT */
 
-#if !USE_XCRYPT_GENSALT && !defined(HAVE_L64A)
-static /*@observer@*/char *l64a (long value)
-{
-	static char buf[8];
-	char *s = buf;
-	int digit;
-	int i;
-
-	if (value < 0) {
-		errno = EINVAL;
-		return(NULL);
-	}
-
-	for (i = 0; value != 0 && i < 6; i++) {
-		digit = value & 0x3f;
-
-		if (digit < 2) {
-			*s = digit + '.';
-		} else if (digit < 12) {
-			*s = digit + '0' - 2;
-		} else if (digit < 38) {
-			*s = digit + 'A' - 12;
-		} else {
-			*s = digit + 'a' - 38;
-		}
-
-		value >>= 6;
-		s++;
-	}
-
-	*s = '\0';
-
-	return buf;
-}
-#endif /* !USE_XCRYPT_GENSALT && !defined(HAVE_L64A) */
-
-/* Read sizeof (long) random bytes from /dev/urandom. */
-static long read_random_bytes (void)
-{
-	long randval = 0;
-
-#ifdef HAVE_ARC4RANDOM_BUF
-	/* arc4random_buf, if it exists, can never fail.  */
-	arc4random_buf (&randval, sizeof (randval));
-	goto end;
-#endif
-
-#ifdef HAVE_GETENTROPY
-	/* getentropy may exist but lack kernel support.  */
-	if (getentropy (&randval, sizeof (randval)) == 0) {
-		goto end;
-	}
-#endif
-
-#ifdef HAVE_GETRANDOM
-	/* Likewise getrandom.  */
-	if ((size_t) getrandom (&randval, sizeof (randval), 0) == sizeof (randval)) {
-		goto end;
-	}
-#endif
-
-	/* Use /dev/urandom as a last resort.  */
-	FILE *f = fopen ("/dev/urandom", "r");
-	if (NULL == f) {
-		goto fail;
-	}
-
-	if (fread (&randval, sizeof (randval), 1, f) != 1) {
-		fclose(f);
-		goto fail;
-	}
-
-	fclose(f);
-	goto end;
-
-fail:
-	fprintf (log_get_logfd(),
-		 _("Unable to obtain random bytes.\n"));
-	exit (1);
-
-end:
-	return randval;
-}
-
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
-/*
- * Return a random number between min and max (both included).
- *
- * It favors slightly the higher numbers.
- */
-static long shadow_random (long min, long max)
-{
-	double drand;
-	long ret;
-
-	drand = (double) (read_random_bytes () & RAND_MAX) / (double) RAND_MAX;
-	drand *= (double) (max - min + 1);
-	/* On systems were this is not random() range is lower, we favor
-	 * higher numbers of salt. */
-	ret = (long) (max + 1 - drand);
-	/* And we catch limits, and use the highest number */
-	if ((ret < min) || (ret > max)) {
-		ret = max;
-	}
-	return ret;
-}
-#endif /* USE_SHA_CRYPT || USE_BCRYPT */
 
 #ifdef USE_SHA_CRYPT
 /* Return the the rounds number for the SHA crypt methods. */
@@ -245,7 +131,7 @@ static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *pre
 				max_rounds = min_rounds;
 			}
 
-			rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
+			rounds = csrand_interval (min_rounds, max_rounds);
 		}
 	} else if (0 == *prefered_rounds) {
 		rounds = SHA_ROUNDS_DEFAULT;
@@ -318,7 +204,7 @@ static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *
 				max_rounds = min_rounds;
 			}
 
-			rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
+			rounds = csrand_interval (min_rounds, max_rounds);
 		}
 	} else if (0 == *prefered_rounds) {
 		rounds = B_ROUNDS_DEFAULT;
@@ -435,13 +321,13 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 {
 	static char salt[MAX_SALT_SIZE + 6];
 
-	memset (salt, '\0', MAX_SALT_SIZE + 6);
+	bzero(salt, MAX_SALT_SIZE + 6);
 
 	assert (salt_size >= MIN_SALT_SIZE &&
 	        salt_size <= MAX_SALT_SIZE);
-	strcat (salt, l64a (read_random_bytes ()));
+	strcat (salt, l64a (csrand ()));
 	do {
-		strcat (salt, l64a (read_random_bytes ()));
+		strcat (salt, l64a (csrand ()));
 	} while (strlen (salt) < salt_size);
 
 	salt[salt_size] = '\0';
@@ -474,7 +360,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 	const char *method;
 	unsigned long rounds = 0;
 
-	memset (result, '\0', GENSALT_SETTING_SIZE);
+	bzero(result, GENSALT_SETTING_SIZE);
 
 	if (NULL != meth)
 		method = meth;
@@ -493,26 +379,26 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 	} else if (0 == strcmp (method, "BCRYPT")) {
 		BCRYPTMAGNUM(result);
 		salt_len = BCRYPT_SALT_SIZE;
-		rounds = BCRYPT_get_salt_rounds ((int *) arg);
+		rounds = BCRYPT_get_salt_rounds (arg);
 		BCRYPT_salt_rounds_to_buf (result, rounds);
 #endif /* USE_BCRYPT */
 #ifdef USE_YESCRYPT
 	} else if (0 == strcmp (method, "YESCRYPT")) {
 		MAGNUM(result, 'y');
 		salt_len = YESCRYPT_SALT_SIZE;
-		rounds = YESCRYPT_get_salt_cost ((int *) arg);
+		rounds = YESCRYPT_get_salt_cost (arg);
 		YESCRYPT_salt_cost_to_buf (result, rounds);
 #endif /* USE_YESCRYPT */
 #ifdef USE_SHA_CRYPT
 	} else if (0 == strcmp (method, "SHA256")) {
 		MAGNUM(result, '5');
 		salt_len = SHA_CRYPT_SALT_SIZE;
-		rounds = SHA_get_salt_rounds ((int *) arg);
+		rounds = SHA_get_salt_rounds (arg);
 		SHA_salt_rounds_to_buf (result, rounds);
 	} else if (0 == strcmp (method, "SHA512")) {
 		MAGNUM(result, '6');
 		salt_len = SHA_CRYPT_SALT_SIZE;
-		rounds = SHA_get_salt_rounds ((int *) arg);
+		rounds = SHA_get_salt_rounds (arg);
 		SHA_salt_rounds_to_buf (result, rounds);
 #endif /* USE_SHA_CRYPT */
 	} else if (0 != strcmp (method, "DES")) {
@@ -522,7 +408,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 			 method);
 		salt_len = MAX_SALT_SIZE;
 		rounds = 0;
-		memset (result, '\0', GENSALT_SETTING_SIZE);
+		bzero(result, GENSALT_SETTING_SIZE);
 	}
 
 #if USE_XCRYPT_GENSALT
@@ -534,7 +420,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 		/* Avoid -Wunused-but-set-variable. */
 		salt_len = GENSALT_SETTING_SIZE - 1;
 		rounds = 0;
-		memset (result, '.', salt_len);
+		memset(result, '.', salt_len);
 		result[salt_len] = '\0';
 	}
 
diff --git a/lib/selinux.c b/lib/selinux.c
index ad639bd..6eb2894 100644
--- a/lib/selinux.c
+++ b/lib/selinux.c
@@ -188,7 +188,7 @@ int check_selinux_permit (const char *perm_name)
 		return 0;
 	}
 
-	selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) selinux_log_cb);
+	selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) { .func_log = selinux_log_cb });
 
 	if (getprevcon_raw (&user_context_raw) != 0) {
 		fprintf (shadow_logfd,
@@ -206,5 +206,5 @@ int check_selinux_permit (const char *perm_name)
 }
 
 #else				/* !WITH_SELINUX */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !WITH_SELINUX */
diff --git a/lib/semanage.c b/lib/semanage.c
index 082a6e8..277e20e 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -16,19 +16,19 @@
 #endif
 #include <stdio.h>
 #include <stdarg.h>
+
 #include <selinux/selinux.h>
+
 #include <semanage/semanage.h>
+
+#include "attr.h"
 #include "prototypes.h"
 
 #include "shadowlog_internal.h"
 
-#ifndef DEFAULT_SERANGE
-#define DEFAULT_SERANGE "s0"
-#endif
-
 
 format_attr(printf, 3, 4)
-static void semanage_error_callback (unused void *varg,
+static void semanage_error_callback (MAYBE_UNUSED void *varg,
                                      semanage_handle_t *handle,
                                      const char *fmt, ...)
 {
@@ -101,6 +101,8 @@ static semanage_handle_t *semanage_init (void)
 	return handle;
 
 fail:
+	if (handle)
+		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return NULL;
 }
@@ -109,7 +111,8 @@ fail:
 static int semanage_user_mod (semanage_handle_t *handle,
                               semanage_seuser_key_t *key,
                               const char *login_name,
-                              const char *seuser_name)
+                              const char *seuser_name,
+                              const char *serange)
 {
 	int ret;
 	semanage_seuser_t *seuser = NULL;
@@ -122,11 +125,12 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}
 
-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+	if (serange && semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
+			         _("Could not set serange for %s to %s\n"),
+			         login_name, serange);
 			ret = 1;
 			goto done;
 		}
@@ -158,9 +162,10 @@ done:
 
 
 static int semanage_user_add (semanage_handle_t *handle,
-                             semanage_seuser_key_t *key,
+                             const semanage_seuser_key_t *key,
                              const char *login_name,
-                             const char *seuser_name)
+                             const char *seuser_name,
+                             const char *serange)
 {
 	int ret;
 	semanage_seuser_t *seuser = NULL;
@@ -181,11 +186,12 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}
 
-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+	if (serange && semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
+			         _("Could not set serange for %s to %s\n"),
+			         login_name, serange);
 			ret = 1;
 			goto done;
 		}
@@ -216,7 +222,7 @@ done:
 }
 
 
-int set_seuser (const char *login_name, const char *seuser_name)
+int set_seuser (const char *login_name, const char *seuser_name, const char *serange)
 {
 	semanage_handle_t *handle = NULL;
 	semanage_seuser_key_t *key = NULL;
@@ -250,7 +256,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 	}
 
 	if (0 != seuser_exists) {
-		ret = semanage_user_mod (handle, key, login_name, seuser_name);
+		ret = semanage_user_mod (handle, key, login_name, seuser_name, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
 			         _("Cannot modify SELinux user mapping\n"));
@@ -258,7 +264,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 			goto done;
 		}
 	} else {
-		ret = semanage_user_add (handle, key, login_name, seuser_name);
+		ret = semanage_user_add (handle, key, login_name, seuser_name, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
 			         _("Cannot add SELinux user mapping\n"));
@@ -279,6 +285,8 @@ int set_seuser (const char *login_name, const char *seuser_name)
 
 done:
 	semanage_seuser_key_free (key);
+	if (handle)
+		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return ret;
 }
@@ -353,9 +361,12 @@ int del_seuser (const char *login_name)
 
 	ret = 0;
 done:
+	semanage_seuser_key_free (key);
+	if (handle)
+		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return ret;
 }
 #else				/* !WITH_SELINUX */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !WITH_SELINUX */
diff --git a/libmisc/setugid.c b/lib/setugid.c
index 6dbe38e..6dbe38e 100644
--- a/libmisc/setugid.c
+++ b/lib/setugid.c
diff --git a/libmisc/setupenv.c b/lib/setupenv.c
index 5d7aefa..c9b7f26 100644
--- a/libmisc/setupenv.c
+++ b/lib/setupenv.c
@@ -20,26 +20,25 @@
 #include <sys/stat.h>
 #include <stdio.h>
 #include <ctype.h>
+
+#include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include <pwd.h>
 #include "getdef.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 #ifndef USE_PAM
 static void
-addenv_path (const char *varname, const char *dirname, const char *filename)
+addenv_path(const char *varname, const char *dirname, const char *filename)
 {
-	char *buf;
-	size_t len = strlen (dirname) + strlen (filename) + 2;
-	int wlen;
-
-	buf = xmalloc (len);
-	wlen = snprintf (buf, len, "%s/%s", dirname, filename);
-	assert (wlen == (int) len - 1);
+	char  *buf;
 
-	addenv (varname, buf);
-	free (buf);
+	xasprintf(&buf, "%s/%s", dirname, filename);
+	addenv(varname, buf);
+	free(buf);
 }
 
 static void read_env_file (const char *filename)
@@ -61,7 +60,7 @@ static void read_env_file (const char *filename)
 
 		cp = buf;
 		/* ignore whitespace and comments */
-		while (('\0' != *cp) && isspace (*cp)) {
+		while (isspace (*cp)) {
 			cp++;
 		}
 		if (('\0' == *cp) || ('#' == *cp)) {
@@ -194,8 +193,6 @@ void setup_env (struct passwd *info)
 	 */
 
 	if (chdir (info->pw_dir) == -1) {
-		static char temp_pw_dir[] = "/";
-
 		if (!getdef_bool ("DEFAULT_HOME") || chdir ("/") == -1) {
 			fprintf (log_get_logfd(), _("Unable to cd to '%s'\n"),
 				 info->pw_dir);
@@ -207,7 +204,7 @@ void setup_env (struct passwd *info)
 		}
 		(void) puts (_("No directory, logging in with HOME=/"));
 		free (info->pw_dir);
-		info->pw_dir = xstrdup (temp_pw_dir);
+		info->pw_dir = xstrdup ("/");
 	}
 
 	/*
@@ -221,10 +218,8 @@ void setup_env (struct passwd *info)
 	 */
 
 	if ((NULL == info->pw_shell) || ('\0' == *info->pw_shell)) {
-		static char temp_pw_shell[] = SHELL;
-
 		free (info->pw_shell);
-		info->pw_shell = xstrdup (temp_pw_shell);
+		info->pw_shell = xstrdup (SHELL);
 	}
 
 	addenv ("SHELL", info->pw_shell);
diff --git a/lib/sgetgrent.c b/lib/sgetgrent.c
index ad4fcc8..6cde15c 100644
--- a/lib/sgetgrent.c
+++ b/lib/sgetgrent.c
@@ -14,6 +14,9 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <grp.h>
+#include <string.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "prototypes.h"
 
@@ -25,19 +28,15 @@
  *	list() converts the comma-separated list of member names into
  *	an array of character pointers.
  *
- *	WARNING: I profiled this once with and without strchr() calls
- *	and found that using a register variable and an explicit loop
- *	works best.  For large /etc/group files, this is a major win.
- *
  * FINALLY added dynamic allocation.  Still need to fix sgetsgent().
  *  --marekm
  */
-static char **list (char *s)
+static char **
+list(char *s)
 {
-	static char **members = 0;
-	static int size = 0;	/* max members + 1 */
-	int i;
-	char **rbuf;
+	static char **members = NULL;
+	static size_t size = 0;	/* max members + 1 */
+	size_t i;
 
 	i = 0;
 	for (;;) {
@@ -45,40 +44,24 @@ static char **list (char *s)
 		   member name, or terminating NULL).  */
 		if (i >= size) {
 			size = i + 100;	/* at least: i + 1 */
-			if (members) {
-				rbuf =
-				    realloc (members, size * sizeof (char *));
-			} else {
-				/* for old (before ANSI C) implementations of
-				   realloc() that don't handle NULL properly */
-				rbuf = malloc (size * sizeof (char *));
-			}
-			if (!rbuf) {
-				free (members);
-				members = 0;
+			members = REALLOCF(members, size, char *);
+			if (!members) {
 				size = 0;
-				return (char **) 0;
+				return NULL;
 			}
-			members = rbuf;
 		}
 		if (!s || s[0] == '\0')
 			break;
-		members[i++] = s;
-		while (('\0' != *s) && (',' != *s)) {
-			s++;
-		}
-		if ('\0' != *s) {
-			*s++ = '\0';
-		}
+		members[i++] = strsep(&s, ",");
 	}
-	members[i] = (char *) 0;
+	members[i] = NULL;
 	return members;
 }
 
 
 struct group *sgetgrent (const char *buf)
 {
-	static char *grpbuf = 0;
+	static char *grpbuf = NULL;
 	static size_t size = 0;
 	static char *grpfields[NFIELDS];
 	static struct group grent;
@@ -90,10 +73,10 @@ struct group *sgetgrent (const char *buf)
 		   allocate a larger block */
 		free (grpbuf);
 		size = strlen (buf) + 1000;	/* at least: strlen(buf) + 1 */
-		grpbuf = malloc (size);
-		if (!grpbuf) {
+		grpbuf = MALLOC(size, char);
+		if (grpbuf == NULL) {
 			size = 0;
-			return 0;
+			return NULL;
 		}
 	}
 	strcpy (grpbuf, buf);
@@ -103,25 +86,20 @@ struct group *sgetgrent (const char *buf)
 		*cp = '\0';
 	}
 
-	for (cp = grpbuf, i = 0; (i < NFIELDS) && (NULL != cp); i++) {
-		grpfields[i] = cp;
-		cp = strchr (cp, ':');
-		if (NULL != cp) {
-			*cp = '\0';
-			cp++;
-		}
-	}
+	for (cp = grpbuf, i = 0; (i < NFIELDS) && (NULL != cp); i++)
+		grpfields[i] = strsep(&cp, ":");
+
 	if (i < (NFIELDS - 1) || *grpfields[2] == '\0' || cp != NULL) {
-		return (struct group *) 0;
+		return NULL;
 	}
 	grent.gr_name = grpfields[0];
 	grent.gr_passwd = grpfields[1];
-	if (get_gid (grpfields[2], &grent.gr_gid) == 0) {
-		return (struct group *) 0;
+	if (get_gid(grpfields[2], &grent.gr_gid) == -1) {
+		return NULL;
 	}
 	grent.gr_mem = list (grpfields[3]);
 	if (NULL == grent.gr_mem) {
-		return (struct group *) 0;	/* out of memory */
+		return NULL;	/* out of memory */
 	}
 
 	return &grent;
diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c
index 1c8c63e..75c9177 100644
--- a/lib/sgetpwent.c
+++ b/lib/sgetpwent.c
@@ -12,9 +12,11 @@
 #ident "$Id$"
 
 #include <sys/types.h>
-#include "defines.h"
 #include <stdio.h>
 #include <pwd.h>
+#include <string.h>
+
+#include "defines.h"
 #include "prototypes.h"
 #include "shadowlog_internal.h"
 
@@ -32,7 +34,8 @@
  *	performance reasons.  I am going to come up with some conditional
  *	compilation glarp to improve on this in the future.
  */
-struct passwd *sgetpwent (const char *buf)
+struct passwd *
+sgetpwent(const char *buf)
 {
 	static struct passwd pwent;
 	static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
@@ -58,19 +61,8 @@ struct passwd *sgetpwent (const char *buf)
 	 * field.  The fields are converted into NUL terminated strings.
 	 */
 
-	for (cp = pwdbuf, i = 0; (i < NFIELDS) && (NULL != cp); i++) {
-		fields[i] = cp;
-		while (('\0' != *cp) && (':' != *cp)) {
-			cp++;
-		}
-
-		if ('\0' != *cp) {
-			*cp = '\0';
-			cp++;
-		} else {
-			cp = NULL;
-		}
-	}
+	for (cp = pwdbuf, i = 0; (i < NFIELDS) && (NULL != cp); i++)
+		fields[i] = strsep(&cp, ":");
 
 	/* something at the end, columns over shot */
 	if ( cp != NULL ) {
@@ -94,10 +86,10 @@ struct passwd *sgetpwent (const char *buf)
 
 	pwent.pw_name = fields[0];
 	pwent.pw_passwd = fields[1];
-	if (get_uid (fields[2], &pwent.pw_uid) == 0) {
+	if (get_uid(fields[2], &pwent.pw_uid) == -1) {
 		return NULL;
 	}
-	if (get_gid (fields[3], &pwent.pw_gid) == 0) {
+	if (get_gid(fields[3], &pwent.pw_gid) == -1) {
 		return NULL;
 	}
 	pwent.pw_gecos = fields[4];
diff --git a/lib/sgetspent.c b/lib/sgetspent.c
index f1d4b20..bd2ef8b 100644
--- a/lib/sgetspent.c
+++ b/lib/sgetspent.c
@@ -14,17 +14,26 @@
 
 #ident "$Id$"
 
+#include <stddef.h>
+#include <stdio.h>
 #include <sys/types.h>
+#include <string.h>
+
+#include "atoi/str2i.h"
 #include "prototypes.h"
 #include "shadowlog_internal.h"
 #include "defines.h"
-#include <stdio.h>
+
+
 #define	FIELDS	9
 #define	OFIELDS	5
+
+
 /*
  * sgetspent - convert string in shadow file format to (struct spwd *)
  */
-struct spwd *sgetspent (const char *string)
+struct spwd *
+sgetspent(const char *string)
 {
 	static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
 	static struct spwd spwd;
@@ -41,7 +50,7 @@ struct spwd *sgetspent (const char *string)
 		fprintf (shadow_logfd,
 		         "%s: Too long passwd entry encountered, file corruption?\n",
 		         shadow_progname);
-		return 0;	/* fail if too long */
+		return NULL;	/* fail if too long */
 	}
 	strcpy (spwbuf, string);
 
@@ -57,9 +66,7 @@ struct spwd *sgetspent (const char *string)
 
 	for (cp = spwbuf, i = 0; ('\0' != *cp) && (i < FIELDS); i++) {
 		fields[i] = cp;
-		while (('\0' != *cp) && (':' != *cp)) {
-			cp++;
-		}
+		cp = strchrnul(cp, ':');
 
 		if ('\0' != *cp) {
 			*cp = '\0';
@@ -67,13 +74,12 @@ struct spwd *sgetspent (const char *string)
 		}
 	}
 
-	if (i == (FIELDS - 1)) {
-		fields[i++] = cp;
-	}
+	if (i == (FIELDS - 1))
+		fields[i++] = "";
 
 	if ( ((NULL != cp) && ('\0' != *cp)) ||
 	     ((i != FIELDS) && (i != OFIELDS)) ) {
-		return 0;
+		return NULL;
 	}
 
 	/*
@@ -92,9 +98,9 @@ struct spwd *sgetspent (const char *string)
 
 	if (fields[2][0] == '\0') {
 		spwd.sp_lstchg = -1;
-	} else if (   (getlong (fields[2], &spwd.sp_lstchg) == 0)
+	} else if (   (str2sl(&spwd.sp_lstchg, fields[2]) == -1)
 	           || (spwd.sp_lstchg < 0)) {
-		return 0;
+		return NULL;
 	}
 
 	/*
@@ -103,9 +109,9 @@ struct spwd *sgetspent (const char *string)
 
 	if (fields[3][0] == '\0') {
 		spwd.sp_min = -1;
-	} else if (   (getlong (fields[3], &spwd.sp_min) == 0)
+	} else if (   (str2sl(&spwd.sp_min, fields[3]) == -1)
 	           || (spwd.sp_min < 0)) {
-		return 0;
+		return NULL;
 	}
 
 	/*
@@ -114,9 +120,9 @@ struct spwd *sgetspent (const char *string)
 
 	if (fields[4][0] == '\0') {
 		spwd.sp_max = -1;
-	} else if (   (getlong (fields[4], &spwd.sp_max) == 0)
+	} else if (   (str2sl(&spwd.sp_max, fields[4]) == -1)
 	           || (spwd.sp_max < 0)) {
-		return 0;
+		return NULL;
 	}
 
 	/*
@@ -139,9 +145,9 @@ struct spwd *sgetspent (const char *string)
 
 	if (fields[5][0] == '\0') {
 		spwd.sp_warn = -1;
-	} else if (   (getlong (fields[5], &spwd.sp_warn) == 0)
+	} else if (   (str2sl(&spwd.sp_warn, fields[5]) == -1)
 	           || (spwd.sp_warn < 0)) {
-		return 0;
+		return NULL;
 	}
 
 	/*
@@ -151,9 +157,9 @@ struct spwd *sgetspent (const char *string)
 
 	if (fields[6][0] == '\0') {
 		spwd.sp_inact = -1;
-	} else if (   (getlong (fields[6], &spwd.sp_inact) == 0)
+	} else if (   (str2sl(&spwd.sp_inact, fields[6]) == -1)
 	           || (spwd.sp_inact < 0)) {
-		return 0;
+		return NULL;
 	}
 
 	/*
@@ -163,9 +169,9 @@ struct spwd *sgetspent (const char *string)
 
 	if (fields[7][0] == '\0') {
 		spwd.sp_expire = -1;
-	} else if (   (getlong (fields[7], &spwd.sp_expire) == 0)
+	} else if (   (str2sl(&spwd.sp_expire, fields[7]) == -1)
 	           || (spwd.sp_expire < 0)) {
-		return 0;
+		return NULL;
 	}
 
 	/*
@@ -175,13 +181,12 @@ struct spwd *sgetspent (const char *string)
 
 	if (fields[8][0] == '\0') {
 		spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
-	} else if (getulong (fields[8], &spwd.sp_flag) == 0) {
-		return 0;
+	} else if (str2ul(&spwd.sp_flag, fields[8]) == -1) {
+		return NULL;
 	}
 
 	return (&spwd);
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
-
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index 871749b..0297df4 100644
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -14,10 +14,12 @@
 
 #ident "$Id$"
 
+#include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "commonio.h"
 #include "getdef.h"
+#include "memzero.h"
 #include "sgroupio.h"
 
 /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent)
@@ -25,13 +27,12 @@
 	struct sgrp *sg;
 	int i;
 
-	sg = (struct sgrp *) malloc (sizeof *sg);
+	sg = CALLOC (1, struct sgrp);
 	if (NULL == sg) {
 		return NULL;
 	}
 	/* Do the same as the other _dup function, even if we know the
 	 * structure. */
-	memset (sg, 0, sizeof *sg);
 	/*@-mustfreeonly@*/
 	sg->sg_name = strdup (sgent->sg_name);
 	/*@=mustfreeonly@*/
@@ -50,7 +51,7 @@
 
 	for (i = 0; NULL != sgent->sg_adm[i]; i++);
 	/*@-mustfreeonly@*/
-	sg->sg_adm = (char **) malloc ((i + 1) * sizeof (char *));
+	sg->sg_adm = MALLOC(i + 1, char *);
 	/*@=mustfreeonly@*/
 	if (NULL == sg->sg_adm) {
 		free (sg->sg_passwd);
@@ -75,7 +76,7 @@
 
 	for (i = 0; NULL != sgent->sg_mem[i]; i++);
 	/*@-mustfreeonly@*/
-	sg->sg_mem = (char **) malloc ((i + 1) * sizeof (char *));
+	sg->sg_mem = MALLOC(i + 1, char *);
 	/*@=mustfreeonly@*/
 	if (NULL == sg->sg_mem) {
 		for (i = 0; NULL != sg->sg_adm[i]; i++) {
@@ -116,14 +117,16 @@ static /*@null@*/ /*@only@*/void *gshadow_dup (const void *ent)
 	return __sgr_dup (sg);
 }
 
-static void gshadow_free (/*@out@*/ /*@only@*/void *ent)
+static void
+gshadow_free(/*@only@*/void *ent)
 {
 	struct sgrp *sg = ent;
 
 	sgr_free (sg);
 }
 
-void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent)
+void
+sgr_free(/*@only@*/struct sgrp *sgent)
 {
 	size_t i;
 	free (sgent->sg_name);
@@ -151,7 +154,7 @@ static const char *gshadow_getname (const void *ent)
 
 static void *gshadow_parse (const char *line)
 {
-	return (void *) sgetsgent (line);
+	return sgetsgent (line);
 }
 
 static int gshadow_put (const void *ent, FILE * file)
@@ -253,7 +256,7 @@ int sgr_open (int mode)
 
 int sgr_update (const struct sgrp *sg)
 {
-	return commonio_update (&gshadow_db, (const void *) sg);
+	return commonio_update (&gshadow_db, sg);
 }
 
 int sgr_remove (const char *name)
@@ -302,5 +305,5 @@ int sgr_sort ()
 	return commonio_sort_wrt (&gshadow_db, __gr_get_db ());
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
diff --git a/lib/shadow.c b/lib/shadow.c
index b628b65..f17d09e 100644
--- a/lib/shadow.c
+++ b/lib/shadow.c
@@ -18,54 +18,15 @@
 #include "prototypes.h"
 #include "defines.h"
 #include <stdio.h>
-#ifdef	USE_NIS
-static bool nis_used;
-static bool nis_ignore;
-static enum { native, start, middle, native2 } nis_state;
-static bool nis_bound;
-static char *nis_domain;
-static char *nis_key;
-static int nis_keylen;
-static char *nis_val;
-static int nis_vallen;
-
-#define	IS_NISCHAR(c) ((c)=='+')
-#endif
+
+#include "atoi/str2i.h"
+
 
 static FILE *shadow;
 
 #define	FIELDS	9
 #define	OFIELDS	5
 
-#ifdef	USE_NIS
-
-/*
- * __setspNIS - turn on or off NIS searches
- */
-
-void __setspNIS (bool flag)
-{
-	nis_ignore = !flag;
-
-	if (nis_ignore) {
-		nis_used = false;
-	}
-}
-
-/*
- * bind_nis - bind to NIS server
- */
-
-static int bind_nis (void)
-{
-	if (yp_get_default_domain (&nis_domain)) {
-		return -1;
-	}
-
-	nis_bound = true;
-	return 0;
-}
-#endif
 
 /*
  * setspent - initialize access to shadow text and DBM files
@@ -78,10 +39,6 @@ void setspent (void)
 	}else {
 		shadow = fopen (SHADOW_FILE, "r");
 	}
-
-#ifdef	USE_NIS
-	nis_state = native;
-#endif
 }
 
 /*
@@ -94,7 +51,7 @@ void endspent (void)
 		(void) fclose (shadow);
 	}
 
-	shadow = (FILE *) 0;
+	shadow = NULL;
 }
 
 /*
@@ -150,11 +107,6 @@ static struct spwd *my_sgetspent (const char *string)
 	 */
 
 	spwd.sp_namp = fields[0];
-#ifdef	USE_NIS
-	if (IS_NISCHAR (fields[0][0])) {
-		nis_used = true;
-	}
-#endif
 	spwd.sp_pwdp = fields[1];
 
 	/*
@@ -166,16 +118,10 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[2][0] == '\0') {
 		spwd.sp_lstchg = -1;
 	} else {
-		if (getlong (fields[2], &spwd.sp_lstchg) == 0) {
-#ifdef	USE_NIS
-			if (nis_used) {
-				spwd.sp_lstchg = -1;
-			} else
-#endif
-				return 0;
-		} else if (spwd.sp_lstchg < 0) {
+		if (str2sl(&spwd.sp_lstchg, fields[2]) == -1)
+			return 0;
+		if (spwd.sp_lstchg < 0)
 			return 0;
-		}
 	}
 
 	/*
@@ -185,18 +131,10 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[3][0] == '\0') {
 		spwd.sp_min = -1;
 	} else {
-		if (getlong (fields[3], &spwd.sp_min) == 0) {
-#ifdef	USE_NIS
-			if (nis_used) {
-				spwd.sp_min = -1;
-			} else
-#endif
-			{
-				return 0;
-			}
-		} else if (spwd.sp_min < 0) {
+		if (str2sl(&spwd.sp_min, fields[3]) == -1)
+			return 0;
+		if (spwd.sp_min < 0)
 			return 0;
-		}
 	}
 
 	/*
@@ -206,16 +144,10 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[4][0] == '\0') {
 		spwd.sp_max = -1;
 	} else {
-		if (getlong (fields[4], &spwd.sp_max) == 0) {
-#ifdef	USE_NIS
-			if (nis_used) {
-				spwd.sp_max = -1;
-			} else
-#endif
-				return 0;
-		} else if (spwd.sp_max < 0) {
+		if (str2sl(&spwd.sp_max, fields[4]) == -1)
+			return 0;
+		if (spwd.sp_max < 0)
 			return 0;
-		}
 	}
 
 	/*
@@ -239,18 +171,10 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[5][0] == '\0') {
 		spwd.sp_warn = -1;
 	} else {
-		if (getlong (fields[5], &spwd.sp_warn) == 0) {
-#ifdef	USE_NIS
-			if (nis_used) {
-				spwd.sp_warn = -1;
-			} else
-#endif
-			{
-				return 0;
-			}
-		} else if (spwd.sp_warn < 0) {
+		if (str2sl(&spwd.sp_warn, fields[5]) == -1)
+			return 0;
+		if (spwd.sp_warn < 0)
 			return 0;
-		}
 	}
 
 	/*
@@ -261,18 +185,10 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[6][0] == '\0') {
 		spwd.sp_inact = -1;
 	} else {
-		if (getlong (fields[6], &spwd.sp_inact) == 0) {
-#ifdef	USE_NIS
-			if (nis_used) {
-				spwd.sp_inact = -1;
-			} else
-#endif
-			{
-				return 0;
-			}
-		} else if (spwd.sp_inact < 0) {
+		if (str2sl(&spwd.sp_inact, fields[6]) == -1)
+			return 0;
+		if (spwd.sp_inact < 0)
 			return 0;
-		}
 	}
 
 	/*
@@ -283,18 +199,10 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[7][0] == '\0') {
 		spwd.sp_expire = -1;
 	} else {
-		if (getlong (fields[7], &spwd.sp_expire) == 0) {
-#ifdef	USE_NIS
-			if (nis_used) {
-				spwd.sp_expire = -1;
-			} else
-#endif
-			{
-				return 0;
-			}
-		} else if (spwd.sp_expire < 0) {
+		if (str2sl(&spwd.sp_expire, fields[7]) == -1)
+			return 0;
+		if (spwd.sp_expire < 0)
 			return 0;
-		}
 	}
 
 	/*
@@ -305,18 +213,10 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[8][0] == '\0') {
 		spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
 	} else {
-		if (getulong (fields[8], &spwd.sp_flag) == 0) {
-#ifdef	USE_NIS
-			if (nis_used) {
-				spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
-			} else
-#endif
-			{
-				return 0;
-			}
-		} else if (spwd.sp_flag < 0) {
+		if (str2ul(&spwd.sp_flag, fields[8]) == -1)
+			return 0;
+		if (spwd.sp_flag < 0)
 			return 0;
-		}
 	}
 
 	return (&spwd);
@@ -335,21 +235,12 @@ struct spwd *fgetspent (FILE * fp)
 		return (0);
 	}
 
-#ifdef	USE_NIS
-	while (fgets (buf, (int) sizeof buf, fp) != (char *) 0)
-#else
-	if (fgets (buf, (int) sizeof buf, fp) != (char *) 0)
-#endif
+	if (fgets (buf, sizeof buf, fp) != NULL)
 	{
 		cp = strchr (buf, '\n');
 		if (NULL != cp) {
 			*cp = '\0';
 		}
-#ifdef	USE_NIS
-		if (nis_ignore && IS_NISCHAR (buf[0])) {
-			continue;
-		}
-#endif
 		return my_sgetspent (buf);
 	}
 	return 0;
@@ -361,92 +252,10 @@ struct spwd *fgetspent (FILE * fp)
 
 struct spwd *getspent (void)
 {
-#ifdef	USE_NIS
-	int nis_1_user = 0;
-	struct spwd *val;
-#endif
 	if (NULL == shadow) {
 		setspent ();
 	}
-
-#ifdef	USE_NIS
-      again:
-	/*
-	 * See if we are reading from the local file.
-	 */
-
-	if (nis_state == native || nis_state == native2) {
-
-		/*
-		 * Get the next entry from the shadow file.  Return NULL
-		 * right away if there is none.
-		 */
-
-		val = fgetspent (shadow);
-		if (NULL == val)
-			return 0;
-
-		/*
-		 * If this entry began with a NIS escape character, we have
-		 * to see if this is just a single user, or if the entire
-		 * map is being asked for.
-		 */
-
-		if (IS_NISCHAR (val->sp_namp[0])) {
-			if (val->sp_namp[1])
-				nis_1_user = 1;
-			else
-				nis_state = start;
-		}
-
-		/*
-		 * If this isn't a NIS user and this isn't an escape to go
-		 * use a NIS map, it must be a regular local user.
-		 */
-
-		if (nis_1_user == 0 && nis_state != start)
-			return val;
-
-		/*
-		 * If this is an escape to use an NIS map, switch over to
-		 * that bunch of code.
-		 */
-
-		if (nis_state == start)
-			goto again;
-
-		/*
-		 * NEEDSWORK.  Here we substitute pieces-parts of this entry.
-		 */
-
-		return 0;
-	} else {
-		if (!nis_bound) {
-			if (bind_nis ()) {
-				nis_state = native2;
-				goto again;
-			}
-		}
-		if (nis_state == start) {
-			if (yp_first (nis_domain, "shadow.bynam", &nis_key,
-			              &nis_keylen, &nis_val, &nis_vallen)) {
-				nis_state = native2;
-				goto again;
-			}
-			nis_state = middle;
-		} else if (nis_state == middle) {
-			if (yp_next (nis_domain, "shadow.bynam", nis_key,
-			             nis_keylen, &nis_key, &nis_keylen,
-			             &nis_val, &nis_vallen)) {
-				nis_state = native2;
-				goto again;
-			}
-		}
-		return my_sgetspent (nis_val);
-	}
-#else
 	return (fgetspent (shadow));
-#endif
 }
 
 /*
@@ -457,74 +266,16 @@ struct spwd *getspnam (const char *name)
 {
 	struct spwd *sp;
 
-#ifdef	USE_NIS
-	static char save_name[16];
-	bool nis_disabled = false;
-#endif
-
 	setspent ();
 
-#ifdef	USE_NIS
-	/*
-	 * Search the shadow.byname map for this user.
-	 */
-
-	if (!nis_ignore && !nis_bound) {
-		bind_nis ();
-	}
-
-	if (!nis_ignore && nis_bound) {
-		char *cp;
-
-		if (yp_match (nis_domain, "shadow.byname", name,
-		              strlen (name), &nis_val, &nis_vallen) == 0) {
-
-			cp = strchr (nis_val, '\n');
-			if (NULL != cp) {
-				*cp = '\0';
-			}
-
-			nis_state = middle;
-			sp = my_sgetspent (nis_val);
-			if (NULL != sp) {
-				strcpy (save_name, sp->sp_namp);
-				nis_key = save_name;
-				nis_keylen = strlen (save_name);
-			}
-			endspent ();
-			return sp;
-		} else {
-			nis_state = native2;
-		}
-	}
-#endif
-#ifdef	USE_NIS
-	/*
-	 * NEEDSWORK -- this is a mess, and it is the same mess in the
-	 * other three files.  I can't just blindly turn off NIS because
-	 * this might be the first pass through the local files.  In
-	 * that case, I never discover that NIS is present.
-	 */
-
-	if (nis_used) {
-		nis_ignore = true;
-		nis_disabled = true;
-	}
-#endif
-	while ((sp = getspent ()) != (struct spwd *) 0) {
+	while ((sp = getspent ()) != NULL) {
 		if (strcmp (name, sp->sp_namp) == 0) {
 			break;
 		}
 	}
-#ifdef	USE_NIS
-	if (nis_disabled) {
-		nis_ignore = false;
-	}
-#endif
 	endspent ();
 	return (sp);
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
-
diff --git a/lib/shadowio.c b/lib/shadowio.c
index 683b6c8..d2c3b47 100644
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -31,7 +31,8 @@ static /*@null@*/ /*@only@*/void *shadow_dup (const void *ent)
 	return __spw_dup (sp);
 }
 
-static void shadow_free (/*@out@*//*@only@*/void *ent)
+static void
+shadow_free(/*@only@*/void *ent)
 {
 	struct spwd *sp = ent;
 
@@ -47,7 +48,7 @@ static const char *shadow_getname (const void *ent)
 
 static void *shadow_parse (const char *line)
 {
-	return (void *) sgetspent (line);
+	return sgetspent (line);
 }
 
 static int shadow_put (const void *ent, FILE * file)
@@ -164,7 +165,7 @@ int spw_open (int mode)
 
 int spw_update (const struct spwd *sp)
 {
-	return commonio_update (&shadow_db, (const void *) sp);
+	return commonio_update (&shadow_db, sp);
 }
 
 int spw_remove (const char *name)
diff --git a/lib/shadowlog_internal.h b/lib/shadowlog_internal.h
index 72a0e0c..f972a3c 100644
--- a/lib/shadowlog_internal.h
+++ b/lib/shadowlog_internal.h
@@ -2,6 +2,6 @@
 #define _SHADOWLOG_INTERNAL_H
 
 extern const char *shadow_progname; /* Program name showed in error messages */
-extern FILE *shadow_logfd;  /* file descripter to which error messages are printed */
+extern FILE *shadow_logfd;  /* file descriptor to which error messages are printed */
 
 #endif /* _SHADOWLOG_INTERNAL_H */
diff --git a/lib/shadowmem.c b/lib/shadowmem.c
index 82f99e7..9d8f193 100644
--- a/lib/shadowmem.c
+++ b/lib/shadowmem.c
@@ -16,18 +16,20 @@
 #include "defines.h"
 #include <shadow.h>
 #include <stdio.h>
+
+#include "alloc.h"
+#include "memzero.h"
 #include "shadowio.h"
 
 /*@null@*/ /*@only@*/struct spwd *__spw_dup (const struct spwd *spent)
 {
 	struct spwd *sp;
 
-	sp = (struct spwd *) malloc (sizeof *sp);
+	sp = CALLOC (1, struct spwd);
 	if (NULL == sp) {
 		return NULL;
 	}
 	/* The libc might define other fields. They won't be copied. */
-	memset (sp, 0, sizeof *sp);
 	sp->sp_lstchg = spent->sp_lstchg;
 	sp->sp_min    = spent->sp_min;
 	sp->sp_max    = spent->sp_max;
@@ -54,7 +56,8 @@
 	return sp;
 }
 
-void spw_free (/*@out@*/ /*@only@*/struct spwd *spent)
+void
+spw_free(/*@only@*/struct spwd *spent)
 {
 	if (spent != NULL) {
 		free (spent->sp_namp);
diff --git a/libmisc/shell.c b/lib/shell.c
index 7c67500..25ef3e3 100644
--- a/libmisc/shell.c
+++ b/lib/shell.c
@@ -15,6 +15,9 @@
 #include <errno.h>
 #include "prototypes.h"
 #include "defines.h"
+#include "string/sprintf.h"
+
+
 extern char **newenvp;
 extern size_t newenvc;
 
@@ -30,10 +33,10 @@ extern size_t newenvc;
 
 int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 {
-	char arg0[1024];
-	int err;
+	int   err;
+	char  arg0[1024];
 
-	if (file == (char *) 0) {
+	if (file == NULL) {
 		errno = EINVAL;
 		return errno;
 	}
@@ -44,9 +47,8 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 	 * that.  So, we determine the 0'th entry only if they
 	 * don't want to tell us what it is themselves.
 	 */
-	if (arg == (char *) 0) {
-		(void) snprintf (arg0, sizeof arg0, "-%s", Basename (file));
-		arg0[sizeof arg0 - 1] = '\0';
+	if (arg == NULL) {
+		SNPRINTF(arg0, "-%s", Basename(file));
 		arg = arg0;
 	}
 
@@ -55,7 +57,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 	 * able to figure out what we are up to without too much
 	 * grief.
 	 */
-	(void) execle (file, arg, (char *) 0, envp);
+	(void) execle (file, arg, (char *) NULL, envp);
 	err = errno;
 
 	if (access (file, R_OK|X_OK) == 0) {
@@ -63,7 +65,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 		 * Assume this is a shell script (with no shebang).
 		 * Interpret it with /bin/sh
 		 */
-		(void) execle (SHELL, "sh", "-", file, (char *)0, envp);
+		(void) execle (SHELL, "sh", "-", file, (char *) NULL, envp);
 		err = errno;
 	}
 
@@ -72,7 +74,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 	 * how to execute this stupid shell, so I might as well give
 	 * up in disgust ...
 	 */
-	(void) snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file);
+	SNPRINTF(arg0, _("Cannot execute %s"), file);
 	errno = err;
 	perror (arg0);
 	return err;
diff --git a/lib/sizeof.h b/lib/sizeof.h
new file mode 100644
index 0000000..6847068
--- /dev/null
+++ b/lib/sizeof.h
@@ -0,0 +1,25 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIBMISC_SIZEOF_H_
+#define SHADOW_INCLUDE_LIBMISC_SIZEOF_H_
+
+
+#include <config.h>
+
+#include <limits.h>
+
+#include "must_be.h"
+
+
+#define memberof(T, member)  ((T){}.member)
+#define WIDTHOF(x)           (sizeof(x) * CHAR_BIT)
+#define SIZEOF_ARRAY(a)      (sizeof(a) + must_be_array(a))
+#define NITEMS(a)            (SIZEOF_ARRAY((a)) / sizeof((a)[0]))
+#define STRLEN(s)            (NITEMS(s) - 1)
+
+
+#endif  // include guard
diff --git a/lib/spawn.c b/lib/spawn.c
index ce1a97d..57a4121 100644
--- a/lib/spawn.c
+++ b/lib/spawn.c
@@ -17,8 +17,9 @@
 
 #include "shadowlog_internal.h"
 
-int run_command (const char *cmd, const char *argv[],
-                 /*@null@*/const char *envp[], /*@out@*/int *status)
+int
+run_command(const char *cmd, const char *argv[],
+            /*@null@*/const char *envp[], int *restrict status)
 {
 	pid_t pid, wpid;
 
diff --git a/lib/sssd.c b/lib/sssd.c
index 786ccd6..fadb378 100644
--- a/lib/sssd.c
+++ b/lib/sssd.c
@@ -4,8 +4,11 @@
 #ifdef USE_SSSD
 
 #include <stdio.h>
+#include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/types.h>
+
+#include "alloc.h"
 #include "exitcodes.h"
 #include "defines.h"
 #include "prototypes.h"
@@ -19,12 +22,17 @@ int sssd_flush_cache (int dbflags)
 {
 	int status, code, rv;
 	const char *cmd = "/usr/sbin/sss_cache";
+	struct stat sb;
 	char *sss_cache_args = NULL;
 	const char *spawnedArgs[] = {"sss_cache", NULL, NULL};
 	const char *spawnedEnv[] = {NULL};
 	int i = 0;
 
-	sss_cache_args = malloc(4);
+	rv = stat(cmd, &sb);
+	if (rv == -1 && errno == ENOENT)
+		return 0;
+
+	sss_cache_args = MALLOC(4, char);
 	if (sss_cache_args == NULL) {
 	    return -1;
 	}
@@ -70,6 +78,6 @@ int sssd_flush_cache (int dbflags)
 	return 0;
 }
 #else				/* USE_SSSD */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* USE_SSSD */
 
diff --git a/lib/string/sprintf.c b/lib/string/sprintf.c
new file mode 100644
index 0000000..cf3c210
--- /dev/null
+++ b/lib/string/sprintf.c
@@ -0,0 +1,24 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include "string/sprintf.h"
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+
+
+extern inline int xasprintf(char **restrict s, const char *restrict fmt, ...);
+extern inline int xvasprintf(char **restrict s, const char *restrict fmt,
+    va_list ap);
+
+extern inline int snprintf_(char *restrict s, size_t size,
+    const char *restrict fmt, ...);
+extern inline int vsnprintf_(char *restrict s, size_t size,
+    const char *restrict fmt, va_list ap);
diff --git a/lib/string/sprintf.h b/lib/string/sprintf.h
new file mode 100644
index 0000000..7485369
--- /dev/null
+++ b/lib/string/sprintf.h
@@ -0,0 +1,97 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_SPRINTF_H_
+#define SHADOW_INCLUDE_LIB_SPRINTF_H_
+
+
+#include <config.h>
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#include "attr.h"
+#include "defines.h"
+#include "sizeof.h"
+
+
+#define SNPRINTF(s, fmt, ...)                                                 \
+	snprintf_(s, NITEMS(s), fmt __VA_OPT__(,) __VA_ARGS__)
+
+
+format_attr(printf, 2, 3)
+inline int xasprintf(char **restrict s, const char *restrict fmt, ...);
+format_attr(printf, 2, 0)
+inline int xvasprintf(char **restrict s, const char *restrict fmt, va_list ap);
+
+format_attr(printf, 3, 4)
+inline int snprintf_(char *restrict s, size_t size, const char *restrict fmt,
+    ...);
+format_attr(printf, 3, 0)
+inline int vsnprintf_(char *restrict s, size_t size, const char *restrict fmt,
+    va_list ap);
+
+
+inline int
+xasprintf(char **restrict s, const char *restrict fmt, ...)
+{
+	int      len;
+	va_list  ap;
+
+	va_start(ap, fmt);
+	len = xvasprintf(s, fmt, ap);
+	va_end(ap);
+
+	return len;
+}
+
+
+inline int
+xvasprintf(char **restrict s, const char *restrict fmt, va_list ap)
+{
+	int  len;
+
+	len = vasprintf(s, fmt, ap);
+	if (len == -1) {
+		perror("asprintf");
+		exit(EXIT_FAILURE);
+	}
+
+	return len;
+}
+
+
+inline int
+snprintf_(char *restrict s, size_t size, const char *restrict fmt, ...)
+{
+	int      len;
+	va_list  ap;
+
+	va_start(ap, fmt);
+	len = vsnprintf_(s, size, fmt, ap);
+	va_end(ap);
+
+	return len;
+}
+
+
+inline int
+vsnprintf_(char *restrict s, size_t size, const char *restrict fmt, va_list ap)
+{
+	int  len;
+
+	len = vsnprintf(s, size, fmt, ap);
+	if (len == -1)
+		return -1;
+	if ((size_t) len >= size)
+		return -1;
+
+	return len;
+}
+
+
+#endif  // include guard
diff --git a/lib/string/stpecpy.c b/lib/string/stpecpy.c
new file mode 100644
index 0000000..9759388
--- /dev/null
+++ b/lib/string/stpecpy.c
@@ -0,0 +1,20 @@
+/*
+ * SPDX-FileCopyrightText:  2022 - 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#if !defined(HAVE_STPECPY)
+
+#ident "$Id$"
+
+#include "string/stpecpy.h"
+
+
+extern inline char *stpecpy(char *dst, char *end, const char *restrict src);
+
+
+#endif  // !HAVE_STPECPY
diff --git a/lib/string/stpecpy.h b/lib/string/stpecpy.h
new file mode 100644
index 0000000..2324baa
--- /dev/null
+++ b/lib/string/stpecpy.h
@@ -0,0 +1,90 @@
+/*
+ * SPDX-FileCopyrightText:  2022 - 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_STPECPY_H_
+#define SHADOW_INCLUDE_LIB_STPECPY_H_
+
+
+#include <config.h>
+
+#if !defined(HAVE_STPECPY)
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "attr.h"
+
+
+ATTR_STRING(3)
+inline char *stpecpy(char *dst, char *end, const char *restrict src);
+
+
+/*
+ * SYNOPSIS
+ *	[[gnu::null_terminated_string_arg(3)]]
+ *	char *_Nullable stpecpy(char *_Nullable dst, char end[0],
+ *	                        const char *restrict src);
+ *
+ * ARGUMENTS
+ *	dst	Destination buffer where to copy a string.
+ *
+ *	end	Pointer to one after the last element of the buffer
+ *		pointed to by `dst`.  Usually, it should be calculated
+ *		as `dst + NITEMS(dst)`.
+ *
+ *	src	Source string to be copied into dst.
+ *
+ * DESCRIPTION
+ *	This function copies the string pointed to by src, into a string
+ *	at the buffer pointed to by dst.  If the destination buffer,
+ *	limited by a pointer to its end --one after its last element--,
+ *	isn't large enough to hold the copy, the resulting string is
+ *	truncated.
+ *
+ *	This function can be chained with calls to [v]stpeprintf().
+ *
+ * RETURN VALUE
+ *	dst + strlen(dst)
+ *		•  On success, this function returns a pointer to the
+ *		   terminating NUL byte.
+ *
+ *	end
+ *		•  If this call truncated the resulting string.
+ *		•  If `dst == end` (a previous chained call to these
+ *		   functions truncated).
+ *	NULL
+ *		•  If `dst == NULL` (a previous chained call to
+ *		   [v]stpeprintf() failed).
+ *
+ * ERRORS
+ *	This function doesn't set errno.
+ */
+
+
+inline char *
+stpecpy(char *dst, char *end, const char *restrict src)
+{
+	bool    trunc;
+	size_t  dsize, dlen, slen;
+
+	if (dst == end)
+		return end;
+	if (dst == NULL)
+		return NULL;
+
+	dsize = end - dst;
+	slen = strnlen(src, dsize);
+	trunc = (slen == dsize);
+	dlen = slen - trunc;
+
+	return stpcpy(mempcpy(dst, src, dlen), "") + trunc;
+}
+
+
+#endif  // !HAVE_STPECPY
+#endif  // include guard
diff --git a/lib/string/stpeprintf.c b/lib/string/stpeprintf.c
new file mode 100644
index 0000000..cecd95d
--- /dev/null
+++ b/lib/string/stpeprintf.c
@@ -0,0 +1,25 @@
+/*
+ * SPDX-FileCopyrightText:  2022 - 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#if !defined(HAVE_STPEPRINTF)
+
+#ident "$Id$"
+
+#include "string/stpeprintf.h"
+
+#include <stdarg.h>
+
+
+extern inline char *stpeprintf(char *dst, char *end, const char *restrict fmt,
+    ...);
+extern inline char *vstpeprintf(char *dst, char *end, const char *restrict fmt,
+    va_list ap);
+
+
+#endif  // !HAVE_STPEPRINTF
diff --git a/lib/string/stpeprintf.h b/lib/string/stpeprintf.h
new file mode 100644
index 0000000..14ee7b6
--- /dev/null
+++ b/lib/string/stpeprintf.h
@@ -0,0 +1,120 @@
+/*
+ * SPDX-FileCopyrightText:  2022 - 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_STPEPRINTF_H_
+#define SHADOW_INCLUDE_LIB_STPEPRINTF_H_
+
+
+#include <config.h>
+
+#if !defined(HAVE_STPEPRINTF)
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#include "attr.h"
+#include "defines.h"
+
+
+format_attr(printf, 3, 4)
+inline char *stpeprintf(char *dst, char *end, const char *restrict fmt, ...);
+
+format_attr(printf, 3, 0)
+inline char *vstpeprintf(char *dst, char *end, const char *restrict fmt,
+    va_list ap);
+
+
+/*
+ * SYNOPSIS
+ *	[[gnu::format(printf, 3, 4)]]
+ *	char *_Nullable stpeprintf(char *_Nullable dst, char end[0],
+ *	                           const char *restrict fmt, ...);
+ *
+ *	[[gnu::format(printf, 3, 0)]]
+ *	char *_Nullable vstpeprintf(char *_Nullable dst, char end[0],
+ *	                           const char *restrict fmt, va_list ap);
+ *
+ *
+ * ARGUMENTS
+ *	dst	Destination buffer where to write a string.
+ *
+ *	end	Pointer to one after the last element of the buffer
+ *		pointed to by `dst`.  Usually, it should be calculated
+ *		as `dst + NITEMS(dst)`.
+ *
+ *	fmt	Format string
+ *
+ *	...
+ *	ap	Variadic argument list
+ *
+ * DESCRIPTION
+ *	These functions are very similar to [v]snprintf(3).
+ *
+ *	The destination buffer is limited by a pointer to its end --one
+ *	after its last element-- instead of a size.  This allows
+ *	chaining calls to it safely, unlike [v]snprintf(3), which is
+ *	difficult to chain without invoking Undefined Behavior.
+ *
+ * RETURN VALUE
+ *	dst + strlen(dst)
+ *		•  On success, these functions return a pointer to the
+ *		   terminating NUL byte.
+ *
+ *	end
+ *		•  If this call truncated the resulting string.
+ *		•  If `dst == end` (a previous chained call to these
+ *		   functions truncated).
+ *	NULL
+ *		•  If this function failed (see ERRORS).
+ *		•  If `dst == NULL` (a previous chained call to these
+ *		   functions failed).
+ *
+ * ERRORS
+ *	These functions may fail for the same reasons as vsnprintf(3).
+ */
+
+
+inline char *
+stpeprintf(char *dst, char *end, const char *restrict fmt, ...)
+{
+	char     *p;
+	va_list  ap;
+
+	va_start(ap, fmt);
+	p = vstpeprintf(dst, end, fmt, ap);
+	va_end(ap);
+
+	return p;
+}
+
+
+inline char *
+vstpeprintf(char *dst, char *end, const char *restrict fmt, va_list ap)
+{
+	int        len;
+	ptrdiff_t  size;
+
+	if (dst == end)
+		return end;
+	if (dst == NULL)
+		return NULL;
+
+	size = end - dst;
+	len = vsnprintf(dst, size, fmt, ap);
+
+	if (len == -1)
+		return NULL;
+	if (len >= size)
+		return end;
+
+	return dst + len;
+}
+
+
+#endif  // !HAVE_STPEPRINTF
+#endif  // include guard
diff --git a/lib/string/strftime.c b/lib/string/strftime.c
new file mode 100644
index 0000000..ea1deb3
--- /dev/null
+++ b/lib/string/strftime.c
@@ -0,0 +1,7 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "strftime.h"
diff --git a/lib/string/strftime.h b/lib/string/strftime.h
new file mode 100644
index 0000000..bebb31a
--- /dev/null
+++ b/lib/string/strftime.h
@@ -0,0 +1,19 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_STRFTIME_H_
+#define SHADOW_INCLUDE_LIB_STRFTIME_H_
+
+
+#include <config.h>
+
+#include <time.h>
+
+#include "sizeof.h"
+
+
+#define STRFTIME(dst, fmt, ...)  strftime(dst, NITEMS(dst), fmt, __VA_ARGS__)
+
+
+#endif  // include guard
diff --git a/lib/string/strncpy.h b/lib/string/strncpy.h
new file mode 100644
index 0000000..fc6fcc9
--- /dev/null
+++ b/lib/string/strncpy.h
@@ -0,0 +1,21 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_STRNCPY_H_
+#define SHADOW_INCLUDE_LIB_STRNCPY_H_
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include "sizeof.h"
+
+
+#define STRNCPY(dst, src)  strncpy(dst, src, NITEMS(dst))
+
+
+#endif  // include guard
diff --git a/lib/string/strtcpy.c b/lib/string/strtcpy.c
new file mode 100644
index 0000000..74de4fc
--- /dev/null
+++ b/lib/string/strtcpy.c
@@ -0,0 +1,18 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <sys/types.h>
+
+#ident "$Id$"
+
+#include "string/strtcpy.h"
+
+
+extern inline ssize_t strtcpy(char *restrict dst, const char *restrict src,
+    size_t dsize);
diff --git a/lib/string/strtcpy.h b/lib/string/strtcpy.h
new file mode 100644
index 0000000..4ff6e11
--- /dev/null
+++ b/lib/string/strtcpy.h
@@ -0,0 +1,80 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_STRTCPY_H_
+#define SHADOW_INCLUDE_LIB_STRTCPY_H_
+
+
+#include <config.h>
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <string.h>
+#include <sys/types.h>
+
+#include "attr.h"
+#include "defines.h"
+#include "sizeof.h"
+
+
+/*
+ * SYNOPSIS
+ *	[[gnu::null_terminated_string_arg(2)]]
+ *	int STRTCPY(char dst[restrict], const char *restrict src);
+ *
+ * ARGUMENTS
+ *	dst	Destination buffer where to copy a string.
+ *	src	Source string to be copied into dst.
+ *
+ * DESCRIPTION
+ *	This macro copies the string pointed to by src, into a string
+ *	at the buffer pointed to by dst.  If the destination buffer,
+ *	isn't large enough to hold the copy, the resulting string is
+ *	truncated.  The size of the buffer is calculated internally via
+ *	NITEMS().
+ *
+ * RETURN VALUE
+ *	-1	If this call truncated the resulting string.
+ *
+ *	strlen(dst)
+ *		On success.
+ *
+ * ERRORS
+ *	This function doesn't set errno.
+ */
+
+
+#define STRTCPY(dst, src)  strtcpy(dst, src, NITEMS(dst))
+
+
+ATTR_STRING(2)
+inline ssize_t strtcpy(char *restrict dst, const char *restrict src,
+    size_t dsize);
+
+
+inline ssize_t
+strtcpy(char *restrict dst, const char *restrict src, size_t dsize)
+{
+	bool    trunc;
+	size_t  dlen, slen;
+
+	if (dsize == 0)
+		return -1;
+
+	slen = strnlen(src, dsize);
+	trunc = (slen == dsize);
+	dlen = slen - trunc;
+
+	stpcpy(mempcpy(dst, src, dlen), "");
+
+	if (trunc)
+		return -1;
+
+	return slen;
+}
+
+
+#endif  // include guard
diff --git a/lib/string/zustr2stp.h b/lib/string/zustr2stp.h
new file mode 100644
index 0000000..152102b
--- /dev/null
+++ b/lib/string/zustr2stp.h
@@ -0,0 +1,58 @@
+// SPDX-FileCopyrightText: 2022-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_STRING_ZUSTR2STP_H_
+#define SHADOW_INCLUDE_LIB_STRING_ZUSTR2STP_H_
+
+
+#include <config.h>
+
+#include <assert.h>
+#include <string.h>
+
+#include "must_be.h"
+#include "sizeof.h"
+
+
+/*
+ * SYNOPSIS
+ *	char *ZUSTR2STP(char *restrict dst, const char src[restrict]);
+ *
+ * ARGUMENTS
+ *	dst	Destination buffer.
+ *	src	Source null-padded character sequence.
+ *
+ * DESCRIPTION
+ *	This macro copies at most NITEMS(src) non-null bytes from the
+ *	array pointed to by src, followed by a null character, to the
+ *	buffer pointed to by dst.
+ *
+ * RETURN VALUE
+ *	dst + strlen(dst)
+ *		This function returns a pointer to the terminating NUL
+ *		byte.
+ *
+ * CAVEATS
+ *	This function doesn't know the size of the destination buffer.
+ *	It assumes it will always be large enough.  Since the size of
+ *	the source buffer is known to the caller, it should make sure to
+ *	allocate a destination buffer of at least `NITEMS(src) + 1`.
+ *
+ * EXAMPLES
+ *	char  hostname[NITEMS(utmp->ut_host) + 1];
+ *
+ *	len = ZUSTR2STP(hostname, utmp->ut_host) - hostname;
+ *	puts(hostname);
+ */
+
+
+#define ZUSTR2STP(dst, src)                                                   \
+({                                                                            \
+	static_assert(!is_array(dst) || sizeof(dst) > SIZEOF_ARRAY(src), ""); \
+                                                                              \
+	stpcpy(mempcpy(dst, src, strnlen(src, NITEMS(src))), "");             \
+})
+
+
+#endif  // include guard
diff --git a/lib/strtoday.c b/lib/strtoday.c
new file mode 100644
index 0000000..dabd5b5
--- /dev/null
+++ b/lib/strtoday.c
@@ -0,0 +1,77 @@
+/*
+ * SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz KÅ‚oczko
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+
+#include <ctype.h>
+
+#ident "$Id$"
+
+#include "atoi/str2i.h"
+#include "prototypes.h"
+#include "getdate.h"
+
+
+/*
+ * strtoday() now uses get_date() (borrowed from GNU shellutils)
+ * which can handle many date formats, for example:
+ *	1970-09-17	# ISO 8601.
+ *	70-9-17		# This century assumed by default.
+ *	70-09-17	# Leading zeros are ignored.
+ *	9/17/72		# Common U.S. writing.
+ *	24 September 1972
+ *	24 Sept 72	# September has a special abbreviation.
+ *	24 Sep 72	# Three-letter abbreviations always allowed.
+ *	Sep 24, 1972
+ *	24-sep-72
+ *	24sep72
+ */
+long strtoday (const char *str)
+{
+	time_t t;
+	bool isnum = true;
+	const char *s = str;
+
+	/*
+	 * get_date() interprets an empty string as the current date,
+	 * which is not what we expect, unless you're a BOFH :-).
+	 * (useradd sets sp_expire = current date for new lusers)
+	 */
+	if ((NULL == str) || ('\0' == *str)) {
+		return -1;
+	}
+
+	/* If a numerical value is provided, this is already a number of
+	 * days since EPOCH.
+	 */
+	if ('-' == *s) {
+		s++;
+	}
+	while (' ' == *s) {
+		s++;
+	}
+	while (isnum && ('\0' != *s)) {
+		if (!isdigit (*s)) {
+			isnum = false;
+		}
+		s++;
+	}
+	if (isnum) {
+		long retdate;
+		if (str2sl(&retdate, str) == -1)
+			return -2;
+		return retdate;
+	}
+
+	t = get_date(str, NULL);
+	if ((time_t) - 1 == t) {
+		return -2;
+	}
+	return t / DAY;
+}
diff --git a/libmisc/sub.c b/lib/sub.c
index d30c4c7..d8e2447 100644
--- a/libmisc/sub.c
+++ b/lib/sub.c
@@ -15,8 +15,10 @@
 #include <sys/types.h>
 #include "prototypes.h"
 #include "defines.h"
+#define	MAX_SUBROOT2	"maximum subsystem depth reached\n"
 #define	BAD_SUBROOT2	"invalid root `%s' for user `%s'\n"
 #define	NO_SUBROOT2	"no subsystem root `%s' for user `%s'\n"
+#define	MAX_DEPTH	1024
 /*
  * subsystem - change to subsystem root
  *
@@ -27,6 +29,18 @@
  */
 void subsystem (const struct passwd *pw)
 {
+	static int depth = 0;
+
+	/*
+	 * Prevent endless loop on misconfigured systems.
+	 */
+	if (++depth > MAX_DEPTH) {
+		printf (_("Maximum subsystem depth reached\n"));
+		SYSLOG ((LOG_WARN, MAX_SUBROOT2));
+		closelog ();
+		exit (EXIT_FAILURE);
+	}
+
 	/*
 	 * The new root directory must begin with a "/" character.
 	 */
@@ -43,8 +57,8 @@ void subsystem (const struct passwd *pw)
 	 * must be able to change into it.
 	 */
 
-	if (   (chdir (pw->pw_dir) != 0)
-	    || (chroot (pw->pw_dir) != 0)) {
+	if (   (chroot (pw->pw_dir) != 0)
+	    || (chdir ("/") != 0)) {
 		(void) printf (_("Can't change root directory to '%s'\n"),
 		               pw->pw_dir);
 		SYSLOG ((LOG_WARN, NO_SUBROOT2, pw->pw_dir, pw->pw_name));
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index bd1af26..e7cd4b4 100644
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -16,6 +16,12 @@
 #include <pwd.h>
 #include <ctype.h>
 #include <fcntl.h>
+#include <string.h>
+
+#include "alloc.h"
+#include "atoi/str2i.h"
+#include "string/sprintf.h"
+
 
 #define ID_SIZE 31
 
@@ -32,7 +38,7 @@ static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
 	const struct subordinate_range *rangeent = ent;
 	struct subordinate_range *range;
 
-	range = (struct subordinate_range *) malloc (sizeof *range);
+	range = MALLOC(1, struct subordinate_range);
 	if (NULL == range) {
 		return NULL;
 	}
@@ -52,7 +58,8 @@ static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
  *
  * @ent: pointer to a subordinate_range struct to free.
  */
-static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
+static void
+subordinate_free(/*@only@*/void *ent)
 {
 	struct subordinate_range *rangeent = ent;
 
@@ -69,7 +76,8 @@ static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
  * in @line, or NULL on failure.  Note that the returned value should not
  * be freed by the caller.
  */
-static void *subordinate_parse (const char *line)
+static void *
+subordinate_parse(const char *line)
 {
 	static struct subordinate_range range;
 	static char rangebuf[1024];
@@ -90,19 +98,8 @@ static void *subordinate_parse (const char *line)
 	 * field.  The fields are converted into NUL terminated strings.
 	 */
 
-	for (cp = rangebuf, i = 0; (i < SUBID_NFIELDS) && (NULL != cp); i++) {
-		fields[i] = cp;
-		while (('\0' != *cp) && (':' != *cp)) {
-			cp++;
-		}
-
-		if ('\0' != *cp) {
-			*cp = '\0';
-			cp++;
-		} else {
-			cp = NULL;
-		}
-	}
+	for (cp = rangebuf, i = 0; (i < SUBID_NFIELDS) && (NULL != cp); i++)
+		fields[i] = strsep(&cp, ":");
 
 	/*
 	 * There must be exactly SUBID_NFIELDS colon separated fields or
@@ -111,9 +108,9 @@ static void *subordinate_parse (const char *line)
 	if (i != SUBID_NFIELDS || *fields[0] == '\0' || *fields[1] == '\0' || *fields[2] == '\0')
 		return NULL;
 	range.owner = fields[0];
-	if (getulong (fields[1], &range.start) == 0)
+	if (str2ul(&range.start, fields[1]) == -1)
 		return NULL;
-	if (getulong (fields[2], &range.count) == 0)
+	if (str2ul(&range.count, fields[2]) == -1)
 		return NULL;
 
 	return &range;
@@ -208,7 +205,7 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
         /*
          * We only do special handling for these two files
          */
-        if ((0 != strcmp(db->filename, "/etc/subuid")) && (0 != strcmp(db->filename, "/etc/subgid")))
+        if ((0 != strcmp(db->filename, SUBUID_FILE)) && (0 != strcmp(db->filename, SUBGID_FILE)))
                 return NULL;
 
         /*
@@ -218,9 +215,9 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
          * (It may be specified as literal UID or as another username which
          * has the same UID as the username we are looking for.)
          */
-        struct passwd *pwd;
+        char           owner_uid_string[33];
         uid_t          owner_uid;
-        char           owner_uid_string[33] = "";
+        struct passwd  *pwd;
 
 
         /* Get UID of the username we are looking for */
@@ -230,7 +227,8 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
                 return NULL;
         }
         owner_uid = pwd->pw_uid;
-        sprintf(owner_uid_string, "%lu", (unsigned long int)owner_uid);
+        if (SNPRINTF(owner_uid_string, "%lu", (unsigned long) owner_uid) == -1)
+                return NULL;
 
         commonio_rewind(db);
         while ((range = commonio_next(db)) != NULL) {
@@ -313,19 +311,16 @@ static bool have_range(struct commonio_db *db,
 
 static bool append_range(struct subid_range **ranges, const struct subordinate_range *new, int n)
 {
-	if (!*ranges) {
-		*ranges = malloc(sizeof(struct subid_range));
-		if (!*ranges)
-			return false;
-	} else {
-		struct subid_range *alloced;
-		alloced = realloc(*ranges, (n + 1) * (sizeof(struct subid_range)));
-		if (!alloced)
-			return false;
-		*ranges = alloced;
-	}
-	(*ranges)[n].start = new->start;
-	(*ranges)[n].count = new->count;
+	struct subid_range  *sr;
+
+	sr = REALLOC(*ranges, n + 1, struct subid_range);
+	if (!sr)
+		return false;
+
+	sr[n].start = new->start;
+	sr[n].count = new->count;
+	*ranges = sr;
+
 	return true;
 }
 
@@ -353,15 +348,19 @@ void free_subordinate_ranges(struct subordinate_range **ranges, int count)
  */
 static int subordinate_range_cmp (const void *p1, const void *p2)
 {
-	struct subordinate_range *range1, *range2;
+	const struct commonio_entry *const *ce1;
+	const struct commonio_entry *const *ce2;
+	const struct subordinate_range *range1, *range2;
 
-	if ((*(struct commonio_entry **) p1)->eptr == NULL)
+	ce1 = p1;
+	range1 = (*ce1)->eptr;
+	if (range1 == NULL)
 		return 1;
-	if ((*(struct commonio_entry **) p2)->eptr == NULL)
-		return -1;
 
-	range1 = ((struct subordinate_range *) (*(struct commonio_entry **) p1)->eptr);
-	range2 = ((struct subordinate_range *) (*(struct commonio_entry **) p2)->eptr);
+	ce2 = p2;
+	range2 = (*ce2)->eptr;
+	if (range2 == NULL)
+		return -1;
 
 	if (range1->start < range2->start)
 		return -1;
@@ -556,7 +555,7 @@ static int remove_range (struct commonio_db *db,
 }
 
 static struct commonio_db subordinate_uid_db = {
-	"/etc/subuid",		/* filename */
+	SUBUID_FILE,		/* filename */
 	&subordinate_ops,	/* ops */
 	NULL,			/* fp */
 #ifdef WITH_SELINUX
@@ -620,17 +619,28 @@ bool have_sub_uids(const char *owner, uid_t start, unsigned long count)
 	return have_range (&subordinate_uid_db, owner, start, count);
 }
 
+/*
+ * sub_uid_add: add a subuid range, perhaps through nss.
+ *
+ * Return 1 if the range is already present or on success.  On error
+ * return 0 and set errno appropriately.
+ */
 int sub_uid_add (const char *owner, uid_t start, unsigned long count)
 {
-	if (get_subid_nss_handle())
-		return -EOPNOTSUPP;
+	if (get_subid_nss_handle()) {
+		errno = EOPNOTSUPP;
+		return 0;
+	}
 	return add_range (&subordinate_uid_db, owner, start, count);
 }
 
+/* Return 1 on success.  on failure, return 0 and set errno appropriately */
 int sub_uid_remove (const char *owner, uid_t start, unsigned long count)
 {
-	if (get_subid_nss_handle())
-		return -EOPNOTSUPP;
+	if (get_subid_nss_handle()) {
+		errno = EOPNOTSUPP;
+		return 0;
+	}
 	return remove_range (&subordinate_uid_db, owner, start, count);
 }
 
@@ -652,7 +662,7 @@ uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count)
 }
 
 static struct commonio_db subordinate_gid_db = {
-	"/etc/subgid",		/* filename */
+	SUBGID_FILE,		/* filename */
 	&subordinate_ops,	/* ops */
 	NULL,			/* fp */
 #ifdef WITH_SELINUX
@@ -716,17 +726,28 @@ bool local_sub_gid_assigned(const char *owner)
 	return range_exists (&subordinate_gid_db, owner);
 }
 
+/*
+ * sub_gid_add: add a subgid range, perhaps through nss.
+ *
+ * Return 1 if the range is already present or on success.  On error
+ * return 0 and set errno appropriately.
+ */
 int sub_gid_add (const char *owner, gid_t start, unsigned long count)
 {
-	if (get_subid_nss_handle())
-		return -EOPNOTSUPP;
+	if (get_subid_nss_handle()) {
+		errno = EOPNOTSUPP;
+		return 0;
+	}
 	return add_range (&subordinate_gid_db, owner, start, count);
 }
 
+/* Return 1 on success.  on failure, return 0 and set errno appropriately */
 int sub_gid_remove (const char *owner, gid_t start, unsigned long count)
 {
-	if (get_subid_nss_handle())
-		return -EOPNOTSUPP;
+	if (get_subid_nss_handle()) {
+		errno = EOPNOTSUPP;
+		return 0;
+	}
 	return remove_range (&subordinate_gid_db, owner, start, count);
 }
 
@@ -910,7 +931,7 @@ static int append_uids(uid_t **uids, const char *owner, int n)
 			return n;
 	}
 
-	ret = realloc(*uids, (n + 1) * sizeof(uid_t));
+	ret = REALLOC(*uids, n + 1, uid_t);
 	if (!ret) {
 		free(*uids);
 		return -1;
@@ -985,7 +1006,7 @@ bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, b
 	switch (id_type) {
 	case ID_TYPE_UID:
 		if (!sub_uid_lock()) {
-			printf("Failed loging subuids (errno %d)\n", errno);
+			printf("Failed locking subuids (errno %d)\n", errno);
 			return false;
 		}
 		if (!sub_uid_open(O_CREAT | O_RDWR)) {
@@ -997,7 +1018,7 @@ bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, b
 		break;
 	case ID_TYPE_GID:
 		if (!sub_gid_lock()) {
-			printf("Failed loging subgids (errno %d)\n", errno);
+			printf("Failed locking subgids (errno %d)\n", errno);
 			return false;
 		}
 		if (!sub_gid_open(O_CREAT | O_RDWR)) {
@@ -1057,7 +1078,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ
 	switch (id_type) {
 	case ID_TYPE_UID:
 		if (!sub_uid_lock()) {
-			printf("Failed loging subuids (errno %d)\n", errno);
+			printf("Failed locking subuids (errno %d)\n", errno);
 			return false;
 		}
 		if (!sub_uid_open(O_CREAT | O_RDWR)) {
@@ -1069,7 +1090,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ
 		break;
 	case ID_TYPE_GID:
 		if (!sub_gid_lock()) {
-			printf("Failed loging subgids (errno %d)\n", errno);
+			printf("Failed locking subgids (errno %d)\n", errno);
 			return false;
 		}
 		if (!sub_gid_open(O_CREAT | O_RDWR)) {
@@ -1097,6 +1118,6 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ
 }
 
 #else				/* !ENABLE_SUBIDS */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !ENABLE_SUBIDS */
 
diff --git a/libmisc/sulog.c b/lib/sulog.c
index 3e95613..2ef22b2 100644
--- a/libmisc/sulog.c
+++ b/lib/sulog.c
@@ -64,7 +64,7 @@ void sulog (const char *tty, bool success, const char *oldname, const char *name
 		/* Do not return if the group permission were raised. */
 		exit (EXIT_FAILURE);
 	}
-	if (fp == (FILE *) 0) {
+	if (fp == NULL) {
 		return;		/* can't open or create logfile */
 	}
 
diff --git a/lib/tcbfuncs.c b/lib/tcbfuncs.c
index 1ed5d03..b5915fc 100644
--- a/lib/tcbfuncs.c
+++ b/lib/tcbfuncs.c
@@ -141,7 +141,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name)
 		         shadow_progname, link);
 		return NULL;
 	}
-	link[(size_t)ret] = '\0';
+	link[ret] = '\0';
 	rval = strdup (link);
 	if (NULL == rval) {
 		OUT_OF_MEMORY;
@@ -527,7 +527,7 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 	struct stat tcbdir_stat;
 	gid_t shadowgid, authgid;
 	struct group *gr;
-	int fd;
+	int fd = -1;
 	shadowtcb_status ret = SHADOWTCB_FAILURE;
 
 	if (!getdef_bool ("USE_TCB")) {
@@ -566,14 +566,13 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 		         shadow_progname, shadow, strerror (errno));
 		goto out_free;
 	}
-	close (fd);
-	if (chown (shadow, 0, authgid) != 0) {
+	if (fchown (fd, 0, authgid) != 0) {
 		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         shadow_progname, shadow, strerror (errno));
 		goto out_free;
 	}
-	if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
+	if (fchmod (fd, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
 		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         shadow_progname, shadow, strerror (errno));
@@ -597,6 +596,8 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 	}
 	ret = SHADOWTCB_SUCCESS;
 out_free:
+	if (fd != -1)
+		close(fd);
 	free (dir);
 	free (shadow);
 	return ret;
diff --git a/lib/time/day_to_str.c b/lib/time/day_to_str.c
new file mode 100644
index 0000000..e3e4221
--- /dev/null
+++ b/lib/time/day_to_str.c
@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: 2021-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-FileCopyrightText: 2024, Tobias Stoeckmann <tobias@stoeckmann.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "time/day_to_str.h"
+
+
+extern inline void day_to_str(size_t size, char buf[size], long day);
diff --git a/lib/time/day_to_str.h b/lib/time/day_to_str.h
new file mode 100644
index 0000000..96cec6e
--- /dev/null
+++ b/lib/time/day_to_str.h
@@ -0,0 +1,51 @@
+// SPDX-FileCopyrightText: 2021-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-FileCopyrightText: 2024, Tobias Stoeckmann <tobias@stoeckmann.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_TIME_DAY_TO_STR_H_
+#define SHADOW_INCLUDE_LIB_TIME_DAY_TO_STR_H_
+
+
+#include <config.h>
+
+#include <time.h>
+
+#include "defines.h"
+#include "sizeof.h"
+#include "string/strtcpy.h"
+
+
+#define DAY_TO_STR(str, day)   day_to_str(NITEMS(str), str, day)
+
+
+inline void day_to_str(size_t size, char buf[size], long day);
+
+
+inline void
+day_to_str(size_t size, char buf[size], long day)
+{
+	time_t     date;
+	struct tm  tm;
+
+	if (day < 0) {
+		strtcpy(buf, "never", size);
+		return;
+	}
+
+	if (__builtin_mul_overflow(day, DAY, &date)) {
+		strtcpy(buf, "future", size);
+		return;
+	}
+
+	if (gmtime_r(&date, &tm) == NULL) {
+		strtcpy(buf, "future", size);
+		return;
+	}
+
+	if (strftime(buf, size, "%Y-%m-%d", &tm) == 0)
+		strtcpy(buf, "future", size);
+}
+
+
+#endif  // include guard
diff --git a/libmisc/ttytype.c b/lib/ttytype.c
index f72d957..a9fb0e8 100644
--- a/libmisc/ttytype.c
+++ b/lib/ttytype.c
@@ -34,16 +34,14 @@ void ttytype (const char *line)
 	if (NULL == typefile) {
 		return;
 	}
-	if (access (typefile, F_OK) != 0) {
-		return;
-	}
 
 	fp = fopen (typefile, "r");
 	if (NULL == fp) {
-		perror (typefile);
+		if (errno != ENOENT)
+			perror (typefile);
 		return;
 	}
-	while (fgets (buf, (int) sizeof buf, fp) == buf) {
+	while (fgets (buf, sizeof buf, fp) == buf) {
 		if (buf[0] == '#') {
 			continue;
 		}
diff --git a/libmisc/tz.c b/lib/tz.c
index 16d92ad..83b295c 100644
--- a/libmisc/tz.c
+++ b/lib/tz.c
@@ -34,7 +34,7 @@
 
 	fp = fopen (fname, "r");
 	if (   (NULL == fp)
-	    || (fgets (tzbuf, (int) sizeof (tzbuf), fp) == NULL)) {
+	    || (fgets (tzbuf, sizeof (tzbuf), fp) == NULL)) {
 		def_tz = getdef_str ("ENV_TZ");
 		if ((NULL == def_tz) || ('/' == def_tz[0])) {
 			def_tz = "TZ=CST6CDT";
@@ -42,7 +42,8 @@
 
 		strcpy (tzbuf, def_tz);
 	} else {
-		tzbuf[strlen (tzbuf) - 1] = '\0';
+		/* Remove optional trailing '\n'. */
+		tzbuf[strcspn (tzbuf, "\n")] = '\0';
 	}
 
 	if (NULL != fp) {
@@ -52,6 +53,6 @@
 	return tzbuf;
 }
 #else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !USE_PAM */
 
diff --git a/libmisc/ulimit.c b/lib/ulimit.c
index e331d46..45a184a 100644
--- a/libmisc/ulimit.c
+++ b/lib/ulimit.c
@@ -11,36 +11,18 @@
 
 #ident "$Id$"
 
-#if HAVE_ULIMIT_H
-#include <ulimit.h>
-#ifndef UL_SETFSIZE
-#ifdef UL_SFILLIM
-#define UL_SETFSIZE UL_SFILLIM
-#else
-#define UL_SETFSIZE 2
-#endif
-#endif
-#elif HAVE_SYS_RESOURCE_H
-#include <sys/time.h>		/* for struct timeval on sunos4 */
-/* XXX - is the above ok or should it be <time.h> on ultrix? */
+#include <sys/time.h>
 #include <sys/resource.h>
-#endif
 #include "prototypes.h"
 
 int set_filesize_limit (int blocks)
 {
 	int ret = -1;
-#if HAVE_ULIMIT_H
-	if (ulimit (UL_SETFSIZE, blocks) != -1) {
-		ret = 0;
-	}
-#elif defined(RLIMIT_FSIZE)
 	struct rlimit rlimit_fsize;
 
 	rlimit_fsize.rlim_cur = 512L * blocks;
 	rlimit_fsize.rlim_max = rlimit_fsize.rlim_cur;
 	ret = setrlimit (RLIMIT_FSIZE, &rlimit_fsize);
-#endif
 
 	return ret;
 }
diff --git a/libmisc/user_busy.c b/lib/user_busy.c
index c03feb2..a622376 100644
--- a/libmisc/user_busy.c
+++ b/lib/user_busy.c
@@ -23,6 +23,8 @@
 #include "subordinateio.h"
 #endif				/* ENABLE_SUBIDS */
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 #ifdef __linux__
 static int check_status (const char *name, const char *sname, uid_t uid);
@@ -32,7 +34,7 @@ static int user_busy_utmp (const char *name);
 #endif				/* !__linux__ */
 
 /*
- * user_busy - check if an user if currently running processes
+ * user_busy - check if a user is currently running processes
  */
 int user_busy (const char *name, uid_t uid)
 {
@@ -43,26 +45,21 @@ int user_busy (const char *name, uid_t uid)
 	/* On Linux, directly parse /proc */
 	return user_busy_processes (name, uid);
 #else				/* !__linux__ */
-	/* If we cannot rely on /proc, check is there is a record in utmp
+	/* If we cannot rely on /proc, check if there is a record in utmp
 	 * indicating that the user is still logged in */
 	return user_busy_utmp (name);
 #endif				/* !__linux__ */
 }
 
+
 #ifndef __linux__
-static int user_busy_utmp (const char *name)
+static int
+user_busy_utmp(const char *name)
 {
-#ifdef USE_UTMPX
-	struct utmpx *utent;
+	struct utmpx  *utent;
 
-	setutxent ();
-	while ((utent = getutxent ()) != NULL)
-#else				/* !USE_UTMPX */
-	struct utmp *utent;
-
-	setutent ();
-	while ((utent = getutent ()) != NULL)
-#endif				/* !USE_UTMPX */
+	setutxent();
+	while ((utent = getutxent()) != NULL)
 	{
 		if (utent->ut_type != USER_PROCESS) {
 			continue;
@@ -84,17 +81,18 @@ static int user_busy_utmp (const char *name)
 }
 #endif				/* !__linux__ */
 
+
 #ifdef __linux__
 #ifdef ENABLE_SUBIDS
 #define in_parentuid_range(uid) ((uid) >= parentuid && (uid) < parentuid + range)
 static int different_namespace (const char *sname)
 {
 	/* 41: /proc/xxxxxxxxxx/task/xxxxxxxxxx/ns/user + \0 */
-	char path[41];
-	char buf[512], buf2[512];
-	ssize_t llen1, llen2;
+	char     path[41];
+	char     buf[512], buf2[512];
+	ssize_t  llen1, llen2;
 
-	snprintf (path, 41, "/proc/%s/ns/user", sname);
+	SNPRINTF(path, "/proc/%s/ns/user", sname);
 
 	if ((llen1 = readlink (path, buf, sizeof(buf))) == -1)
 		return 0;
@@ -113,11 +111,11 @@ static int different_namespace (const char *sname)
 static int check_status (const char *name, const char *sname, uid_t uid)
 {
 	/* 40: /proc/xxxxxxxxxx/task/xxxxxxxxxx/status + \0 */
-	char status[40];
-	char line[1024];
-	FILE *sfile;
+	char  status[40];
+	char  line[1024];
+	FILE  *sfile;
 
-	snprintf (status, 40, "/proc/%s/status", sname);
+	SNPRINTF(status, "/proc/%s/status", sname);
 
 	sfile = fopen (status, "r");
 	if (NULL == sfile) {
@@ -158,16 +156,16 @@ static int check_status (const char *name, const char *sname, uid_t uid)
 
 static int user_busy_processes (const char *name, uid_t uid)
 {
-	DIR *proc;
-	struct dirent *ent;
-	char *tmp_d_name;
-	pid_t pid;
-	DIR *task_dir;
+	DIR            *proc;
+	DIR            *task_dir;
+	char           *tmp_d_name;
 	/* 22: /proc/xxxxxxxxxx/task + \0 */
-	char task_path[22];
-	char root_path[22];
-	struct stat sbroot;
-	struct stat sbroot_process;
+	char           task_path[22];
+	char           root_path[22];
+	pid_t          pid;
+	struct stat    sbroot;
+	struct stat    sbroot_process;
+	struct dirent  *ent;
 
 #ifdef ENABLE_SUBIDS
 	sub_uid_open (O_RDONLY);
@@ -207,13 +205,12 @@ static int user_busy_processes (const char *name, uid_t uid)
 		}
 
 		/* Check if this is a valid PID */
-		if (get_pid (tmp_d_name, &pid) == 0) {
+		if (get_pid(tmp_d_name, &pid) == -1) {
 			continue;
 		}
 
 		/* Check if the process is in our chroot */
-		snprintf (root_path, 22, "/proc/%lu/root", (unsigned long) pid);
-		root_path[21] = '\0';
+		SNPRINTF(root_path, "/proc/%lu/root", (unsigned long) pid);
 		if (stat (root_path, &sbroot_process) != 0) {
 			continue;
 		}
@@ -233,13 +230,12 @@ static int user_busy_processes (const char *name, uid_t uid)
 			return 1;
 		}
 
-		snprintf (task_path, 22, "/proc/%lu/task", (unsigned long) pid);
-		task_path[21] = '\0';
+		SNPRINTF(task_path, "/proc/%lu/task", (unsigned long) pid);
 		task_dir = opendir (task_path);
 		if (task_dir != NULL) {
 			while ((ent = readdir (task_dir)) != NULL) {
 				pid_t tid;
-				if (get_pid (ent->d_name, &tid) == 0) {
+				if (get_pid(ent->d_name, &tid) == -1) {
 					continue;
 				}
 				if (tid == pid) {
diff --git a/lib/utent.c b/lib/utent.c
deleted file mode 100644
index d5e6dae..0000000
--- a/lib/utent.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1993 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2005       , Tomasz KÅ‚oczko
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ifndef	HAVE_GETUTENT
-
-#include "defines.h"
-#include <stdio.h>
-#include <fcntl.h>
-#include <utmp.h>
-
-#ifndef	lint
-static char rcsid[] = "$Id$";
-#endif
-
-static int utmp_fd = -1;
-static struct utmp utmp_buf;
-
-/*
- * setutent - open or rewind the utmp file
- */
-
-void setutent (void)
-{
-	if (utmp_fd == -1)
-		if ((utmp_fd = open (_UTMP_FILE, O_RDWR)) == -1)
-			utmp_fd = open (_UTMP_FILE, O_RDONLY);
-
-	if (utmp_fd != -1)
-		lseek (utmp_fd, (off_t) 0L, SEEK_SET);
-}
-
-/*
- * endutent - close the utmp file
- */
-
-void endutent (void)
-{
-	if (utmp_fd != -1)
-		close (utmp_fd);
-
-	utmp_fd = -1;
-}
-
-/*
- * getutent - get the next record from the utmp file
- */
-
-struct utmp *getutent (void)
-{
-	if (utmp_fd == -1)
-		setutent ();
-
-	if (utmp_fd == -1)
-		return 0;
-
-	if (read (utmp_fd, &utmp_buf, sizeof utmp_buf) != sizeof utmp_buf)
-		return 0;
-
-	return &utmp_buf;
-}
-#else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
-#endif
diff --git a/lib/utmp.c b/lib/utmp.c
new file mode 100644
index 0000000..08e9b62
--- /dev/null
+++ b/lib/utmp.c
@@ -0,0 +1,434 @@
+/*
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 2001 - 2005, Tomasz KÅ‚oczko
+ * SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+
+#include "defines.h"
+#include "prototypes.h"
+#include "getdef.h"
+
+#include <utmpx.h>
+#include <assert.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <fcntl.h>
+
+#include "alloc.h"
+#include "sizeof.h"
+#include "string/strncpy.h"
+#include "string/strtcpy.h"
+#include "string/zustr2stp.h"
+
+#ident "$Id$"
+
+
+#define UTX_LINESIZE  NITEMS(memberof(struct utmpx, ut_line))
+
+
+/*
+ * is_my_tty -- determine if "tty" is the same TTY stdin is using
+ */
+static bool
+is_my_tty(const char tty[UTX_LINESIZE])
+{
+	char         full_tty[STRLEN("/dev/") + UTX_LINESIZE + 1];
+	/* tmptty shall be bigger than full_tty */
+	static char  tmptty[sizeof(full_tty) + 1];
+
+	full_tty[0] = '\0';
+	if (tty[0] != '/')
+		strcpy (full_tty, "/dev/");
+	strncat(full_tty, tty, UTX_LINESIZE);
+
+	if ('\0' == tmptty[0]) {
+		const char *tname = ttyname (STDIN_FILENO);
+		if (NULL != tname)
+			STRTCPY(tmptty, tname);
+	}
+
+	if ('\0' == tmptty[0]) {
+		(void) puts (_("Unable to determine your tty name."));
+		exit (EXIT_FAILURE);
+	}
+
+	return strcmp (full_tty, tmptty) == 0;
+}
+
+
+/*
+ * failtmp - update the cumulative failure log
+ *
+ *	failtmp updates the (struct utmpx) formatted failure log which
+ *	maintains a record of all login failures.
+ */
+static void
+failtmp(const char *username, const struct utmpx *failent)
+{
+	const char *ftmp;
+	int fd;
+
+	/*
+	 * Get the name of the failure file.  If no file has been defined
+	 * in login.defs, don't do this.
+	 */
+
+	ftmp = getdef_str ("FTMP_FILE");
+	if (NULL == ftmp) {
+		return;
+	}
+
+	/*
+	 * Open the file for append.  It must already exist for this
+	 * feature to be used.
+	 */
+
+	fd = open (ftmp, O_WRONLY | O_APPEND);
+	if (-1 == fd) {
+		if (errno != ENOENT) {
+			SYSLOG ((LOG_WARN,
+			        "Can't append failure of user %s to %s: %m",
+			        username, ftmp));
+		}
+		return;
+	}
+
+	/*
+	 * Append the new failure record and close the log file.
+	 */
+
+	if (write_full(fd, failent, sizeof *failent) == -1) {
+		goto err_write;
+	}
+
+	if (close (fd) != 0 && errno != EINTR) {
+		goto err_close;
+	}
+
+	return;
+
+err_write:
+	{
+		int saved_errno = errno;
+		(void) close (fd);
+		errno = saved_errno;
+	}
+err_close:
+	SYSLOG ((LOG_WARN,
+	         "Can't append failure of user %s to %s: %m",
+	         username, ftmp));
+}
+
+
+/*
+ * get_current_utmp - return the most probable utmp entry for the current
+ *                    session
+ *
+ *	The utmp file is scanned for an entry with the same process ID.
+ *	The line entered by the *getty / telnetd, etc. should also match
+ *	the current terminal.
+ *
+ *	When an entry is returned by get_current_utmp, and if the utmpx
+ *	structure has a ut_id field, this field should be used to update
+ *	the entry information.
+ *
+ *	Return NULL if no entries exist in utmp for the current process.
+ */
+static /*@null@*/ /*@only@*/struct utmpx *
+get_current_utmp(void)
+{
+	struct utmpx  *ut;
+	struct utmpx  *ret = NULL;
+
+	setutxent();
+
+	/* First, try to find a valid utmp entry for this process.  */
+	while ((ut = getutxent()) != NULL) {
+		if (   (ut->ut_pid == getpid ())
+		    && ('\0' != ut->ut_id[0])
+		    && (   (LOGIN_PROCESS == ut->ut_type)
+		        || (USER_PROCESS  == ut->ut_type))
+		    /* A process may have failed to close an entry
+		     * Check if this entry refers to the current tty */
+		    && is_my_tty(ut->ut_line))
+		{
+			break;
+		}
+	}
+
+	if (NULL != ut) {
+		ret = XMALLOC(1, struct utmpx);
+		memcpy (ret, ut, sizeof (*ret));
+	}
+
+	endutxent();
+
+	return ret;
+}
+
+
+int
+get_session_host(char **out)
+{
+	int           ret = 0;
+	struct utmpx  *ut;
+
+	ut = get_current_utmp();
+
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
+	if ((ut != NULL) && (ut->ut_host[0] != '\0')) {
+		char  *hostname;
+
+		hostname = XMALLOC(sizeof(ut->ut_host) + 1, char);
+		ZUSTR2STP(hostname, ut->ut_host);
+		*out = hostname;
+		free (ut);
+	} else {
+		*out = NULL;
+		ret = -2;
+	}
+#else
+	*out = NULL;
+	ret = -2;
+#endif
+
+	return ret;
+}
+
+
+#if !defined(USE_PAM) && !defined(HAVE_UPDWTMPX)
+/*
+ * Some systems already have updwtmpx().  Others
+ * don't, so we re-implement these functions if necessary.
+ */
+static void
+updwtmpx(const char *filename, const struct utmpx *ut)
+{
+	int fd;
+
+	fd = open (filename, O_APPEND | O_WRONLY, 0);
+	if (fd >= 0) {
+		write_full(fd, ut, sizeof(*ut));
+		close (fd);
+	}
+}
+#endif
+
+
+/*
+ * prepare_utmp - prepare an utmp entry so that it can be logged in a
+ *                utmp/wtmp file.
+ *
+ *	It accepts an utmp entry in input (ut) to return an entry with
+ *	the right ut_id. This is typically an entry returned by
+ *	get_current_utmp
+ *	If ut is NULL, ut_id will be forged based on the line argument.
+ *
+ *	The ut_host field of the input structure may also be kept, and is
+ *	used to define the ut_addr/ut_addr_v6 fields. (if these fields
+ *	exist)
+ *
+ *	Other fields are discarded and filed with new values (if they
+ *	exist).
+ *
+ *	The returned structure shall be freed by the caller.
+ */
+static /*@only@*/struct utmpx *
+prepare_utmp(const char *name, const char *line, const char *host,
+             /*@null@*/const struct utmpx *ut)
+{
+	char            *hostname = NULL;
+	struct utmpx    *utent;
+	struct timeval  tv;
+
+	assert (NULL != name);
+	assert (NULL != line);
+
+
+
+	if (   (NULL != host)
+	    && ('\0' != host[0])) {
+		hostname = XMALLOC(strlen(host) + 1, char);
+		strcpy (hostname, host);
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
+	} else if (   (NULL != ut)
+	           && ('\0' != ut->ut_host[0])) {
+		hostname = XMALLOC(NITEMS(ut->ut_host) + 1, char);
+		ZUSTR2STP(hostname, ut->ut_host);
+#endif
+	}
+
+	if (strncmp(line, "/dev/", 5) == 0) {
+		line += 5;
+	}
+
+
+	utent = XCALLOC(1, struct utmpx);
+
+
+	utent->ut_type = USER_PROCESS;
+	utent->ut_pid = getpid ();
+	STRNCPY(utent->ut_line, line);
+	if (NULL != ut) {
+		STRNCPY(utent->ut_id, ut->ut_id);
+	} else {
+		/* XXX - assumes /dev/tty?? */
+		STRNCPY(utent->ut_id, line + 3);
+	}
+#if defined(HAVE_STRUCT_UTMPX_UT_NAME)
+	STRNCPY(utent->ut_name, name);
+#endif
+	STRNCPY(utent->ut_user, name);
+	if (NULL != hostname) {
+		struct addrinfo *info = NULL;
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
+		STRNCPY(utent->ut_host, hostname);
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_SYSLEN)
+		utent->ut_syslen = MIN (strlen (hostname),
+		                        sizeof (utent->ut_host));
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_ADDR) || defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
+		if (getaddrinfo (hostname, NULL, NULL, &info) == 0) {
+			/* getaddrinfo might not be reliable.
+			 * Just try to log what may be useful.
+			 */
+			if (info->ai_family == AF_INET) {
+				struct sockaddr_in *sa =
+					(struct sockaddr_in *) info->ai_addr;
+# if defined(HAVE_STRUCT_UTMPX_UT_ADDR)
+				memcpy (&(utent->ut_addr),
+				        &(sa->sin_addr),
+				        MIN (sizeof (utent->ut_addr),
+				             sizeof (sa->sin_addr)));
+# endif
+# if defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
+				memcpy (utent->ut_addr_v6,
+				        &(sa->sin_addr),
+				        MIN (sizeof (utent->ut_addr_v6),
+				             sizeof (sa->sin_addr)));
+			} else if (info->ai_family == AF_INET6) {
+				struct sockaddr_in6 *sa =
+					(struct sockaddr_in6 *) info->ai_addr;
+				memcpy (utent->ut_addr_v6,
+				        &(sa->sin6_addr),
+				        MIN (sizeof (utent->ut_addr_v6),
+				             sizeof (sa->sin6_addr)));
+# endif
+			}
+			freeaddrinfo (info);
+		}
+#endif
+		free (hostname);
+	}
+	/* ut_exit is only for DEAD_PROCESS */
+	utent->ut_session = getsid (0);
+	if (gettimeofday (&tv, NULL) == 0) {
+#if defined(HAVE_STRUCT_UTMPX_UT_TIME)
+		utent->ut_time = tv.tv_sec;
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_XTIME)
+		utent->ut_xtime = tv.tv_usec;
+#endif
+		utent->ut_tv.tv_sec  = tv.tv_sec;
+		utent->ut_tv.tv_usec = tv.tv_usec;
+	}
+
+	return utent;
+}
+
+
+/*
+ * setutmp - Update an entry in utmp and log an entry in wtmp
+ *
+ *	Return 1 on failure and 0 on success.
+ */
+static int
+setutmp(struct utmpx *ut)
+{
+	int err = 0;
+
+	assert (NULL != ut);
+
+	setutxent();
+	if (pututxline(ut) == NULL) {
+		err = 1;
+	}
+	endutxent();
+
+#if !defined(USE_PAM)
+	/* This is done by pam_lastlog */
+	updwtmpx(_WTMP_FILE, ut);
+#endif
+
+	return err;
+}
+
+
+int
+update_utmp(const char *user, const char *tty, const char *host)
+{
+	struct utmpx  *utent, *ut;
+
+	utent = get_current_utmp ();
+	ut = prepare_utmp  (user, tty, host, utent);
+
+	(void) setutmp  (ut);	/* make entry in the utmp & wtmp files */
+
+	free(utent);
+	free(ut);
+
+	return 0;
+}
+
+
+void
+record_failure(const char *failent_user, const char *tty, const char *hostname)
+{
+	struct utmpx  *utent, *failent;
+
+	if (getdef_str ("FTMP_FILE") != NULL) {
+		utent = get_current_utmp ();
+		failent = prepare_utmp (failent_user, tty, hostname, utent);
+		failtmp (failent_user, failent);
+		free (utent);
+		free (failent);
+	}
+}
+
+
+unsigned long
+active_sessions_count(const char *name, unsigned long limit)
+{
+	struct utmpx   *ut;
+	unsigned long  count = 0;
+
+	setutxent();
+	while ((ut = getutxent()))
+	{
+		if (USER_PROCESS != ut->ut_type) {
+			continue;
+		}
+		if ('\0' == ut->ut_user[0]) {
+			continue;
+		}
+		if (strncmp (name, ut->ut_user, sizeof (ut->ut_user)) != 0) {
+			continue;
+		}
+		count++;
+		if (count > limit) {
+			break;
+		}
+	}
+	endutxent();
+
+	return count;
+}
diff --git a/libmisc/valid.c b/lib/valid.c
index 326635f..326635f 100644
--- a/libmisc/valid.c
+++ b/lib/valid.c
diff --git a/lib/write_full.c b/lib/write_full.c
new file mode 100644
index 0000000..4ef902c
--- /dev/null
+++ b/lib/write_full.c
@@ -0,0 +1,77 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Christian Göttsche <cgzones@googlemail.com>
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <errno.h>
+#include <unistd.h>
+
+#include "prototypes.h"
+
+
+/*
+ * SYNOPSIS
+ *	int write_full(int fd, const void *buf, size_t count);
+ *
+ * ARGUMENTS
+ *	fd	File descriptor.
+ *	buf	Source buffer to write(2) into 'fd'.
+ *	count	Size of 'buf'.
+ *
+ * DESCRIPTION
+ *	Write 'count' bytes from the buffer starting at 'buf' to the
+ *	file referred to by 'fd'.
+ *
+ *	This function is similar to write(2), except that it retries
+ *	in case of a short write.
+ *
+ *	Since this function either performs a full write, or fails, the
+ *	return value is simpler than for write(2).
+ *
+ * RETURN VALUE
+ *	0	On success.
+ *	-1	On error.
+ *
+ * ERRORS
+ *	See write(2).
+ *
+ * CAVEATS
+ *	This function can still perform partial writes: if the function
+ *	fails in the loop after one or more write(2) calls have
+ *	succeeded, it will report a failure, but some data may have been
+ *	written.  In such a case, it's the caller's responsibility to
+ *	make sure that the partial write is not problematic, and
+ *	remediate it if it is --maybe by trying to remove the file--.
+ */
+
+
+int
+write_full(int fd, const void *buf, size_t count)
+{
+	ssize_t              w;
+	const unsigned char  *p;
+
+	p = buf;
+
+	while (count > 0) {
+		w = write(fd, p, count);
+		if (w == -1) {
+			if (errno == EINTR)
+				continue;
+
+			return -1;
+		}
+
+		p += w;
+		count -= w;
+	}
+
+	return 0;
+}
diff --git a/libmisc/xgetXXbyYY.c b/lib/xgetXXbyYY.c
index 6a3f969..7d5e914 100644
--- a/libmisc/xgetXXbyYY.c
+++ b/lib/xgetXXbyYY.c
@@ -23,13 +23,15 @@
  *  Two important function classes that fall into this category are
  *  getpwnam(3) and syslog(3).
  *
- * This file provide wrapper to the getpwnam or getpwnam_r functions.
+ * This file provides wrapper to the name or name_r functions.
  */
 
 #include <unistd.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <errno.h>
+
+#include "alloc.h"
 #include "prototypes.h"
 #include "shadowlog.h"
 
@@ -50,46 +52,38 @@
 	/* we have to start with something */
 	size_t length = 0x100;
 
-	result = malloc(sizeof(LOOKUP_TYPE));
+	result = MALLOC(1, LOOKUP_TYPE);
 	if (NULL == result) {
-		fprintf (log_get_logfd(), _("%s: out of memory\n"),
-		         "x" STRINGIZE(FUNCTION_NAME));
-		exit (13);
+		goto oom;
 	}
 
 	while (true) {
 		int status;
 		LOOKUP_TYPE *resbuf = NULL;
-		buffer = (char *)realloc (buffer, length);
-		if (NULL == buffer) {
-			fprintf (log_get_logfd(), _("%s: out of memory\n"),
-			         "x" STRINGIZE(FUNCTION_NAME));
-			exit (13);
-		}
+		buffer = XREALLOC(buffer, length, char);
 		status = REENTRANT_NAME(ARG_NAME, result, buffer,
 		                        length, &resbuf);
 		if ((0 == status) && (resbuf == result)) {
 			/* Build a result structure that can be freed by
 			 * the shadow *_free functions. */
 			LOOKUP_TYPE *ret_result = DUP_FUNCTION(result);
+			if (NULL == ret_result) {
+				goto oom;
+			}
 			free(buffer);
 			free(result);
 			return ret_result;
 		}
 
 		if (ERANGE != status) {
-			free (buffer);
-			free (result);
-			return NULL;
+			break;
 		}
 
-		if (length <= ((size_t)-1 / 4)) {
-			length *= 4;
-		} else if (length == (size_t) -1) {
+		if (length == SIZE_MAX) {
 			break;
-		} else {
-			length = (size_t) -1;
 		}
+
+		length = (length <= SIZE_MAX / 4) ? length * 4 : SIZE_MAX;
 	}
 
 	free(buffer);
@@ -109,13 +103,16 @@
 	if (result) {
 		result = DUP_FUNCTION(result);
 		if (NULL == result) {
-			fprintf (log_get_logfd(), _("%s: out of memory\n"),
-			         "x" STRINGIZE(FUNCTION_NAME));
-			exit (13);
+			goto oom;
 		}
 	}
 
 	return result;
 #endif
+
+oom:
+	fprintf (log_get_logfd(), _("%s: out of memory\n"),
+		 "x" STRINGIZE(FUNCTION_NAME));
+	exit (13);
 }
 
diff --git a/libmisc/xgetgrgid.c b/lib/xgetgrgid.c
index fe99929..6419196 100644
--- a/libmisc/xgetgrgid.c
+++ b/lib/xgetgrgid.c
@@ -23,7 +23,7 @@
  *  Two important function classes that fall into this category are
  *  getpwnam(3) and syslog(3).
  *
- * This file provide wrapper to the getpwnam or getpwnam_r functions.
+ * This file provides wrapper to the getgrgid or getgrgid_r functions.
  */
 
 #include <config.h>
@@ -35,7 +35,7 @@
 #define ARG_TYPE	gid_t
 #define ARG_NAME	gid
 #define DUP_FUNCTION	__gr_dup
-#define HAVE_FUNCTION_R (defined HAVE_GETGRGID_R)
+#define HAVE_FUNCTION_R 1
 
 #include "xgetXXbyYY.c"
 
diff --git a/libmisc/xgetgrnam.c b/lib/xgetgrnam.c
index 66d6f93..35ad9ee 100644
--- a/libmisc/xgetgrnam.c
+++ b/lib/xgetgrnam.c
@@ -23,7 +23,7 @@
  *  Two important function classes that fall into this category are
  *  getpwnam(3) and syslog(3).
  *
- * This file provide wrapper to the getpwnam or getpwnam_r functions.
+ * This file provides wrapper to the getgrnam or getgrnam_r functions.
  */
 
 #include <config.h>
@@ -35,7 +35,7 @@
 #define ARG_TYPE	const char *
 #define ARG_NAME	name
 #define DUP_FUNCTION	__gr_dup
-#define HAVE_FUNCTION_R (defined HAVE_GETGRNAM_R)
+#define HAVE_FUNCTION_R 1
 
 #include "xgetXXbyYY.c"
 
diff --git a/libmisc/xgetpwnam.c b/lib/xgetpwnam.c
index 74eb972..4387e79 100644
--- a/libmisc/xgetpwnam.c
+++ b/lib/xgetpwnam.c
@@ -23,7 +23,7 @@
  *  Two important function classes that fall into this category are
  *  getpwnam(3) and syslog(3).
  *
- * This file provide wrapper to the getpwnam or getpwnam_r functions.
+ * This file provides wrapper to the getpwnam or getpwnam_r functions.
  */
 
 #include <config.h>
@@ -35,7 +35,7 @@
 #define ARG_TYPE	const char *
 #define ARG_NAME	name
 #define DUP_FUNCTION	__pw_dup
-#define HAVE_FUNCTION_R (defined HAVE_GETPWNAM_R)
+#define HAVE_FUNCTION_R 1
 
 #include "xgetXXbyYY.c"
 
diff --git a/libmisc/xgetpwuid.c b/lib/xgetpwuid.c
index 23b2d0c..d663a42 100644
--- a/libmisc/xgetpwuid.c
+++ b/lib/xgetpwuid.c
@@ -23,7 +23,7 @@
  *  Two important function classes that fall into this category are
  *  getpwnam(3) and syslog(3).
  *
- * This file provide wrapper to the getpwnam or getpwnam_r functions.
+ * This file provides wrapper to the getpwuid or getpwuid_r functions.
  */
 
 #include <config.h>
@@ -35,7 +35,7 @@
 #define ARG_TYPE	uid_t
 #define ARG_NAME	uid
 #define DUP_FUNCTION	__pw_dup
-#define HAVE_FUNCTION_R (defined HAVE_GETPWUID_R)
+#define HAVE_FUNCTION_R 1
 
 #include "xgetXXbyYY.c"
 
diff --git a/libmisc/xgetspnam.c b/lib/xgetspnam.c
index 148185f..ebda94b 100644
--- a/libmisc/xgetspnam.c
+++ b/lib/xgetspnam.c
@@ -23,7 +23,7 @@
  *  Two important function classes that fall into this category are
  *  getpwnam(3) and syslog(3).
  *
- * This file provide wrapper to the getpwnam or getpwnam_r functions.
+ * This file provides wrapper to the getspnam or getspnam_r functions.
  */
 
 #include <config.h>
diff --git a/lib/xprefix_getpwnam.c b/lib/xprefix_getpwnam.c
new file mode 100644
index 0000000..cec0106
--- /dev/null
+++ b/lib/xprefix_getpwnam.c
@@ -0,0 +1,41 @@
+/*
+ * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*
+ * According to the Linux-PAM documentation:
+ *
+ *  4.1. Care about standard library calls
+ *
+ *  In general, writers of authorization-granting applications should
+ *  assume that each module is likely to call any or all 'libc' functions.
+ *  For 'libc' functions that return pointers to static/dynamically
+ *  allocated structures (ie.  the library allocates the memory and the
+ *  user is not expected to 'free()' it) any module call to this function
+ *  is likely to corrupt a pointer previously obtained by the application.
+ *  The application programmer should either re-call such a 'libc'
+ *  function after a call to the Linux-PAM library, or copy the structure
+ *  contents to some safe area of memory before passing control to the
+ *  Linux-PAM library.
+ *
+ *  Two important function classes that fall into this category are
+ *  getpwnam(3) and syslog(3).
+ *
+ * This file provides wrapper to the prefix_getpwnam or prefix_getpwnam_r functions.
+ */
+
+#include <config.h>
+
+#include "pwio.h"
+
+#define LOOKUP_TYPE	struct passwd
+#define FUNCTION_NAME	prefix_getpwnam
+#define ARG_TYPE	const char *
+#define ARG_NAME	name
+#define DUP_FUNCTION	__pw_dup
+#define HAVE_FUNCTION_R HAVE_FGETPWENT_R
+
+#include "xgetXXbyYY.c"
+
diff --git a/lib/yesno.c b/lib/yesno.c
new file mode 100644
index 0000000..029cd81
--- /dev/null
+++ b/lib/yesno.c
@@ -0,0 +1,87 @@
+/*
+ * SPDX-FileCopyrightText: 1992 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "prototypes.h"
+
+
+/*
+ * Synopsis
+ *	bool yes_or_no(bool read_only);
+ *
+ * Arguments
+ *	read_only
+ *		In read-only mode, all questions are answered "no".  It
+ *		will print "No" to stdout.
+ *
+ * Description
+ *	After a yes/no question, this function gets the answer from the
+ *	user.
+ *
+ *	Calls to this function will normally be preceeded by a prompt on
+ *	stdout, so we should fflush(3).
+ *
+ * Return value
+ *	false	"no"
+ *	true	"yes"
+ *
+ * See also
+ *	rpmatch(3)
+ */
+
+
+#if !defined(HAVE_RPMATCH)
+static int rpmatch(const char *response);
+#endif
+
+
+bool
+yes_or_no(bool read_only)
+{
+	bool   ret;
+	char   *buf;
+	size_t size;
+
+	if (read_only) {
+		puts(_("No"));
+		return false;
+	}
+
+	fflush(stdout);
+
+	buf = NULL;
+	ret = false;
+	size = 0;
+	if (getline(&buf, &size, stdin) != -1)
+		ret = rpmatch(buf) == 1;
+
+	free(buf);
+	return ret;
+}
+
+
+#if !defined(HAVE_RPMATCH)
+static int
+rpmatch(const char *response)
+{
+	if (response[0] == 'y' || response[0] == 'Y')
+		return 1;
+
+	if (response[0] == 'n' || response[0] == 'n')
+		return 0;
+
+	return -1;
+}
+#endif
diff --git a/libmisc/.indent.pro b/libmisc/.indent.pro
deleted file mode 100644
index fe572bb..0000000
--- a/libmisc/.indent.pro
+++ /dev/null
@@ -1,5 +0,0 @@
--kr
--i8
--bad
--pcs
--l80
diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
deleted file mode 100644
index 3d319cd..0000000
--- a/libmisc/Makefile.am
+++ /dev/null
@@ -1,80 +0,0 @@
-
-EXTRA_DIST = .indent.pro xgetXXbyYY.c
-
-AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
-
-noinst_LTLIBRARIES = libmisc.la
-
-libmisc_la_SOURCES = \
-	addgrps.c \
-	age.c \
-	audit_help.c \
-	basename.c \
-	chkname.c \
-	chkname.h \
-	chowndir.c \
-	chowntty.c \
-	cleanup.c \
-	cleanup_group.c \
-	cleanup_user.c \
-	console.c \
-	copydir.c \
-	date_to_str.c \
-	entry.c \
-	env.c \
-	failure.c \
-	failure.h \
-	find_new_gid.c \
-	find_new_uid.c \
-	find_new_sub_gids.c \
-	find_new_sub_uids.c \
-	getdate.h \
-	getdate.y \
-	getgr_nam_gid.c \
-	getrange.c \
-	gettime.c \
-	hushed.c \
-	idmapping.h \
-	idmapping.c \
-	isexpired.c \
-	limits.c \
-	list.c log.c \
-	loginprompt.c \
-	mail.c \
-	motd.c \
-	myname.c \
-	obscure.c \
-	pam_pass.c \
-	pam_pass_non_interactive.c \
-	prefix_flag.c \
-	pwd2spwd.c \
-	pwdcheck.c \
-	pwd_init.c \
-	remove_tree.c \
-	rlogin.c \
-	root_flag.c \
-	salt.c \
-	setugid.c \
-	setupenv.c \
-	shell.c \
-	strtoday.c \
-	sub.c \
-	sulog.c \
-	ttytype.c \
-	tz.c \
-	ulimit.c \
-	user_busy.c \
-	utmp.c \
-	valid.c \
-	xgetpwnam.c \
-	xgetpwuid.c \
-	xgetgrnam.c \
-	xgetgrgid.c \
-	xgetspnam.c \
-	xmalloc.c \
-	yesno.c
-
-if WITH_BTRFS
-libmisc_la_SOURCES += btrfs.c
-endif
-
diff --git a/libmisc/Makefile.in b/libmisc/Makefile.in
deleted file mode 100644
index 2defd8e..0000000
--- a/libmisc/Makefile.in
+++ /dev/null
@@ -1,927 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
-  if test -z '$(MAKELEVEL)'; then \
-    false; \
-  elif test -n '$(MAKE_HOST)'; then \
-    true; \
-  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
-    true; \
-  else \
-    false; \
-  fi; \
-}
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
-    case $$MAKEFLAGS in \
-      *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@WITH_BTRFS_TRUE@am__append_1 = btrfs.c
-subdir = libmisc
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
-	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
-	$(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-LTLIBRARIES = $(noinst_LTLIBRARIES)
-libmisc_la_LIBADD =
-am__libmisc_la_SOURCES_DIST = addgrps.c age.c audit_help.c basename.c \
-	chkname.c chkname.h chowndir.c chowntty.c cleanup.c \
-	cleanup_group.c cleanup_user.c console.c copydir.c \
-	date_to_str.c entry.c env.c failure.c failure.h find_new_gid.c \
-	find_new_uid.c find_new_sub_gids.c find_new_sub_uids.c \
-	getdate.h getdate.y getgr_nam_gid.c getrange.c gettime.c \
-	hushed.c idmapping.h idmapping.c isexpired.c limits.c list.c \
-	log.c loginprompt.c mail.c motd.c myname.c obscure.c \
-	pam_pass.c pam_pass_non_interactive.c prefix_flag.c pwd2spwd.c \
-	pwdcheck.c pwd_init.c remove_tree.c rlogin.c root_flag.c \
-	salt.c setugid.c setupenv.c shell.c strtoday.c sub.c sulog.c \
-	ttytype.c tz.c ulimit.c user_busy.c utmp.c valid.c xgetpwnam.c \
-	xgetpwuid.c xgetgrnam.c xgetgrgid.c xgetspnam.c xmalloc.c \
-	yesno.c btrfs.c
-@WITH_BTRFS_TRUE@am__objects_1 = btrfs.lo
-am_libmisc_la_OBJECTS = addgrps.lo age.lo audit_help.lo basename.lo \
-	chkname.lo chowndir.lo chowntty.lo cleanup.lo cleanup_group.lo \
-	cleanup_user.lo console.lo copydir.lo date_to_str.lo entry.lo \
-	env.lo failure.lo find_new_gid.lo find_new_uid.lo \
-	find_new_sub_gids.lo find_new_sub_uids.lo getdate.lo \
-	getgr_nam_gid.lo getrange.lo gettime.lo hushed.lo idmapping.lo \
-	isexpired.lo limits.lo list.lo log.lo loginprompt.lo mail.lo \
-	motd.lo myname.lo obscure.lo pam_pass.lo \
-	pam_pass_non_interactive.lo prefix_flag.lo pwd2spwd.lo \
-	pwdcheck.lo pwd_init.lo remove_tree.lo rlogin.lo root_flag.lo \
-	salt.lo setugid.lo setupenv.lo shell.lo strtoday.lo sub.lo \
-	sulog.lo ttytype.lo tz.lo ulimit.lo user_busy.lo utmp.lo \
-	valid.lo xgetpwnam.lo xgetpwuid.lo xgetgrnam.lo xgetgrgid.lo \
-	xgetspnam.lo xmalloc.lo yesno.lo $(am__objects_1)
-libmisc_la_OBJECTS = $(am_libmisc_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 = 
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN     " $@;
-am__v_GEN_1 = 
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 = 
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/addgrps.Plo ./$(DEPDIR)/age.Plo \
-	./$(DEPDIR)/audit_help.Plo ./$(DEPDIR)/basename.Plo \
-	./$(DEPDIR)/btrfs.Plo ./$(DEPDIR)/chkname.Plo \
-	./$(DEPDIR)/chowndir.Plo ./$(DEPDIR)/chowntty.Plo \
-	./$(DEPDIR)/cleanup.Plo ./$(DEPDIR)/cleanup_group.Plo \
-	./$(DEPDIR)/cleanup_user.Plo ./$(DEPDIR)/console.Plo \
-	./$(DEPDIR)/copydir.Plo ./$(DEPDIR)/date_to_str.Plo \
-	./$(DEPDIR)/entry.Plo ./$(DEPDIR)/env.Plo \
-	./$(DEPDIR)/failure.Plo ./$(DEPDIR)/find_new_gid.Plo \
-	./$(DEPDIR)/find_new_sub_gids.Plo \
-	./$(DEPDIR)/find_new_sub_uids.Plo ./$(DEPDIR)/find_new_uid.Plo \
-	./$(DEPDIR)/getdate.Plo ./$(DEPDIR)/getgr_nam_gid.Plo \
-	./$(DEPDIR)/getrange.Plo ./$(DEPDIR)/gettime.Plo \
-	./$(DEPDIR)/hushed.Plo ./$(DEPDIR)/idmapping.Plo \
-	./$(DEPDIR)/isexpired.Plo ./$(DEPDIR)/limits.Plo \
-	./$(DEPDIR)/list.Plo ./$(DEPDIR)/log.Plo \
-	./$(DEPDIR)/loginprompt.Plo ./$(DEPDIR)/mail.Plo \
-	./$(DEPDIR)/motd.Plo ./$(DEPDIR)/myname.Plo \
-	./$(DEPDIR)/obscure.Plo ./$(DEPDIR)/pam_pass.Plo \
-	./$(DEPDIR)/pam_pass_non_interactive.Plo \
-	./$(DEPDIR)/prefix_flag.Plo ./$(DEPDIR)/pwd2spwd.Plo \
-	./$(DEPDIR)/pwd_init.Plo ./$(DEPDIR)/pwdcheck.Plo \
-	./$(DEPDIR)/remove_tree.Plo ./$(DEPDIR)/rlogin.Plo \
-	./$(DEPDIR)/root_flag.Plo ./$(DEPDIR)/salt.Plo \
-	./$(DEPDIR)/setugid.Plo ./$(DEPDIR)/setupenv.Plo \
-	./$(DEPDIR)/shell.Plo ./$(DEPDIR)/strtoday.Plo \
-	./$(DEPDIR)/sub.Plo ./$(DEPDIR)/sulog.Plo \
-	./$(DEPDIR)/ttytype.Plo ./$(DEPDIR)/tz.Plo \
-	./$(DEPDIR)/ulimit.Plo ./$(DEPDIR)/user_busy.Plo \
-	./$(DEPDIR)/utmp.Plo ./$(DEPDIR)/valid.Plo \
-	./$(DEPDIR)/xgetgrgid.Plo ./$(DEPDIR)/xgetgrnam.Plo \
-	./$(DEPDIR)/xgetpwnam.Plo ./$(DEPDIR)/xgetpwuid.Plo \
-	./$(DEPDIR)/xgetspnam.Plo ./$(DEPDIR)/xmalloc.Plo \
-	./$(DEPDIR)/yesno.Plo
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC      " $@;
-am__v_CC_1 = 
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD    " $@;
-am__v_CCLD_1 = 
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-am__yacc_c2h = sed -e s/cc$$/hh/ -e s/cpp$$/hpp/ -e s/cxx$$/hxx/ \
-		   -e s/c++$$/h++/ -e s/c$$/h/
-YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS)
-AM_V_YACC = $(am__v_YACC_@AM_V@)
-am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@)
-am__v_YACC_0 = @echo "  YACC    " $@;
-am__v_YACC_1 = 
-YLWRAP = $(top_srcdir)/ylwrap
-SOURCES = $(libmisc_la_SOURCES)
-DIST_SOURCES = $(am__libmisc_la_SOURCES_DIST)
-am__can_run_installinfo = \
-  case $$AM_UPDATE_INFO_DIR in \
-    n|no|NO) false;; \
-    *) (install-info --version) >/dev/null 2>&1;; \
-  esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates.  Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
-  BEGIN { nonempty = 0; } \
-  { items[$$0] = 1; nonempty = 1; } \
-  END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique.  This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
-  list='$(am__tagged_files)'; \
-  unique=`for i in $$list; do \
-    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-  done | $(am__uniquify_input)`
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
-	$(top_srcdir)/ylwrap getdate.c
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LIBACL = @LIBACL@
-LIBATTR = @LIBATTR@
-LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
-LIBCRYPT = @LIBCRYPT@
-LIBECONF = @LIBECONF@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBMD = @LIBMD@
-LIBOBJS = @LIBOBJS@
-LIBPAM = @LIBPAM@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBSEMANAGE = @LIBSEMANAGE@
-LIBSKEY = @LIBSKEY@
-LIBSUBID_ABI = @LIBSUBID_ABI@
-LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
-LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
-LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
-LIBTCB = @LIBTCB@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LIYESCRYPT = @LIYESCRYPT@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-USE_NLS = @USE_NLS@
-VENDORDIR = @VENDORDIR@
-VERSION = @VERSION@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-capcmd = @capcmd@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = .indent.pro xgetXXbyYY.c
-AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
-noinst_LTLIBRARIES = libmisc.la
-libmisc_la_SOURCES = addgrps.c age.c audit_help.c basename.c chkname.c \
-	chkname.h chowndir.c chowntty.c cleanup.c cleanup_group.c \
-	cleanup_user.c console.c copydir.c date_to_str.c entry.c env.c \
-	failure.c failure.h find_new_gid.c find_new_uid.c \
-	find_new_sub_gids.c find_new_sub_uids.c getdate.h getdate.y \
-	getgr_nam_gid.c getrange.c gettime.c hushed.c idmapping.h \
-	idmapping.c isexpired.c limits.c list.c log.c loginprompt.c \
-	mail.c motd.c myname.c obscure.c pam_pass.c \
-	pam_pass_non_interactive.c prefix_flag.c pwd2spwd.c pwdcheck.c \
-	pwd_init.c remove_tree.c rlogin.c root_flag.c salt.c setugid.c \
-	setupenv.c shell.c strtoday.c sub.c sulog.c ttytype.c tz.c \
-	ulimit.c user_busy.c utmp.c valid.c xgetpwnam.c xgetpwuid.c \
-	xgetgrnam.c xgetgrgid.c xgetspnam.c xmalloc.c yesno.c \
-	$(am__append_1)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
-	        && { if test -f $@; then exit 0; else break; fi; }; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign libmisc/Makefile'; \
-	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign libmisc/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-libmisc.la: $(libmisc_la_OBJECTS) $(libmisc_la_DEPENDENCIES) $(EXTRA_libmisc_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK)  $(libmisc_la_OBJECTS) $(libmisc_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/addgrps.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/age.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_help.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/basename.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/btrfs.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chkname.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chowndir.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chowntty.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cleanup.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cleanup_group.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cleanup_user.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/console.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/copydir.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/date_to_str.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/entry.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/env.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/failure.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/find_new_gid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/find_new_sub_gids.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/find_new_sub_uids.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/find_new_uid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getdate.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getgr_nam_gid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getrange.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gettime.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hushed.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/idmapping.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/isexpired.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/limits.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/list.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/loginprompt.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mail.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/motd.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myname.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/obscure.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pass.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pass_non_interactive.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prefix_flag.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwd2spwd.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwd_init.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwdcheck.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/remove_tree.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rlogin.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/root_flag.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/salt.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/setugid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/setupenv.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shell.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strtoday.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sub.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sulog.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ttytype.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tz.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ulimit.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/user_busy.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utmp.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/valid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xgetgrgid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xgetgrnam.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xgetpwnam.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xgetpwuid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xgetspnam.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmalloc.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yesno.Plo@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
-	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-.y.c:
-	$(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h `echo $@ | $(am__yacc_c2h)` y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(am__tagged_files)
-	$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	set x; \
-	here=`pwd`; \
-	$(am__define_uniq_tagged_files); \
-	shift; \
-	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  if test $$# -gt 0; then \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      "$$@" $$unique; \
-	  else \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      $$unique; \
-	  fi; \
-	fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	$(am__define_uniq_tagged_files); \
-	test -z "$(CTAGS_ARGS)$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && $(am__cd) $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
-	list='$(am__tagged_files)'; \
-	case "$(srcdir)" in \
-	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
-	  *) sdir=$(subdir)/$(srcdir) ;; \
-	esac; \
-	for i in $$list; do \
-	  if test -f "$$i"; then \
-	    echo "$(subdir)/$$i"; \
-	  else \
-	    echo "$$sdir/$$i"; \
-	  fi; \
-	done >> $(top_builddir)/cscope.files
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d "$(distdir)/$$file"; then \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
-	  else \
-	    test -f "$(distdir)/$$file" \
-	    || cp -p $$d/$$file "$(distdir)/$$file" \
-	    || exit 1; \
-	  fi; \
-	done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES)
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	if test -z '$(STRIP)'; then \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	      install; \
-	else \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
-	fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f getdate.c
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-		-rm -f ./$(DEPDIR)/addgrps.Plo
-	-rm -f ./$(DEPDIR)/age.Plo
-	-rm -f ./$(DEPDIR)/audit_help.Plo
-	-rm -f ./$(DEPDIR)/basename.Plo
-	-rm -f ./$(DEPDIR)/btrfs.Plo
-	-rm -f ./$(DEPDIR)/chkname.Plo
-	-rm -f ./$(DEPDIR)/chowndir.Plo
-	-rm -f ./$(DEPDIR)/chowntty.Plo
-	-rm -f ./$(DEPDIR)/cleanup.Plo
-	-rm -f ./$(DEPDIR)/cleanup_group.Plo
-	-rm -f ./$(DEPDIR)/cleanup_user.Plo
-	-rm -f ./$(DEPDIR)/console.Plo
-	-rm -f ./$(DEPDIR)/copydir.Plo
-	-rm -f ./$(DEPDIR)/date_to_str.Plo
-	-rm -f ./$(DEPDIR)/entry.Plo
-	-rm -f ./$(DEPDIR)/env.Plo
-	-rm -f ./$(DEPDIR)/failure.Plo
-	-rm -f ./$(DEPDIR)/find_new_gid.Plo
-	-rm -f ./$(DEPDIR)/find_new_sub_gids.Plo
-	-rm -f ./$(DEPDIR)/find_new_sub_uids.Plo
-	-rm -f ./$(DEPDIR)/find_new_uid.Plo
-	-rm -f ./$(DEPDIR)/getdate.Plo
-	-rm -f ./$(DEPDIR)/getgr_nam_gid.Plo
-	-rm -f ./$(DEPDIR)/getrange.Plo
-	-rm -f ./$(DEPDIR)/gettime.Plo
-	-rm -f ./$(DEPDIR)/hushed.Plo
-	-rm -f ./$(DEPDIR)/idmapping.Plo
-	-rm -f ./$(DEPDIR)/isexpired.Plo
-	-rm -f ./$(DEPDIR)/limits.Plo
-	-rm -f ./$(DEPDIR)/list.Plo
-	-rm -f ./$(DEPDIR)/log.Plo
-	-rm -f ./$(DEPDIR)/loginprompt.Plo
-	-rm -f ./$(DEPDIR)/mail.Plo
-	-rm -f ./$(DEPDIR)/motd.Plo
-	-rm -f ./$(DEPDIR)/myname.Plo
-	-rm -f ./$(DEPDIR)/obscure.Plo
-	-rm -f ./$(DEPDIR)/pam_pass.Plo
-	-rm -f ./$(DEPDIR)/pam_pass_non_interactive.Plo
-	-rm -f ./$(DEPDIR)/prefix_flag.Plo
-	-rm -f ./$(DEPDIR)/pwd2spwd.Plo
-	-rm -f ./$(DEPDIR)/pwd_init.Plo
-	-rm -f ./$(DEPDIR)/pwdcheck.Plo
-	-rm -f ./$(DEPDIR)/remove_tree.Plo
-	-rm -f ./$(DEPDIR)/rlogin.Plo
-	-rm -f ./$(DEPDIR)/root_flag.Plo
-	-rm -f ./$(DEPDIR)/salt.Plo
-	-rm -f ./$(DEPDIR)/setugid.Plo
-	-rm -f ./$(DEPDIR)/setupenv.Plo
-	-rm -f ./$(DEPDIR)/shell.Plo
-	-rm -f ./$(DEPDIR)/strtoday.Plo
-	-rm -f ./$(DEPDIR)/sub.Plo
-	-rm -f ./$(DEPDIR)/sulog.Plo
-	-rm -f ./$(DEPDIR)/ttytype.Plo
-	-rm -f ./$(DEPDIR)/tz.Plo
-	-rm -f ./$(DEPDIR)/ulimit.Plo
-	-rm -f ./$(DEPDIR)/user_busy.Plo
-	-rm -f ./$(DEPDIR)/utmp.Plo
-	-rm -f ./$(DEPDIR)/valid.Plo
-	-rm -f ./$(DEPDIR)/xgetgrgid.Plo
-	-rm -f ./$(DEPDIR)/xgetgrnam.Plo
-	-rm -f ./$(DEPDIR)/xgetpwnam.Plo
-	-rm -f ./$(DEPDIR)/xgetpwuid.Plo
-	-rm -f ./$(DEPDIR)/xgetspnam.Plo
-	-rm -f ./$(DEPDIR)/xmalloc.Plo
-	-rm -f ./$(DEPDIR)/yesno.Plo
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/addgrps.Plo
-	-rm -f ./$(DEPDIR)/age.Plo
-	-rm -f ./$(DEPDIR)/audit_help.Plo
-	-rm -f ./$(DEPDIR)/basename.Plo
-	-rm -f ./$(DEPDIR)/btrfs.Plo
-	-rm -f ./$(DEPDIR)/chkname.Plo
-	-rm -f ./$(DEPDIR)/chowndir.Plo
-	-rm -f ./$(DEPDIR)/chowntty.Plo
-	-rm -f ./$(DEPDIR)/cleanup.Plo
-	-rm -f ./$(DEPDIR)/cleanup_group.Plo
-	-rm -f ./$(DEPDIR)/cleanup_user.Plo
-	-rm -f ./$(DEPDIR)/console.Plo
-	-rm -f ./$(DEPDIR)/copydir.Plo
-	-rm -f ./$(DEPDIR)/date_to_str.Plo
-	-rm -f ./$(DEPDIR)/entry.Plo
-	-rm -f ./$(DEPDIR)/env.Plo
-	-rm -f ./$(DEPDIR)/failure.Plo
-	-rm -f ./$(DEPDIR)/find_new_gid.Plo
-	-rm -f ./$(DEPDIR)/find_new_sub_gids.Plo
-	-rm -f ./$(DEPDIR)/find_new_sub_uids.Plo
-	-rm -f ./$(DEPDIR)/find_new_uid.Plo
-	-rm -f ./$(DEPDIR)/getdate.Plo
-	-rm -f ./$(DEPDIR)/getgr_nam_gid.Plo
-	-rm -f ./$(DEPDIR)/getrange.Plo
-	-rm -f ./$(DEPDIR)/gettime.Plo
-	-rm -f ./$(DEPDIR)/hushed.Plo
-	-rm -f ./$(DEPDIR)/idmapping.Plo
-	-rm -f ./$(DEPDIR)/isexpired.Plo
-	-rm -f ./$(DEPDIR)/limits.Plo
-	-rm -f ./$(DEPDIR)/list.Plo
-	-rm -f ./$(DEPDIR)/log.Plo
-	-rm -f ./$(DEPDIR)/loginprompt.Plo
-	-rm -f ./$(DEPDIR)/mail.Plo
-	-rm -f ./$(DEPDIR)/motd.Plo
-	-rm -f ./$(DEPDIR)/myname.Plo
-	-rm -f ./$(DEPDIR)/obscure.Plo
-	-rm -f ./$(DEPDIR)/pam_pass.Plo
-	-rm -f ./$(DEPDIR)/pam_pass_non_interactive.Plo
-	-rm -f ./$(DEPDIR)/prefix_flag.Plo
-	-rm -f ./$(DEPDIR)/pwd2spwd.Plo
-	-rm -f ./$(DEPDIR)/pwd_init.Plo
-	-rm -f ./$(DEPDIR)/pwdcheck.Plo
-	-rm -f ./$(DEPDIR)/remove_tree.Plo
-	-rm -f ./$(DEPDIR)/rlogin.Plo
-	-rm -f ./$(DEPDIR)/root_flag.Plo
-	-rm -f ./$(DEPDIR)/salt.Plo
-	-rm -f ./$(DEPDIR)/setugid.Plo
-	-rm -f ./$(DEPDIR)/setupenv.Plo
-	-rm -f ./$(DEPDIR)/shell.Plo
-	-rm -f ./$(DEPDIR)/strtoday.Plo
-	-rm -f ./$(DEPDIR)/sub.Plo
-	-rm -f ./$(DEPDIR)/sulog.Plo
-	-rm -f ./$(DEPDIR)/ttytype.Plo
-	-rm -f ./$(DEPDIR)/tz.Plo
-	-rm -f ./$(DEPDIR)/ulimit.Plo
-	-rm -f ./$(DEPDIR)/user_busy.Plo
-	-rm -f ./$(DEPDIR)/utmp.Plo
-	-rm -f ./$(DEPDIR)/valid.Plo
-	-rm -f ./$(DEPDIR)/xgetgrgid.Plo
-	-rm -f ./$(DEPDIR)/xgetgrnam.Plo
-	-rm -f ./$(DEPDIR)/xgetpwnam.Plo
-	-rm -f ./$(DEPDIR)/xgetpwuid.Plo
-	-rm -f ./$(DEPDIR)/xgetspnam.Plo
-	-rm -f ./$(DEPDIR)/xmalloc.Plo
-	-rm -f ./$(DEPDIR)/yesno.Plo
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
-	clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libmisc/date_to_str.c b/libmisc/date_to_str.c
deleted file mode 100644
index 07e99f1..0000000
--- a/libmisc/date_to_str.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2021, Alejandro Colomar <alx.manpages@gmail.com>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the copyright holders or contributors may not be used to
- *    endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
- * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <string.h>
-#include <time.h>
-
-#ident "$Id$"
-
-#include "prototypes.h"
-
-void date_to_str (size_t size, char buf[size], long date)
-{
-	time_t t;
-
-	t = date;
-	if (date < 0)
-		(void) strncpy (buf, "never", size);
-	else
-		(void) strftime (buf, size, "%Y-%m-%d", gmtime (&t));
-	buf[size - 1] = '\0';
-}
diff --git a/libmisc/entry.c b/libmisc/entry.c
deleted file mode 100644
index 87f5754..0000000
--- a/libmisc/entry.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2003 - 2005, Tomasz KÅ‚oczko
- * SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <sys/types.h>
-#include <stdio.h>
-#include "prototypes.h"
-#include "defines.h"
-#include <pwd.h>
-
-void pw_entry (const char *name, struct passwd *pwent)
-{
-	struct passwd *passwd;
-
-	struct spwd *spwd;
-
-	if (!(passwd = getpwnam (name))) { /* local, no need for xgetpwnam */
-		pwent->pw_name = (char *) 0;
-		return;
-	} else {
-		pwent->pw_name = xstrdup (passwd->pw_name);
-		pwent->pw_uid = passwd->pw_uid;
-		pwent->pw_gid = passwd->pw_gid;
-		pwent->pw_gecos = xstrdup (passwd->pw_gecos);
-		pwent->pw_dir = xstrdup (passwd->pw_dir);
-		pwent->pw_shell = xstrdup (passwd->pw_shell);
-#if !defined(AUTOSHADOW)
-		/* local, no need for xgetspnam */
-		if ((spwd = getspnam (name))) {
-			pwent->pw_passwd = xstrdup (spwd->sp_pwdp);
-			return;
-		}
-#endif
-		pwent->pw_passwd = xstrdup (passwd->pw_passwd);
-	}
-}
diff --git a/libmisc/getrange.c b/libmisc/getrange.c
deleted file mode 100644
index 82f2edf..0000000
--- a/libmisc/getrange.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2008       , Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ident "$Id: $"
-
-#include <ctype.h>
-#include <stdlib.h>
-
-#include "defines.h"
-#include "prototypes.h"
-
-/*
- * Parse a range and indicate if the range is valid.
- * Valid ranges are in the form:
- *     <long>          -> min=max=long         has_min  has_max
- *     -<long>         -> max=long            !has_min  has_max
- *     <long>-         -> min=long             has_min !has_max
- *     <long1>-<long2> -> min=long1 max=long2  has_min  has_max
- *
- * If the range is valid, getrange returns 1.
- * If the range is not valid, getrange returns 0.
- */
-int getrange (const char *range,
-              unsigned long *min, bool *has_min,
-              unsigned long *max, bool *has_max)
-{
-	char *endptr;
-	unsigned long n;
-
-	if (NULL == range) {
-		return 0;
-	}
-
-	if ('-' == range[0]) {
-		if (!isdigit(range[1])) {
-			/* invalid */
-			return 0;
-		}
-		errno = 0;
-		n = strtoul (&range[1], &endptr, 10);
-		if (('\0' != *endptr) || (ERANGE == errno)) {
-			/* invalid */
-			return 0;
-		}
-		/* -<long> */
-		*has_min = false;
-		*has_max = true;
-		*max = n;
-	} else {
-		errno = 0;
-		n = strtoul (range, &endptr, 10);
-		if (ERANGE == errno) {
-			/* invalid */
-			return 0;
-		}
-		switch (*endptr) {
-			case '\0':
-				/* <long> */
-				*has_min = true;
-				*has_max = true;
-				*min = n;
-				*max = n;
-				break;
-			case '-':
-				endptr++;
-				if ('\0' == *endptr) {
-					/* <long>- */
-					*has_min = true;
-					*has_max = false;
-					*min = n;
-				} else if (!isdigit (*endptr)) {
-					/* invalid */
-					return 0;
-				} else {
-					*has_min = true;
-					*min = n;
-					errno = 0;
-					n = strtoul (endptr, &endptr, 10);
-					if (   ('\0' != *endptr)
-					    || (ERANGE == errno)) {
-						/* invalid */
-						return 0;
-					}
-					/* <long>-<long> */
-					*has_max = true;
-					*max = n;
-				}
-				break;
-			default:
-				return 0;
-		}
-	}
-
-	return 1;
-}
-
diff --git a/libmisc/gettime.c b/libmisc/gettime.c
deleted file mode 100644
index b288402..0000000
--- a/libmisc/gettime.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2017, Chris Lamb
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include "defines.h"
-#include "prototypes.h"
-#include "shadowlog.h"
-
-/*
- * gettime() returns the time as the number of seconds since the Epoch
- *
- * Like time(), gettime() returns the time as the number of seconds since the
- * Epoch, 1970-01-01 00:00:00 +0000 (UTC), except that if the SOURCE_DATE_EPOCH
- * environment variable is exported it will use that instead.
- */
-/*@observer@*/time_t gettime ()
-{
-	char *endptr;
-	char *source_date_epoch;
-	time_t fallback;
-	unsigned long long epoch;
-	FILE *shadow_logfd = log_get_logfd();
-
-	fallback = time (NULL);
-	source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");
-
-	if (!source_date_epoch)
-		return fallback;
-
-	errno = 0;
-	epoch = strtoull (source_date_epoch, &endptr, 10);
-	if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
-			|| (errno != 0 && epoch == 0)) {
-		fprintf (shadow_logfd,
-			 _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
-			 strerror(errno));
-	} else if (endptr == source_date_epoch) {
-		fprintf (shadow_logfd,
-			 _("Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n"),
-			 endptr);
-	} else if (*endptr != '\0') {
-		fprintf (shadow_logfd,
-			 _("Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n"),
-			 endptr);
-	} else if (epoch > ULONG_MAX) {
-		fprintf (shadow_logfd,
-			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu\n"),
-			 ULONG_MAX, epoch);
-	} else if (epoch > fallback) {
-		fprintf (shadow_logfd,
-			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to the current time (%lu) but was found to be: %llu\n"),
-			 fallback, epoch);
-	} else {
-		/* Valid */
-		return (time_t)epoch;
-	}
-
-	return fallback;
-}
diff --git a/libmisc/loginprompt.c b/libmisc/loginprompt.c
deleted file mode 100644
index 0a67f46..0000000
--- a/libmisc/loginprompt.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1989 - 1993, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2003 - 2005, Tomasz KÅ‚oczko
- * SPDX-FileCopyrightText: 2008 - 2011, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <assert.h>
-#include <stdio.h>
-#include <signal.h>
-#include <ctype.h>
-#include "prototypes.h"
-#include "defines.h"
-#include "getdef.h"
-
-static void login_exit (unused int sig)
-{
-	exit (EXIT_FAILURE);
-}
-
-/*
- * login_prompt - prompt the user for their login name
- *
- * login_prompt() displays the standard login prompt.  If ISSUE_FILE
- * is set in login.defs, this file is displayed before the prompt.
- */
-
-void login_prompt (const char *prompt, char *name, int namesize)
-{
-	char buf[1024];
-
-#define MAX_ENV 32
-	char *envp[MAX_ENV];
-	char *cp;
-	int i;
-	FILE *fp;
-
-	sighandler_t sigquit;
-#ifdef	SIGTSTP
-	sighandler_t sigtstp;
-#endif
-
-	/*
-	 * There is a small chance that a QUIT character will be part of
-	 * some random noise during a prompt.  Deal with this by exiting
-	 * instead of core dumping.  If SIGTSTP is defined, do the same
-	 * thing for that signal.
-	 */
-
-	sigquit = signal (SIGQUIT, login_exit);
-#ifdef	SIGTSTP
-	sigtstp = signal (SIGTSTP, login_exit);
-#endif
-
-	/*
-	 * See if the user has configured the issue file to
-	 * be displayed and display it before the prompt.
-	 */
-
-	if (NULL != prompt) {
-		const char *fname = getdef_str ("ISSUE_FILE");
-		if (NULL != fname) {
-			fp = fopen (fname, "r");
-			if (NULL != fp) {
-				while ((i = getc (fp)) != EOF) {
-					(void) putc (i, stdout);
-				}
-
-				(void) fclose (fp);
-			}
-		}
-		(void) gethostname (buf, sizeof buf);
-		printf (prompt, buf);
-		(void) fflush (stdout);
-	}
-
-	/*
-	 * Read the user's response.  The trailing newline will be
-	 * removed.
-	 */
-
-	memzero (buf, sizeof buf);
-	if (fgets (buf, (int) sizeof buf, stdin) != buf) {
-		exit (EXIT_FAILURE);
-	}
-
-	cp = strchr (buf, '\n');
-	if (NULL == cp) {
-		exit (EXIT_FAILURE);
-	}
-	*cp = '\0';		/* remove \n [ must be there ] */
-
-	/*
-	 * Skip leading whitespace.  This makes "  username" work right.
-	 * Then copy the rest (up to the end or the first "non-graphic"
-	 * character into the username.
-	 */
-
-	for (cp = buf; *cp == ' ' || *cp == '\t'; cp++);
-
-	for (i = 0; i < namesize - 1 && isgraph (*cp); name[i++] = *cp++);
-	while (isgraph (*cp)) {
-		cp++;
-	}
-
-	if ('\0' != *cp) {
-		cp++;
-	}
-
-	name[i] = '\0';
-
-	/*
-	 * This is a disaster, at best.  The user may have entered extra
-	 * environmental variables at the prompt.  There are several ways
-	 * to do this, and I just take the easy way out.
-	 */
-
-	if ('\0' != *cp) {	/* process new variables */
-		char *nvar;
-		int count = 1;
-		int envc;
-
-		for (envc = 0; envc < MAX_ENV; envc++) {
-			nvar = strtok ((0 != envc) ? (char *) 0 : cp, " \t,");
-			if (NULL == nvar) {
-				break;
-			}
-			if (strchr (nvar, '=') != NULL) {
-				envp[envc] = nvar;
-			} else {
-				size_t len = strlen (nvar) + 32;
-				envp[envc] = xmalloc (len);
-				(void) snprintf (envp[envc], len,
-				                 "L%d=%s", count++, nvar);
-			}
-		}
-		set_env (envc, envp);
-	}
-
-	/*
-	 * Set the SIGQUIT handler back to its original value
-	 */
-
-	(void) signal (SIGQUIT, sigquit);
-#ifdef	SIGTSTP
-	(void) signal (SIGTSTP, sigtstp);
-#endif
-}
-
diff --git a/libmisc/strtoday.c b/libmisc/strtoday.c
deleted file mode 100644
index d321873..0000000
--- a/libmisc/strtoday.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2003 - 2005, Tomasz KÅ‚oczko
- * SPDX-FileCopyrightText: 2008       , Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#if !defined(__GLIBC__)
-#define _XOPEN_SOURCE 500
-#endif
-
-#include <config.h>
-
-#include <ctype.h>
-
-#ident "$Id$"
-
-#include "defines.h"
-#include "prototypes.h"
-
-#ifndef USE_GETDATE
-#define USE_GETDATE 1
-#endif
-
-#if USE_GETDATE
-#include "getdate.h"
-/*
- * strtoday() now uses get_date() (borrowed from GNU shellutils)
- * which can handle many date formats, for example:
- *	1970-09-17	# ISO 8601.
- *	70-9-17		# This century assumed by default.
- *	70-09-17	# Leading zeros are ignored.
- *	9/17/72		# Common U.S. writing.
- *	24 September 1972
- *	24 Sept 72	# September has a special abbreviation.
- *	24 Sep 72	# Three-letter abbreviations always allowed.
- *	Sep 24, 1972
- *	24-sep-72
- *	24sep72
- */
-long strtoday (const char *str)
-{
-	time_t t;
-	bool isnum = true;
-	const char *s = str;
-
-	/*
-	 * get_date() interprets an empty string as the current date,
-	 * which is not what we expect, unless you're a BOFH :-).
-	 * (useradd sets sp_expire = current date for new lusers)
-	 */
-	if ((NULL == str) || ('\0' == *str)) {
-		return -1;
-	}
-
-	/* If a numerical value is provided, this is already a number of
-	 * days since EPOCH.
-	 */
-	if ('-' == *s) {
-		s++;
-	}
-	while (' ' == *s) {
-		s++;
-	}
-	while (isnum && ('\0' != *s)) {
-		if (!isdigit (*s)) {
-			isnum = false;
-		}
-		s++;
-	}
-	if (isnum) {
-		long retdate;
-		if (getlong (str, &retdate) == 0) {
-			return -2;
-		}
-		return retdate;
-	}
-
-	t = get_date (str, NULL);
-	if ((time_t) - 1 == t) {
-		return -2;
-	}
-	/* convert seconds to days since 1970-01-01 */
-	return (long) (t + DAY / 2) / DAY;
-}
-
-#else				/* !USE_GETDATE */
-/*
- * Old code, just in case get_date() doesn't work as expected...
- */
-#include <stdio.h>
-#ifdef HAVE_STRPTIME
-/*
- * for now we allow just one format, but we can define more later
- * (we try them all until one succeeds).  --marekm
- */
-static const char *const date_formats[] = {
-	"%Y-%m-%d",
-	(char *) 0
-};
-#else
-/*
- * days and juldays are used to compute the number of days in the
- * current month, and the cumulative number of days in the preceding
- * months.  they are declared so that january is 1, not 0.
- */
-static const short days[13] = { 0,
-	31, 28, 31, 30, 31, 30,	/* JAN - JUN */
-	31, 31, 30, 31, 30, 31
-};				/* JUL - DEC */
-
-static const short juldays[13] = { 0,
-	0, 31, 59, 90, 120, 151,	/* JAN - JUN */
-	181, 212, 243, 273, 304, 334
-};				/* JUL - DEC */
-#endif
-
-/*
- * strtoday - compute the number of days since 1970.
- *
- * the total number of days prior to the current date is
- * computed.  january 1, 1970 is used as the origin with
- * it having a day number of 0.
- */
-
-long strtoday (const char *str)
-{
-#ifdef HAVE_STRPTIME
-	struct tm tp;
-	const char *const *fmt;
-	char *cp;
-	time_t result;
-
-	memzero (&tp, sizeof tp);
-	for (fmt = date_formats; *fmt; fmt++) {
-		cp = strptime ((char *) str, *fmt, &tp);
-		if ((NULL == cp) || ('\0' != *cp)) {
-			continue;
-		}
-
-		result = mktime (&tp);
-		if ((time_t) - 1 == result) {
-			continue;
-		}
-
-		return (long) (result / DAY);	/* success */
-	}
-	return -1;
-#else
-	char slop[2];
-	int month;
-	int day;
-	int year;
-	long total;
-
-	/*
-	 * start by separating the month, day and year.  the order
-	 * is compiled in ...
-	 */
-
-	if (sscanf (str, "%d/%d/%d%c", &year, &month, &day, slop) != 3) {
-		return -1;
-	}
-
-	/*
-	 * the month, day of the month, and year are checked for
-	 * correctness and the year adjusted so it falls between
-	 * 1970 and 2069.
-	 */
-
-	if ((month < 1) || (month > 12)) {
-		return -1;
-	}
-
-	if (day < 1) {
-		return -1;
-	}
-
-	if (   ((2 != month) || ((year % 4) != 0))
-	    && (day > days[month])) {
-		return -1;
-	} else if ((month == 2) && ((year % 4) == 0) && (day > 29)) {
-		return -1;
-	}
-
-	if (year < 0) {
-		return -1;
-	} else if (year <= 69) {
-		year += 2000;
-	} else if (year <= 99) {
-		year += 1900;
-	}
-
-	/*
-	 * On systems with 32-bit signed time_t, time wraps around in 2038
-	 * - for now we just limit the year to 2037 (instead of 2069).
-	 * This limit can be removed once no one is using 32-bit systems
-	 * anymore :-).  --marekm
-	 */
-	if ((year < 1970) || (year > 2037)) {
-		return -1;
-	}
-
-	/*
-	 * the total number of days is the total number of days in all
-	 * the whole years, plus the number of leap days, plus the
-	 * number of days in the whole months preceding, plus the number
-	 * of days so far in the month.
-	 */
-
-	total = (long) ((year - 1970) * 365L) + (((year + 1) - 1970) / 4);
-	total += (long) juldays[month] + (month > 2 && (year % 4) == 0 ? 1 : 0);
-	total += (long) day - 1;
-
-	return total;
-#endif				/* HAVE_STRPTIME */
-}
-#endif				/* !USE_GETDATE */
diff --git a/libmisc/utmp.c b/libmisc/utmp.c
deleted file mode 100644
index 45b479f..0000000
--- a/libmisc/utmp.c
+++ /dev/null
@@ -1,474 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2001 - 2005, Tomasz KÅ‚oczko
- * SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#include "defines.h"
-#include "prototypes.h"
-
-#ifdef USE_UTMPX
-#include <utmpx.h>
-#else
-#include <utmp.h>
-#endif
-
-#include <assert.h>
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-#include <stdio.h>
-
-#ident "$Id$"
-
-
-/*
- * is_my_tty -- determine if "tty" is the same TTY stdin is using
- */
-static bool is_my_tty (const char *tty)
-{
-	/* full_tty shall be at least sizeof utmp.ut_line + 5 */
-	char full_tty[200];
-	/* tmptty shall be bigger than full_tty */
-	static char tmptty[sizeof (full_tty)+1];
-
-	if ('/' != *tty) {
-		(void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty);
-		tty = &full_tty[0];
-	}
-
-	if ('\0' == tmptty[0]) {
-		const char *tname = ttyname (STDIN_FILENO);
-		if (NULL != tname) {
-			(void) strncpy (tmptty, tname, sizeof tmptty);
-			tmptty[sizeof (tmptty) - 1] = '\0';
-		}
-	}
-
-	if ('\0' == tmptty[0]) {
-		(void) puts (_("Unable to determine your tty name."));
-		exit (EXIT_FAILURE);
-	} else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) {
-		return false;
-	} else {
-		return true;
-	}
-}
-
-/*
- * get_current_utmp - return the most probable utmp entry for the current
- *                    session
- *
- *	The utmp file is scanned for an entry with the same process ID.
- *	The line entered by the *getty / telnetd, etc. should also match
- *	the current terminal.
- *
- *	When an entry is returned by get_current_utmp, and if the utmp
- *	structure has a ut_id field, this field should be used to update
- *	the entry information.
- *
- *	Return NULL if no entries exist in utmp for the current process.
- */
-#ifndef USE_UTMPX
-/*@null@*/ /*@only@*/struct utmp *get_current_utmp (void)
-{
-	struct utmp *ut;
-	struct utmp *ret = NULL;
-
-	setutent ();
-
-	/* First, try to find a valid utmp entry for this process.  */
-	while ((ut = getutent ()) != NULL) {
-		if (   (ut->ut_pid == getpid ())
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-		    && ('\0' != ut->ut_id[0])
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
-		    && (   (LOGIN_PROCESS == ut->ut_type)
-		        || (USER_PROCESS  == ut->ut_type))
-#endif
-		    /* A process may have failed to close an entry
-		     * Check if this entry refers to the current tty */
-		    && is_my_tty (ut->ut_line)) {
-			break;
-		}
-	}
-
-	if (NULL != ut) {
-		ret = (struct utmp *) xmalloc (sizeof (*ret));
-		memcpy (ret, ut, sizeof (*ret));
-	}
-
-	endutent ();
-
-	return ret;
-}
-#else
-/*@null@*/ /*@only*/struct utmpx *get_current_utmp(void)
-{
-	struct utmpx *ut;
-	struct utmpx *ret = NULL;
-
-	setutxent ();
-
-	/* Find the utmpx entry for this PID. */
-	while ((ut = getutxent ()) != NULL) {
-		if (   (ut->ut_pid == getpid ())
-		    && ('\0' != ut->ut_id[0])
-		    && (   (LOGIN_PROCESS == ut->ut_type)
-			|| (USER_PROCESS == ut->ut_type))
-		    && is_my_tty (ut->ut_line)) {
-			break;
-		}
-	}
-
-	if (NULL != ut) {
-		ret = (struct utmpx *) xmalloc (sizeof (*ret));
-		memcpy (ret, ut, sizeof (*ret));
-	}
-
-	endutxent ();
-
-	return ret;
-}
-#endif
-
-
-#ifndef USE_PAM
-/*
- * Some systems already have updwtmp() and possibly updwtmpx().  Others
- * don't, so we re-implement these functions if necessary.
- */
-#ifndef HAVE_UPDWTMP
-static void updwtmp (const char *filename, const struct utmp *ut)
-{
-	int fd;
-
-	fd = open (filename, O_APPEND | O_WRONLY, 0);
-	if (fd >= 0) {
-		write (fd, (const char *) ut, sizeof (*ut));
-		close (fd);
-	}
-}
-#endif				/* ! HAVE_UPDWTMP */
-
-#ifdef USE_UTMPX
-#ifndef HAVE_UPDWTMPX
-static void updwtmpx (const char *filename, const struct utmpx *utx)
-{
-	int fd;
-
-	fd = open (filename, O_APPEND | O_WRONLY, 0);
-	if (fd >= 0) {
-		write (fd, (const char *) utx, sizeof (*utx));
-		close (fd);
-	}
-}
-#endif				/* ! HAVE_UPDWTMPX */
-#endif				/* ! USE_UTMPX */
-#endif				/* ! USE_PAM */
-
-
-#ifndef USE_UTMPX
-/*
- * prepare_utmp - prepare an utmp entry so that it can be logged in a
- *                utmp/wtmp file.
- *
- *	It accepts an utmp entry in input (ut) to return an entry with
- *	the right ut_id. This is typically an entry returned by
- *	get_current_utmp
- *	If ut is NULL, ut_id will be forged based on the line argument.
- *
- *	The ut_host field of the input structure may also be kept, and is
- *	used to define the ut_addr/ut_addr_v6 fields. (if these fields
- *	exist)
- *
- *	Other fields are discarded and filed with new values (if they
- *	exist).
- *
- *	The returned structure shall be freed by the caller.
- */
-/*@only@*/struct utmp *prepare_utmp (const char *name,
-                                     const char *line,
-                                     const char *host,
-                                     /*@null@*/const struct utmp *ut)
-{
-	struct timeval tv;
-	char *hostname = NULL;
-	struct utmp *utent;
-
-	assert (NULL != name);
-	assert (NULL != line);
-
-
-
-	if (   (NULL != host)
-	    && ('\0' != host[0])) {
-		hostname = (char *) xmalloc (strlen (host) + 1);
-		strcpy (hostname, host);
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-	} else if (   (NULL != ut)
-	           && ('\0' != ut->ut_host[0])) {
-		hostname = (char *) xmalloc (sizeof (ut->ut_host) + 1);
-		strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
-		hostname[sizeof (ut->ut_host)] = '\0';
-#endif				/* HAVE_STRUCT_UTMP_UT_HOST */
-	}
-
-	if (strncmp(line, "/dev/", 5) == 0) {
-		line += 5;
-	}
-
-
-	utent = (struct utmp *) xmalloc (sizeof (*utent));
-	memzero (utent, sizeof (*utent));
-
-
-
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
-	utent->ut_type = USER_PROCESS;
-#endif				/* HAVE_STRUCT_UTMP_UT_TYPE */
-	utent->ut_pid = getpid ();
-	strncpy (utent->ut_line, line,      sizeof (utent->ut_line) - 1);
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-	if (NULL != ut) {
-		strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
-	} else {
-		/* XXX - assumes /dev/tty?? */
-		strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1);
-	}
-#endif				/* HAVE_STRUCT_UTMP_UT_ID */
-#ifdef HAVE_STRUCT_UTMP_UT_NAME
-	strncpy (utent->ut_name, name,      sizeof (utent->ut_name));
-#endif				/* HAVE_STRUCT_UTMP_UT_NAME */
-#ifdef HAVE_STRUCT_UTMP_UT_USER
-	strncpy (utent->ut_user, name,      sizeof (utent->ut_user) - 1);
-#endif				/* HAVE_STRUCT_UTMP_UT_USER */
-	if (NULL != hostname) {
-		struct addrinfo *info = NULL;
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-		strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1);
-#endif				/* HAVE_STRUCT_UTMP_UT_HOST */
-#ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
-		utent->ut_syslen = MIN (strlen (hostname),
-		                        sizeof (utent->ut_host));
-#endif				/* HAVE_STRUCT_UTMP_UT_SYSLEN */
-#if defined(HAVE_STRUCT_UTMP_UT_ADDR) || defined(HAVE_STRUCT_UTMP_UT_ADDR_V6)
-		if (getaddrinfo (hostname, NULL, NULL, &info) == 0) {
-			/* getaddrinfo might not be reliable.
-			 * Just try to log what may be useful.
-			 */
-			if (info->ai_family == AF_INET) {
-				struct sockaddr_in *sa =
-					(struct sockaddr_in *) info->ai_addr;
-#ifdef HAVE_STRUCT_UTMP_UT_ADDR
-				memcpy (&(utent->ut_addr),
-				        &(sa->sin_addr),
-				        MIN (sizeof (utent->ut_addr),
-				             sizeof (sa->sin_addr)));
-#endif				/* HAVE_STRUCT_UTMP_UT_ADDR */
-#ifdef HAVE_STRUCT_UTMP_UT_ADDR_V6
-				memcpy (utent->ut_addr_v6,
-				        &(sa->sin_addr),
-				        MIN (sizeof (utent->ut_addr_v6),
-				             sizeof (sa->sin_addr)));
-			} else if (info->ai_family == AF_INET6) {
-				struct sockaddr_in6 *sa =
-					(struct sockaddr_in6 *) info->ai_addr;
-				memcpy (utent->ut_addr_v6,
-				        &(sa->sin6_addr),
-				        MIN (sizeof (utent->ut_addr_v6),
-				             sizeof (sa->sin6_addr)));
-#endif				/* HAVE_STRUCT_UTMP_UT_ADDR_V6 */
-			}
-			freeaddrinfo (info);
-		}
-#endif		/* HAVE_STRUCT_UTMP_UT_ADDR || HAVE_STRUCT_UTMP_UT_ADDR_V6 */
-		free (hostname);
-	}
-	/* ut_exit is only for DEAD_PROCESS */
-	utent->ut_session = getsid (0);
-	if (gettimeofday (&tv, NULL) == 0) {
-#ifdef HAVE_STRUCT_UTMP_UT_TIME
-		utent->ut_time = tv.tv_sec;
-#endif				/* HAVE_STRUCT_UTMP_UT_TIME */
-#ifdef HAVE_STRUCT_UTMP_UT_XTIME
-		utent->ut_xtime = tv.tv_usec;
-#endif				/* HAVE_STRUCT_UTMP_UT_XTIME */
-#ifdef HAVE_STRUCT_UTMP_UT_TV
-		utent->ut_tv.tv_sec  = tv.tv_sec;
-		utent->ut_tv.tv_usec = tv.tv_usec;
-#endif				/* HAVE_STRUCT_UTMP_UT_TV */
-	}
-
-	return utent;
-}
-
-/*
- * setutmp - Update an entry in utmp and log an entry in wtmp
- *
- *	Return 1 on failure and 0 on success.
- */
-int setutmp (struct utmp *ut)
-{
-	int err = 0;
-
-	assert (NULL != ut);
-
-	setutent ();
-	if (pututline (ut) == NULL) {
-		err = 1;
-	}
-	endutent ();
-
-#ifndef USE_PAM
-	/* This is done by pam_lastlog */
-	updwtmp (_WTMP_FILE, ut);
-#endif				/* ! USE_PAM */
-
-	return err;
-}
-
-#else
-/*
- * prepare_utmpx - the UTMPX version for prepare_utmp
- */
-/*@only@*/struct utmpx *prepare_utmpx (const char *name,
-                                       const char *line,
-                                       const char *host,
-                                       /*@null@*/const struct utmpx *ut)
-{
-	struct timeval tv;
-	char *hostname = NULL;
-	struct utmpx *utxent;
-
-	assert (NULL != name);
-	assert (NULL != line);
-
-
-
-	if (   (NULL != host)
-	    && ('\0' != host[0])) {
-		hostname = (char *) xmalloc (strlen (host) + 1);
-		strcpy (hostname, host);
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-	} else if (   (NULL != ut)
-	           && (NULL != ut->ut_host)
-	           && ('\0' != ut->ut_host[0])) {
-		hostname = (char *) xmalloc (sizeof (ut->ut_host) + 1);
-		strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
-		hostname[sizeof (ut->ut_host)] = '\0';
-#endif				/* HAVE_STRUCT_UTMP_UT_TYPE */
-	}
-
-	if (strncmp(line, "/dev/", 5) == 0) {
-		line += 5;
-	}
-
-	utxent = (struct utmpx *) xmalloc (sizeof (*utxent));
-	memzero (utxent, sizeof (*utxent));
-
-
-
-	utxent->ut_type = USER_PROCESS;
-	utxent->ut_pid = getpid ();
-	strncpy (utxent->ut_line, line,      sizeof (utxent->ut_line));
-	/* existence of ut->ut_id is enforced by configure */
-	if (NULL != ut) {
-		strncpy (utxent->ut_id, ut->ut_id, sizeof (utxent->ut_id));
-	} else {
-		/* XXX - assumes /dev/tty?? */
-		strncpy (utxent->ut_id, line + 3, sizeof (utxent->ut_id));
-	}
-#ifdef HAVE_STRUCT_UTMPX_UT_NAME
-	strncpy (utxent->ut_name, name,      sizeof (utxent->ut_name));
-#endif				/* HAVE_STRUCT_UTMPX_UT_NAME */
-	strncpy (utxent->ut_user, name,      sizeof (utxent->ut_user));
-	if (NULL != hostname) {
-		struct addrinfo *info = NULL;
-#ifdef HAVE_STRUCT_UTMPX_UT_HOST
-		strncpy (utxent->ut_host, hostname, sizeof (utxent->ut_host));
-#endif				/* HAVE_STRUCT_UTMPX_UT_HOST */
-#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
-		utxent->ut_syslen = MIN (strlen (hostname),
-		                         sizeof (utxent->ut_host));
-#endif				/* HAVE_STRUCT_UTMPX_UT_SYSLEN */
-#if defined(HAVE_STRUCT_UTMPX_UT_ADDR) || defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
-		if (getaddrinfo (hostname, NULL, NULL, &info) == 0) {
-			/* getaddrinfo might not be reliable.
-			 * Just try to log what may be useful.
-			 */
-			if (info->ai_family == AF_INET) {
-				struct sockaddr_in *sa =
-					(struct sockaddr_in *) info->ai_addr;
-#ifdef HAVE_STRUCT_UTMPX_UT_ADDR
-				memcpy (&utxent->ut_addr,
-				        &(sa->sin_addr),
-				        MIN (sizeof (utxent->ut_addr),
-				             sizeof (sa->sin_addr)));
-#endif				/* HAVE_STRUCT_UTMPX_UT_ADDR */
-#ifdef HAVE_STRUCT_UTMPX_UT_ADDR_V6
-				memcpy (utxent->ut_addr_v6,
-				        &(sa->sin_addr),
-				        MIN (sizeof (utxent->ut_addr_v6),
-				             sizeof (sa->sin_addr)));
-			} else if (info->ai_family == AF_INET6) {
-				struct sockaddr_in6 *sa =
-					(struct sockaddr_in6 *) info->ai_addr;
-				memcpy (utxent->ut_addr_v6,
-				        &(sa->sin6_addr),
-				        MIN (sizeof (utxent->ut_addr_v6),
-				             sizeof (sa->sin6_addr)));
-#endif				/* HAVE_STRUCT_UTMPX_UT_ADDR_V6 */
-			}
-			freeaddrinfo (info);
-		}
-#endif		/* HAVE_STRUCT_UTMPX_UT_ADDR || HAVE_STRUCT_UTMPX_UT_ADDR_V6 */
-		free (hostname);
-	}
-	/* ut_exit is only for DEAD_PROCESS */
-	utxent->ut_session = getsid (0);
-	if (gettimeofday (&tv, NULL) == 0) {
-#ifdef HAVE_STRUCT_UTMPX_UT_TIME
-		utxent->ut_time = tv.tv_sec;
-#endif				/* HAVE_STRUCT_UTMPX_UT_TIME */
-#ifdef HAVE_STRUCT_UTMPX_UT_XTIME
-		utxent->ut_xtime = tv.tv_usec;
-#endif				/* HAVE_STRUCT_UTMPX_UT_XTIME */
-		utxent->ut_tv.tv_sec  = tv.tv_sec;
-		utxent->ut_tv.tv_usec = tv.tv_usec;
-	}
-
-	return utxent;
-}
-
-/*
- * setutmpx - the UTMPX version for setutmp
- */
-int setutmpx (struct utmpx *utx)
-{
-	int err = 0;
-
-	assert (NULL != utx);
-
-	setutxent ();
-	if (pututxline (utx) == NULL) {
-		err = 1;
-	}
-	endutxent ();
-
-#ifndef USE_PAM
-	/* This is done by pam_lastlog */
-	updwtmpx (_WTMP_FILE "x", utx);
-#endif				/* ! USE_PAM */
-
-	return err;
-}
-#endif				/* USE_UTMPX */
-
diff --git a/libmisc/yesno.c b/libmisc/yesno.c
deleted file mode 100644
index cfbe6ec..0000000
--- a/libmisc/yesno.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1992 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*
- * Common code for yes/no prompting
- *
- * Used by pwck.c and grpck.c
- */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <stdio.h>
-#include "prototypes.h"
-
-/*
- * yes_or_no - get answer to question from the user
- *
- *	It returns false if no.
- *
- *	If the read_only flag is set, it will print No, and will return
- *	false.
- */
-bool yes_or_no (bool read_only)
-{
-	char buf[80];
-
-	/*
-	 * In read-only mode all questions are answered "no".
-	 */
-	if (read_only) {
-		(void) puts (_("No"));
-		return false;
-	}
-
-	/*
-	 * Typically, there's a prompt on stdout, sometimes unflushed.
-	 */
-	(void) fflush (stdout);
-
-	/*
-	 * Get a line and see what the first character is.
-	 */
-	/* TODO: use gettext */
-	if (fgets (buf, (int) sizeof buf, stdin) == buf) {
-		return buf[0] == 'y' || buf[0] == 'Y';
-	}
-
-	return false;
-}
-
diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
index 09ec341..b6488e7 100644
--- a/libsubid/Makefile.am
+++ b/libsubid/Makefile.am
@@ -8,7 +8,6 @@ MISCLIBS = \
 	$(LIBAUDIT) \
 	$(LIBSELINUX) \
 	$(LIBSEMANAGE) \
-	$(LIBCRACK) \
 	$(LIBCRYPT_NOPAM) \
 	$(LIBSKEY) \
 	$(LIBMD) \
@@ -21,10 +20,8 @@ MISCLIBS = \
 
 libsubid_la_LIBADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(MISCLIBS) -ldl
 
 AM_CPPFLAGS = \
 	-I${top_srcdir}/lib \
-	-I${top_srcdir}/libmisc \
 	-DLOCALEDIR=\"$(datadir)/locale\"
diff --git a/libsubid/Makefile.in b/libsubid/Makefile.in
index ed8dc94..1cc025d 100644
--- a/libsubid/Makefile.in
+++ b/libsubid/Makefile.in
@@ -143,9 +143,9 @@ am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 libsubid_la_DEPENDENCIES = $(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la $(am__DEPENDENCIES_2)
+	$(am__DEPENDENCIES_2)
 am_libsubid_la_OBJECTS = api.lo
 libsubid_la_OBJECTS = $(am_libsubid_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
@@ -229,6 +229,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -247,6 +249,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -262,9 +265,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -280,6 +289,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -288,6 +298,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -310,6 +322,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -389,7 +404,6 @@ MISCLIBS = \
 	$(LIBAUDIT) \
 	$(LIBSELINUX) \
 	$(LIBSEMANAGE) \
-	$(LIBCRACK) \
 	$(LIBCRYPT_NOPAM) \
 	$(LIBSKEY) \
 	$(LIBMD) \
@@ -402,12 +416,10 @@ MISCLIBS = \
 
 libsubid_la_LIBADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(MISCLIBS) -ldl
 
 AM_CPPFLAGS = \
 	-I${top_srcdir}/lib \
-	-I${top_srcdir}/libmisc \
 	-DLOCALEDIR=\"$(datadir)/locale\"
 
 all: all-am
@@ -499,22 +511,25 @@ $(am__depfiles_remade):
 am--depfiles: $(am__depfiles_remade)
 
 .c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
diff --git a/libsubid/api.c b/libsubid/api.c
index 00da74f..65d20ab 100644
--- a/libsubid/api.c
+++ b/libsubid/api.c
@@ -66,12 +66,12 @@ int get_subid_owner(unsigned long id, enum subid_type id_type, uid_t **owner)
 
 int subid_get_uid_owners(uid_t uid, uid_t **owner)
 {
-	return get_subid_owner((unsigned long)uid, ID_TYPE_UID, owner);
+	return get_subid_owner(uid, ID_TYPE_UID, owner);
 }
 
 int subid_get_gid_owners(gid_t gid, uid_t **owner)
 {
-	return get_subid_owner((unsigned long)gid, ID_TYPE_GID, owner);
+	return get_subid_owner(gid, ID_TYPE_GID, owner);
 }
 
 static
diff --git a/ltmain.sh b/ltmain.sh
index 540a92a..1dea62a 100755
--- a/ltmain.sh
+++ b/ltmain.sh
@@ -1,12 +1,12 @@
-#! /bin/sh
+#! /usr/bin/env sh
 ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
-##               by inline-source v2014-01-03.01
+##               by inline-source v2019-02-19.15
 
-# libtool (GNU libtool) 2.4.6
+# libtool (GNU libtool) 2.4.7
 # Provide generalized library-building support services.
 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
 
-# Copyright (C) 1996-2015 Free Software Foundation, Inc.
+# Copyright (C) 1996-2019, 2021-2022 Free Software Foundation, Inc.
 # This is free software; see the source for copying conditions.  There is NO
 # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
@@ -31,8 +31,8 @@
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION="2.4.6 Debian-2.4.6-15build2"
-package_revision=2.4.6
+VERSION="2.4.7 Debian-2.4.7-7"
+package_revision=2.4.7
 
 
 ## ------ ##
@@ -64,34 +64,25 @@ package_revision=2.4.6
 # libraries, which are installed to $pkgauxdir.
 
 # Set a version string for this script.
-scriptversion=2015-01-20.17; # UTC
+scriptversion=2019-02-19.15; # UTC
 
 # General shell script boiler plate, and helper functions.
 # Written by Gary V. Vaughan, 2004
 
-# Copyright (C) 2004-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-
-# As a special exception to the GNU General Public License, if you distribute
-# this file as part of a program or library that is built using GNU Libtool,
-# you may include this file under the same distribution terms that you use
-# for the rest of that program.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# This is free software.  There is NO warranty; not even for
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Copyright (C) 2004-2019, 2021 Bootstrap Authors
+#
+# This file is dual licensed under the terms of the MIT license
+# <https://opensource.org/license/MIT>, and GPL version 2 or later
+# <http://www.gnu.org/licenses/gpl-2.0.html>.  You must apply one of
+# these licenses when using or redistributing this software or any of
+# the files within it.  See the URLs above, or the file `LICENSE`
+# included in the Bootstrap distribution for the full license texts.
 
-# Please report bugs or propose patches to gary@gnu.org.
+# Please report bugs or propose patches to:
+# <https://github.com/gnulib-modules/bootstrap/issues>
 
 
 ## ------ ##
@@ -139,9 +130,12 @@ do
 	  _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
 	fi"
 done
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# These NLS vars are set unconditionally (bootstrap issue #24).  Unset those
+# in case the environment reset is needed later and the $save_* variant is not
+# defined (see the code above).
+LC_ALL=C
+LANGUAGE=C
+export LANGUAGE LC_ALL
 
 # Make sure IFS has a sensible default
 sp=' '
@@ -159,6 +153,26 @@ if test "${PATH_SEPARATOR+set}" != set; then
 fi
 
 
+# func_unset VAR
+# --------------
+# Portably unset VAR.
+# In some shells, an 'unset VAR' statement leaves a non-zero return
+# status if VAR is already unset, which might be problematic if the
+# statement is used at the end of a function (thus poisoning its return
+# value) or when 'set -e' is active (causing even a spurious abort of
+# the script in this case).
+func_unset ()
+{
+    { eval $1=; (eval unset $1) >/dev/null 2>&1 && eval unset $1 || : ; }
+}
+
+
+# Make sure CDPATH doesn't cause `cd` commands to output the target dir.
+func_unset CDPATH
+
+# Make sure ${,E,F}GREP behave sanely.
+func_unset GREP_OPTIONS
+
 
 ## ------------------------- ##
 ## Locate command utilities. ##
@@ -259,7 +273,7 @@ test -z "$SED" && {
     rm -f conftest.in conftest.tmp conftest.nl conftest.out
   }
 
-  func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
+  func_path_progs "sed gsed" func_check_prog_sed "$PATH:/usr/xpg4/bin"
   rm -f conftest.sed
   SED=$func_path_progs_result
 }
@@ -295,7 +309,7 @@ test -z "$GREP" && {
     rm -f conftest.in conftest.tmp conftest.nl conftest.out
   }
 
-  func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
+  func_path_progs "grep ggrep" func_check_prog_grep "$PATH:/usr/xpg4/bin"
   GREP=$func_path_progs_result
 }
 
@@ -360,6 +374,35 @@ sed_double_backslash="\
   s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
   s/\n//g"
 
+# require_check_ifs_backslash
+# ---------------------------
+# Check if we can use backslash as IFS='\' separator, and set
+# $check_ifs_backshlash_broken to ':' or 'false'.
+require_check_ifs_backslash=func_require_check_ifs_backslash
+func_require_check_ifs_backslash ()
+{
+  _G_save_IFS=$IFS
+  IFS='\'
+  _G_check_ifs_backshlash='a\\b'
+  for _G_i in $_G_check_ifs_backshlash
+  do
+  case $_G_i in
+  a)
+    check_ifs_backshlash_broken=false
+    ;;
+  '')
+    break
+    ;;
+  *)
+    check_ifs_backshlash_broken=:
+    break
+    ;;
+  esac
+  done
+  IFS=$_G_save_IFS
+  require_check_ifs_backslash=:
+}
+
 
 ## ----------------- ##
 ## Global variables. ##
@@ -529,27 +572,15 @@ func_require_term_colors ()
 # ---------------------
 # Append VALUE onto the existing contents of VAR.
 
-  # We should try to minimise forks, especially on Windows where they are
-  # unreasonably slow, so skip the feature probes when bash or zsh are
-  # being used:
-  if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then
-    : ${_G_HAVE_ARITH_OP="yes"}
-    : ${_G_HAVE_XSI_OPS="yes"}
-    # The += operator was introduced in bash 3.1
-    case $BASH_VERSION in
-      [12].* | 3.0 | 3.0*) ;;
-      *)
-        : ${_G_HAVE_PLUSEQ_OP="yes"}
-        ;;
-    esac
-  fi
-
   # _G_HAVE_PLUSEQ_OP
   # Can be empty, in which case the shell is probed, "yes" if += is
   # useable or anything else if it does not work.
-  test -z "$_G_HAVE_PLUSEQ_OP" \
-    && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \
-    && _G_HAVE_PLUSEQ_OP=yes
+  if test -z "$_G_HAVE_PLUSEQ_OP" &&  \
+      __PLUSEQ_TEST="a" &&  \
+      __PLUSEQ_TEST+=" b" 2>/dev/null &&  \
+      test "a b" = "$__PLUSEQ_TEST"; then
+    _G_HAVE_PLUSEQ_OP=yes
+  fi
 
 if test yes = "$_G_HAVE_PLUSEQ_OP"
 then
@@ -580,16 +611,16 @@ if test yes = "$_G_HAVE_PLUSEQ_OP"; then
   {
     $debug_cmd
 
-    func_quote_for_eval "$2"
-    eval "$1+=\\ \$func_quote_for_eval_result"
+    func_quote_arg pretty "$2"
+    eval "$1+=\\ \$func_quote_arg_result"
   }'
 else
   func_append_quoted ()
   {
     $debug_cmd
 
-    func_quote_for_eval "$2"
-    eval "$1=\$$1\\ \$func_quote_for_eval_result"
+    func_quote_arg pretty "$2"
+    eval "$1=\$$1\\ \$func_quote_arg_result"
   }
 fi
 
@@ -1091,85 +1122,203 @@ func_relative_path ()
 }
 
 
-# func_quote_for_eval ARG...
-# --------------------------
-# Aesthetically quote ARGs to be evaled later.
-# This function returns two values:
-#   i) func_quote_for_eval_result
-#      double-quoted, suitable for a subsequent eval
-#  ii) func_quote_for_eval_unquoted_result
-#      has all characters that are still active within double
-#      quotes backslashified.
-func_quote_for_eval ()
+# func_quote_portable EVAL ARG
+# ----------------------------
+# Internal function to portably implement func_quote_arg.  Note that we still
+# keep attention to performance here so we as much as possible try to avoid
+# calling sed binary (so far O(N) complexity as long as func_append is O(1)).
+func_quote_portable ()
 {
     $debug_cmd
 
-    func_quote_for_eval_unquoted_result=
-    func_quote_for_eval_result=
-    while test 0 -lt $#; do
-      case $1 in
-        *[\\\`\"\$]*)
-	  _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
-        *)
-          _G_unquoted_arg=$1 ;;
-      esac
-      if test -n "$func_quote_for_eval_unquoted_result"; then
-	func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
-      else
-        func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
+    $require_check_ifs_backslash
+
+    func_quote_portable_result=$2
+
+    # one-time-loop (easy break)
+    while true
+    do
+      if $1; then
+        func_quote_portable_result=`$ECHO "$2" | $SED \
+          -e "$sed_double_quote_subst" -e "$sed_double_backslash"`
+        break
       fi
 
-      case $_G_unquoted_arg in
-        # Double-quote args containing shell metacharacters to delay
-        # word splitting, command substitution and variable expansion
-        # for a subsequent eval.
-        # Many Bourne shells cannot handle close brackets correctly
-        # in scan sets, so we specify it separately.
-        *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-          _G_quoted_arg=\"$_G_unquoted_arg\"
+      # Quote for eval.
+      case $func_quote_portable_result in
+        *[\\\`\"\$]*)
+          # Fallback to sed for $func_check_bs_ifs_broken=:, or when the string
+          # contains the shell wildcard characters.
+          case $check_ifs_backshlash_broken$func_quote_portable_result in
+            :*|*[\[\*\?]*)
+              func_quote_portable_result=`$ECHO "$func_quote_portable_result" \
+                  | $SED "$sed_quote_subst"`
+              break
+              ;;
+          esac
+
+          func_quote_portable_old_IFS=$IFS
+          for _G_char in '\' '`' '"' '$'
+          do
+            # STATE($1) PREV($2) SEPARATOR($3)
+            set start "" ""
+            func_quote_portable_result=dummy"$_G_char$func_quote_portable_result$_G_char"dummy
+            IFS=$_G_char
+            for _G_part in $func_quote_portable_result
+            do
+              case $1 in
+              quote)
+                func_append func_quote_portable_result "$3$2"
+                set quote "$_G_part" "\\$_G_char"
+                ;;
+              start)
+                set first "" ""
+                func_quote_portable_result=
+                ;;
+              first)
+                set quote "$_G_part" ""
+                ;;
+              esac
+            done
+          done
+          IFS=$func_quote_portable_old_IFS
           ;;
-        *)
-          _G_quoted_arg=$_G_unquoted_arg
-	  ;;
+        *) ;;
       esac
-
-      if test -n "$func_quote_for_eval_result"; then
-	func_append func_quote_for_eval_result " $_G_quoted_arg"
-      else
-        func_append func_quote_for_eval_result "$_G_quoted_arg"
-      fi
-      shift
+      break
     done
+
+    func_quote_portable_unquoted_result=$func_quote_portable_result
+    case $func_quote_portable_result in
+      # double-quote args containing shell metacharacters to delay
+      # word splitting, command substitution and variable expansion
+      # for a subsequent eval.
+      # many bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        func_quote_portable_result=\"$func_quote_portable_result\"
+        ;;
+    esac
 }
 
 
-# func_quote_for_expand ARG
-# -------------------------
-# Aesthetically quote ARG to be evaled later; same as above,
-# but do not quote variable references.
-func_quote_for_expand ()
-{
-    $debug_cmd
+# func_quotefast_eval ARG
+# -----------------------
+# Quote one ARG (internal).  This is equivalent to 'func_quote_arg eval ARG',
+# but optimized for speed.  Result is stored in $func_quotefast_eval.
+if test xyes = `(x=; printf -v x %q yes; echo x"$x") 2>/dev/null`; then
+  printf -v _GL_test_printf_tilde %q '~'
+  if test '\~' = "$_GL_test_printf_tilde"; then
+    func_quotefast_eval ()
+    {
+      printf -v func_quotefast_eval_result %q "$1"
+    }
+  else
+    # Broken older Bash implementations.  Make those faster too if possible.
+    func_quotefast_eval ()
+    {
+      case $1 in
+        '~'*)
+          func_quote_portable false "$1"
+          func_quotefast_eval_result=$func_quote_portable_result
+          ;;
+        *)
+          printf -v func_quotefast_eval_result %q "$1"
+          ;;
+      esac
+    }
+  fi
+else
+  func_quotefast_eval ()
+  {
+    func_quote_portable false "$1"
+    func_quotefast_eval_result=$func_quote_portable_result
+  }
+fi
 
-    case $1 in
-      *[\\\`\"]*)
-	_G_arg=`$ECHO "$1" | $SED \
-	    -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
-      *)
-        _G_arg=$1 ;;
+
+# func_quote_arg MODEs ARG
+# ------------------------
+# Quote one ARG to be evaled later.  MODEs argument may contain zero or more
+# specifiers listed below separated by ',' character.  This function returns two
+# values:
+#   i) func_quote_arg_result
+#      double-quoted (when needed), suitable for a subsequent eval
+#  ii) func_quote_arg_unquoted_result
+#      has all characters that are still active within double
+#      quotes backslashified.  Available only if 'unquoted' is specified.
+#
+# Available modes:
+# ----------------
+# 'eval' (default)
+#       - escape shell special characters
+# 'expand'
+#       - the same as 'eval';  but do not quote variable references
+# 'pretty'
+#       - request aesthetic output, i.e. '"a b"' instead of 'a\ b'.  This might
+#         be used later in func_quote to get output like: 'echo "a b"' instead
+#         of 'echo a\ b'.  This is slower than default on some shells.
+# 'unquoted'
+#       - produce also $func_quote_arg_unquoted_result which does not contain
+#         wrapping double-quotes.
+#
+# Examples for 'func_quote_arg pretty,unquoted string':
+#
+#   string      | *_result              | *_unquoted_result
+#   ------------+-----------------------+-------------------
+#   "           | \"                    | \"
+#   a b         | "a b"                 | a b
+#   "a b"       | "\"a b\""             | \"a b\"
+#   *           | "*"                   | *
+#   z="${x-$y}" | "z=\"\${x-\$y}\""     | z=\"\${x-\$y}\"
+#
+# Examples for 'func_quote_arg pretty,unquoted,expand string':
+#
+#   string        |   *_result          |  *_unquoted_result
+#   --------------+---------------------+--------------------
+#   z="${x-$y}"   | "z=\"${x-$y}\""     | z=\"${x-$y}\"
+func_quote_arg ()
+{
+    _G_quote_expand=false
+    case ,$1, in
+      *,expand,*)
+        _G_quote_expand=:
+        ;;
     esac
 
-    case $_G_arg in
-      # Double-quote args containing shell metacharacters to delay
-      # word splitting and command substitution for a subsequent eval.
-      # Many Bourne shells cannot handle close brackets correctly
-      # in scan sets, so we specify it separately.
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-        _G_arg=\"$_G_arg\"
+    case ,$1, in
+      *,pretty,*|*,expand,*|*,unquoted,*)
+        func_quote_portable $_G_quote_expand "$2"
+        func_quote_arg_result=$func_quote_portable_result
+        func_quote_arg_unquoted_result=$func_quote_portable_unquoted_result
+        ;;
+      *)
+        # Faster quote-for-eval for some shells.
+        func_quotefast_eval "$2"
+        func_quote_arg_result=$func_quotefast_eval_result
         ;;
     esac
+}
+
 
-    func_quote_for_expand_result=$_G_arg
+# func_quote MODEs ARGs...
+# ------------------------
+# Quote all ARGs to be evaled later and join them into single command.  See
+# func_quote_arg's description for more info.
+func_quote ()
+{
+    $debug_cmd
+    _G_func_quote_mode=$1 ; shift
+    func_quote_result=
+    while test 0 -lt $#; do
+      func_quote_arg "$_G_func_quote_mode" "$1"
+      if test -n "$func_quote_result"; then
+        func_append func_quote_result " $func_quote_arg_result"
+      else
+        func_append func_quote_result "$func_quote_arg_result"
+      fi
+      shift
+    done
 }
 
 
@@ -1215,8 +1364,8 @@ func_show_eval ()
     _G_cmd=$1
     _G_fail_exp=${2-':'}
 
-    func_quote_for_expand "$_G_cmd"
-    eval "func_notquiet $func_quote_for_expand_result"
+    func_quote_arg pretty,expand "$_G_cmd"
+    eval "func_notquiet $func_quote_arg_result"
 
     $opt_dry_run || {
       eval "$_G_cmd"
@@ -1241,8 +1390,8 @@ func_show_eval_locale ()
     _G_fail_exp=${2-':'}
 
     $opt_quiet || {
-      func_quote_for_expand "$_G_cmd"
-      eval "func_echo $func_quote_for_expand_result"
+      func_quote_arg expand,pretty "$_G_cmd"
+      eval "func_echo $func_quote_arg_result"
     }
 
     $opt_dry_run || {
@@ -1369,30 +1518,26 @@ func_lt_ver ()
 # End:
 #! /bin/sh
 
-# Set a version string for this script.
-scriptversion=2015-10-07.11; # UTC
-
 # A portable, pluggable option parser for Bourne shell.
 # Written by Gary V. Vaughan, 2010
 
-# Copyright (C) 2010-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
+# This is free software.  There is NO warranty; not even for
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Copyright (C) 2010-2019, 2021 Bootstrap Authors
+#
+# This file is dual licensed under the terms of the MIT license
+# <https://opensource.org/license/MIT>, and GPL version 2 or later
+# <http://www.gnu.org/licenses/gpl-2.0.html>.  You must apply one of
+# these licenses when using or redistributing this software or any of
+# the files within it.  See the URLs above, or the file `LICENSE`
+# included in the Bootstrap distribution for the full license texts.
 
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# Please report bugs or propose patches to:
+# <https://github.com/gnulib-modules/bootstrap/issues>
 
-# Please report bugs or propose patches to gary@gnu.org.
+# Set a version string for this script.
+scriptversion=2019-02-19.15; # UTC
 
 
 ## ------ ##
@@ -1415,7 +1560,7 @@ scriptversion=2015-10-07.11; # UTC
 #
 # In order for the '--version' option to work, you will need to have a
 # suitably formatted comment like the one at the top of this file
-# starting with '# Written by ' and ending with '# warranty; '.
+# starting with '# Written by ' and ending with '# Copyright'.
 #
 # For '-h' and '--help' to work, you will also need a one line
 # description of your script's purpose in a comment directly above the
@@ -1427,7 +1572,7 @@ scriptversion=2015-10-07.11; # UTC
 # to display verbose messages only when your user has specified
 # '--verbose'.
 #
-# After sourcing this file, you can plug processing for additional
+# After sourcing this file, you can plug in processing for additional
 # options by amending the variables from the 'Configuration' section
 # below, and following the instructions in the 'Option parsing'
 # section further down.
@@ -1476,8 +1621,8 @@ fatal_help="Try '\$progname --help' for more information."
 ## ------------------------- ##
 
 # This section contains functions for adding, removing, and running hooks
-# to the main code.  A hook is just a named list of of function, that can
-# be run in order later on.
+# in the main code.  A hook is just a list of function names that can be
+# run in order later on.
 
 # func_hookable FUNC_NAME
 # -----------------------
@@ -1510,7 +1655,8 @@ func_add_hook ()
 
 # func_remove_hook FUNC_NAME HOOK_FUNC
 # ------------------------------------
-# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
+# Remove HOOK_FUNC from the list of hook functions to be called by
+# FUNC_NAME.
 func_remove_hook ()
 {
     $debug_cmd
@@ -1519,10 +1665,28 @@ func_remove_hook ()
 }
 
 
+# func_propagate_result FUNC_NAME_A FUNC_NAME_B
+# ---------------------------------------------
+# If the *_result variable of FUNC_NAME_A _is set_, assign its value to
+# *_result variable of FUNC_NAME_B.
+func_propagate_result ()
+{
+    $debug_cmd
+
+    func_propagate_result_result=:
+    if eval "test \"\${${1}_result+set}\" = set"
+    then
+      eval "${2}_result=\$${1}_result"
+    else
+      func_propagate_result_result=false
+    fi
+}
+
+
 # func_run_hooks FUNC_NAME [ARG]...
 # ---------------------------------
 # Run all hook functions registered to FUNC_NAME.
-# It is assumed that the list of hook functions contains nothing more
+# It's assumed that the list of hook functions contains nothing more
 # than a whitespace-delimited list of legal shell function names, and
 # no effort is wasted trying to catch shell meta-characters or preserve
 # whitespace.
@@ -1534,22 +1698,19 @@ func_run_hooks ()
 
     case " $hookable_fns " in
       *" $1 "*) ;;
-      *) func_fatal_error "'$1' does not support hook funcions.n" ;;
+      *) func_fatal_error "'$1' does not support hook functions." ;;
     esac
 
     eval _G_hook_fns=\$$1_hooks; shift
 
     for _G_hook in $_G_hook_fns; do
-      if eval $_G_hook '"$@"'; then
-        # store returned options list back into positional
-        # parameters for next 'cmd' execution.
-        eval _G_hook_result=\$${_G_hook}_result
-        eval set dummy "$_G_hook_result"; shift
-        _G_rc_run_hooks=:
+      func_unset "${_G_hook}_result"
+      eval $_G_hook '${1+"$@"}'
+      func_propagate_result $_G_hook func_run_hooks
+      if $func_propagate_result_result; then
+        eval set dummy "$func_run_hooks_result"; shift
       fi
     done
-
-    $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result
 }
 
 
@@ -1559,14 +1720,16 @@ func_run_hooks ()
 ## --------------- ##
 
 # In order to add your own option parsing hooks, you must accept the
-# full positional parameter list in your hook function, you may remove/edit
-# any options that you action, and then pass back the remaining unprocessed
-# options in '<hooked_function_name>_result', escaped suitably for
-# 'eval'.  In this case you also must return $EXIT_SUCCESS to let the
-# hook's caller know that it should pay attention to
-# '<hooked_function_name>_result'.  Returning $EXIT_FAILURE signalizes that
-# arguments are left untouched by the hook and therefore caller will ignore the
-# result variable.
+# full positional parameter list from your hook function.  You may remove
+# or edit any options that you action, and then pass back the remaining
+# unprocessed options in '<hooked_function_name>_result', escaped
+# suitably for 'eval'.
+#
+# The '<hooked_function_name>_result' variable is automatically unset
+# before your hook gets called; for best performance, only set the
+# *_result variable when necessary (i.e. don't call the 'func_quote'
+# function unnecessarily because it can be an expensive operation on some
+# machines).
 #
 # Like this:
 #
@@ -1578,11 +1741,8 @@ func_run_hooks ()
 #        usage_message=$usage_message'
 #      -s, --silent       don'\''t print informational messages
 #    '
-#        # No change in '$@' (ignored completely by this hook).  There is
-#        # no need to do the equivalent (but slower) action:
-#        # func_quote_for_eval ${1+"$@"}
-#        # my_options_prep_result=$func_quote_for_eval_result
-#        false
+#        # No change in '$@' (ignored completely by this hook).  Leave
+#        # my_options_prep_result variable intact.
 #    }
 #    func_add_hook func_options_prep my_options_prep
 #
@@ -1593,7 +1753,7 @@ func_run_hooks ()
 #
 #        args_changed=false
 #
-#        # Note that for efficiency, we parse as many options as we can
+#        # Note that, for efficiency, we parse as many options as we can
 #        # recognise in a loop before passing the remainder back to the
 #        # caller on the first unrecognised argument we encounter.
 #        while test $# -gt 0; do
@@ -1610,18 +1770,17 @@ func_run_hooks ()
 #                         args_changed=:
 #                         ;;
 #            *)           # Make sure the first unrecognised option "$_G_opt"
-#                         # is added back to "$@", we could need that later
-#                         # if $args_changed is true.
+#                         # is added back to "$@" in case we need it later,
+#                         # if $args_changed was set to 'true'.
 #                         set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
 #          esac
 #        done
 #
+#        # Only call 'func_quote' here if we processed at least one argument.
 #        if $args_changed; then
-#          func_quote_for_eval ${1+"$@"}
-#          my_silent_option_result=$func_quote_for_eval_result
+#          func_quote eval ${1+"$@"}
+#          my_silent_option_result=$func_quote_result
 #        fi
-#
-#        $args_changed
 #    }
 #    func_add_hook func_parse_options my_silent_option
 #
@@ -1632,8 +1791,6 @@ func_run_hooks ()
 #
 #        $opt_silent && $opt_verbose && func_fatal_help "\
 #    '--silent' and '--verbose' options are mutually exclusive."
-#
-#        false
 #    }
 #    func_add_hook func_validate_options my_option_validation
 #
@@ -1649,13 +1806,8 @@ func_options_finish ()
 {
     $debug_cmd
 
-    _G_func_options_finish_exit=false
-    if func_run_hooks func_options ${1+"$@"}; then
-      func_options_finish_result=$func_run_hooks_result
-      _G_func_options_finish_exit=:
-    fi
-
-    $_G_func_options_finish_exit
+    func_run_hooks func_options ${1+"$@"}
+    func_propagate_result func_run_hooks func_options_finish
 }
 
 
@@ -1668,28 +1820,27 @@ func_options ()
 {
     $debug_cmd
 
-    _G_rc_options=false
+    _G_options_quoted=false
 
     for my_func in options_prep parse_options validate_options options_finish
     do
-      if eval func_$my_func '${1+"$@"}'; then
-        eval _G_res_var='$'"func_${my_func}_result"
-        eval set dummy "$_G_res_var" ; shift
-        _G_rc_options=:
+      func_unset func_${my_func}_result
+      func_unset func_run_hooks_result
+      eval func_$my_func '${1+"$@"}'
+      func_propagate_result func_$my_func func_options
+      if $func_propagate_result_result; then
+        eval set dummy "$func_options_result"; shift
+        _G_options_quoted=:
       fi
     done
 
-    # Save modified positional parameters for caller.  As a top-level
-    # options-parser function we always need to set the 'func_options_result'
-    # variable (regardless the $_G_rc_options value).
-    if $_G_rc_options; then
-      func_options_result=$_G_res_var
-    else
-      func_quote_for_eval ${1+"$@"}
-      func_options_result=$func_quote_for_eval_result
-    fi
-
-    $_G_rc_options
+    $_G_options_quoted || {
+      # As we (func_options) are top-level options-parser function and
+      # nobody quoted "$@" for us yet, we need to do it explicitly for
+      # caller.
+      func_quote eval ${1+"$@"}
+      func_options_result=$func_quote_result
+    }
 }
 
 
@@ -1699,8 +1850,7 @@ func_options ()
 # Note that when calling hook functions, we pass through the list of
 # positional parameters.  If a hook function modifies that list, and
 # needs to propagate that back to rest of this script, then the complete
-# modified list must be put in 'func_run_hooks_result' before
-# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned).
+# modified list must be put in 'func_run_hooks_result' before returning.
 func_hookable func_options_prep
 func_options_prep ()
 {
@@ -1710,14 +1860,8 @@ func_options_prep ()
     opt_verbose=false
     opt_warning_types=
 
-    _G_rc_options_prep=false
-    if func_run_hooks func_options_prep ${1+"$@"}; then
-      _G_rc_options_prep=:
-      # save modified positional parameters for caller
-      func_options_prep_result=$func_run_hooks_result
-    fi
-
-    $_G_rc_options_prep
+    func_run_hooks func_options_prep ${1+"$@"}
+    func_propagate_result func_run_hooks func_options_prep
 }
 
 
@@ -1729,27 +1873,32 @@ func_parse_options ()
 {
     $debug_cmd
 
-    func_parse_options_result=
-
-    _G_rc_parse_options=false
+    _G_parse_options_requote=false
     # this just eases exit handling
     while test $# -gt 0; do
       # Defer to hook functions for initial option parsing, so they
       # get priority in the event of reusing an option name.
-      if func_run_hooks func_parse_options ${1+"$@"}; then
-        eval set dummy "$func_run_hooks_result"; shift
-        _G_rc_parse_options=:
+      func_run_hooks func_parse_options ${1+"$@"}
+      func_propagate_result func_run_hooks func_parse_options
+      if $func_propagate_result_result; then
+        eval set dummy "$func_parse_options_result"; shift
+        # Even though we may have changed "$@", we passed the "$@" array
+        # down into the hook and it quoted it for us (because we are in
+        # this if-branch).  No need to quote it again.
+        _G_parse_options_requote=false
       fi
 
       # Break out of the loop if we already parsed every option.
       test $# -gt 0 || break
 
+      # We expect that one of the options parsed in this function matches
+      # and thus we remove _G_opt from "$@" and need to re-quote.
       _G_match_parse_options=:
       _G_opt=$1
       shift
       case $_G_opt in
         --debug|-x)   debug_cmd='set -x'
-                      func_echo "enabling shell trace mode"
+                      func_echo "enabling shell trace mode" >&2
                       $debug_cmd
                       ;;
 
@@ -1760,7 +1909,7 @@ func_parse_options ()
 
         --warnings|--warning|-W)
                       if test $# = 0 && func_missing_arg $_G_opt; then
-                        _G_rc_parse_options=:
+                        _G_parse_options_requote=:
                         break
                       fi
                       case " $warning_categories $1" in
@@ -1815,7 +1964,7 @@ func_parse_options ()
                       shift
                       ;;
 
-        --)           _G_rc_parse_options=: ; break ;;
+        --)           _G_parse_options_requote=: ; break ;;
         -*)           func_fatal_help "unrecognised option: '$_G_opt'" ;;
         *)            set dummy "$_G_opt" ${1+"$@"}; shift
                       _G_match_parse_options=false
@@ -1823,17 +1972,16 @@ func_parse_options ()
                       ;;
       esac
 
-      $_G_match_parse_options && _G_rc_parse_options=:
+      if $_G_match_parse_options; then
+        _G_parse_options_requote=:
+      fi
     done
 
-
-    if $_G_rc_parse_options; then
+    if $_G_parse_options_requote; then
       # save modified positional parameters for caller
-      func_quote_for_eval ${1+"$@"}
-      func_parse_options_result=$func_quote_for_eval_result
+      func_quote eval ${1+"$@"}
+      func_parse_options_result=$func_quote_result
     fi
-
-    $_G_rc_parse_options
 }
 
 
@@ -1846,21 +1994,14 @@ func_validate_options ()
 {
     $debug_cmd
 
-    _G_rc_validate_options=false
-
     # Display all warnings if -W was not given.
     test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
 
-    if func_run_hooks func_validate_options ${1+"$@"}; then
-      # save modified positional parameters for caller
-      func_validate_options_result=$func_run_hooks_result
-      _G_rc_validate_options=:
-    fi
+    func_run_hooks func_validate_options ${1+"$@"}
+    func_propagate_result func_run_hooks func_validate_options
 
     # Bail if the options were screwed!
     $exit_cmd $EXIT_FAILURE
-
-    $_G_rc_validate_options
 }
 
 
@@ -1916,8 +2057,8 @@ func_missing_arg ()
 
 # func_split_equals STRING
 # ------------------------
-# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
-# splitting STRING at the '=' sign.
+# Set func_split_equals_lhs and func_split_equals_rhs shell variables
+# after splitting STRING at the '=' sign.
 test -z "$_G_HAVE_XSI_OPS" \
     && (eval 'x=a/b/c;
       test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
@@ -1932,8 +2073,9 @@ then
 
       func_split_equals_lhs=${1%%=*}
       func_split_equals_rhs=${1#*=}
-      test "x$func_split_equals_lhs" = "x$1" \
-        && func_split_equals_rhs=
+      if test "x$func_split_equals_lhs" = "x$1"; then
+        func_split_equals_rhs=
+      fi
   }'
 else
   # ...otherwise fall back to using expr, which is often a shell builtin.
@@ -1943,7 +2085,7 @@ else
 
       func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
       func_split_equals_rhs=
-      test "x$func_split_equals_lhs" = "x$1" \
+      test "x$func_split_equals_lhs=" = "x$1" \
         || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
   }
 fi #func_split_equals
@@ -1969,7 +2111,7 @@ else
   {
       $debug_cmd
 
-      func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
+      func_split_short_opt_name=`expr "x$1" : 'x\(-.\)'`
       func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
   }
 fi #func_split_short_opt
@@ -2011,31 +2153,44 @@ func_usage_message ()
 # func_version
 # ------------
 # Echo version message to standard output and exit.
+# The version message is extracted from the calling file's header
+# comments, with leading '# ' stripped:
+#   1. First display the progname and version
+#   2. Followed by the header comment line matching  /^# Written by /
+#   3. Then a blank line followed by the first following line matching
+#      /^# Copyright /
+#   4. Immediately followed by any lines between the previous matches,
+#      except lines preceding the intervening completely blank line.
+# For example, see the header comments of this file.
 func_version ()
 {
     $debug_cmd
 
     printf '%s\n' "$progname $scriptversion"
     $SED -n '
-        /(C)/!b go
-        :more
-        /\./!{
-          N
-          s|\n# | |
-          b more
-        }
-        :go
-        /^# Written by /,/# warranty; / {
-          s|^# ||
-          s|^# *$||
-          s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
-          p
+        /^# Written by /!b
+        s|^# ||; p; n
+
+        :fwd2blnk
+        /./ {
+          n
+          b fwd2blnk
         }
-        /^# Written by / {
-          s|^# ||
-          p
+        p; n
+
+        :holdwrnt
+        s|^# ||
+        s|^# *$||
+        /^Copyright /!{
+          /./H
+          n
+          b holdwrnt
         }
-        /^warranty; /q' < "$progpath"
+
+        s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
+        G
+        s|\(\n\)\n*|\1|g
+        p; q' < "$progpath"
 
     exit $?
 }
@@ -2045,12 +2200,12 @@ func_version ()
 # mode: shell-script
 # sh-indentation: 2
 # eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
+# time-stamp-pattern: "30/scriptversion=%:y-%02m-%02d.%02H; # UTC"
 # time-stamp-time-zone: "UTC"
 # End:
 
 # Set a version string.
-scriptversion='(GNU libtool) 2.4.6'
+scriptversion='(GNU libtool) 2.4.7'
 
 
 # func_echo ARG...
@@ -2141,7 +2296,7 @@ include the following information:
        compiler:       $LTCC
        compiler flags: $LTCFLAGS
        linker:         $LD (gnu? $with_gnu_ld)
-       version:        $progname $scriptversion Debian-2.4.6-15build2
+       version:        $progname $scriptversion Debian-2.4.7-7
        automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
        autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
 
@@ -2197,7 +2352,7 @@ fi
 # a configuration failure hint, and exit.
 func_fatal_configuration ()
 {
-    func__fatal_error ${1+"$@"} \
+    func_fatal_error ${1+"$@"} \
       "See the $PACKAGE documentation for more information." \
       "Fatal configuration error."
 }
@@ -2345,6 +2500,8 @@ libtool_options_prep ()
 
     _G_rc_lt_options_prep=:
 
+    _G_rc_lt_options_prep=:
+
     # Shorthand for --mode=foo, only valid as the first argument
     case $1 in
     clean|clea|cle|cl)
@@ -2375,11 +2532,9 @@ libtool_options_prep ()
 
     if $_G_rc_lt_options_prep; then
       # Pass back the list of options.
-      func_quote_for_eval ${1+"$@"}
-      libtool_options_prep_result=$func_quote_for_eval_result
+      func_quote eval ${1+"$@"}
+      libtool_options_prep_result=$func_quote_result
     fi
-
-    $_G_rc_lt_options_prep
 }
 func_add_hook func_options_prep libtool_options_prep
 
@@ -2482,11 +2637,9 @@ libtool_parse_options ()
 
     if $_G_rc_lt_parse_options; then
       # save modified positional parameters for caller
-      func_quote_for_eval ${1+"$@"}
-      libtool_parse_options_result=$func_quote_for_eval_result
+      func_quote eval ${1+"$@"}
+      libtool_parse_options_result=$func_quote_result
     fi
-
-    $_G_rc_lt_parse_options
 }
 func_add_hook func_parse_options libtool_parse_options
 
@@ -2543,8 +2696,8 @@ libtool_validate_options ()
     }
 
     # Pass back the unparsed argument list
-    func_quote_for_eval ${1+"$@"}
-    libtool_validate_options_result=$func_quote_for_eval_result
+    func_quote eval ${1+"$@"}
+    libtool_validate_options_result=$func_quote_result
 }
 func_add_hook func_validate_options libtool_validate_options
 
@@ -3510,8 +3663,8 @@ func_mode_compile ()
       esac
     done
 
-    func_quote_for_eval "$libobj"
-    test "X$libobj" != "X$func_quote_for_eval_result" \
+    func_quote_arg pretty "$libobj"
+    test "X$libobj" != "X$func_quote_arg_result" \
       && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"'	 &()|`$[]' \
       && func_warning "libobj name '$libobj' may not contain shell special characters."
     func_dirname_and_basename "$obj" "/" ""
@@ -3584,8 +3737,8 @@ compiler."
 
     func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
     srcfile=$func_to_tool_file_result
-    func_quote_for_eval "$srcfile"
-    qsrcfile=$func_quote_for_eval_result
+    func_quote_arg pretty "$srcfile"
+    qsrcfile=$func_quote_arg_result
 
     # Only build a PIC object if we are building libtool libraries.
     if test yes = "$build_libtool_libs"; then
@@ -3740,7 +3893,8 @@ This mode accepts the following additional options:
   -prefer-non-pic   try to build non-PIC objects only
   -shared           do not build a '.o' file suitable for static linking
   -static           only build a '.o' file suitable for static linking
-  -Wc,FLAG          pass FLAG directly to the compiler
+  -Wc,FLAG
+  -Xcompiler FLAG   pass FLAG directly to the compiler
 
 COMPILE-COMMAND is a command to be used in creating a 'standard' object file
 from the given SOURCEFILE.
@@ -3846,6 +4000,8 @@ The following components of LINK-COMMAND are treated specially:
   -weak LIBNAME     declare that the target provides the LIBNAME interface
   -Wc,FLAG
   -Xcompiler FLAG   pass linker-specific FLAG directly to the compiler
+  -Wa,FLAG
+  -Xassembler FLAG  pass linker-specific FLAG directly to the assembler
   -Wl,FLAG
   -Xlinker FLAG     pass linker-specific FLAG directly to the linker
   -XCClinker FLAG   pass link-specific FLAG to the compiler driver (CC)
@@ -4188,8 +4344,8 @@ func_mode_install ()
        case $nonopt in *shtool*) :;; *) false;; esac
     then
       # Aesthetically quote it.
-      func_quote_for_eval "$nonopt"
-      install_prog="$func_quote_for_eval_result "
+      func_quote_arg pretty "$nonopt"
+      install_prog="$func_quote_arg_result "
       arg=$1
       shift
     else
@@ -4199,8 +4355,8 @@ func_mode_install ()
 
     # The real first argument should be the name of the installation program.
     # Aesthetically quote it.
-    func_quote_for_eval "$arg"
-    func_append install_prog "$func_quote_for_eval_result"
+    func_quote_arg pretty "$arg"
+    func_append install_prog "$func_quote_arg_result"
     install_shared_prog=$install_prog
     case " $install_prog " in
       *[\\\ /]cp\ *) install_cp=: ;;
@@ -4257,12 +4413,12 @@ func_mode_install ()
       esac
 
       # Aesthetically quote the argument.
-      func_quote_for_eval "$arg"
-      func_append install_prog " $func_quote_for_eval_result"
+      func_quote_arg pretty "$arg"
+      func_append install_prog " $func_quote_arg_result"
       if test -n "$arg2"; then
-	func_quote_for_eval "$arg2"
+	func_quote_arg pretty "$arg2"
       fi
-      func_append install_shared_prog " $func_quote_for_eval_result"
+      func_append install_shared_prog " $func_quote_arg_result"
     done
 
     test -z "$install_prog" && \
@@ -4273,8 +4429,8 @@ func_mode_install ()
 
     if test -n "$install_override_mode" && $no_mode; then
       if $install_cp; then :; else
-	func_quote_for_eval "$install_override_mode"
-	func_append install_shared_prog " -m $func_quote_for_eval_result"
+	func_quote_arg pretty "$install_override_mode"
+	func_append install_shared_prog " -m $func_quote_arg_result"
       fi
     fi
 
@@ -4570,8 +4726,8 @@ func_mode_install ()
 	        relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
 
 	        $opt_quiet || {
-	          func_quote_for_expand "$relink_command"
-		  eval "func_echo $func_quote_for_expand_result"
+	          func_quote_arg expand,pretty "$relink_command"
+		  eval "func_echo $func_quote_arg_result"
 	        }
 	        if eval "$relink_command"; then :
 	          else
@@ -5350,7 +5506,8 @@ else
   if test \"\$libtool_execute_magic\" != \"$magic\"; then
     file=\"\$0\""
 
-    qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
+    func_quote_arg pretty "$ECHO"
+    qECHO=$func_quote_arg_result
     $ECHO "\
 
 # A function that is used when there is no print builtin or printf.
@@ -5360,7 +5517,7 @@ func_fallback_echo ()
 \$1
 _LTECHO_EOF'
 }
-    ECHO=\"$qECHO\"
+    ECHO=$qECHO
   fi
 
 # Very basic option parsing. These options are (a) specific to
@@ -6703,9 +6860,9 @@ func_mode_link ()
     while test "$#" -gt 0; do
       arg=$1
       shift
-      func_quote_for_eval "$arg"
-      qarg=$func_quote_for_eval_unquoted_result
-      func_append libtool_args " $func_quote_for_eval_result"
+      func_quote_arg pretty,unquoted "$arg"
+      qarg=$func_quote_arg_unquoted_result
+      func_append libtool_args " $func_quote_arg_result"
 
       # If the previous option needs an argument, assign it.
       if test -n "$prev"; then
@@ -6941,6 +7098,13 @@ func_mode_link ()
 	  prev=
 	  continue
 	  ;;
+	xassembler)
+	  func_append compiler_flags " -Xassembler $qarg"
+	  prev=
+	  func_append compile_command " -Xassembler $qarg"
+	  func_append finalize_command " -Xassembler $qarg"
+	  continue
+	  ;;
 	xcclinker)
 	  func_append linker_flags " $qarg"
 	  func_append compiler_flags " $qarg"
@@ -7111,7 +7275,7 @@ func_mode_link ()
 	    # These systems don't actually have a C library (as such)
 	    test X-lc = "X$arg" && continue
 	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*)
 	    # Do not include libc due to us having libc/libc_r.
 	    test X-lc = "X$arg" && continue
 	    ;;
@@ -7131,7 +7295,7 @@ func_mode_link ()
 	  esac
 	elif test X-lc_r = "X$arg"; then
 	 case $host in
-	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*)
 	   # Do not include libc_r directly, use -pthread flag.
 	   continue
 	   ;;
@@ -7161,8 +7325,20 @@ func_mode_link ()
 	prev=xcompiler
 	continue
 	;;
-
-      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+     # Solaris ld rejects as of 11.4. Refer to Oracle bug 22985199.
+     -pthread)
+	case $host in
+	  *solaris2*) ;;
+	  *)
+	    case "$new_inherited_linker_flags " in
+	        *" $arg "*) ;;
+	        * ) func_append new_inherited_linker_flags " $arg" ;;
+	    esac
+	  ;;
+	esac
+	continue
+	;;
+      -mt|-mthreads|-kthread|-Kthread|-pthreads|--thread-safe \
       |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
 	func_append compiler_flags " $arg"
 	func_append compile_command " $arg"
@@ -7303,9 +7479,9 @@ func_mode_link ()
 	save_ifs=$IFS; IFS=,
 	for flag in $args; do
 	  IFS=$save_ifs
-          func_quote_for_eval "$flag"
-	  func_append arg " $func_quote_for_eval_result"
-	  func_append compiler_flags " $func_quote_for_eval_result"
+          func_quote_arg pretty "$flag"
+	  func_append arg " $func_quote_arg_result"
+	  func_append compiler_flags " $func_quote_arg_result"
 	done
 	IFS=$save_ifs
 	func_stripname ' ' '' "$arg"
@@ -7319,16 +7495,21 @@ func_mode_link ()
 	save_ifs=$IFS; IFS=,
 	for flag in $args; do
 	  IFS=$save_ifs
-          func_quote_for_eval "$flag"
-	  func_append arg " $wl$func_quote_for_eval_result"
-	  func_append compiler_flags " $wl$func_quote_for_eval_result"
-	  func_append linker_flags " $func_quote_for_eval_result"
+          func_quote_arg pretty "$flag"
+	  func_append arg " $wl$func_quote_arg_result"
+	  func_append compiler_flags " $wl$func_quote_arg_result"
+	  func_append linker_flags " $func_quote_arg_result"
 	done
 	IFS=$save_ifs
 	func_stripname ' ' '' "$arg"
 	arg=$func_stripname_result
 	;;
 
+      -Xassembler)
+        prev=xassembler
+        continue
+        ;;
+
       -Xcompiler)
 	prev=xcompiler
 	continue
@@ -7346,8 +7527,8 @@ func_mode_link ()
 
       # -msg_* for osf cc
       -msg_*)
-	func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+	func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
 
       # Flags to be passed through unchanged, with rationale:
@@ -7370,12 +7551,13 @@ func_mode_link ()
       # -fuse-ld=*           Linker select flags for GCC
       # -static-*            direct GCC to link specific libraries statically
       # -fcilkplus           Cilk Plus language extension features for C/C++
+      # -Wa,*                Pass flags directly to the assembler
       -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
       -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
       -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
-      -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus)
-        func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+      -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus|-Wa,*)
+        func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
         func_append compile_command " $arg"
         func_append finalize_command " $arg"
         func_append compiler_flags " $arg"
@@ -7396,15 +7578,15 @@ func_mode_link ()
 	  continue
         else
 	  # Otherwise treat like 'Some other compiler flag' below
-	  func_quote_for_eval "$arg"
-	  arg=$func_quote_for_eval_result
+	  func_quote_arg pretty "$arg"
+	  arg=$func_quote_arg_result
         fi
 	;;
 
       # Some other compiler flag.
       -* | +*)
-        func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+        func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
 
       *.$objext)
@@ -7524,8 +7706,8 @@ func_mode_link ()
       *)
 	# Unknown arguments in both finalize_command and compile_command need
 	# to be aesthetically quoted because they are evaled later.
-	func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+	func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
       esac # arg
 
@@ -8733,7 +8915,7 @@ func_mode_link ()
       test CXX = "$tagname" && {
         case $host_os in
         linux*)
-          case `$CC -V 2>&1 | sed 5q` in
+          case `$CC -V 2>&1 | $SED 5q` in
           *Sun\ C*) # Sun C++ 5.9
             func_suncc_cstd_abi
 
@@ -8906,7 +9088,7 @@ func_mode_link ()
 	  #
 	  case $version_type in
 	  # correct linux to gnu/linux during the next big refactor
-	  darwin|freebsd-elf|linux|osf|windows|none)
+	  darwin|freebsd-elf|linux|midnightbsd-elf|osf|windows|none)
 	    func_arith $number_major + $number_minor
 	    current=$func_arith_result
 	    age=$number_minor
@@ -9000,7 +9182,7 @@ func_mode_link ()
 	  versuffix=.$current.$revision
 	  ;;
 
-	freebsd-elf)
+	freebsd-elf | midnightbsd-elf)
 	  func_arith $current - $age
 	  major=.$func_arith_result
 	  versuffix=$major.$age.$revision
@@ -9226,7 +9408,7 @@ func_mode_link ()
 	  *-*-netbsd*)
 	    # Don't link with libc until the a.out ld.so is fixed.
 	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*)
 	    # Do not include libc due to us having libc/libc_r.
 	    ;;
 	  *-*-sco3.2v5* | *-*-sco5v6*)
@@ -10037,8 +10219,8 @@ EOF
 	    for cmd in $concat_cmds; do
 	      IFS=$save_ifs
 	      $opt_quiet || {
-		  func_quote_for_expand "$cmd"
-		  eval "func_echo $func_quote_for_expand_result"
+		  func_quote_arg expand,pretty "$cmd"
+		  eval "func_echo $func_quote_arg_result"
 	      }
 	      $opt_dry_run || eval "$cmd" || {
 		lt_exit=$?
@@ -10131,8 +10313,8 @@ EOF
 	  eval cmd=\"$cmd\"
 	  IFS=$save_ifs
 	  $opt_quiet || {
-	    func_quote_for_expand "$cmd"
-	    eval "func_echo $func_quote_for_expand_result"
+	    func_quote_arg expand,pretty "$cmd"
+	    eval "func_echo $func_quote_arg_result"
 	  }
 	  $opt_dry_run || eval "$cmd" || {
 	    lt_exit=$?
@@ -10606,12 +10788,13 @@ EOF
 	  elif eval var_value=\$$var; test -z "$var_value"; then
 	    relink_command="$var=; export $var; $relink_command"
 	  else
-	    func_quote_for_eval "$var_value"
-	    relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	    func_quote_arg pretty "$var_value"
+	    relink_command="$var=$func_quote_arg_result; export $var; $relink_command"
 	  fi
 	done
-	relink_command="(cd `pwd`; $relink_command)"
-	relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+	func_quote eval cd "`pwd`"
+	func_quote_arg pretty,unquoted "($func_quote_result; $relink_command)"
+	relink_command=$func_quote_arg_unquoted_result
       fi
 
       # Only actually do things if not in dry run mode.
@@ -10851,13 +11034,15 @@ EOF
 	elif eval var_value=\$$var; test -z "$var_value"; then
 	  relink_command="$var=; export $var; $relink_command"
 	else
-	  func_quote_for_eval "$var_value"
-	  relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	  func_quote_arg pretty,unquoted "$var_value"
+	  relink_command="$var=$func_quote_arg_unquoted_result; export $var; $relink_command"
 	fi
       done
       # Quote the link command for shipping.
-      relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
-      relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+      func_quote eval cd "`pwd`"
+      relink_command="($func_quote_result; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      func_quote_arg pretty,unquoted "$relink_command"
+      relink_command=$func_quote_arg_unquoted_result
       if test yes = "$hardcode_automatic"; then
 	relink_command=
       fi
diff --git a/m4/libtool.m4 b/m4/libtool.m4
index c4c0294..e7b6833 100644
--- a/m4/libtool.m4
+++ b/m4/libtool.m4
@@ -1,6 +1,7 @@
 # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
 #
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
+#   Copyright (C) 1996-2001, 2003-2019, 2021-2022 Free Software
+#   Foundation, Inc.
 #   Written by Gordon Matzigkeit, 1996
 #
 # This file is free software; the Free Software Foundation gives
@@ -31,7 +32,7 @@ m4_define([_LT_COPYING], [dnl
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ])
 
-# serial 58 LT_INIT
+# serial 59 LT_INIT
 
 
 # LT_PREREQ(VERSION)
@@ -181,6 +182,7 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl
 m4_require([_LT_CHECK_SHELL_FEATURES])dnl
 m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
 m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_DECL_FILECMD])dnl
 m4_require([_LT_CHECK_MAGIC_METHOD])dnl
 m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
 m4_require([_LT_CMD_OLD_ARCHIVE])dnl
@@ -219,8 +221,8 @@ esac
 ofile=libtool
 can_build_shared=yes
 
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
+# All known linkers require a '.a' archive for static linking (except MSVC and
+# ICC, which need '.lib').
 libext=a
 
 with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -777,7 +779,7 @@ _LT_EOF
   # if finds mixed CR/LF and LF-only lines.  Since sed operates in
   # text mode, it properly converts lines to CR/LF.  This bash problem
   # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
+  $SED '$q' "$ltmain" >> "$cfgfile" \
      || (rm -f "$cfgfile"; exit 1)
 
    mv -f "$cfgfile" "$ofile" ||
@@ -1041,8 +1043,8 @@ int forced_loaded() { return 2;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
       $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+      echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+      $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
       echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
       $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
       cat > conftest.c << _LT_EOF
@@ -1066,17 +1068,12 @@ _LT_EOF
       _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
     darwin1.*)
       _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[912]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*|11.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+    darwin*)
+      case $MACOSX_DEPLOYMENT_TARGET,$host in
+        10.[[012]],*|,*powerpc*-darwin[[5-8]]*)
+          _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+        *)
+          _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
       esac
     ;;
   esac
@@ -1125,12 +1122,12 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
     output_verbose_link_cmd=func_echo_all
     _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
     _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+    _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    _LT_TAGVAR(module_expsym_cmds, $1)="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
     m4_if([$1], [CXX],
 [   if test yes != "$lt_cv_apple_cc_single_mod"; then
       _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
+      _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
     fi
 ],[])
   else
@@ -1244,7 +1241,8 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
 # _LT_WITH_SYSROOT
 # ----------------
 AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
+[m4_require([_LT_DECL_SED])dnl
+AC_MSG_CHECKING([for sysroot])
 AC_ARG_WITH([sysroot],
 [AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
   [Search for dependent libraries within DIR (or the compiler's sysroot
@@ -1261,7 +1259,7 @@ case $with_sysroot in #(
    fi
    ;; #(
  /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
    ;; #(
  no|'')
    ;; #(
@@ -1291,7 +1289,7 @@ ia64-*-hpux*)
   # options accordingly.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *ELF-32*)
 	HPUX_IA64_MODE=32
 	;;
@@ -1308,7 +1306,7 @@ ia64-*-hpux*)
   echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
     if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -melf32bsmip"
 	  ;;
@@ -1320,7 +1318,7 @@ ia64-*-hpux*)
 	;;
       esac
     else
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -32"
 	  ;;
@@ -1342,7 +1340,7 @@ mips64*-*linux*)
   echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
     emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *32-bit*)
 	emul="${emul}32"
 	;;
@@ -1350,7 +1348,7 @@ mips64*-*linux*)
 	emul="${emul}64"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *MSB*)
 	emul="${emul}btsmip"
 	;;
@@ -1358,7 +1356,7 @@ mips64*-*linux*)
 	emul="${emul}ltsmip"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *N32*)
 	emul="${emul}n32"
 	;;
@@ -1378,14 +1376,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   # not appear in the list.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
       *32-bit*)
 	case $host in
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_i386_fbsd"
 	    ;;
 	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
+	    case `$FILECMD conftest.o` in
 	      *x86-64*)
 		LD="${LD-ld} -m elf32_x86_64"
 		;;
@@ -1453,7 +1451,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   # options accordingly.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
     *64-bit*)
       case $lt_cv_prog_gnu_ld in
       yes*)
@@ -1492,9 +1490,22 @@ need_locks=$enable_libtool_lock
 m4_defun([_LT_PROG_AR],
 [AC_CHECK_TOOLS(AR, [ar], false)
 : ${AR=ar}
-: ${AR_FLAGS=cr}
 _LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
+
+# Use ARFLAGS variable as AR's operation code to sync the variable naming with
+# Automake.  If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
+# higher priority because thats what people were doing historically (setting
+# ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
+# variable obsoleted/removed.
+
+test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+lt_ar_flags=$AR_FLAGS
+_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+
+# Make AR_FLAGS overridable by 'make ARFLAGS='.  Don't try to run-time override
+# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
+_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
+         [Flags to create an archive])
 
 AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
   [lt_cv_ar_at_file=no
@@ -1713,7 +1724,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
     lt_cv_sys_max_cmd_len=8192;
     ;;
 
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+  bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
     # This has been around since 386BSD, at least.  Likely further.
     if test -x /sbin/sysctl; then
       lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -1756,7 +1767,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
   sysv5* | sco5v6* | sysv4.2uw2*)
     kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
     if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
+      lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[[	 ]]//'`
     else
       lt_cv_sys_max_cmd_len=32768
     fi
@@ -2206,26 +2217,35 @@ m4_defun([_LT_CMD_STRIPLIB],
 striplib=
 old_striplib=
 AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
+if test -z "$STRIP"; then
+  AC_MSG_RESULT([no])
 else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
+  if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+    old_striplib="$STRIP --strip-debug"
+    striplib="$STRIP --strip-unneeded"
+    AC_MSG_RESULT([yes])
+  else
+    case $host_os in
+    darwin*)
+      # FIXME - insert some real tests, host_os isn't really good enough
       striplib="$STRIP -x"
       old_striplib="$STRIP -S"
       AC_MSG_RESULT([yes])
-    else
+      ;;
+    freebsd*)
+      if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
+        old_striplib="$STRIP --strip-debug"
+        striplib="$STRIP --strip-unneeded"
+        AC_MSG_RESULT([yes])
+      else
+        AC_MSG_RESULT([no])
+      fi
+      ;;
+    *)
       AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
+      ;;
+    esac
+  fi
 fi
 _LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
 _LT_DECL([], [striplib], [1])
@@ -2548,7 +2568,7 @@ cygwin* | mingw* | pw32* | cegcc*)
     case $host_os in
     cygwin*)
       # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
 m4_if([$1], [],[
       sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
       ;;
@@ -2558,14 +2578,14 @@ m4_if([$1], [],[
       ;;
     pw32*)
       # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
       ;;
     esac
     dynamic_linker='Win32 ld.exe'
     ;;
 
-  *,cl*)
-    # Native MSVC
+  *,cl* | *,icl*)
+    # Native MSVC or ICC
     libname_spec='$name'
     soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
     library_names_spec='$libname.dll.lib'
@@ -2584,7 +2604,7 @@ m4_if([$1], [],[
       done
       IFS=$lt_save_ifs
       # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
       ;;
     cygwin*)
       # Convert to unix form, then to dos form, then back to unix form
@@ -2621,7 +2641,7 @@ m4_if([$1], [],[
     ;;
 
   *)
-    # Assume MSVC wrapper
+    # Assume MSVC and ICC wrapper
     library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
     dynamic_linker='Win32 ld.exe'
     ;;
@@ -2654,7 +2674,7 @@ dgux*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   # DragonFly does not have aout.  When/if they implement a new
   # versioning mechanism, adjust this.
   if test -x /usr/bin/objformat; then
@@ -3465,7 +3485,7 @@ beos*)
 
 bsdi[[45]]*)
   lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_cmd='$FILECMD -L'
   lt_cv_file_magic_test_file=/shlib/libc.so
   ;;
 
@@ -3499,14 +3519,14 @@ darwin* | rhapsody*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     case $host_cpu in
     i*86 )
       # Not sure whether the presence of OpenBSD here was a mistake.
       # Let's accept both of them until this is cleared up.
       lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_cmd=$FILECMD
       lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
       ;;
     esac
@@ -3520,7 +3540,7 @@ haiku*)
   ;;
 
 hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   case $host_cpu in
   ia64*)
     lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
@@ -3567,7 +3587,7 @@ netbsd* | netbsdelf*-gnu)
 
 newos6*)
   lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   lt_cv_file_magic_test_file=/usr/lib/libnls.so
   ;;
 
@@ -3694,13 +3714,13 @@ else
 	mingw*) lt_bad_file=conftest.nm/nofile ;;
 	*) lt_bad_file=/dev/null ;;
 	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
 	*$lt_bad_file* | *'Invalid file or object type'*)
 	  lt_cv_path_NM="$tmp_nm -B"
 	  break 2
 	  ;;
 	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
 	  */dev/null*)
 	    lt_cv_path_NM="$tmp_nm -p"
 	    break 2
@@ -3726,7 +3746,7 @@ else
     # Let the user override the test.
   else
     AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
     *COFF*)
       DUMPBIN="$DUMPBIN -symbols -headers"
       ;;
@@ -3966,7 +3986,7 @@ esac
 
 if test "$lt_cv_nm_interface" = "MS dumpbin"; then
   # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
   # Adjust the below global symbol transforms to fixup imported variables.
   lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
   lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
@@ -3984,20 +4004,20 @@ fi
 # Transform an extracted symbol line into a proper C declaration.
 # Some systems (esp. on ia64) link data and code symbols differently,
 # so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
 $lt_cdecl_hook\
 " -e 's/^T .* \(.*\)$/extern int \1();/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
 
 # Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
 $lt_c_name_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
 
 # Transform an extracted symbol line into symbol name with lib prefix and
 # symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
 $lt_c_name_lib_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
@@ -4021,7 +4041,7 @@ for ac_symprfx in "" "_"; do
   if test "$lt_cv_nm_interface" = "MS dumpbin"; then
     # Fake it for dumpbin and say T for any non-static function,
     # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
+    # Also find C++ and __fastcall symbols from MSVC++ or ICC,
     # which start with @ or ?.
     lt_cv_sys_global_symbol_pipe="$AWK ['"\
 "     {last_section=section; section=\$ 3};"\
@@ -4039,9 +4059,9 @@ for ac_symprfx in "" "_"; do
 "     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
 "     ' prfx=^$ac_symprfx]"
   else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+    lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
   fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
 
   # Check to see that the pipe works correctly.
   pipe_works=no
@@ -4329,7 +4349,7 @@ m4_if([$1], [CXX], [
 	    ;;
 	esac
 	;;
-      freebsd* | dragonfly*)
+      freebsd* | dragonfly* | midnightbsd*)
 	# FreeBSD uses GNU C++
 	;;
       hpux9* | hpux10* | hpux11*)
@@ -4412,7 +4432,7 @@ m4_if([$1], [CXX], [
 	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
 	    ;;
 	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
+	    case `$CC -V 2>&1 | $SED 5q` in
 	    *Sun\ C*)
 	      # Sun C++ 5.9
 	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
@@ -4754,7 +4774,7 @@ m4_if([$1], [CXX], [
 	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
 	;;
       *)
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
 	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
 	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
@@ -4937,7 +4957,7 @@ m4_if([$1], [CXX], [
     if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
       _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
     else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
     fi
     ;;
   pw32*)
@@ -4945,7 +4965,7 @@ m4_if([$1], [CXX], [
     ;;
   cygwin* | mingw* | cegcc*)
     case $cc_basename in
-    cl*)
+    cl* | icl*)
       _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
       ;;
     *)
@@ -5005,15 +5025,15 @@ dnl Note also adjust exclude_expsyms for C++ above.
 
   case $host_os in
   cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
     # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
+    # Microsoft Visual C++ or Intel C++ Compiler.
     if test yes != "$GCC"; then
       with_gnu_ld=no
     fi
     ;;
   interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
     with_gnu_ld=yes
     ;;
   openbsd* | bitrig*)
@@ -5068,7 +5088,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
       _LT_TAGVAR(whole_archive_flag_spec, $1)=
     fi
     supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
+    case `$LD -v | $SED -e 's/([[^)]]\+)\s\+//' 2>&1` in
       *GNU\ gold*) supports_anon_versioning=yes ;;
       *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
       *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -5180,6 +5200,7 @@ _LT_EOF
 	emximp -o $lib $output_objdir/$libname.def'
       _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='@'
       ;;
 
     interix[[3-9]]*)
@@ -5194,7 +5215,7 @@ _LT_EOF
       # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
       # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
       _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      _LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
       ;;
 
     gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
@@ -5237,7 +5258,7 @@ _LT_EOF
 	  _LT_TAGVAR(compiler_needs_object, $1)=yes
 	  ;;
 	esac
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ C*)			# Sun C 5.9
 	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
 	  _LT_TAGVAR(compiler_needs_object, $1)=yes
@@ -5249,13 +5270,14 @@ _LT_EOF
 
         if test yes = "$supports_anon_versioning"; then
           _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
             echo "local: *; };" >> $output_objdir/$libname.ver~
             $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
         fi
 
 	case $cc_basename in
 	tcc*)
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
 	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
 	  ;;
 	xlf* | bgf* | bgxlf* | mpixlf*)
@@ -5265,7 +5287,7 @@ _LT_EOF
 	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
 	  if test yes = "$supports_anon_versioning"; then
 	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
               echo "local: *; };" >> $output_objdir/$libname.ver~
               $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
 	  fi
@@ -5397,7 +5419,7 @@ _LT_EOF
 	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
 	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
 	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
 	fi
 	aix_use_runtimelinking=no
 
@@ -5580,12 +5602,12 @@ _LT_EOF
 
     cygwin* | mingw* | pw32* | cegcc*)
       # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
+      # Microsoft Visual C++ or Intel C++ Compiler.
       # hardcode_libdir_flag_spec is actually meaningless, as there is
       # no search path for DLLs.
       case $cc_basename in
-      cl*)
-	# Native MSVC
+      cl* | icl*)
+	# Native MSVC or ICC
 	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
 	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
 	_LT_TAGVAR(always_export_symbols, $1)=yes
@@ -5626,7 +5648,7 @@ _LT_EOF
           fi'
 	;;
       *)
-	# Assume MSVC wrapper
+	# Assume MSVC and ICC wrapper
 	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
 	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
 	# Tell ltmain to make .lib files, not .a files.
@@ -5674,7 +5696,7 @@ _LT_EOF
       ;;
 
     # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
+    freebsd* | dragonfly* | midnightbsd*)
       _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
       _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
       _LT_TAGVAR(hardcode_direct, $1)=yes
@@ -5815,6 +5837,7 @@ _LT_EOF
 	# Fabrice Bellard et al's Tiny C Compiler
 	_LT_TAGVAR(ld_shlibs, $1)=yes
 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
 	;;
       esac
       ;;
@@ -5886,6 +5909,7 @@ _LT_EOF
 	emximp -o $lib $output_objdir/$libname.def'
       _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='@'
       ;;
 
     osf3*)
@@ -6656,8 +6680,8 @@ if test yes != "$_lt_caught_CXX_error"; then
 
       cygwin* | mingw* | pw32* | cegcc*)
 	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
+	,cl* | no,cl* | ,icl* | no,icl*)
+	  # Native MSVC or ICC
 	  # hardcode_libdir_flag_spec is actually meaningless, as there is
 	  # no search path for DLLs.
 	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
@@ -6755,6 +6779,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	  emximp -o $lib $output_objdir/$libname.def'
 	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
 	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	_LT_TAGVAR(file_list_spec, $1)='@'
 	;;
 
       dgux*)
@@ -6785,7 +6810,7 @@ if test yes != "$_lt_caught_CXX_error"; then
         _LT_TAGVAR(archive_cmds_need_lc, $1)=no
         ;;
 
-      freebsd* | dragonfly*)
+      freebsd* | dragonfly* | midnightbsd*)
         # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
         # conventions
         _LT_TAGVAR(ld_shlibs, $1)=yes
@@ -6922,7 +6947,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
 	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
 	;;
       irix5* | irix6*)
         case $cc_basename in
@@ -7062,13 +7087,13 @@ if test yes != "$_lt_caught_CXX_error"; then
 	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
 	    if test yes = "$supports_anon_versioning"; then
 	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+                cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
                 echo "local: *; };" >> $output_objdir/$libname.ver~
                 $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
 	    fi
 	    ;;
 	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
+	    case `$CC -V 2>&1 | $SED 5q` in
 	    *Sun\ C*)
 	      # Sun C++ 5.9
 	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
@@ -8214,6 +8239,14 @@ _LT_DECL([], [DLLTOOL], [1], [DLL creation program])
 AC_SUBST([DLLTOOL])
 ])
 
+# _LT_DECL_FILECMD
+# ----------------
+# Check for a file(cmd) program that can be used to detect file type and magic
+m4_defun([_LT_DECL_FILECMD],
+[AC_CHECK_TOOL([FILECMD], [file], [:])
+_LT_DECL([], [FILECMD], [1], [A file(cmd) program that detects file types])
+])# _LD_DECL_FILECMD
+
 # _LT_DECL_SED
 # ------------
 # Check for a fully-functional sed program, that truncates
diff --git a/m4/ltoptions.m4 b/m4/ltoptions.m4
index 94b0829..b0b5e9c 100644
--- a/m4/ltoptions.m4
+++ b/m4/ltoptions.m4
@@ -1,7 +1,7 @@
 # Helper functions for option handling.                    -*- Autoconf -*-
 #
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
+#   Copyright (C) 2004-2005, 2007-2009, 2011-2019, 2021-2022 Free
+#   Software Foundation, Inc.
 #   Written by Gary V. Vaughan, 2004
 #
 # This file is free software; the Free Software Foundation gives
diff --git a/m4/ltsugar.m4 b/m4/ltsugar.m4
index 48bc934..902508b 100644
--- a/m4/ltsugar.m4
+++ b/m4/ltsugar.m4
@@ -1,6 +1,6 @@
 # ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
 #
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
+# Copyright (C) 2004-2005, 2007-2008, 2011-2019, 2021-2022 Free Software
 # Foundation, Inc.
 # Written by Gary V. Vaughan, 2004
 #
diff --git a/m4/ltversion.m4 b/m4/ltversion.m4
index fa04b52..b155d0a 100644
--- a/m4/ltversion.m4
+++ b/m4/ltversion.m4
@@ -1,6 +1,7 @@
 # ltversion.m4 -- version numbers			-*- Autoconf -*-
 #
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
+#   Copyright (C) 2004, 2011-2019, 2021-2022 Free Software Foundation,
+#   Inc.
 #   Written by Scott James Remnant, 2004
 #
 # This file is free software; the Free Software Foundation gives
@@ -9,15 +10,15 @@
 
 # @configure_input@
 
-# serial 4179 ltversion.m4
+# serial 4245 ltversion.m4
 # This file is part of GNU Libtool
 
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
+m4_define([LT_PACKAGE_VERSION], [2.4.7])
+m4_define([LT_PACKAGE_REVISION], [2.4.7])
 
 AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
+[macro_version='2.4.7'
+macro_revision='2.4.7'
 _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
 _LT_DECL(, macro_revision, 0)
 ])
diff --git a/m4/lt~obsolete.m4 b/m4/lt~obsolete.m4
index c6b26f8..0f7a875 100644
--- a/m4/lt~obsolete.m4
+++ b/m4/lt~obsolete.m4
@@ -1,7 +1,7 @@
 # lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
 #
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
+#   Copyright (C) 2004-2005, 2007, 2009, 2011-2019, 2021-2022 Free
+#   Software Foundation, Inc.
 #   Written by Scott James Remnant, 2004.
 #
 # This file is free software; the Free Software Foundation gives
diff --git a/man/Makefile.am b/man/Makefile.am
index 4382df6..83b1d68 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -26,7 +26,6 @@ man_MANS = \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -48,6 +47,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
@@ -90,7 +93,6 @@ man_XMANS = \
 	groups.1.xml \
 	grpck.8.xml \
 	gshadow.5.xml \
-	lastlog.8.xml \
 	limits.5.xml \
 	login.1.xml \
 	login.access.5.xml \
@@ -118,7 +120,12 @@ man_XMANS = \
 	usermod.8.xml \
 	vipw.8.xml
 
+if ENABLE_LASTLOG
+man_XMANS += lastlog.8.xml
+endif
+
 login_defs_v = \
+	BCRYPT_MIN_ROUNDS.xml \
 	CHFN_AUTH.xml \
 	CHFN_RESTRICT.xml \
 	CHSH_AUTH.xml \
@@ -185,18 +192,22 @@ login_defs_v = \
 	SUB_GID_COUNT.xml \
 	SUB_UID_COUNT.xml \
 	SYS_GID_MAX.xml \
-	SYS_UID_MAX.xml
+	SYS_UID_MAX.xml \
+	YESCRYPT_COST_FACTOR.xml
 
 EXTRA_DIST = \
 	$(man_MANS) \
 	$(man_XMANS) \
+	config.xml \
 	$(addprefix login.defs.d/,$(login_defs_v)) \
 	man1/id.1 \
 	id.1.xml \
 	man8/sulogin.8 \
 	sulogin.8.xml \
 	generate_mans.mak \
-	generate_translations.mak
+	generate_translations.mak \
+	its.rules \
+	shadow-man.xsl
 
 if USE_PAM
 EXTRA_DIST += $(man_nopam)
@@ -206,9 +217,9 @@ if !ENABLE_SUBIDS
 EXTRA_DIST += $(man_subids)
 endif
 
-generate_mans.deps: *.xml
+generate_mans.deps: $(man_XMANS)
 	echo "# This file is generated" > $@
-	awk 'BEGIN{FS="\"";} /^<!ENTITY .* * SYSTEM ".*">$$/{ f=FILENAME; sub(/.xml/,"",f); print "man" substr(f, length (f)) "/" f ": " $$2 }' $(man_XMANS) >> $@
+	awk 'BEGIN{FS="\"";} /^<!ENTITY .* * SYSTEM ".*">$$/{ f=FILENAME; sub(/.xml/,"",f); print "man" substr(f, length (f)) "/" f ": " $$2 }' $< >> $@
 
 if ENABLE_REGENERATE_MAN
 
diff --git a/man/Makefile.in b/man/Makefile.in
index fa8a0ea..5eef178 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -87,11 +87,13 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@WITH_SU_TRUE@am__append_1 = man1/su.1
-@USE_PAM_FALSE@am__append_2 = $(man_nopam)
-@ENABLE_SUBIDS_TRUE@am__append_3 = $(man_subids)
-@USE_PAM_TRUE@am__append_4 = $(man_nopam)
-@ENABLE_SUBIDS_FALSE@am__append_5 = $(man_subids)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@WITH_SU_TRUE@am__append_2 = man1/su.1
+@USE_PAM_FALSE@am__append_3 = $(man_nopam)
+@ENABLE_SUBIDS_TRUE@am__append_4 = $(man_subids)
+@ENABLE_LASTLOG_TRUE@am__append_5 = lastlog.8.xml
+@USE_PAM_TRUE@am__append_6 = $(man_nopam)
+@ENABLE_SUBIDS_FALSE@am__append_7 = $(man_subids)
 subdir = man
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -238,6 +240,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -256,6 +260,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -271,9 +276,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -289,6 +300,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -297,6 +309,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -319,6 +333,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -398,13 +415,13 @@ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
 	man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
 	man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
-	man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
-	man3/shadow.3 man5/shadow.5 man5/suauth.5 man8/useradd.8 \
-	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
-	$(am__append_1) $(am__append_2) $(am__append_3)
+	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man3/shadow.3 \
+	man5/shadow.5 man5/suauth.5 man8/useradd.8 man8/userdel.8 \
+	man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1) \
+	$(am__append_2) $(am__append_3) $(am__append_4)
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
@@ -417,53 +434,19 @@ man_subids = \
 	man5/subgid.5 \
 	man5/subuid.5
 
-man_XMANS = \
-	chage.1.xml \
-	chfn.1.xml \
-	chgpasswd.8.xml \
-	chpasswd.8.xml \
-	chsh.1.xml \
-	expiry.1.xml \
-	faillog.5.xml \
-	faillog.8.xml \
-	getsubids.1.xml \
-	gpasswd.1.xml \
-	groupadd.8.xml \
-	groupdel.8.xml \
-	groupmems.8.xml \
-	groupmod.8.xml \
-	groups.1.xml \
-	grpck.8.xml \
-	gshadow.5.xml \
-	lastlog.8.xml \
-	limits.5.xml \
-	login.1.xml \
-	login.access.5.xml \
-	login.defs.5.xml \
-	logoutd.8.xml \
-	newgidmap.1.xml \
-	newgrp.1.xml \
-	newuidmap.1.xml \
-	newusers.8.xml \
-	nologin.8.xml \
-	passwd.1.xml \
-	passwd.5.xml \
-	porttime.5.xml \
-	pwck.8.xml \
-	pwconv.8.xml \
-	shadow.3.xml \
-	shadow.5.xml \
-	sg.1.xml \
-	su.1.xml \
-	suauth.5.xml \
-	subgid.5.xml \
-	subuid.5.xml \
-	useradd.8.xml \
-	userdel.8.xml \
-	usermod.8.xml \
-	vipw.8.xml
-
+man_XMANS = chage.1.xml chfn.1.xml chgpasswd.8.xml chpasswd.8.xml \
+	chsh.1.xml expiry.1.xml faillog.5.xml faillog.8.xml \
+	getsubids.1.xml gpasswd.1.xml groupadd.8.xml groupdel.8.xml \
+	groupmems.8.xml groupmod.8.xml groups.1.xml grpck.8.xml \
+	gshadow.5.xml limits.5.xml login.1.xml login.access.5.xml \
+	login.defs.5.xml logoutd.8.xml newgidmap.1.xml newgrp.1.xml \
+	newuidmap.1.xml newusers.8.xml nologin.8.xml passwd.1.xml \
+	passwd.5.xml porttime.5.xml pwck.8.xml pwconv.8.xml \
+	shadow.3.xml shadow.5.xml sg.1.xml su.1.xml suauth.5.xml \
+	subgid.5.xml subuid.5.xml useradd.8.xml userdel.8.xml \
+	usermod.8.xml vipw.8.xml $(am__append_5)
 login_defs_v = \
+	BCRYPT_MIN_ROUNDS.xml \
 	CHFN_AUTH.xml \
 	CHFN_RESTRICT.xml \
 	CHSH_AUTH.xml \
@@ -530,12 +513,16 @@ login_defs_v = \
 	SUB_GID_COUNT.xml \
 	SUB_UID_COUNT.xml \
 	SYS_GID_MAX.xml \
-	SYS_UID_MAX.xml
+	SYS_UID_MAX.xml \
+	YESCRYPT_COST_FACTOR.xml
 
-EXTRA_DIST = $(man_MANS) $(man_XMANS) $(addprefix \
+EXTRA_DIST = $(man_MANS) $(man_XMANS) config.xml $(addprefix \
 	login.defs.d/,$(login_defs_v)) man1/id.1 id.1.xml \
 	man8/sulogin.8 sulogin.8.xml generate_mans.mak \
-	generate_translations.mak $(am__append_4) $(am__append_5)
+	generate_translations.mak its.rules shadow-man.xsl \
+	$(am__append_6) $(am__append_7)
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -544,8 +531,15 @@ EXTRA_DIST = $(man_MANS) $(man_XMANS) $(addprefix \
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 @ENABLE_REGENERATE_MAN_TRUE@CLEANFILES = $(man_MANS) man1/id.1 man8/sulogin.8
 all: all-recursive
 
@@ -1047,9 +1041,9 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 .PRECIOUS: Makefile
 
 
-generate_mans.deps: *.xml
+generate_mans.deps: $(man_XMANS)
 	echo "# This file is generated" > $@
-	awk 'BEGIN{FS="\"";} /^<!ENTITY .* * SYSTEM ".*">$$/{ f=FILENAME; sub(/.xml/,"",f); print "man" substr(f, length (f)) "/" f ": " $$2 }' $(man_XMANS) >> $@
+	awk 'BEGIN{FS="\"";} /^<!ENTITY .* * SYSTEM ".*">$$/{ f=FILENAME; sub(/.xml/,"",f); print "man" substr(f, length (f)) "/" f ": " $$2 }' $< >> $@
 
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_REGENERATE_MAN_TRUE@include generate_mans.deps
 
@@ -1061,11 +1055,13 @@ generate_mans.deps: *.xml
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/chage.1.xml b/man/chage.1.xml
index 055c1ed..060409b 100644
--- a/man/chage.1.xml
+++ b/man/chage.1.xml
@@ -200,6 +200,21 @@
       </varlistentry>
       <varlistentry>
 	<term>
+	  <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    Apply changes to configuration files under the root filesystem
+	    found under the directory <replaceable>PREFIX_DIR</replaceable>.
+	    This option does not chroot and is intended for preparing a cross-compilation
+	    target.  Some limitations: NIS and LDAP users/groups are
+	    not verified.  PAM authentication is using the host files.
+	    No SELINUX support.
+	  </para>
+	</listitem>
+      </varlistentry>
+      <varlistentry>
+	<term>
 	  <option>-W</option>, <option>--warndays</option>&nbsp;<replaceable>WARN_DAYS</replaceable>
 	</term>
 	<listitem>
diff --git a/man/chgpasswd.8.xml b/man/chgpasswd.8.xml
index bd2d117..f4a83c2 100644
--- a/man/chgpasswd.8.xml
+++ b/man/chgpasswd.8.xml
@@ -6,10 +6,12 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
 <!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 
@@ -88,12 +90,16 @@
 	<term><option>-c</option>, <option>--crypt-method</option></term>
 	<listitem>
 	  <para>Use the specified method to encrypt the passwords.</para>
-	  <para condition="no_sha_crypt">
-	    The available methods are DES, MD5, and NONE.
-	  </para>
-	  <para condition="sha_crypt">
-	    The available methods are DES, MD5, NONE, and SHA256 or SHA512
-	    if your libc support these methods.
+	  <para>
+	    The available methods are <phrase condition="bcrypt">
+	    <replaceable>BCRYPT</replaceable>,</phrase>
+	    <replaceable>DES</replaceable>,
+	    <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+	    <replaceable>SHA256</replaceable>,
+	    <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+	    <replaceable>YESCRYPT</replaceable></phrase> and
+	    <replaceable>NONE</replaceable>
+	    if your libc supports these methods.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -131,29 +137,49 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry condition="sha_crypt">
+      <varlistentry condition="bcrypt;sha_crypt;yescrypt">
 	<term><option>-s</option>, <option>--sha-rounds</option></term>
 	<listitem>
 	  <para>
 	    Use the specified number of rounds to encrypt the passwords.
 	  </para>
 	  <para>
-	    The value 0 means that the system will choose the default
-	    number of rounds for the crypt method (5000).
+	    You can only use this option with crypt method:
+	    <phrase condition="bcrypt">
+	    <replaceable>BCRYPT</replaceable></phrase>
+	    <phrase condition="sha_crypt">
+	    <replaceable>SHA256</replaceable>
+	    <replaceable>SHA512</replaceable></phrase>
+	    <phrase condition="yescrypt">
+	    <replaceable>YESCRYPT</replaceable></phrase>
 	  </para>
-	  <para>
-	    A minimal value of 1000 and a maximal value of 999,999,999
-	    will be enforced.
+	  <para condition="bcrypt">
+	    By default, the number of rounds for BCRYPT is defined by the
+	    BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+	    <filename>/etc/login.defs</filename>.
 	  </para>
-	  <para>
-	    You can only use this option with the SHA256 or SHA512
-	    crypt method.
+	  <para condition="bcrypt">
+	    A minimal value of 4 and a maximal value of 31
+	    will be enforced for BCRYPT. The default number of rounds is 13.
 	  </para>
-	  <para>
-	    By default, the number of rounds is defined by the
-	    SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+	  <para condition="sha_crypt">
+	    By default, the number of rounds for SHA256 or SHA512 is defined by
+	    the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 	    <filename>/etc/login.defs</filename>.
 	  </para>
+	  <para condition="sha_crypt">
+	    A minimal value of 1000 and a maximal value of 999,999,999
+	    will be enforced for SHA256 and SHA512. The default number of rounds
+	    is 5000.
+	  </para>
+	  <para condition="yescrypt">
+	    By default, the number of rounds for YESCRYPT is defined by the
+	    YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+	  </para>
+	  <para condition="yescrypt">
+	    A minimal value of 1 and a maximal value of 11
+	    will be enforced for YESCRYPT. The default number of rounds is 5.
+	  </para>
 	</listitem>
       </varlistentry>
     </variablelist>
@@ -179,10 +205,12 @@
       tool:
     </para>
     <variablelist>
+      &BCRYPT_MIN_ROUNDS; <!--This also document BCRYPT_MAX_ROUNDS-->
       &ENCRYPT_METHOD;
       &MAX_MEMBERS_PER_GROUP;
       &MD5_CRYPT_ENAB;
       &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
+      &YESCRYPT_COST_FACTOR;
     </variablelist>
   </refsect1>
 
diff --git a/man/chpasswd.8.xml b/man/chpasswd.8.xml
index 6353419..cffd9df 100644
--- a/man/chpasswd.8.xml
+++ b/man/chpasswd.8.xml
@@ -6,9 +6,11 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 
@@ -115,12 +117,16 @@
 	</term>
 	<listitem>
 	  <para>Use the specified method to encrypt the passwords.</para>
-	  <para condition="no_sha_crypt">
-	    The available methods are DES, MD5, and NONE.
-	  </para>
-	  <para condition="sha_crypt">
-	    The available methods are DES, MD5, NONE, and SHA256 or SHA512
-	    if your libc support these methods.
+	  <para>
+	    The available methods are <phrase condition="bcrypt">
+	    <replaceable>BCRYPT</replaceable>,</phrase>
+	    <replaceable>DES</replaceable>,
+	    <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+	    <replaceable>SHA256</replaceable>,
+	    <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+	    <replaceable>YESCRYPT</replaceable></phrase> and
+	    <replaceable>NONE</replaceable>
+	    if your libc supports these methods.
 	  </para>
 	  <para condition="pam">
 	    By default, PAM is used to encrypt the passwords.
@@ -173,7 +179,22 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry condition="sha_crypt">
+      <varlistentry>
+	<term>
+	  <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    Apply changes to configuration files under the root filesystem
+	    found under the directory <replaceable>PREFIX_DIR</replaceable>.
+	    This option does not chroot and is intended for preparing a cross-compilation
+	    target.  Some limitations: NIS and LDAP users/groups are
+	    not verified.  PAM authentication is using the host files.
+	    No SELINUX support.
+	  </para>
+	</listitem>
+      </varlistentry>
+      <varlistentry condition="bcrypt;sha_crypt;yescrypt">
 	<term>
 	  <option>-s</option>, <option>--sha-rounds</option>&nbsp;<replaceable>ROUNDS</replaceable>
 	</term>
@@ -182,23 +203,42 @@
 	    Use the specified number of rounds to encrypt the passwords.
 	  </para>
 	  <para>
-	    The value 0 means that the system will choose the default
-	    number of rounds for the crypt method (5000).
+	    You can only use this option with crypt method:
+	    <phrase condition="bcrypt">
+	    <replaceable>BCRYPT</replaceable></phrase>
+	    <phrase condition="sha_crypt">
+	    <replaceable>SHA256</replaceable>
+	    <replaceable>SHA512</replaceable></phrase>
+	    <phrase condition="yescrypt">
+	    <replaceable>YESCRYPT</replaceable></phrase>
 	  </para>
-	  <para>
-	    A minimal value of 1000 and a maximal value of 999,999,999
-	    will be enforced.
+	  <para condition="bcrypt">
+	    By default, the number of rounds for BCRYPT is defined by the
+	    BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+	    <filename>/etc/login.defs</filename>.
 	  </para>
-	  <para>
-	    You can only use this option with the SHA256 or SHA512
-	    crypt method.
+	  <para condition="bcrypt">
+	    A minimal value of 4 and a maximal value of 31
+	    will be enforced for BCRYPT. The default number of rounds is 13.
 	  </para>
-	  <para>
-	    By default, the number of rounds is defined by the
-	    <option>SHA_CRYPT_MIN_ROUNDS</option> and
-	    <option>SHA_CRYPT_MAX_ROUNDS</option> variables in
+	  <para condition="sha_crypt">
+	    By default, the number of rounds for SHA256 or SHA512 is defined by
+	    the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 	    <filename>/etc/login.defs</filename>.
 	  </para>
+	  <para condition="sha_crypt">
+	    A minimal value of 1000 and a maximal value of 999,999,999
+	    will be enforced for SHA256 and SHA512. The default number of rounds
+	    is 5000.
+	  </para>
+	  <para condition="yescrypt">
+	    By default, the number of rounds for YESCRYPT is defined by the
+	    YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+	  </para>
+	  <para condition="yescrypt">
+	    A minimal value of 1 and a maximal value of 11
+	    will be enforced for YESCRYPT. The default number of rounds is 5.
+	  </para>
 	</listitem>
       </varlistentry>
     </variablelist>
@@ -224,7 +264,9 @@
       &MD5_CRYPT_ENAB;
     </variablelist>
     <variablelist>
+      &BCRYPT_MIN_ROUNDS; <!--documents also BCRYPT_MAX_ROUNDS-->
       &SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS-->
+      &YESCRYPT_COST_FACTOR;
     </variablelist>
   </refsect1>
 
diff --git a/man/chsh.1.xml b/man/chsh.1.xml
index 373aa92..db2d0ce 100644
--- a/man/chsh.1.xml
+++ b/man/chsh.1.xml
@@ -115,7 +115,7 @@
 
   <refsect1 id='note'>
     <title>NOTE</title>
-    <para>
+    <para condition="without_vendordir">
       The only restriction placed on the login shell is that the command
       name must be listed in <filename>/etc/shells</filename>, unless the
       invoker is the superuser, and then any value may be added. An
@@ -125,6 +125,25 @@
       changing to a restricted shell would prevent the user from ever
       changing her login shell back to its original value.
     </para>
+    <para condition="with_vendordir">
+      The only restriction placed on the login shell is that the command
+      name must be listed in <filename>/etc/shells</filename>.
+      If this file does not exist, the definitions are taken from the files
+      <filename>%vendordir%/shells</filename>,
+      <filename>%vendordir%/shells.d/*</filename> and
+      <filename>/etc/shells.d/*</filename> in that order.
+      If <filename>/etc/shells.d/@filename@</filename> exists, then
+      <filename>%vendordir%/shells.d/@filename@</filename> will not be used.
+      If the invoker is the superuser any value may be added regardless what is
+      defined in the configuration files.
+      An account with a restricted login shell may not change her login shell.
+    </para>
+    <para>
+      For this reason, placing <filename>/bin/rsh</filename> in
+      <filename>/etc/shells</filename> is discouraged since accidentally
+      changing to a restricted shell would prevent the user from ever
+      changing her login shell back to its original value.
+    </para>
   </refsect1>
 
   <refsect1 id='configuration' condition="no_pam">
@@ -151,9 +170,31 @@
       </varlistentry>
       <varlistentry>
 	<term><filename>/etc/shells</filename></term>
-	<listitem>
+	<listitem condition="without_vendordir">
 	  <para>List of valid login shells.</para>
 	</listitem>
+	<listitem condition="with_vendordir">
+	  <para>User defined list of valid login shells.</para>
+	</listitem>
+      </varlistentry>
+      <varlistentry condition="with_vendordir">
+       <term><filename>%vendordir%/shells</filename></term>
+        <listitem>
+          <para>Default configuration file if
+	  <filename>/etc/shells</filename> does not exist.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry condition="with_vendordir">
+        <term><filename>%vendordir%/shells.d</filename></term>
+        <listitem>
+          <para>Directory for additional vendor specific configuration files.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry condition="with_vendordir">
+        <term><filename>/etc/shells.d</filename></term>
+        <listitem>
+          <para>Directory for additional user defined configuration files.</para>
+        </listitem>
       </varlistentry>
       <varlistentry>
 	<term><filename>/etc/login.defs</filename></term>
diff --git a/man/config.xml b/man/config.xml
new file mode 100644
index 0000000..f342036
--- /dev/null
+++ b/man/config.xml
@@ -0,0 +1,2 @@
+<!ENTITY GROUP_NAME_MAX_LENGTH '32'>
+<!ENTITY SHADOW_UTILS_VERSION '4.15.2'>
diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
index 3b2be0c..84407d7 100644
--- a/man/cs/Makefile.am
+++ b/man/cs/Makefile.am
@@ -12,13 +12,16 @@ man_MANS = \
 	man1/groups.1 \
 	man8/grpck.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man8/nologin.8 \
 	man5/passwd.5 \
 	man5/shadow.5 \
 	man1/su.1 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 EXTRA_DIST = $(man_MANS) \
 	man1/id.1 \
 	man8/groupmems.8 \
diff --git a/man/cs/Makefile.in b/man/cs/Makefile.in
index 516c58d..a04a706 100644
--- a/man/cs/Makefile.in
+++ b/man/cs/Makefile.in
@@ -87,6 +87,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
 subdir = man/cs
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -172,6 +173,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -190,6 +193,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -205,9 +209,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -223,6 +233,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -231,6 +242,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -253,6 +266,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -324,24 +340,10 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-man_MANS = \
-	man1/expiry.1 \
-	man5/faillog.5 \
-	man8/faillog.8 \
-	man1/gpasswd.1 \
-	man8/groupadd.8 \
-	man8/groupdel.8 \
-	man8/groupmod.8 \
-	man1/groups.1 \
-	man8/grpck.8 \
-	man5/gshadow.5 \
-	man8/lastlog.8 \
-	man8/nologin.8 \
-	man5/passwd.5 \
-	man5/shadow.5 \
-	man1/su.1 \
-	man8/vipw.8
-
+man_MANS = man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \
+	man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/groups.1 \
+	man8/grpck.8 man5/gshadow.5 man8/nologin.8 man5/passwd.5 \
+	man5/shadow.5 man1/su.1 man8/vipw.8 $(am__append_1)
 EXTRA_DIST = $(man_MANS) \
 	man1/id.1 \
 	man8/groupmems.8 \
diff --git a/man/da/Makefile.in b/man/da/Makefile.in
index 3ed052b..c192e7a 100644
--- a/man/da/Makefile.in
+++ b/man/da/Makefile.in
@@ -175,6 +175,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -193,6 +195,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -208,9 +211,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -226,6 +235,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -234,6 +244,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -256,6 +268,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -335,6 +350,8 @@ man_MANS = man1/chfn.1 man8/groupdel.8 man1/groups.1 man5/gshadow.5 \
 man_nopam = 
 EXTRA_DIST = $(man_MANS) man1/id.1 $(am__append_2)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -343,8 +360,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -684,10 +708,10 @@ uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -695,7 +719,7 @@ uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -706,11 +730,13 @@ uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/da/man1/chfn.1 b/man/da/man1/chfn.1
index d8c3a2d..a999af8 100644
--- a/man/da/man1/chfn.1
+++ b/man/da/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "CHFN" "1" "08/11/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "CHFN" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chfn \- change real user name and information
 .SH "SYNOPSIS"
 .HP \w'\fBchfn\fR\ 'u
-\fBchfn\fR [\fItilvalg\fR] [\fILOGIND\fR]
+\fBchfn\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "BESKRIVELSE"
 .PP
 The
diff --git a/man/da/man1/groups.1 b/man/da/man1/groups.1
index 76e3984..81f2be2 100644
--- a/man/da/man1/groups.1
+++ b/man/da/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "GROUPS" "1" "08/11/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "GROUPS" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groups \- vis aktuelle gruppenavne
 .SH "SYNOPSIS"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fIbruger\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "BESKRIVELSE"
 .PP
 The
diff --git a/man/da/man1/id.1 b/man/da/man1/id.1
index 1cf00d5..6854332 100644
--- a/man/da/man1/id.1
+++ b/man/da/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "ID" "1" "08/11/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "ID" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/da/man1/newgrp.1 b/man/da/man1/newgrp.1
index d56f969..fed91de 100644
--- a/man/da/man1/newgrp.1
+++ b/man/da/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "NEWGRP" "1" "08/11/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "NEWGRP" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/da/man1/sg.1 b/man/da/man1/sg.1
index e36d514..cc288b5 100644
--- a/man/da/man1/sg.1
+++ b/man/da/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "SG" "1" "08/11/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "SG" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/da/man5/gshadow.5 b/man/da/man5/gshadow.5
index b885e1c..56a4e55 100644
--- a/man/da/man5/gshadow.5
+++ b/man/da/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "GSHADOW" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "GSHADOW" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,7 +38,7 @@ This file must not be readable by regular users if password security is to be ma
 .PP
 Each line of this file contains the following colon\-separated fields:
 .PP
-\fBgruppenavn\fR
+\fBgroup name\fR
 .RS 4
 Det skal v\(aere et gyldigt gruppenavn, som findes p\(oa systemet\&.
 .RE
@@ -63,7 +63,7 @@ This password supersedes any password specified in
 /etc/group\&.
 .RE
 .PP
-\fBadministratorer\fR
+\fBadministrators\fR
 .RS 4
 Det skal v\(aere en kommaadskilt liste af brugernavne\&.
 .sp
@@ -72,7 +72,7 @@ Administratorer kan \(aendre adgangskoden eller medlemmerne af gruppen\&.
 Administratorer har ogs\(oa de samme rettigheder som medlemmerne (se nedenfor)\&.
 .RE
 .PP
-\fBmedlemmer\fR
+\fBmembers\fR
 .RS 4
 Det skal v\(aere en kommaadskilt liste af brugernavne\&.
 .sp
diff --git a/man/da/man8/groupdel.8 b/man/da/man8/groupdel.8
index 87a94b8..e370ffe 100644
--- a/man/da/man8/groupdel.8
+++ b/man/da/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Kommandoer for systemh\(oandtering
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "GROUPDEL" "8" "08/11/2022" "shadow\-utils 4\&.13" "Kommandoer for systemh\(oandterin"
+.TH "GROUPDEL" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- slet en gruppe
 .SH "SYNOPSIS"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fItilvalg\fR] \fIGRUPPE\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "BESKRIVELSE"
 .PP
 The
diff --git a/man/da/man8/logoutd.8 b/man/da/man8/logoutd.8
index 8379e28..88b506f 100644
--- a/man/da/man8/logoutd.8
+++ b/man/da/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Kommandoer for systemh\(oandtering
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "LOGOUTD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Kommandoer for systemh\(oandterin"
+.TH "LOGOUTD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/da/man8/nologin.8 b/man/da/man8/nologin.8
index c89d06e..c22b77c 100644
--- a/man/da/man8/nologin.8
+++ b/man/da/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Kommandoer for systemh\(oandtering
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "NOLOGIN" "8" "08/11/2022" "shadow\-utils 4\&.13" "Kommandoer for systemh\(oandterin"
+.TH "NOLOGIN" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/da/man8/vipw.8 b/man/da/man8/vipw.8
index 43ea985..a586d71 100644
--- a/man/da/man8/vipw.8
+++ b/man/da/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Kommandoer for systemh\(oandtering
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Danish
 .\"
-.TH "VIPW" "8" "08/11/2022" "shadow\-utils 4\&.13" "Kommandoer for systemh\(oandterin"
+.TH "VIPW" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,16 @@
 vipw, vigr \- rediger adgangskoden, gruppe, shadow\-adgangskode\- eller shadow\-gruppe\-fil
 .SH "SYNOPSIS"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fItilvalg\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fItilvalg\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "BESKRIVELSE"
 .PP
 The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
@@ -95,12 +95,12 @@ Rediger shadow\- eller gshadow\-database\&.
 .RE
 .SH "MILJ\(/O"
 .PP
-\fBVISUEL\fR
+\fBVISUAL\fR
 .RS 4
 Redigeringsprogram der skal bruges\&.
 .RE
 .PP
-\fBREDIGERINGSPROGRAM\fR
+\fBEDITOR\fR
 .RS 4
 Editor to be used if
 \fBVISUAL\fR
diff --git a/man/de/Makefile.am b/man/de/Makefile.am
index 3cd302e..671432d 100644
--- a/man/de/Makefile.am
+++ b/man/de/Makefile.am
@@ -21,7 +21,6 @@ man_MANS = \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -44,6 +43,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
diff --git a/man/de/Makefile.in b/man/de/Makefile.in
index 20899d3..3c64eb6 100644
--- a/man/de/Makefile.in
+++ b/man/de/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/de
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -176,6 +177,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -194,6 +197,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -209,9 +213,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -227,6 +237,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -235,6 +246,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -257,6 +270,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -332,20 +348,22 @@ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
 	man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
 	man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
-	man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
-	man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
-	man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
-	man8/vipw.8 $(am__append_1)
+	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man3/shadow.3 \
+	man5/shadow.5 man1/su.1 man5/suauth.5 man8/useradd.8 \
+	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+	$(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
 	man5/porttime.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_2)
+EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_3)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -354,8 +372,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -739,10 +764,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -750,7 +775,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -761,11 +786,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/de/man1/chage.1 b/man/de/man1/chage.1
index eae65f1..9d88d46 100644
--- a/man/de/man1/chage.1
+++ b/man/de/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "CHAGE" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "CHAGE" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-chage \- \(:andert die Information zum Passwortverfall
+chage \- \(:andert das Ablaufdatum des Passworts und damit verkn\(:upfte Fristen
 .SH "\(:UBERSICHT"
 .HP \w'\fBchage\fR\ 'u
-\fBchage\fR [\fIOptionen\fR] \fIANMELDENAME\fR
+\fBchage\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -54,7 +54,7 @@ the user is forced to change his password on the next log on\&.
 .PP
 \fB\-E\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
 .RS 4
-Setzt das Datum oder die Anzahl der Tage seit dem 1\&. Januar 1970, ab dem auf das Benutzerkonto nicht mehr zugegriffen werden kann\&. Das Datum kann auch im Format JJJJ\-MM\-TT (oder in dem Format, das in Ihrer Region verbreitet ist) angegeben werden\&. Ein Benutzer, dessen Konto gesperrt ist, muss sich mit dem Systemadministrator in Verbindung setzen, ehe er sich wieder am System anmelden kann\&.
+setzt den Tag angegeben als Anzahl von Tagen nach dem 1\&. Januar 1970, ab dem das Benutzerkonto nicht mehr zug\(:anglich sein soll\&. Das Datum kann auch im Format JJJJ\-MM\-TT (oder in dem Format, das in Ihrer Region verbreitet ist) angegeben werden\&. Ein Benutzer, dessen Konto stillgelegt ist, muss sich mit dem Systemadministrator in Verbindung setzen, ehe er das System wieder verwenden kann\&.
 .sp
 For example the following can be used to set an account to expire in 180 days:
 .sp
@@ -78,12 +78,12 @@ will remove an account expiration date\&.
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-i\fR, \fB\-\-iso8601\fR
 .RS 4
-When printing dates, use YYYY\-MM\-DD format\&.
+Bei der Datumsausgabe das ISO\-Format JJJJ\-MM\-TT verwenden
 .RE
 .PP
 \fB\-I\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
@@ -101,7 +101,7 @@ will remove an account\*(Aqs inactivity\&.
 .PP
 \fB\-l\fR, \fB\-\-list\fR
 .RS 4
-zeigt Informationen zur Kontoalterung an
+zeigt den Zugang zum Benutzerkonto betreffende Fristen an\&.
 .RE
 .PP
 \fB\-m\fR, \fB\-\-mindays\fR\ \&\fIMIN_DAYS\fR
@@ -136,6 +136,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
@@ -181,7 +187,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .SH "R\(:UCKGABEWERTE"
 .PP
diff --git a/man/de/man1/chfn.1 b/man/de/man1/chfn.1
index a08815f..458e2e6 100644
--- a/man/de/man1/chfn.1
+++ b/man/de/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "CHFN" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "CHFN" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-chfn \- \(:andert den vollst\(:andigen Namen eines Benutzers und sonstige Informationen
+chfn \- \(:andert den vollst\(:andigen Namen und sonstige Informationen zum Benutzer
 .SH "\(:UBERSICHT"
 .HP \w'\fBchfn\fR\ 'u
-\fBchfn\fR [\fIOptionen\fR] [\fIANMELDENAME\fR]
+\fBchfn\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -56,22 +56,22 @@ command are:
 .PP
 \fB\-f\fR, \fB\-\-full\-name\fR\ \&\fIFULL_NAME\fR
 .RS 4
-ver\(:andert den vollst\(:andigen Namen des Benutzers
+\(:andert den vollst\(:andigen Namen des Benutzers\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-home\-phone\fR\ \&\fIHOME_PHONE\fR
 .RS 4
-\(:andert die private Telefonnummer des Benutzers
+\(:andert die private Telefonnummer des Benutzers\&.
 .RE
 .PP
 \fB\-o\fR, \fB\-\-other\fR\ \&\fIOTHER\fR
 .RS 4
-Ver\(:andert die sonstigen Informationen \(:uber den Benutzer in der GECOS\-Zeile\&. In diesem Feld werden Kontoinformationen anderer Anwendungen gespeichert\&. Es kann nur vom Superuser ver\(:andert werden\&.
+\(:andert sonstige GECOS\-Informationen \(:uber den Benutzer\&. In diesem Feld werden Kontoinformationen anderer Anwendungen gespeichert\&. Es kann nur vom Systemadministrator ver\(:andert werden\&.
 .RE
 .PP
 \fB\-r\fR, \fB\-\-room\fR\ \&\fIROOM_NUMBER\fR
 .RS 4
-\(:andert die Zimmernummer des Benutzers
+\(:andert die Raumnummer des Benutzers\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -85,12 +85,12 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-u\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-w\fR, \fB\-\-work\-phone\fR\ \&\fIWORK_PHONE\fR
 .RS 4
-ver\(:andert die berufliche Telefonnummer des Benutzers
+\(:andert die berufliche Telefonnummer des Benutzers\&.
 .RE
 .PP
 If none of the options are selected,
@@ -109,7 +109,7 @@ change the behavior of this tool:
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .PP
 /etc/passwd
diff --git a/man/de/man1/chsh.1 b/man/de/man1/chsh.1
index 666adc2..e7e7352 100644
--- a/man/de/man1/chsh.1
+++ b/man/de/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "CHSH" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "CHSH" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chsh \- \(:andert die Anmelde\-Shell
 .SH "\(:UBERSICHT"
 .HP \w'\fBchsh\fR\ 'u
-\fBchsh\fR [\fIOptionen\fR] [\fIANMELDENAME\fR]
+\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -45,7 +45,7 @@ command are:
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -59,7 +59,11 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
 .RS 4
-The name of the user\*(Aqs new login shell\&. Setting this field to blank causes the system to select the default login shell\&.
+\(:andert die Anmelde\-Shell des Benutzers\&. Mit dem Leerstring als
+\fISHELL\fR
+wird dieser in die Datei
+/etc/passwd
+\(:ubernommen und dem Benutzer nach der Anmeldung die Standard\-Shell des Systems zur Verf\(:ugung gestellt\&.
 .RE
 .PP
 If the
@@ -77,6 +81,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "KONFIGURATION"
 .PP
 The following configuration variables in
@@ -91,12 +101,12 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shells
 .RS 4
-Liste der m\(:oglichen Anmelde\-Shells
+Liste g\(:ultiger Anmelde\-Shells
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man1/expiry.1 b/man/de/man1/expiry.1
index a67539e..b51c836 100644
--- a/man/de/man1/expiry.1
+++ b/man/de/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "EXPIRY" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "EXPIRY" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-expiry \- \(:uberpr\(:uft die Regeln f\(:ur den Verfall des Passworts und setzt diese um
+expiry \- \(:uberpr\(:uft das Passwort auf G\(:ultigkeit
 .SH "\(:UBERSICHT"
 .HP \w'\fBexpiry\fR\ 'u
-\fBexpiry\fR \fIOption\fR
+\fBexpiry\fR \fIoption\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -45,7 +45,7 @@ command are:
 .PP
 \fB\-c\fR, \fB\-\-check\fR
 .RS 4
-\(:uberpr\(:uft den Verfall des Passworts des aktuellen Benutzers
+\(:uberpr\(:uft, ob das Passwort des aktuellen Benutzers abgelaufen ist\&.
 .RE
 .PP
 \fB\-f\fR, \fB\-\-force\fR
@@ -55,7 +55,7 @@ erzwingt den Wechsel des Passworts des aktuellen Benutzers, falls dieses abgelau
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .SH "DATEIEN"
 .PP
@@ -66,7 +66,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man1/gpasswd.1 b/man/de/man1/gpasswd.1
index ba0a3a6..68f2625 100644
--- a/man/de/man1/gpasswd.1
+++ b/man/de/man1/gpasswd.1
@@ -2,12 +2,12 @@
 .\"     Title: gpasswd
 .\"    Author: Rafal Maszkowski
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GPASSWD" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "GPASSWD" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 gpasswd \- administer /etc/group and /etc/gshadow
 .SH "\(:UBERSICHT"
 .HP \w'\fBgpasswd\fR\ 'u
-\fBgpasswd\fR [\fIOption\fR] \fIGruppe\fR
+\fBgpasswd\fR [\fIoption\fR] \fIgroup\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -58,7 +58,7 @@ If a password is set the members can still use
 without a password, and non\-members must supply the password\&.
 .SS "Hinweise zu Gruppenpassw\(:ortern"
 .PP
-Gruppenpassw\(:orter beinhalten ein Sicherheitsrisiko, da mehrere Personen das Passwort kennen\&. Dennoch k\(:onnen sie sinnvoll sein, um die Zusammenarbeit zwischen Benutzern zu erleichtern\&.
+Gruppenpassw\(:orter bergen ein Sicherheitsrisiko, da mehrere Personen das Passwort kennen\&. Dennoch sind Gruppen ein n\(:utzliches Mittel f\(:ur die Zusammenarbeit zwischen Benutzern\&.
 .SH "OPTIONEN"
 .PP
 Except for the
@@ -89,7 +89,7 @@ from the named
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-Q\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -121,12 +121,12 @@ to join the named
 .PP
 \fB\-A\fR, \fB\-\-administrators\fR\ \&\fIuser\fR,\&.\&.\&.
 .RS 4
-Liste der Gruppenverwalter bestimmen
+definiert eine Liste von Benutzern als Gruppenverwalter
 .RE
 .PP
 \fB\-M\fR, \fB\-\-members\fR\ \&\fIuser\fR,\&.\&.\&.
 .RS 4
-Liste der Mitglieder der Gruppe bestimmen
+definiert eine Liste von Benutzern als Gruppenmitglieder
 .RE
 .SH "WARNUNGEN"
 .PP
@@ -148,7 +148,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man1/groups.1 b/man/de/man1/groups.1
index f732cd1..d06b82e 100644
--- a/man/de/man1/groups.1
+++ b/man/de/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GROUPS" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "GROUPS" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-groups \- zeigt die aktuell verwendeten Gruppennamen an
+groups \- gibt die aktuellen Gruppenzugeh\(:origkeiten des Benutzers aus
 .SH "\(:UBERSICHT"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fIBenutzer\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
diff --git a/man/de/man1/id.1 b/man/de/man1/id.1
index 70b2c55..26b40b1 100644
--- a/man/de/man1/id.1
+++ b/man/de/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "ID" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "ID" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/de/man1/login.1 b/man/de/man1/login.1
index 9c9d062..2262e3e 100644
--- a/man/de/man1/login.1
+++ b/man/de/man1/login.1
@@ -2,12 +2,12 @@
 .\"     Title: login
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "LOGIN" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "LOGIN" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,9 +31,9 @@
 login \- startet eine Sitzung auf dem System
 .SH "\(:UBERSICHT"
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIBenutzername\fR] [\fIENV=VAR\fR...]
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIusername\fR] [\fIENV=VAR\fR...]
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIBenutzername\fR
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIusername\fR
 .HP \w'\fBlogin\fR\ 'u
 \fBlogin\fR [\-p] \-r\ \fIhost\fR
 .SH "BESCHREIBUNG"
@@ -80,9 +80,9 @@ On some installations, the environmental variable
 will be initialized to the terminal type on your tty line, as specified in
 /etc/ttytype\&.
 .PP
-Ein Startskript f\(:ur Ihren Befehlsinterpreter kann auch ausgef\(:uhrt werden\&. Sehen Sie bitte in den entsprechenden Handbuchseiten f\(:ur weitere Informationen dar\(:uber nach\&.
+Ein Startskript f\(:ur Ihren Befehlsinterpreter kann auch ausgef\(:uhrt werden\&. F\(:ur weitere Informationen dar\(:uber sehen Sie bitte in den entsprechenden Handbuchseiten nach\&.
 .PP
-Eine Subsystem\-Anmeldung wird durch einen \(Fc*\(Fo als erstes Zeichen der Anmelde\-Shell gekennzeichnet\&. Das angegebene Home\-Verzeichnis wird als Wurzel f\(:ur das Dateisystem verwendet, auf welchem der Benutzer tats\(:achlich angemeldet ist\&.
+Eine Subsystem\-Anmeldung wird durch einen \(Fc*\(Fo als erstes Zeichen der Anmelde\-Shell gekennzeichnet\&. Das angegebene pers\(:onliche Verzeichnis wird zur Wurzel des Verzeichnisbaumes, in dem der Benutzer tats\(:achlich angemeldet ist\&.
 .PP
 The
 \fBlogin\fR
@@ -98,7 +98,7 @@ from the shell prompt without
 .PP
 \fB\-f\fR
 .RS 4
-Keine Authentifizierung durchf\(:uhren, Benutzer ist bereits angemeldet\&.
+Keine Authentifizierung durchf\(:uhren, der Benutzer ist vorauthentifiziert\&.
 .sp
 Note: In that case,
 \fIusername\fR
@@ -107,17 +107,19 @@ is mandatory\&.
 .PP
 \fB\-h\fR
 .RS 4
-Name des entfernt stehenden Rechners f\(:ur die Anmeldung
+Name des fernen Rechners f\(:ur diese Anmeldung\&.
 .RE
 .PP
 \fB\-p\fR
 .RS 4
-beh\(:alt die Umgebungseinstellungen bei
+beh\(:alt die Umgebung bei\&.
 .RE
 .PP
 \fB\-r\fR
 .RS 4
-f\(:uhrt das Autologin\-Protokoll f\(:ur rlogin aus
+f\(:uhrt das Autologin\-Protokoll f\(:ur
+\fBrlogin\fR
+aus\&.
 .RE
 .PP
 The
@@ -134,7 +136,7 @@ This version of
 \fBlogin\fR
 has many compilation options, only some of which may be in use at any particular site\&.
 .PP
-Der Ort der Konfigurationsdateien kann je nach Konfiguration des Systems unterschiedlich sein\&.
+Der Ort von Dateien ist von der Konfiguration des Systems abh\(:angig\&.
 .PP
 The
 \fBlogin\fR
@@ -158,12 +160,12 @@ change the behavior of this tool:
 .PP
 /var/run/utmp
 .RS 4
-Liste der aktuellen angemeldeten Sitzungen
+Liste aktueller Anmeldungen
 .RE
 .PP
 /var/log/wtmp
 .RS 4
-Liste der vorangegangenen angemeldeten Sitzungen
+Liste vorangegangener Anmeldungen
 .RE
 .PP
 /etc/passwd
@@ -173,7 +175,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/motd
@@ -183,7 +185,7 @@ Datei mit der Systemmeldung des Tages
 .PP
 /etc/nologin
 .RS 4
-verhindert, dass sich Benutzer au\(sser Root anmelden
+existiert diese Datei, kann sich mit Ausnahme des Systemadministrators niemand anmelden\&.
 .RE
 .PP
 /etc/ttytype
@@ -193,12 +195,12 @@ Liste der Terminaltypen
 .PP
 $HOME/\&.hushlogin
 .RS 4
-unterdr\(:uckt die Ausgabe von Systemnachrichten
+unterdr\(:uckt die Ausgabe von Systemnachrichten nach erfolgreicher Anmeldung
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man1/newgrp.1 b/man/de/man1/newgrp.1
index 1945c41..cc4bcff 100644
--- a/man/de/man1/newgrp.1
+++ b/man/de/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "NEWGRP" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "NEWGRP" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-newgrp \- als neue Gruppe anmelden
+newgrp \- sich mit einer anderen Gruppenzugeh\(:origkeit anmelden
 .SH "\(:UBERSICHT"
 .HP \w'\fBnewgrp\fR\ 'u
-\fBnewgrp\fR [\-] [\fIGruppe\fR]
+\fBnewgrp\fR [\-] [\fIgroup\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -69,7 +69,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/group
@@ -79,7 +79,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man1/passwd.1 b/man/de/man1/passwd.1
index 7d41905..0ee0d4f 100644
--- a/man/de/man1/passwd.1
+++ b/man/de/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "PASSWD" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "PASSWD" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 passwd \- \(:andert das Passwort eines Benutzers
 .SH "\(:UBERSICHT"
 .HP \w'\fBpasswd\fR\ 'u
-\fBpasswd\fR [\fIOptionen\fR] [\fIANMELDENAME\fR]
+\fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -41,7 +41,7 @@ command changes passwords for user accounts\&. A normal user may only change the
 also changes the account or associated password validity period\&.
 .SS "Ver\(:andern des Passworts"
 .PP
-Der Benutzer wird zuerst nach seinem alten Passwort gefragt, falls eines vorhanden ist\&. Dieses Passwort wird dann verschl\(:usselt und mit dem gespeicherten Passwort verglichen\&. Der Benutzer hat nur eine Gelegenheit, das richtige Passwort einzugeben\&. Der Superuser kann diesen Schritt \(:uberspringen, um so vergessene Passw\(:orter zu \(:andern\&.
+Der Benutzer wird zuerst nach seinem alten Passwort gefragt, falls eines vorhanden ist\&. Dieses Passwort wird dann verschl\(:usselt und mit dem gespeicherten Passwort verglichen\&. Der Benutzer hat nur eine Gelegenheit, das richtige Passwort einzugeben\&. Der Systemadministrator kann diesen Schritt \(:uberspringen, um so vergessene Passw\(:orter zu \(:andern\&.
 .PP
 After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time\&. If not,
 \fBpasswd\fR
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
 .PP
 Der Benutzer wird dann aufgefordert, zweimal ein neues Passwort einzugeben\&. Beide Eingaben werden miteinander verglichen\&. Sie m\(:ussen \(:ubereinstimmen, damit das Passwort ge\(:andert wird\&.
 .PP
-Anschlie\(ssend wird das Passwort auf seine Komplexit\(:at \(:uberpr\(:uft\&. Eine allgemeine Richtlinie besagt, dass Passw\(:orter aus sechs bis acht Zeichen bestehen sollten und ein oder mehrere Zeichen aus folgenden Mengen enthalten sollten:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-Kleinbuchstaben
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-Ziffern 0 bis 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-Satzzeichen
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "Hinweise zu Benutzerpassw\(:ortern"
 .PP
 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -94,9 +59,11 @@ The security of a password depends upon the strength of the encryption algorithm
 System encryption method is based on the NBS DES algorithm\&. More recent methods are now recommended (see
 \fBENCRYPT_METHOD\fR)\&. The size of the key space depends upon the randomness of the password which is selected\&.
 .PP
-Gefahren f\(:ur die Sicherheit von Passw\(:ortern kommen gew\(:ohnlich von sorgloser Wahl oder Handhabung des Passworts\&. Daher sollten Sie kein Passwort w\(:ahlen, das in einem W\(:orterbuch auftaucht oder das aufgeschrieben werden muss\&. Das Passwort sollte somit kein echter Name, Ihr Autokennzeichen, Geburtstag oder Ihre Adresse sein\&. All das kann dazu verwendet werden, das Passwort zu erraten, und stellt daher eine Gefahr f\(:ur die Sicherheit Ihres Systems dar\&.
+Die unbedachte Auswahl von oder der sorglose Umgang mit ihnen macht Passw\(:orter unsicher\&. Daher sollten Sie kein Passwort w\(:ahlen, das in einem W\(:orterbuch auftaucht oder das aufgeschrieben werden muss\&. Das Passwort sollte zudem weder ein echter Name, noch Ihr Autokennzeichen, Geburtstag oder Ihre Adresse sein\&. All dies kann versuchsweise f\(:ur Angriffe auf das System benutzt werden\&.
+.PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
 .PP
-You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
+Ratschl\(:age, wie Sie ein sicheres Passwort w\(:ahlen, finden Sie unter http://de\&.wikipedia\&.org/wiki/Passwort#Wahl_von_sicheren_Passw%C3%B6rter \&.
 .SH "OPTIONEN"
 .PP
 The options which apply to the
@@ -112,17 +79,17 @@ and causes show status for all users\&.
 .PP
 \fB\-d\fR, \fB\-\-delete\fR
 .RS 4
-L\(:oscht das Passwort eines Benutzers (macht es leer)\&. Dies ist ein schneller Weg, um das Passwort eines Kontos zu deaktivieren\&. Dem Konto ist dann kein Passwort zugeordnet\&.
+l\(:oscht das Passwort eines Benutzers (macht es leer)\&. Dies ist ein schneller Weg, um das Passwort eines Kontos zu deaktivieren\&. Dem Konto ist dann kein Passwort zugeordnet\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-expire\fR
 .RS 4
-L\(:asst das Passwort eines Kontos sofort verfallen\&. Im Ergebnis kann damit erreicht werden, dass ein Benutzer beim n\(:achsten Login das Passwort \(:andern muss\&.
+macht dem Passwort sofort ung\(:ultig\&. Damit ist der Benutzer gezwungen, das Passwort bei der n\(:achsten Anmeldung zu \(:andern\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-i\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
@@ -134,12 +101,12 @@ days, the user may no longer sign on to the account\&.
 .PP
 \fB\-k\fR, \fB\-\-keep\-tokens\fR
 .RS 4
-Zeigt an, dass nur abgelaufene Passw\(:orter ge\(:andert werden sollen\&. Der Benutzer m\(:ochte seine g\(:ultigen Passw\(:orter unver\(:andert lassen\&.
+gibt an, dass nur abgelaufene Passw\(:orter ge\(:andert werden sollen und der Benutzer ein g\(:ultiges behalten will\&.
 .RE
 .PP
 \fB\-l\fR, \fB\-\-lock\fR
 .RS 4
-Sperrt das Passwort des bezeichneten Kontos\&. Die Option schaltet ein Passwort ab, indem es ihm einen Wert zuweist, der mit keinem m\(:oglichen verschl\(:usselten Wert \(:ubereinstimmen kann\&. Dies geschieht, indem ein \(Fc!\(Fo dem Passwort vorangestellt wird\&.
+sperrt das Passwort des bezeichneten Kontos\&. Die Option schaltet ein Passwort ab, indem es ihm einen Wert zuweist, der mit keinem m\(:oglichen verschl\(:usselten Wert \(:ubereinstimmen kann\&. Dies geschieht, indem ein \(Fc!\(Fo dem Passwort vorangestellt wird\&.
 .sp
 Note that this does not disable the account\&. The user may still be able to login using another authentication token (e\&.g\&. an SSH key)\&. To disable the account, administrators should use
 \fBusermod \-\-expiredate 1\fR
@@ -175,9 +142,15 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
-Zeigt Informationen \(:uber den Kontostatus an\&. Die Statusinformation besteht aus sieben Feldern\&. Das erste Feld ist der Anmeldename des Benutzers\&. Das zweite Feld zeigt an, ob das Benutzerkonto ein gesperrtes Passwort (L), kein Passwort (NP) oder ein verwendbares Passwort hat (P)\&. Das dritte Feld zeigt das Datum der letzten \(:Anderung des Passworts an\&. Die n\(:achsten vier Felder sind das Mindestalter, das H\(:ochstalter, die Dauer der Warnung und die Dauer der Unt\(:atigkeit f\(:ur das Passwort\&. Die Zeitr\(:aume werden in Tagen ausgedr\(:uckt\&.
+zeigt den Status des Kontos an\&. Er setzt sich aus Informationen in sieben Feldern zusammen\&. Das erste Feld ist der Anmeldename des Benutzers\&. Das zweite Feld zeigt an, ob das Benutzerkonto ein gesperrtes Passwort (L), kein Passwort (NP) oder ein verwendbares Passwort hat (P)\&. Das dritte Feld zeigt das Datum der letzten \(:Anderung des Passworts an\&. Die n\(:achsten vier Felder sind die Mindest\- und H\(:ochstzeit f\(:ur seine Verwendung, die Vorwarnzeit und die Karenzzeit in Zusammenhang mit seinem Ablauf\&. Diese Zeiten werden in Tagen ausgedr\(:uckt\&.
 .RE
 .PP
 \fB\-u\fR, \fB\-\-unlock\fR
@@ -205,9 +178,14 @@ as
 \fIMAX_DAYS\fR
 will remove checking a password\*(Aqs validity\&.
 .RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
 .SH "WARNUNGEN"
 .PP
-Die Komplexit\(:at der Passwortpr\(:ufung kann sich auf verschiedenen Systemen unterscheiden\&. Der Benutzer wird angehalten, ein m\(:oglichst komplexes, von ihm aber gut zu verwendendes Passwort zu w\(:ahlen\&.
+Die Pr\(:ufung des Passwortes auf Komplexit\(:at kann je nach System verschieden sein\&. Benutzer und Benutzerinnen werden angehalten, ein komplexes aber noch angenehmes Passwort zu w\(:ahlen\&.
 .PP
 Benutzer k\(:onnen unter Umst\(:anden ihr Passwort nicht \(:andern, wenn auf dem System NIS aktiviert ist, sie aber nicht am NIS\-Server angemeldet sind\&.
 .SH "KONFIGURATION"
@@ -224,12 +202,12 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "R\(:UCKGABEWERTE"
 .PP
@@ -277,7 +255,10 @@ invalid argument to option
 .SH "SIEHE AUCH"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/de/man1/sg.1 b/man/de/man1/sg.1
index 7a90391..edae327 100644
--- a/man/de/man1/sg.1
+++ b/man/de/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "SG" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "SG" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-sg \- f\(:uhrt einen Befehl unter einer anderen Gruppen\-ID aus
+sg \- f\(:uhrt einen Befehl unter einer anderen Gruppenkennung aus
 .SH "\(:UBERSICHT"
 .HP \w'\fBsg\fR\ 'u
 \fBsg\fR [\-] [group\ [\-c\ ]\ command]
@@ -68,7 +68,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/group
@@ -78,7 +78,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man1/su.1 b/man/de/man1/su.1
index ae28464..598d4cb 100644
--- a/man/de/man1/su.1
+++ b/man/de/man1/su.1
@@ -2,12 +2,12 @@
 .\"     Title: su
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Dienstprogramme f\(:ur Benutzer
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "SU" "1" "08.11.2022" "shadow\-utils 4\&.13" "Dienstprogramme f\(:ur Benutzer"
+.TH "SU" "1" "21.06.2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-su \- \(:andert die Benutzer\-ID oder wechselt zu Root
+su \- wechseln in die Identit\(:at des Systemadministrators oder die eines anderen Benutzers
 .SH "\(:UBERSICHT"
 .HP \w'\fBsu\fR\ 'u
-\fBsu\fR [\fIOptionen\fR] [\fI\-\fR] [\fIBenutzername\fR\ [\ \fIargs\fR\ ]]
+\fBsu\fR [\fIoptions\fR] [\fI\-\fR] [\fIusername\fR\ [\ \fIargs\fR\ ]]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -53,7 +53,7 @@ option is special: it is also recognized after
 \fB\-\-\fR, but has to be placed before
 \fBusername\fR\&.
 .PP
-Der Benutzer wird gegebenenfalls nach einem Passwort gefragt\&. Ung\(:ultige Passworteingaben werden eine Fehlermeldung erzeugen\&. Sowohl erfolgreiche als auch misslungene Versuche werden protokolliert, um Missbrauch des Systems zu entdecken\&.
+Der Benutzer wird gegebenenfalls nach einem Passwort gefragt\&. Ung\(:ultige Passw\(:orter l\(:osen eine Fehlermeldung aus\&. Als Schutz gegen einen Missbrauch des Systems werden sowohl erfolgreiche als auch misslungene Versuche protokolliert\&.
 .PP
 The current environment is passed to the new shell\&. The value of
 \fB$PATH\fR
@@ -68,7 +68,7 @@ and
 definitions in
 /etc/login\&.defs\&.
 .PP
-Eine Subsystem\-Anmeldung wird durch einen \(Fc*\(Fo als erstes Zeichen der Anmelde\-Shell gekennzeichnet\&. Das angegebene Home\-Verzeichnis wird als Wurzel f\(:ur das Dateisystem verwendet, auf welchem der Benutzer tats\(:achlich angemeldet ist\&.
+Eine Subsystem\-Anmeldung wird durch einen \(Fc*\(Fo als erstes Zeichen der Anmelde\-Shell gekennzeichnet\&. Das angegebene pers\(:onliche Verzeichnis wird zur Wurzel des Verzeichnisbaumes, in dem der Benutzer tats\(:achlich angemeldet ist\&.
 .SH "OPTIONEN"
 .PP
 The options which apply to the
@@ -80,12 +80,12 @@ command are:
 Specify a command that will be invoked by the shell using its
 \fB\-c\fR\&.
 .sp
-The executed command will have no controlling terminal\&. This option cannot be used to execute interactive programs which need a controlling TTY\&.
+Der Befehl wird ohne ein ihm zugeordnetes Terminal ausgef\(:uhrt\&. Daher eignet sich diese Option nicht f\(:ur interaktive Programme, deren Bedienung \(:uber ein Terminalfenster (TTY) erfolgt\&.
 .RE
 .PP
 \fB\-\fR, \fB\-l\fR, \fB\-\-login\fR
 .RS 4
-Eine Umgebung wird zur Verf\(:ugung gestellt, die der entspricht, die der Benutzer nach einer direkten Anmeldung erwartet\&.
+stellt eine Umgebung zur Verf\(:ugung, die jener entspricht, die der Benutzer erwarten w\(:urde, wenn er sich direkt anmeldete\&.
 .sp
 When
 \fB\-\fR
@@ -98,7 +98,7 @@ and
 .PP
 \fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
 .RS 4
-die Shell, die gestartet wird
+gibt die zu startende Shell an\&.
 .sp
 The invoked shell is chosen from (highest priority first):
 .PP
@@ -237,12 +237,12 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "R\(:UCKGABEWERTE"
 .PP
diff --git a/man/de/man3/shadow.3 b/man/de/man3/shadow.3
index 0fd6d69..eb6e81c 100644
--- a/man/de/man3/shadow.3
+++ b/man/de/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Bibliotheksaufrufe
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: Library Calls
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "SHADOW" "3" "08.11.2022" "shadow\-utils 4\&.13" "Bibliotheksaufrufe"
+.TH "SHADOW" "3" "21.06.2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,14 +28,14 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-shadow, getspnam \- Routinen f\(:ur die Datei, die die verschl\(:usselten Passw\(:orter enth\(:alt
+shadow, getspnam \- Routinen f\(:ur die Dateien mit verschl\(:usselten Passw\(:ortern
 .SH "SYNTAX"
 .PP
 \fI#include <shadow\&.h>\fR
 .PP
 \fIstruct spwd *getspent();\fR
 .PP
-\fItruct spwd *getspnam(char\fR
+\fIstruct spwd *getspnam(char\fR
 \fI*name\fR\fI);\fR
 .PP
 \fIvoid setspent();\fR
@@ -50,7 +50,7 @@ shadow, getspnam \- Routinen f\(:ur die Datei, die die verschl\(:usselten Passw\
 .PP
 \fIint putspent(struct spwd\fR
 \fI*p,\fR
-\fIDATEIEN\fR
+\fIFILE\fR
 \fI*fp\fR\fI);\fR
 .PP
 \fIint lckpwdf();\fR
@@ -95,7 +95,7 @@ Die Bedeutung dieser Felder ist:
 .sp -1
 .IP \(bu 2.3
 .\}
-sp_namp \- Verweis auf Benutzername, der mit einer Null endet
+sp_namp \- Verweis auf den Anmeldenamen, mit NULL als Schlusszeichen
 .RE
 .sp
 .RS 4
@@ -106,7 +106,7 @@ sp_namp \- Verweis auf Benutzername, der mit einer Null endet
 .sp -1
 .IP \(bu 2.3
 .\}
-sp_pwdp \- Verweis auf Passwort, das mit einer Null endet
+sp_pwdp \- Verweis auf verschl\(:usseltes Passwort, mit NULL als Schlusszeichen
 .RE
 .sp
 .RS 4
@@ -117,7 +117,7 @@ sp_pwdp \- Verweis auf Passwort, das mit einer Null endet
 .sp -1
 .IP \(bu 2.3
 .\}
-sp_lstchg \- Anzahl der Tage gerechnet ab dem 1\&. Januar 1970, seitdem das Passwort das letzte Mal ge\(:andert wurde
+sp_lstchg \- Tag, gez\(:ahlt ab dem 1\&. Januar 1970, an dem das Passwort das letzte Mal ge\(:andert wurde
 .RE
 .sp
 .RS 4
@@ -128,7 +128,7 @@ sp_lstchg \- Anzahl der Tage gerechnet ab dem 1\&. Januar 1970, seitdem das Pass
 .sp -1
 .IP \(bu 2.3
 .\}
-sp_min \- Anzahl der Tage, ehe das Passwort nicht ge\(:andert werden darf
+sp_min \- Anzahl der Tage, die das Passwort nicht ge\(:andert werden darf
 .RE
 .sp
 .RS 4
@@ -150,7 +150,7 @@ sp_max \- Anzahl der Tage, nach denen das Passwort ge\(:andert werden muss
 .sp -1
 .IP \(bu 2.3
 .\}
-sp_warn \- Anzahl der Tage ehe das Passwort verf\(:allt, an denen der Benutzer vor dem Verfall gewarnt wird
+sp_warn \- Anzahl der Tage vor dem Ablaufen des Passworts, an welchen der Benutzer eine entsprechende Warnung erh\(:alt
 .RE
 .sp
 .RS 4
@@ -161,7 +161,7 @@ sp_warn \- Anzahl der Tage ehe das Passwort verf\(:allt, an denen der Benutzer v
 .sp -1
 .IP \(bu 2.3
 .\}
-sp_inact \- Anzahl der Tage nach dem Verfall des Passworts, nach denen das Konto als inaktiv angesehen und abgeschaltet wird
+sp_inact \- Anzahl der Tage nach Ablauf des Passworts, nach denen der Benutzer als inaktiv angesehen wird und den Zugriff auf das Konto verliert
 .RE
 .sp
 .RS 4
@@ -172,7 +172,7 @@ sp_inact \- Anzahl der Tage nach dem Verfall des Passworts, nach denen das Konto
 .sp -1
 .IP \(bu 2.3
 .\}
-sp_expire \- Anzahl Tage gerechnet ab dem 1\&. Januar 1970, f\(:ur die das Konto abgeschaltet ist
+sp_expire \- Tage, gez\(:ahlt ab dem 1\&. Januar 1970, an dem das Konto erl\(:oschen soll
 .RE
 .sp
 .RS 4
@@ -232,12 +232,12 @@ Routines return NULL if no more entries are available or if an error occurs duri
 as the return value return 0 for success and \-1 for failure\&.
 .SH "WARNUNGEN"
 .PP
-Diese Routinen k\(:onnen nur von Root verwendet werden, da der Zugriff auf die Shadow\-Passwort\-Datei beschr\(:ankt ist\&.
+Nur der Systemadministrator kann diese Routinen verwenden, da der Zugriff auf die gesch\(:utzte Passwortdatei beschr\(:ankt ist\&.
 .SH "DATEIEN"
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man5/faillog.5 b/man/de/man5/faillog.5
index e423aeb..6551790 100644
--- a/man/de/man5/faillog.5
+++ b/man/de/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "FAILLOG" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "FAILLOG" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,15 +28,15 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-faillog \- Datei mit fehlgeschlagenen Anmeldungen
+faillog \- Datei zur Protokollierung von Anmeldefehlschl\(:agen
 .SH "BESCHREIBUNG"
 .PP
 /var/log/faillog
 maintains a count of login failures and the limits for each account\&.
 .PP
-Eintr\(:age in dieser Datei haben eine festgelegte L\(:ange und sind der zahlenm\(:a\(ssigen UID nach angeordnet\&. Jeder Eintrag besteht aus der Anzahl der fehlgeschlagenen Anmeldungen seit der letzten erfolgreichen Anmeldung, der maximalen Anzahl von Fehlschl\(:agen, ehe das Konto abgeschaltet wird, dem Ger\(:at, auf dem die letzte fehlgeschlagene Anmeldung erfolgte, das Datum der letzten fehlgeschlagenen Anmeldung und die Dauer in Sekunden, f\(:ur die das Konto nach einem Fehlschlag gesperrt ist\&.
+Eintr\(:age in dieser Datei haben eine feste L\(:ange und sind mit der Benutzerkennung als Index versehen\&. Jeder Eintrag besteht aus der Anzahl der Anmeldefehlschl\(:age seit der letzten erfolgreichen Anmeldung, der maximalen Anzahl von Fehlschl\(:agen, ehe das Konto gesperrt wird, der xxx Leitung|Verbindung, auf der der letzte Anmeldefehlschlag erfolgte, dessen Datum und die Zeit in Sekunden, f\(:ur die nach einem Fehlschlag das Konto gesperrt wird\&.
 .PP
-Die Datei ist so aufgebaut:
+Die Datei ist folgenderma\(ssen aufgebaut:
 .sp
 .if n \{\
 .RS 4
@@ -57,7 +57,7 @@ struct	faillog {
 .PP
 /var/log/faillog
 .RS 4
-Datei mit fehlgeschlagenen Anmeldungen
+Datei zur Protokollierung von Anmeldefehlchl\(:agen
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man5/gshadow.5 b/man/de/man5/gshadow.5
index e8d0743..0f18217 100644
--- a/man/de/man5/gshadow.5
+++ b/man/de/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GSHADOW" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "GSHADOW" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-gshadow \- Shadow\-Datei f\(:ur Gruppen
+gshadow \- gesch\(:utzte Datei mit Benutzergruppen
 .SH "BESCHREIBUNG"
 .PP
 /etc/gshadow
@@ -36,14 +36,14 @@ contains the shadowed information for group accounts\&.
 .PP
 Um die Sicherheit der Passw\(:orter zu gew\(:ahrleisten, darf diese Datei nicht f\(:ur normale Benutzer lesbar sein\&.
 .PP
-Die darin enthaltenen Zeilen haben folgende Felder, die durch Doppelpunkt getrennt sind:
+Jede Zeile dieser Datei setzt sich aus folgenden, durch Doppelpunkt getrennte Felder zusammen:
 .PP
-\fBGruppenname\fR
+\fBgroup name\fR
 .RS 4
 Es muss sich um einen g\(:ultigen, auf dem System vorhandenen Gruppennamen handeln\&.
 .RE
 .PP
-\fBverschl\(:usseltes Passwort\fR
+\fBencrypted password\fR
 .RS 4
 Refer to
 \fBcrypt\fR(3)
@@ -55,15 +55,15 @@ If the password field contains some string that is not a valid result of
 The password is used when a user who is not a member of the group wants to gain the permissions of this group (see
 \fBnewgrp\fR(1))\&.
 .sp
-Dieses Feld kann leer bleiben\&. Dies hat zur Folge, dass nur Gruppenmitglieder von den Rechten der Gruppe Gebrauch machen k\(:onnen\&.
+Dieses Feld kann leer bleiben\&. Dies hat zur Folge, dass die Rechte der Gruppe Gruppenmitglieder vorbehalten sind\&.
 .sp
-A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&.
+Ein Passwortfeld, das mit einem Ausrufezeichen beginnt, f\(:uhrt dazu, dass das Passwort gesperrt ist\&. Die \(:ubrigen Zeichen entsprechen dem Passwort vor der Sperrung\&.
 .sp
 This password supersedes any password specified in
 /etc/group\&.
 .RE
 .PP
-\fBGruppenverwalter\fR
+\fBadministrators\fR
 .RS 4
 Es muss sich dabei um eine durch Kommas getrennte Liste von Benutzernamen handeln\&.
 .sp
@@ -72,11 +72,11 @@ Gruppenverwalter k\(:onnen das Passwort und die Mitglieder der Gruppe \(:andern\
 Gruppenverwalter haben die gleichen Recht wie die Gruppenmitglieder (siehe unten)\&.
 .RE
 .PP
-\fBMitglieder\fR
+\fBmembers\fR
 .RS 4
 Es muss sich dabei um eine durch Kommas getrennte Liste von Benutzernamen handeln\&.
 .sp
-Mitglieder haben Zugang zu der Gruppe, ohne eine Passwort eingeben zu m\(:ussen\&.
+Mitglieder haben, ohne um ein Passwort gebeten zu werden, Zugang zu der Gruppe\&.
 .sp
 You should use the same list of users as in
 /etc/group\&.
@@ -90,7 +90,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man5/limits.5 b/man/de/man5/limits.5
index 07222ef..29ebc2c 100644
--- a/man/de/man5/limits.5
+++ b/man/de/man5/limits.5
@@ -2,12 +2,12 @@
 .\"     Title: limits
 .\"    Author: Luca Berra
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "LIMITS" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LIMITS" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-limits \- Festlegung von Resourcenbeschr\(:ankungen
+limits \- legt Beschr\(:ankungen zur Nutzung von Ressourcen fest
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -37,15 +37,15 @@ file (/etc/limits
 by default or LIMITS_FILE defined
 config\&.h) describes the resource limits you wish to impose\&. It should be owned by root and readable by root account only\&.
 .PP
-Standardm\(:a\(ssig bestehen f\(:ur Root keine Einschr\(:ankungen\&. Tats\(:achlich gibt es keine M\(:oglichkeit, mit diesem Verfahren Root\-Konten (Konten mit der UID 0) Beschr\(:ankungen aufzuerlegen\&.
+Standardm\(:a\(ssig sind dem Benutzer \(Fcroot\(Fo keine Beschr\(:ankungen auferlegt\&. Tats\(:achlich gibt ist keinen Weg, ihm oder \(:ahnlich privilegierten Nutzern (Konten mit der Benutzerkennung 0) Beschr\(:ankungen aufzuerlegen\&.
 .PP
 Jede Zeile beschreibt eine Beschr\(:ankung f\(:ur einen Benutzer in der Form:
 .PP
-\fIBenutzer BESCHR\(:ANKUNGSZEICHENKETTE\fR
+\fIuser LIMITS_STRING\fR
 .PP
 oder in der Form:
 .PP
-\fI@Gruppe BESCHR\(:ANKUNGSZEICHENKETTE\fR
+\fI@group LIMITS_STRING\fR
 .PP
 The
 \fILIMITS_STRING\fR
@@ -61,7 +61,7 @@ G\(:ultige Kennungen sind:
 .sp -1
 .IP \(bu 2.3
 .\}
-A: maximaler Adressraum (KB)
+A: maximaler Adressraum (kB)
 .RE
 .sp
 .RS 4
@@ -72,7 +72,7 @@ A: maximaler Adressraum (KB)
 .sp -1
 .IP \(bu 2.3
 .\}
-C: maximale Gr\(:o\(sse der Speicherabbild\-Datei
+C: maximale Gr\(:o\(sse der Speicherauszugs\-Datei (kB)
 .RE
 .sp
 .RS 4
@@ -83,7 +83,7 @@ C: maximale Gr\(:o\(sse der Speicherabbild\-Datei
 .sp -1
 .IP \(bu 2.3
 .\}
-D: maximale Datengr\(:o\(sse (KB)
+D: maximale Datenmenge (kB)
 .RE
 .sp
 .RS 4
@@ -94,7 +94,7 @@ D: maximale Datengr\(:o\(sse (KB)
 .sp -1
 .IP \(bu 2.3
 .\}
-F: maximum file size (KB)
+F: maximale Dateigr\(:o\(sse (kB)
 .RE
 .sp
 .RS 4
@@ -128,7 +128,7 @@ I: Maximaler Wert von nice (0 bis 39, was in 20 bis \-19 \(:ubersetzt wird)
 .sp -1
 .IP \(bu 2.3
 .\}
-L: maximale Anzahl von Logins f\(:ur diesen Benutzer
+L: maximale Anzahl von Anmeldungen f\(:ur diesen Benutzer
 .RE
 .sp
 .RS 4
@@ -139,7 +139,7 @@ L: maximale Anzahl von Logins f\(:ur diesen Benutzer
 .sp -1
 .IP \(bu 2.3
 .\}
-M: maximaler gesperrter Adressbereich im Speicher (KB)
+M: maximaler gesperrter Adressbereich im Speicher (kB)
 .RE
 .sp
 .RS 4
@@ -161,7 +161,7 @@ N: maximale Anzahl offener Dateien
 .sp -1
 .IP \(bu 2.3
 .\}
-O: Maximale Echtzeit\-Priorit\(:at
+O: maximale Echtzeit\-Priorit\(:at
 .RE
 .sp
 .RS 4
@@ -184,7 +184,9 @@ P: process priority, set by
 .sp -1
 .IP \(bu 2.3
 .\}
-R: maximale Resident Set Size (KB)
+R: maximale Arbeitsspeicherbelegung, siehe
+\fBproc\fR(5)
+\(Fcresident set size\(Fo (kB)
 .RE
 .sp
 .RS 4
@@ -195,7 +197,9 @@ R: maximale Resident Set Size (KB)
 .sp -1
 .IP \(bu 2.3
 .\}
-S: maximale Gr\(:o\(sse des Stapelverarbeitungsspeichers (KB)
+S: maximale Gr\(:o\(sse des Stapelverarbeitungsspeichers, siehe
+\fBproc\fR(5)
+\(Fcstack\(Fo (kB)
 .RE
 .sp
 .RS 4
@@ -206,7 +210,7 @@ S: maximale Gr\(:o\(sse des Stapelverarbeitungsspeichers (KB)
 .sp -1
 .IP \(bu 2.3
 .\}
-T: maximale CPU\-Zeit (Min)
+T: maximale CPU\-Zeit (min)
 .RE
 .sp
 .RS 4
@@ -251,7 +255,7 @@ entries in your
 The limits specified in the form "\fI@group\fR" apply to the members of the specified
 \fIgroup\fR\&.
 .PP
-If more than one line with limits for a user exist, only the first line for this user will be considered\&.
+Wenn mehr als eine Zeile mit Beschr\(:ankungen f\(:ur eine Benutzerin vorhanden ist, wird f\(:ur sie nur die erste Zeile ber\(:ucksichtigt\&.
 .PP
 If no lines are specified for a user, the last
 \fI@group\fR
@@ -261,7 +265,9 @@ To completely disable limits for a user, a single dash "\fI\-\fR" will do\&.
 .PP
 To disable a limit for a user, a single dash "\fI\-\fR" can be used instead of the numerical value for this limit\&.
 .PP
-Ber\(:ucksichtigen Sie auch, dass alle Beschr\(:ankungen nur JE ANMELDUNG gelten\&. Sie sind nicht global und auch nicht dauerhaft\&. Vielleicht wird es einmal globale Beschr\(:ankungen geben, f\(:ur jetzt muss dies aber reichen ;)
+Ber\(:ucksichtigen Sie auch, dass alle Beschr\(:ankungen nur
+\fIje Anmeldung\fR
+gelten\&. Sie sind nicht global und auch nicht dauerhaft\&. Vielleicht wird es einmal globale Beschr\(:ankungen geben, f\(:ur jetzt muss dies aber reichen ;)
 .SH "DATEIEN"
 .PP
 /etc/limits
diff --git a/man/de/man5/login.access.5 b/man/de/man5/login.access.5
index 04fd0bb..4e3730e 100644
--- a/man/de/man5/login.access.5
+++ b/man/de/man5/login.access.5
@@ -2,12 +2,12 @@
 .\"     Title: login.access
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "LOGIN\&.ACCESS" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.ACCESS" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-login.access \- Tabelle f\(:ur die Zugangskontrolle zur Anmeldung
+login.access \- Tabelle zur Zugangssteuerung
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -39,7 +39,7 @@ When someone logs in, the
 \fIlogin\&.access\fR
 is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&.
 .PP
-Jede Zeile der Tabelle f\(:ur die Zugangskontrolle enth\(:alt drei Felder, die jeweils durch einen Doppelpunkt \(Fc:\(Fo getrennt sind:
+Jede Zeile der Tabelle zur Zugangssteuerung enth\(:alt drei Felder, die durch einen Doppelpunkt \(Fc:\(Fo getrennt sind:
 .PP
 \fIpermission\fR:\fIusers\fR:\fIorigins\fR
 .PP
@@ -55,12 +55,12 @@ The
 \fIEXCEPT\fR
 operator makes it possible to write very compact rules\&.
 .PP
-Die Gruppendatei wird nur durchsucht, wenn ein Name nicht mit dem des angemeldeten Benutzers \(:ubereinstimmt\&. Eine \(:Ubereinstimmung mit Gruppen wird nur festgestellt, wenn darin der Benutzer ausdr\(:ucklich aufgef\(:uhrt ist\&. Das Programm beachtet also nicht den Wert der Hauptgruppe des Benutzers\&.
+Die Datei \(Fcgroup\(Fo wird nur ber\(:ucksichtigt, wenn ein Name nicht mit dem des angemeldeten Benutzers \(:ubereinstimmt\&. Als passend gelten nur Gruppen, in welchen Benutzer ausdr\(:ucklich aufgef\(:uhrt sind\&. Das Programm beachtet die prim\(:are Gruppe des Benutzers nicht\&.
 .SH "DATEIEN"
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man5/login.defs.5 b/man/de/man5/login.defs.5
index f5c1cec..5a3f6ca 100644
--- a/man/de/man5/login.defs.5
+++ b/man/de/man5/login.defs.5
@@ -2,12 +2,12 @@
 .\"     Title: login.defs
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "LOGIN\&.DEFS" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.DEFS" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,14 +28,14 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-login.defs \- Konfiguration der Werkzeugsammlung f\(:ur Shadow\-Passw\(:orter
+login.defs \- Konfiguration der Shadow\-Passwort\-Programmsammlung
 .SH "BESCHREIBUNG"
 .PP
 The
 /etc/login\&.defs
 file defines the site\-specific configuration for the shadow password suite\&. This file is required\&. Absence of this file will not prevent system operation, but will probably result in undesirable operation\&.
 .PP
-Diese Datei ist eine lesbare Textdatei\&. Jede Zeile der Datei beschreibt einen Konfigurationsparameter\&. Eine Zeile besteht aus einem Konfigurationsnamen und einem Wert, die durch ein Leerzeichen getrennt sind\&. Leer\- und Kommentarzeilen werden nicht beachtet\&. Kommentare werden mit dem Rautezeichen \(Fc#\(Fo eingeleitet\&. Die Raute muss das erste nicht leere Zeichen der Zeile sein\&.
+Diese Datei ist eine lesbare Textdatei\&. Jede Zeile der Datei beschreibt einen Konfigurationsparameter und besteht aus dessen Namen und einem Wert; beides durch Leerraumzeichen voneinander getrennt\&. Leer\- und Kommentarzeilen werden nicht beachtet\&. Kommentare werden mit dem Rautezeichen \(Fc#\(Fo eingeleitet, wobei es das erste nicht leere Zeichen der Zeile sein muss\&.
 .PP
 Parameter values may be of four types: strings, booleans, numbers, and long numbers\&. A string is comprised of any printable characters\&. A boolean should be either the value
 \fIyes\fR
@@ -46,7 +46,7 @@ value\&. Numbers (both regular and long) may be either decimal values, octal val
 \fI0\fR) or hexadecimal values (precede the value with
 \fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&.
 .PP
-Die folgenden Konfigurationsm\(:oglichkeiten sind vorhanden:
+Folgende Merkmale k\(:onnen konfiguriert werden:
 .PP
 \fBPASS_MAX_DAYS\fR,
 \fBPASS_MIN_DAYS\fR
@@ -55,7 +55,7 @@ and
 are only used at the time of account creation\&. Any changes to these settings won\*(Aqt affect existing accounts\&.
 .SH "QUERVERWEISE"
 .PP
-Die folgenden Querverweise zeigen, welche Programme aus der Shadow\-Passwort\-Werkzeugsammlung welche Parameter verwenden\&.
+Die folgenden Querverweise zeigen, welche Programme aus der Shadow\-Passwort\-Sammlung welche Parameter verwenden\&.
 .PP
 chfn
 .RS 4
@@ -192,8 +192,7 @@ USERGROUPS_ENAB
 .PP
 sulogin
 .RS 4
-ENV_HZ
-ENV_TZ
+ENV_HZ ENV_TZ
 .RE
 .PP
 useradd
diff --git a/man/de/man5/passwd.5 b/man/de/man5/passwd.5
index b274906..620a79e 100644
--- a/man/de/man5/passwd.5
+++ b/man/de/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "PASSWD" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PASSWD" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,7 +53,7 @@ Anmeldename
 .sp -1
 .IP \(bu 2.3
 .\}
-optional verschl\(:usseltes Passwort
+verschl\(:usseltes Passwort (optional)
 .RE
 .sp
 .RS 4
@@ -64,7 +64,7 @@ optional verschl\(:usseltes Passwort
 .sp -1
 .IP \(bu 2.3
 .\}
-numerische Benutzer\-ID
+Benutzerkennung (numerisch)
 .RE
 .sp
 .RS 4
@@ -75,7 +75,7 @@ numerische Benutzer\-ID
 .sp -1
 .IP \(bu 2.3
 .\}
-numerische Gruppen\-ID
+Gruppenkennung (numerisch)
 .RE
 .sp
 .RS 4
@@ -86,7 +86,7 @@ numerische Gruppen\-ID
 .sp -1
 .IP \(bu 2.3
 .\}
-Benutzername oder Kommentarfeld
+Feld f\(:ur den kompletten Namen des Benutzer und erg\(:anzende Informationen zu ihm (GECOS\-Feld)
 .RE
 .sp
 .RS 4
@@ -97,7 +97,7 @@ Benutzername oder Kommentarfeld
 .sp -1
 .IP \(bu 2.3
 .\}
-Home\-Verzeichnis des Benutzers
+pers\(:onliches Verzeichnis des Benutzers
 .RE
 .sp
 .RS 4
@@ -108,7 +108,7 @@ Home\-Verzeichnis des Benutzers
 .sp -1
 .IP \(bu 2.3
 .\}
-optional Befehlsinterpreter des Benutzers
+Befehlsinterpreter des Benutzers (optional)
 .RE
 .PP
 If the
@@ -169,14 +169,14 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-optionale Datei f\(:ur verschl\(:usseltes Passwort
+optionale Datei f\(:ur verschl\(:usselte Passw\(:orter
 .RE
 .PP
 /etc/passwd\-
 .RS 4
 Sicherungskopie von /etc/passwd
 .sp
-Beachten Sie, dass diese Datei von Werkzeugen der Shadow\-Werkzeugsammlung verwendet wird, aber nicht von allen sonstigen Programmen zur Benutzer\- und Passwortverwaltung\&.
+Beachten Sie, dass diese Datei von den Hilfsprogrammen des Shadow\-Projektes verwendet wird; von anderen Programmen zur Benutzer\- und Passwortverwaltung jedoch nicht unbedingt\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man5/porttime.5 b/man/de/man5/porttime.5
index ac127d4..c6aae57 100644
--- a/man/de/man5/porttime.5
+++ b/man/de/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "PORTTIME" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PORTTIME" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,13 +28,13 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-porttime \- Datei f\(:ur zeitlich begrenzten Zugang zu Ports
+porttime \- Datei mit zeitlichen Zugangsbegrenzungen f\(:ur Ports
 .SH "BESCHREIBUNG"
 .PP
 \fIporttime\fR
 contains a list of tty devices, user names, and permitted login times\&.
 .PP
-Jeder Eintrag besteht aus drei Feldern, die durch Doppelpunkte getrennt sind\&. Das erste Feld enth\(:alt eine Liste von tty\-Ger\(:aten, die durch Kommata getrennt sind, oder einen Stern, was bedeutet, dass dieser Eintrag auf alle tty\-Ger\(:ate zutrifft\&. Das zweite Feld enth\(:alt eine Liste von Benutzernamen, die durch Kommata getrennt sind, oder einen Stern, was bedeutet, dass dieser Eintrag auf alle Benutzernamen zutrifft\&. Das dritte Feld ist eine Liste von Anmeldezeiten, die durch Kommata getrennt sind\&.
+Jeder Eintrag besteht aus drei Feldern, die durch Doppelpunkte getrennt sind\&. Das erste Feld enth\(:alt eine Liste von TTY\-Ger\(:aten, die durch Kommas getrennt sind, oder einen Stern, was bedeutet, dass dieser Eintrag auf alle TTY\-Ger\(:ate zutrifft\&. Das zweite Feld enth\(:alt eine durch Kommas getrennte Liste von Benutzernamen oder einen Stern, was bedeutet, dass dieser Eintrag auf alle Benutzernamen zutrifft\&. Das dritte Feld ist eine Liste zul\(:assiger Zugangszeiten, die durch Kommas getrennt sind\&.
 .PP
 Each access time entry consists of zero or more days of the week, abbreviated
 \fISu\fR,
@@ -89,7 +89,7 @@ on any port during non\-working hours\&.
 .PP
 /etc/porttime
 .RS 4
-Datei, die den Port\-Zugriff enth\(:alt\&.
+Datei, die Zugriffe auf Ports regelt
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man5/shadow.5 b/man/de/man5/shadow.5
index 032cd80..aa9ced4 100644
--- a/man/de/man5/shadow.5
+++ b/man/de/man5/shadow.5
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "SHADOW" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SHADOW" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-shadow \- Shadow\-Passwortdatei
+shadow \- gesch\(:utzte Passwortdatei
 .SH "BESCHREIBUNG"
 .PP
 shadow
@@ -38,18 +38,18 @@ Um die Sicherheit der Passw\(:orter zu gew\(:ahrleisten, darf diese Datei nicht
 .PP
 Each line of this file contains 9 fields, separated by colons (\(Bq:\(lq), in the following order:
 .PP
-\fBAnmeldename\fR
+\fBlogin name\fR
 .RS 4
-Dabei muss es sich um eine g\(:ultigen Kontonamen handeln, der auf dem System existiert\&.
+Dabei muss es sich um einen g\(:ultigen Kontonamen handeln, der auf dem System existiert\&.
 .RE
 .PP
-\fBverschl\(:usseltes Passwort\fR
+\fBencrypted password\fR
 .RS 4
 This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the
 /etc/shadow
 file may decide not to permit any access at all if the password field is empty\&.
 .sp
-A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&.
+Ein Passwortfeld, das mit einem Ausrufezeichen beginnt, f\(:uhrt dazu, dass das Passwort gesperrt ist\&. Die \(:ubrigen Zeichen entsprechen dem Passwort vor der Sperrung\&.
 .sp
 Refer to
 \fBcrypt\fR(3)
@@ -59,61 +59,61 @@ If the password field contains some string that is not a valid result of
 \fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
 .RE
 .PP
-\fBDatum, an dem das Passwort das letzte Mal ge\(:andert wurde\fR
+\fBdate of last password change\fR
 .RS 4
 The date of the last password change, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
-The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system\&.
+Dem Wert 0 kommt eine besondere Bedeutung zu: Der Benutzer sollte sein Passwort bei der n\(:achsten Anmeldung \(:andern\&.
 .sp
-Ein leeres Feld bedeutet, dass das Altern des Passworts abgeschaltet ist\&.
+Ein leeres Feld bedeutet, dass das Passwort nicht ablaufen soll\&.
 .RE
 .PP
-\fBMindestalter des Passworts\fR
+\fBminimum password age\fR
 .RS 4
-Das Mindestalter des Passworts ist die Anzahl von Tagen, die ein Benutzer warten muss, bevor er sein Passwort wieder \(:andern darf\&.
+Diese Mindestdauer ist die Anzahl von Tagen, die ein Benutzer oder eine Benutzerin warten muss, bis eine Passwort\(:anderung erlaubt ist\&.
 .sp
 An empty field and value 0 mean that there is no minimum password age\&.
 .RE
 .PP
-\fBH\(:ochstalter des Passworts\fR
+\fBmaximum password age\fR
 .RS 4
-Das H\(:ochstalter des Passworts ist die Anzahl von Tagen, nach welcher der Benutzer sein Passwort \(:andern muss\&.
+Diese H\(:ochstdauer ist die Anzahl von Tagen, nach welcher der Benutzer sein Passwort \(:andern muss\&.
 .sp
-Auch nach Ablauf dieser Anzahl von Tagen bleibt das Passwort g\(:ultig\&. Der Benutzer wird bei der n\(:achsten Anmeldung aufgefordert, sein Passwort zu \(:andern\&.
+Auch nach Ablauf dieser Anzahl von Tagen gilt das Passwort\&. Der Benutzer wird jedoch bei der n\(:achsten Anmeldung aufgefordert, sein Passwort zu \(:andern\&.
 .sp
-Ein leeres Feld bedeutet, dass es kein H\(:ochstalter f\(:ur das Passwort, keine Vorwarnung und keine Dauer der Unt\(:atigkeit (siehe unten) gibt\&.
+Ein leeres Feld bedeutet, dass das Passwort unbefristet gilt und weder eine Vorwarnzeit noch eine Karenzzeit f\(:ur eine versp\(:atete \(:Anderung (siehe unten) gilt\&.
 .sp
-Wenn das H\(:ochstalter niedriger als das Mindestalter eines Passworts ist, kann ein Benutzer sein Passwort nicht \(:andern\&.
+Wenn f\(:ur die G\(:ultigkeit des Passwortes eine Zahl von Tagen eingetragen ist, die niedriger ist als die Zahl der Tage bis zur fr\(:uhestm\(:oglichen \(:Anderung, kann die Benutzerin oder der Benutzer das Passwort nicht \(:andern\&.
 .RE
 .PP
-\fBPasswortvorwarndauer\fR
+\fBpassword warning period\fR
 .RS 4
-Die Anzahl von Tagen, w\(:ahrend welcher der Benutzer vorgewarnt wird, bevor sein Passwort abl\(:auft (siehe das H\(:ochstalter des Passworts)\&.
+Die Zeitspanne in Tagen, in der der Benutzer gewarnt wird, dass sein Passwort demn\(:achst ung\(:ultig wird (siehe H\(:ochstdauer der Passwortverwendung)\&.
 .sp
 Ein leeres Feld oder der Wert 0 bedeutet, dass es keine Vorwarnung gibt\&.
 .RE
 .PP
-\fBDauer der fehlenden Verwendung des Passworts\fR
+\fBpassword inactivity period\fR
 .RS 4
-Die Anzahl von Tagen, f\(:ur die ein Benutzer sein Passwort, nachdem es abgelaufen ist (vergleiche oben das H\(:ochstalter des Passworts), noch verwenden kann (und w\(:ahrend des n\(:achsten Logins \(:andern muss)\&.
+Die Zeitspanne in Tagen, in der ein abgelaufenes Passwort (vergleiche oben H\(:ochstdauer der Passwortverwendung) noch akzeptiert wird, aber im Zuge der Anmeldung eine \(:Anderung erwartet wird\&.
 .sp
 After expiration of the password and this expiration period is elapsed, no login is possible for the user\&. The user should contact her administrator\&.
 .sp
-Ein leeres Feld bedeutet, dass es keine H\(:ochstdauer zwischen Ablauf des Passworts und erneuter Anmeldung des Benutzers gibt\&.
+Ein leeres Feld bedeutet, dass keine Karenzzeit gew\(:ahrt wird, innerhalb der ein abgelaufenes Passworts noch ersetzt werden kann\&.
 .RE
 .PP
-\fBDatum des Verfalls des Kontos\fR
+\fBaccount expiration date\fR
 .RS 4
 The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
-Note that an account expiration differs from a password expiration\&. In case of an account expiration, the user shall not be allowed to login\&. In case of a password expiration, the user is not allowed to login using her password\&.
+Beachten Sie, dass der Verfall des Kontos und der Ablauf eines Passworts zweierlei sind\&. Im ersteren Fall kann sich die Benutzerin bzw\&. der Benutzer nicht mehr anmelden\&. Im letzteren Fall wird das Passwort abgelehnt\&.
 .sp
-Ein leeres Feld bedeutet, dass das Konto nicht verfallen wird\&.
+Ein leeres Feld bedeutet, dass das Konto unbefristet verwendbar ist\&.
 .sp
-Der Wert 0 sollte nicht verwendet werden, weil er sowohl bedeuten kann, dass das Konto nicht verf\(:allt als auch, dass das Konto bereits am 1\&. Januar 1970 verfallen ist\&.
+Der Wert 0 sollte nicht verwendet werden, weil er sowohl bedeuten kann, dass das Konto nicht erlischt, als auch, dass das Konto bereits am 1\&. Januar 1970 erloschen ist\&.
 .RE
 .PP
-\fBreserviertes Feld\fR
+\fBreserved field\fR
 .RS 4
 Dieses Feld ist f\(:ur zuk\(:unftigen Gebrauch reserviert\&.
 .RE
@@ -126,14 +126,14 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/shadow\-
 .RS 4
 Sicherungskopie von /etc/shadow
 .sp
-Beachten Sie, dass diese Datei von Werkzeugen der Shadow\-Werkzeugsammlung verwendet wird, aber nicht von allen sonstigen Programmen zur Benutzer\- und Passwortverwaltung\&.
+Beachten Sie, dass diese Datei von den Hilfsprogrammen des Shadow\-Projektes verwendet wird; von anderen Programmen zur Benutzer\- und Passwortverwaltung jedoch nicht unbedingt\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man5/suauth.5 b/man/de/man5/suauth.5
index 29fd2a8..85d03b4 100644
--- a/man/de/man5/suauth.5
+++ b/man/de/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
+.\"      Date: 21.06.2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "SUAUTH" "5" "08.11.2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUAUTH" "5" "21.06.2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-suauth \- ausf\(:uhrliche Kontrolldatei f\(:ur su
+suauth \- Datei zur detaillierten Steuerung von \fBsu\fR
 .SH "\(:UBERSICHT"
 .HP \w'\fB/etc/suauth\fR\ 'u
 \fB/etc/suauth\fR
@@ -49,7 +49,7 @@ is referenced whenever the su command is called\&. It can change the behaviour o
 .RE
 .\}
 .PP
-2) dem Benutzer, der su ausf\(:uhrt (oder einer Gruppe, deren Mitglied er ist)
+2) die Herkunftsidentit\(:at; ; der Benutzer, der su ausf\(:uhrt (oder eine Gruppe, deren Mitglied er ist)
 .PP
 Die Datei ist folgenderma\(ssen aufgebaut, wobei Zeilen, die mit einem # beginnen, als Kommentare behandelt und daher ignoriert werden:
 .sp
@@ -79,24 +79,30 @@ appears one or more group names, delimited by ","\&. It is not sufficient to hav
 \fB/etc/group\fR(5)
 is necessary\&.
 .PP
-Als Aktion k\(:onnen nur die folgenden Optionen angegeben werden\&.
+Nur eine der folgenden Aktionen kann angegeben werden:
 .PP
 \fIDENY\fR
 .RS 4
-Der Versuch, su auszuf\(:uhren, wird abgebrochen, ehe nach einem Passwort gefragt wird\&.
+Der Versuch,
+\fBsu\fR
+auszuf\(:uhren, wird abgebrochen, ehe nach einem Passwort gefragt wird\&.
 .RE
 .PP
 \fINOPASS\fR
 .RS 4
-Der Versuch, su auszuf\(:uhren, hat automatisch Erfolg\&. Ein Passwort wird nicht abgefragt\&.
+Der Versuch,
+\fBsu\fR
+auszuf\(:uhren, hat automatisch Erfolg\&. Ein Passwort wird nicht abgefragt\&.
 .RE
 .PP
 \fIOWNPASS\fR
 .RS 4
-Damit der Befehl su Erfolg hat, muss der Benutzer sein eigenes Passwort eingeben\&. Darauf wird er hingewiesen\&.
+Damit der Befehl
+\fBsu\fR
+Erfolg hat, muss der Benutzer sein eigenes Passwort eingeben\&. Darauf wird hingewiesen\&.
 .RE
 .PP
-Beachten Sie, dass es sich um drei selbst\(:andige Felder handelt, die durch einen Doppelpunkt getrennt sind\&. Neben den Doppelpunkten darf sich kein Leerzeichen befinden\&. Beachten Sie zudem, dass die Datei von oben nach unten Zeile f\(:ur Zeile durchgegangen wird\&. Die erste Regel, die zutreffend ist, wird angewendet, ohne dass die Datei weiter ausgewertet wird\&. Damit kann ein Systemadministrator eine strenge Kontrolle aus\(:uben\&.
+Beachten Sie, dass es sich um drei selbst\(:andige Felder handelt, die durch einen Doppelpunkt getrennt sind\&. Neben den Doppelpunkten darf sich kein Leerraumzeichen befinden\&. Beachten Sie zudem, dass die Datei von oben nach unten Zeile f\(:ur Zeile durchgegangen wird\&. Die erste zutreffende Regel wird angewendet, ohne dass die Datei weiter ausgewertet wird\&. Dies erlaubt dem Systemadmistrator oder der Systemadministratorin eine feine Steuerung\&.
 .SH "BEISPIEL"
 .sp
 .if n \{\
@@ -135,7 +141,7 @@ Beachten Sie, dass es sich um drei selbst\(:andige Felder handelt, die durch ein
 .RE
 .SH "FEHLER"
 .PP
-Es gibt zahlreiche Fehlerquellen\&. Die Auswertung der Datei ist sehr empfindlich bei Syntaxfehlern, zus\(:atzlichen Leerzeichen (au\(sser am Anfang und Schluss einer Zeile) und dem besonderen Zeichen, das die verschiedenen Felder von einander trennt\&.
+Es gibt zahlreiche Fehlerquellen\&. Die Auswertung der Datei ist sehr empfindlich bei Syntaxfehlern, zus\(:atzlichen Leerraumzeichen (au\(sser am Anfang und am Schluss einer Zeile) und dem speziellen Zeichen, das die verschiedenen Einheiten voneinander trennt\&.
 .SH "DIAGNOSE"
 .PP
 An error parsing the file is reported using
diff --git a/man/de/man8/chgpasswd.8 b/man/de/man8/chgpasswd.8
index d17a8dd..6123f2a 100644
--- a/man/de/man8/chgpasswd.8
+++ b/man/de/man8/chgpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chgpasswd
 .\"    Author: Thomas K\(/loczko <kloczek@pld.org.pl>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "CHGPASSWD" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "CHGPASSWD" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-chgpasswd \- aktualisiert Gruppenpassw\(:orter im Batch\-Modus
+chgpasswd \- aktualisiert Gruppenpassw\(:orter im Stapel\-Modus
 .SH "\(:UBERSICHT"
 .HP \w'\fBchgpasswd\fR\ 'u
-\fBchgpasswd\fR [\fIOptionen\fR]
+\fBchgpasswd\fR [\fIoptions\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -52,7 +52,7 @@ variable of
 \fB\-c\fR
 options\&.
 .PP
-Dieser Befehl ist f\(:ur den Einsatz in gro\(ssen Umgebungen vorgesehen, in der viele Konten gleichzeitig erstellt werden m\(:ussen\&.
+Dieser Befehl ist f\(:ur weitreichende Systeme gedacht, bei denenviele Passw\(:orter gleichzeitig aktualisiert werden m\(:ussen\&.
 .SH "OPTIONEN"
 .PP
 The options which apply to the
@@ -61,24 +61,29 @@ command are:
 .PP
 \fB\-c\fR, \fB\-\-crypt\-method\fR
 .RS 4
-Definiert die Methode, mit der die Passw\(:orter verschl\(:usselt werden\&.
+definiert die Methode, mit der die Passw\(:orter verschl\(:usselt werden\&.
 .sp
-Die verf\(:ugbaren Methoden sind DES, MD5, NONE und SHA256 oder SHA512, soweit Ihre libc sie unterst\(:utzt\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
 .RS 4
-Passw\(:orter werden verschl\(:usselt angegeben\&.
+Passw\(:orter werden verschl\(:usselt geliefert\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-m\fR, \fB\-\-md5\fR
 .RS 4
-werwendet zur Verschl\(:usselung MD5 anstelle von DES, wenn die Passw\(:orter unverschl\(:usselt angegeben werden
+Zur Verschl\(:usselung MD5 anstelle von DES verwenden, wenn die Passw\(:orter unverschl\(:usselt geliefert werden\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -92,22 +97,23 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR
 .RS 4
-Verwendet die angegebene Anzahl von Runden, um die Passw\(:orter zu verschl\(:usseln\&.
+legt die Anzahl von Runden beim Verschl\(:usseln von Passw\(:ortern fest\&.
 .sp
-Ein Wert von 0 bedeutet, dass das System die Standardanzahl der Runden (5000) f\(:ur die Verschl\(:usselung verwenden wird\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Der Mindestwert ist 1000, der H\(:ochstwert 999\&.999\&.999\&.
-.sp
-Sie k\(:onnen diese Option nur mit den Verschl\(:usselungsmethoden SHA256 und SHA512 verwenden\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "WARNUNGEN"
 .PP
-Achten Sie darauf, dass die Rechte und Umask korrekt vergeben sind, um zu verhindern, dass andere Benutzer unverschl\(:usselte Dateien lesen k\(:onnen\&.
+Achten Sie darauf, dass die Zugriffsrechte der unverschl\(:usselten Datei beziehungsweise
+\fBUMASK\fR
+ausschlie\(ssen, dass andere Benutzer sie lesen k\(:onnen\&.
 .PP
-Sie sollten darauf achten, dass Passw\(:orter und Verschl\(:usselungsmethode in Einklage mit der Passwortrichtlinie des Systems stehen\&.
+Sie sollten darauf achten, dass Passw\(:orter und Verschl\(:usselungsmethode in Einklang mit der Passwortrichtlinie des Systems stehen\&.
 .SH "KONFIGURATION"
 .PP
 The following configuration variables in
@@ -122,12 +128,12 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man8/chpasswd.8 b/man/de/man8/chpasswd.8
index 270aa49..c524312 100644
--- a/man/de/man8/chpasswd.8
+++ b/man/de/man8/chpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chpasswd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "CHPASSWD" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "CHPASSWD" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-chpasswd \- aktualisiert Passw\(:orter im Batch\-Modus
+chpasswd \- aktualisiert Passw\(:orter im Stapel\-Modus
 .SH "\(:UBERSICHT"
 .HP \w'\fBchpasswd\fR\ 'u
-\fBchpasswd\fR [\fIOptionen\fR]
+\fBchpasswd\fR [\fIoptions\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -57,7 +57,7 @@ options\&.
 \fBchpasswd\fR
 first updates all the passwords in memory, and then commits all the changes to disk if no errors occurred for any user\&.
 .PP
-Dieser Befehl ist f\(:ur den Einsatz in gro\(ssen Umgebungen vorgesehen, in der viele Konten gleichzeitig erstellt werden m\(:ussen\&.
+Dieser Befehl ist f\(:ur weitreichende Systeme gedacht, bei denenviele Passw\(:orter gleichzeitig aktualisiert werden m\(:ussen\&.
 .SH "OPTIONEN"
 .PP
 The options which apply to the
@@ -66,9 +66,14 @@ command are:
 .PP
 \fB\-c\fR, \fB\-\-crypt\-method\fR\ \&\fIMETHOD\fR
 .RS 4
-Definiert die Methode, mit der die Passw\(:orter verschl\(:usselt werden\&.
+definiert die Methode, mit der die Passw\(:orter verschl\(:usselt werden\&.
 .sp
-Die verf\(:ugbaren Methoden sind DES, MD5, NONE und SHA256 oder SHA512, soweit Ihre libc sie unterst\(:utzt\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .sp
 By default (if none of the
 \fB\-c\fR,
@@ -84,17 +89,17 @@ variables of
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
 .RS 4
-Passw\(:orter werden verschl\(:usselt angegeben\&.
+Passw\(:orter werden verschl\(:usselt geliefert\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-m\fR, \fB\-\-md5\fR
 .RS 4
-werwendet zur Verschl\(:usselung MD5 anstelle von DES, wenn die Passw\(:orter unverschl\(:usselt angegeben werden
+Zur Verschl\(:usselung MD5 anstelle von DES verwenden, wenn die Passw\(:orter unverschl\(:usselt geliefert werden\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -106,26 +111,29 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
 .RS 4
-Verwendet die angegebene Anzahl von Runden, um die Passw\(:orter zu verschl\(:usseln\&.
+legt die Anzahl von Runden beim Verschl\(:usseln von Passw\(:ortern fest\&.
 .sp
-Ein Wert von 0 bedeutet, dass das System die Standardanzahl der Runden (5000) f\(:ur die Verschl\(:usselung verwenden wird\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Der Mindestwert ist 1000, der H\(:ochstwert 999\&.999\&.999\&.
-.sp
-Sie k\(:onnen diese Option nur mit den Verschl\(:usselungsmethoden SHA256 und SHA512 verwenden\&.
-.sp
-By default, the number of rounds is defined by the
-\fBSHA_CRYPT_MIN_ROUNDS\fR
-and
-\fBSHA_CRYPT_MAX_ROUNDS\fR
-variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "WARNUNGEN"
 .PP
-Achten Sie darauf, dass die Rechte und Umask korrekt vergeben sind, um zu verhindern, dass andere Benutzer unverschl\(:usselte Dateien lesen k\(:onnen\&.
+Achten Sie darauf, dass die Zugriffsrechte der unverschl\(:usselten Datei beziehungsweise
+\fBUMASK\fR
+ausschlie\(ssen, dass andere Benutzer sie lesen k\(:onnen\&.
 .SH "KONFIGURATION"
 .PP
 The following configuration variables in
@@ -141,12 +149,12 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man8/faillog.8 b/man/de/man8/faillog.8
index cf5703b..a04d0de 100644
--- a/man/de/man8/faillog.8
+++ b/man/de/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "FAILLOG" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "FAILLOG" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-faillog \- zeigt Aufzeichnungen der fehlgeschlagenen Anmeldungen an oder richtet Beschr\(:ankungen f\(:ur fehlgeschlagene Anmeldungen ein
+faillog \- zeigt Aufzeichnungen von Anmeldefehlschl\(:agen an oder begrenzt sie
 .SH "\(:UBERSICHT"
 .HP \w'\fBfaillog\fR\ 'u
-\fBfaillog\fR [\fIOptionen\fR]
+\fBfaillog\fR [\fIoptions\fR]
 .SH "BESCHREIBUNG"
 .PP
 \fBfaillog\fR
@@ -54,7 +54,7 @@ The range of users can be restricted with the
 \fB\-u\fR
 option\&.
 .sp
-Im Anzeigemodus ist dies auf vorhandene Benutzer beschr\(:ankt, erzwingt aber die Anzeige der Faillog\-Eintr\(:age, auch wenn diese leer sind\&.
+Im Anzeigemodus bleibt die Beschr\(:ankung auf existierende Benutzer, erzwingt aber die Anzeige der Faillog\-Eintr\(:age, selbst wenn diese leer sind\&.
 .sp
 With the
 \fB\-l\fR,
@@ -66,7 +66,7 @@ options, the users\*(Aq records are changed, even if the user does not exist on
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-l\fR, \fB\-\-lock\-secs\fR\ \&\fISEC\fR
@@ -100,7 +100,7 @@ is required for this option\&.
 .PP
 \fB\-r\fR, \fB\-\-reset\fR
 .RS 4
-setzt die Z\(:ahlerst\(:ande der fehlgeschlagenen Anmeldeversuche zur\(:uck
+setzt die Z\(:ahler f\(:ur Anmeldefehlschl\(:age zur\(:uck\&.
 .sp
 Write access to
 /var/log/faillog
@@ -157,7 +157,7 @@ flag\&.
 .PP
 /var/log/faillog
 .RS 4
-Datei mit fehlgeschlagenen Anmeldungen
+Datei zur Protokollierung von Anmeldefehlchl\(:agen
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man8/groupadd.8 b/man/de/man8/groupadd.8
index 3bbc5f6..3caed39 100644
--- a/man/de/man8/groupadd.8
+++ b/man/de/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GROUPADD" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "GROUPADD" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupadd \- erstellt eine neue Gruppe
 .SH "\(:UBERSICHT"
 .HP \w'\fBgroupadd\fR\ 'u
-\fBgroupadd\fR [\fIOPTIONEN\fR] \fINEWGROUP\fR
+\fBgroupadd\fR [\fIOPTIONS\fR] \fINEWGROUP\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -74,7 +74,7 @@ description\&.
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-K\fR, \fB\-\-key\fR\ \&\fIKEY\fR=\fIVALUE\fR
@@ -120,7 +120,7 @@ Sie sollten sicherstellen, dass das Passwort den Passwortrichtlinien des Systems
 .PP
 \fB\-r\fR, \fB\-\-system\fR
 .RS 4
-erstellt eine neue Systemgruppe
+erstelle eine neue Systemgruppe\&.
 .sp
 The numeric identifiers of new system groups are chosen in the
 \fBSYS_GID_MIN\fR\-\fBSYS_GID_MAX\fR
@@ -171,16 +171,16 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "WARNUNGEN"
 .PP
-Sie k\(:onnen einen Benutzer nicht einer NIS\- oder LDAP\-Gruppe hinzuf\(:ugen\&. Dies m\(:ussen Sie auf dem entsprechenden Server durchf\(:uhren\&.
+NIS\- oder LDAP\-Gruppe k\(:onnen nicht erzeugt werden\&. Dies m\(:ussen Sie auf dem entsprechenden Server durchf\(:uhren\&.
 .PP
 If the groupname already exists in an external group database such as NIS or LDAP,
 \fBgroupadd\fR
diff --git a/man/de/man8/groupdel.8 b/man/de/man8/groupdel.8
index c537d57..4db2fad 100644
--- a/man/de/man8/groupdel.8
+++ b/man/de/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GROUPDEL" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "GROUPDEL" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- l\(:oscht eine Gruppe
 .SH "\(:UBERSICHT"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fIOptionen\fR] \fIGRUPPE\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -51,7 +51,7 @@ This option forces the removal of the group, even if there\*(Aqs some user havin
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -73,9 +73,9 @@ directory\&. This option does not chroot and is intended for preparing a cross\-
 .RE
 .SH "WARNUNGEN"
 .PP
-Sie k\(:onnen nicht die Hauptgruppe eines Benutzers entfernen\&. Dazu m\(:ussten Sie zun\(:achst den betreffenden Benutzer l\(:oschen\&.
+Sie k\(:onnen nicht die prim\(:are Gruppe eines existierenden Benutzers entfernen\&. Dazu m\(:ussen Sie zun\(:achst den betreffenden Benutzer l\(:oschen\&.
 .PP
-Sie sollten von Hand alle Systemdateien \(:uberpr\(:ufen, um sicherzustellen, dass keine Dateien, die der gel\(:oschten Gruppe angeh\(:oren, vorhanden sind\&.
+Sie sollten von Hand alle Dateisysteme \(:uberpr\(:ufen, um sicherzustellen, dass keine der gel\(:oschten Gruppe zugeh\(:origen Dateien zur\(:uckbleiben\&.
 .SH "KONFIGURATION"
 .PP
 The following configuration variables in
@@ -90,7 +90,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .SH "R\(:UCKGABEWERTE"
 .PP
diff --git a/man/de/man8/groupmems.8 b/man/de/man8/groupmems.8
index 199cf7c..f741428 100644
--- a/man/de/man8/groupmems.8
+++ b/man/de/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GROUPMEMS" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "GROUPMEMS" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-groupmems \- verwaltet die Mitglieder der Hauptgruppe eines Benutzers
+groupmems \- verwaltet die Mitglieder der prim\(:aren Gruppe des Benutzers
 .SH "\(:UBERSICHT"
 .HP \w'\fBgroupmems\fR\ 'u
 \fBgroupmems\fR \-a\ \fIuser_name\fR | \-d\ \fIuser_name\fR | [\-g\ \fIgroup_name\fR] | \-l | \-p 
@@ -51,7 +51,7 @@ command are:
 .PP
 \fB\-a\fR, \fB\-\-add\fR\ \&\fIuser_name\fR
 .RS 4
-Add a user to the group membership list\&.
+f\(:ugt einen Benutzer der Mitgliederliste der Gruppe hinzu\&.
 .sp
 If the
 /etc/gshadow
@@ -62,7 +62,7 @@ file, a new entry will be created\&.
 .PP
 \fB\-d\fR, \fB\-\-delete\fR\ \&\fIuser_name\fR
 .RS 4
-L\(:oscht einen Benutzer aus der Mitgliederliste der Gruppe\&.
+l\(:oscht einen Benutzer aus der Mitgliederliste der Gruppe\&.
 .sp
 If the
 /etc/gshadow
@@ -77,22 +77,22 @@ file, a new entry will be created\&.
 .PP
 \fB\-g\fR, \fB\-\-group\fR\ \&\fIgroup_name\fR
 .RS 4
-Root kann eine Gruppen bestimmen, deren Mitgliederliste er bearbeiten will\&.
+gibt die Gruppe an, wenn eine Mitgliederliste durch den Systemadministrator bearbeitet wird\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-l\fR, \fB\-\-list\fR
 .RS 4
-gibt die Mitgliederliste aus
+gibt die Mitgliederliste aus\&.
 .RE
 .PP
 \fB\-p\fR, \fB\-\-purge\fR
 .RS 4
-l\(:oscht alle Benutzer aus der Mitgliederliste der Gruppe
+l\(:oscht alle Benutzer aus der Mitgliederliste der Gruppe\&.
 .sp
 If the
 /etc/gshadow
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
@@ -151,7 +151,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-verschl\(:usselte Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man8/groupmod.8 b/man/de/man8/groupmod.8
index e0be747..4117b74 100644
--- a/man/de/man8/groupmod.8
+++ b/man/de/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GROUPMOD" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "GROUPMOD" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-groupmod \- \(:andert die Eigenschaften einer Gruppe auf dem System
+groupmod \- \(:andert eine Gruppendefinition auf dem System
 .SH "\(:UBERSICHT"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fIOptionen\fR] \fIGRUPPE\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -63,7 +63,7 @@ must be a non\-negative decimal integer\&. This value must be unique, unless the
 \fB\-o\fR
 option is used\&.
 .sp
-Benutzer, welche die Gruppe als Hauptgruppe verwenden, werden aktualisiert, um die Gruppe als Hauptgruppe zu behalten\&.
+Bei Benutzern, f\(:ur die die Gruppe die prim\(:are Gruppe darstellt, wird der Eintrag aktualisiert, damit die Zuordnung zu dieser Gruppe erhalten bleibt\&.
 .sp
 Any files that have the old group ID and must continue to belong to
 \fIGROUP\fR, must have their group ID changed manually\&.
@@ -79,7 +79,7 @@ from
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-n\fR, \fB\-\-new\-name\fR\ \&\fINEW_GROUP\fR
@@ -156,12 +156,12 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .PP
 /etc/passwd
diff --git a/man/de/man8/grpck.8 b/man/de/man8/grpck.8
index 07a9cd2..72f2779 100644
--- a/man/de/man8/grpck.8
+++ b/man/de/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "GRPCK" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "GRPCK" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 grpck \- \(:uberpr\(:uft die Stimmigkeit der Gruppendateien
 .SH "\(:UBERSICHT"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [Optionen] [\fIGruppe\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -130,7 +130,7 @@ command are:
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-r\fR, \fB\-\-read\-only\fR
@@ -188,7 +188,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .PP
 /etc/passwd
diff --git a/man/de/man8/lastlog.8 b/man/de/man8/lastlog.8
index 8f35ebc..dc4c673 100644
--- a/man/de/man8/lastlog.8
+++ b/man/de/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "LASTLOG" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "LASTLOG" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 lastlog \- berichtet die letzte Anmeldung f\(:ur alle oder einen bestimmten Benutzer
 .SH "\(:UBERSICHT"
 .HP \w'\fBlastlog\fR\ 'u
-\fBlastlog\fR [\fIOptionen\fR]
+\fBlastlog\fR [\fIoptions\fR]
 .SH "BESCHREIBUNG"
 .PP
 \fBlastlog\fR
@@ -64,7 +64,7 @@ Clear lastlog record of a user\&. This option can be used only together with
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -91,7 +91,7 @@ Print the lastlog records more recent than
 .PP
 \fB\-u\fR, \fB\-\-user\fR\ \&\fILOGIN\fR|\fIRANGE\fR
 .RS 4
-gibt nur die Lastlog\-Eintr\(:age f\(:ur die angegebenen Benutzer aus
+gibt nur die Lastlog\-Eintr\(:age f\(:ur die angegebenen Benutzer aus\&.
 .sp
 The users can be specified by a login name, a numerical user ID, or a
 \fIRANGE\fR
@@ -104,7 +104,7 @@ If the user has never logged in the message
 \fI** Never logged in**\fR
 will be displayed instead of the port and time\&.
 .PP
-Es werden nur Eintr\(:age f\(:ur auf dem System vorhandene Benutzer angezeigt, selbst wenn Eintr\(:age \(:uber gel\(:oschte Benutzer noch vorhanden sind\&.
+Es werden nur Eintr\(:age f\(:ur derzeit angelegte Benutzer angezeigt, Weitere zu gel\(:oschten Benutzern geh\(:orende Eintr\(:age k\(:onnen vorhanden sein\&.
 .SH "ANMERKUNGEN"
 .PP
 The
@@ -125,8 +125,8 @@ Datenbank mit Zeiten der letzten Anmeldung der Benutzer
 .RE
 .SH "WARNUNGEN"
 .PP
-Gro\(sse L\(:ucken in den UID\-Zahlen haben zur Folge, dass das Lastlog\-Programm l\(:angere Zeit ohne Bildschirmausgabe l\(:auft\&. Wenn sich z\&.B\&. in der Datenbank von Lastlog kein Eintrag f\(:ur Benutzer mit der UID zwischen 170 und 800 befindet, wird es scheinen, als ob lastlog stehen geblieben ist, w\(:ahrend es die Eintr\(:age mit der UID 171 bis 799 verarbeitet\&.
+Gro\(sse L\(:ucken in den Benutzerkennungen haben zur Folge, dass das Lastlog\-Programm l\(:angere Zeit nichts auf den Bildschirm ausgibt\&. Wenn sich z\&.B\&. in der Lastlog\-Datenbank kein Eintrag f\(:ur Benutzer mit der Kennung zwischen 170 und 800 befindet, wird es, w\(:ahrend der Verarbeitung der Eintr\(:age zu den Kennungen 171 bis 799, scheinen, als sei lastlog stehen geblieben\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/de/man8/logoutd.8 b/man/de/man8/logoutd.8
index 2abfeec..e9cad46 100644
--- a/man/de/man8/logoutd.8
+++ b/man/de/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "LOGOUTD" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "LOGOUTD" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,7 +28,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-logoutd \- richtet Beschr\(:ankung von Anmeldezeiten ein
+logoutd \- setzt die zeitlichen Einschr\(:ankungen f\(:ur Anmeldungen durch
 .SH "\(:UBERSICHT"
 .HP \w'\fBlogoutd\fR\ 'u
 \fBlogoutd\fR
@@ -48,10 +48,10 @@ is terminated\&.
 .PP
 /etc/porttime
 .RS 4
-Datei, die den Port\-Zugriff enth\(:alt\&.
+Datei, die Zugriffe auf Ports regelt
 .RE
 .PP
 /var/run/utmp
 .RS 4
-Liste der aktuellen angemeldeten Sitzungen
+Liste aktueller Anmeldungen
 .RE
diff --git a/man/de/man8/newusers.8 b/man/de/man8/newusers.8
index 5a69c81..0a4b9fc 100644
--- a/man/de/man8/newusers.8
+++ b/man/de/man8/newusers.8
@@ -2,12 +2,12 @@
 .\"     Title: newusers
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "NEWUSERS" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "NEWUSERS" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,10 +28,10 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-newusers \- erstellt oder aktualisiert mehrere neue Benutzer am St\(:uck
+newusers \- erstellt neue oder aktualisiert vorhandene Benutzerkonten in einem Aufruf
 .SH "\(:UBERSICHT"
 .HP \w'\fBnewusers\fR\ 'u
-\fBnewusers\fR [\fIOptionen\fR] [\fIDatei\fR]
+\fBnewusers\fR [\fIoptions\fR] [\fIfile\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -41,44 +41,44 @@ command reads a
 (or the standard input by default) and uses this information to update a set of existing users or to create new users\&. Each line is in the same format as the standard password file (see
 \fBpasswd\fR(5)) with the exceptions explained below:
 .PP
-pw_Name:pw_Passwort:pw_uid:pw_gid:pw_gecos:pw_Verz:pw_shell
+pw_Name:pw_Passwort:pw_Benutzerkennung:pw_Gruppenkennung:pw_GECOS:pw_Verzeichnis:pw_Shell
 .PP
-\fIpw_Name\fR
+\fIpw_name\fR
 .RS 4
-Dies ist der Name des Benutzers\&.
+Dies ist der Anmeldename des Benutzers\&.
 .sp
 It can be the name of a new user or the name of an existing user (or a user created before by
 \fBnewusers\fR)\&. In case of an existing user, the user\*(Aqs information will be changed, otherwise a new user will be created\&.
 .RE
 .PP
-\fIpw_Passwort\fR
+\fIpw_passwd\fR
 .RS 4
-Dieses Feld wird verschl\(:usselt und als neuer Wert f\(:ur das verschl\(:usselte Passwort verwendet\&.
+Dieses Feld wird verschl\(:usselt und als neues verschl\(:usseltes Passwort benutzt\&.
 .RE
 .PP
 \fIpw_uid\fR
 .RS 4
-Mit diesem Feld wird die UID des Benutzers bestimmt\&.
+Mit diesem Feld wird die Benutzerkennung festgelegt\&.
 .sp
 If the field is empty, a new (unused) UID will be defined automatically by
 \fBnewusers\fR\&.
 .sp
-Wenn dieses Feld eine Zahl enth\(:alt, wird sie als UID verwendet\&.
+Wenn dieses Feld eine Zahl enth\(:alt, wird sie als Benutzerkennung \(:ubernommen\&.
 .sp
 If this field contains the name of an existing user (or the name of a user created before by
 \fBnewusers\fR), the UID of the specified user will be used\&.
 .sp
-Falls die UID eines bestehenden Benutzers ver\(:andert wird, muss der Eigent\(:umer der Dateien des Benutzers per Hand angepasst werden\&.
+Falls die Kennung eines bestehenden Benutzers ver\(:andert wird, muss bei den Dateien des Benutzers der Eigent\(:umer per Hand angepasst werden\&.
 .RE
 .PP
 \fIpw_gid\fR
 .RS 4
-Mit diesem Feld wird die ID der Hauptgruppe des Benutzers definiert\&.
+Mit diesem Feld wird die Kennung der prim\(:aren Gruppe des Benutzers festgelegt\&.
 .sp
 If this field contains the name of an existing group (or a group created before by
 \fBnewusers\fR), the GID of this group will be used as the primary group ID for the user\&.
 .sp
-Wenn dieses Feld eine Zahl enth\(:alt, wird sie als ID der Hauptgruppe des Benutzers verwendet\&. Falls eine Gruppe mit dieser GID nicht existiert, wird eine neue Gruppe mit dieser GID unter dem Namen des Benutzers erstellt\&.
+Wenn dieses Feld eine Zahl enth\(:alt, wird sie als Kennung der prim\(:aren Gruppe des Benutzers verwendet\&. Falls keine Gruppe mit dieser Kennung existiert, wird eine neue Gruppe mit dieser Kennung und dem Namen des Benutzers erstellt\&.
 .sp
 If this field is empty, a new group will be created with the name of the user and a GID will be automatically defined by
 \fBnewusers\fR
@@ -95,9 +95,9 @@ to be used as the primary group ID for the user and GID for the new group\&.
 Dieses Feld wird in das GECOS\-Feld des Benutzers kopiert\&.
 .RE
 .PP
-\fIpw_Verz\fR
+\fIpw_dir\fR
 .RS 4
-Mit diesem Feld wird das Home\-Verzeichnis des Benutzers definiert\&.
+In diesem Feld wird das pers\(:onliche Verzeichnis des Benutzers definiert\&.
 .sp
 If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that
 \fInewusers does not create parent directories \fR
@@ -110,13 +110,13 @@ does not move or copy the content of the old directory to the new location\&. Th
 .PP
 \fIpw_shell\fR
 .RS 4
-Mit diesem Feld wird die Shell des Benutzers definiert\&. Diese Eingabe wird nicht \(:uberpr\(:uft\&.
+Mit diesem Feld wird die Shell des Benutzers festgelegt, wobei diese Eingabe nicht \(:uberpr\(:uft wird\&.
 .RE
 .PP
 \fBnewusers\fR
 first tries to create or change all the specified users, and then write these changes to the user or group databases\&. If an error occurs (except in the final writes to the databases), no changes are committed to the databases\&.
 .PP
-Dieser Befehl ist f\(:ur den Einsatz in einer Umgebung mit zahlreichen Systemen vorgesehen, in der viele Konten gleichzeitig aktualisiert werden m\(:ussen\&.
+Dieser Befehl ist f\(:ur weitreichende Systeme gedacht, bei denenviele Konten gleichzeitig angelegt werden m\(:ussen\&.
 .SH "OPTIONEN"
 .PP
 The options which apply to the
@@ -125,19 +125,19 @@ command are:
 .PP
 \fB\-\-badname\fR\ \&
 .RS 4
-Allow names that do not conform to standards\&.
+erlaube Namen, die nicht den Standards entsprechen\&.
 .RE
 .PP
 \fB\-c\fR, \fB\-\-crypt\-method\fR
 .RS 4
-Definiert die Methode, mit der die Passw\(:orter verschl\(:usselt werden\&.
+definiert die Methode, mit der die Passw\(:orter verschl\(:usselt werden\&.
 .sp
-Die verf\(:ugbaren Methoden sind DES, MD5, NONE und SHA256 oder SHA512, soweit Ihre libc sie unterst\(:utzt\&.
+Die verf\(:ugbaren Methoden sind, sofern Ihre libc diese bereitstellt, DES, MD5, NONE und SHA256 oder SHA512\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-r\fR, \fB\-\-system\fR
@@ -166,22 +166,21 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR
 .RS 4
-Verwendet die angegebene Anzahl von Runden, um die Passw\(:orter zu verschl\(:usseln\&.
+legt die Anzahl von Runden beim Verschl\(:usseln von Passw\(:ortern fest\&.
 .sp
-Ein Wert von 0 bedeutet, dass das System die Standardanzahl der Runden (5000) f\(:ur die Verschl\(:usselung verwenden wird\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Der Mindestwert ist 1000, der H\(:ochstwert 999\&.999\&.999\&.
-.sp
-Sie k\(:onnen diese Option nur mit den Verschl\(:usselungsmethoden SHA256 und SHA512 verwenden\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default is 5000\&.
 .RE
 .SH "WARNUNGEN"
 .PP
 Die Eingabedatei muss gesch\(:utzt werden, da sie unverschl\(:usselte Passw\(:orter enth\(:alt\&.
 .PP
-Sie sollten darauf achten, dass Passw\(:orter und Verschl\(:usselungsmethode in Einklage mit der Passwortrichtlinie des Systems stehen\&.
+Sie sollten darauf achten, dass Passw\(:orter und Verschl\(:usselungsmethode in Einklang mit der Passwortrichtlinie des Systems stehen\&.
 .SH "KONFIGURATION"
 .PP
 The following configuration variables in
@@ -201,7 +200,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/group
@@ -211,22 +210,22 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .PP
 /etc/subgid
 .RS 4
-Per user subordinate group IDs\&.
+enth\(:alt untergeordnete Gruppenkennungen der einzelnen Benutzer\&.
 .RE
 .PP
 /etc/subuid
 .RS 4
-Per user subordinate user IDs\&.
+enth\(:alt untergeordnete Benutzerkennungen der einzelnen Benutzer\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man8/nologin.8 b/man/de/man8/nologin.8
index c019453..57ece97 100644
--- a/man/de/man8/nologin.8
+++ b/man/de/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "NOLOGIN" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "NOLOGIN" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/de/man8/pwck.8 b/man/de/man8/pwck.8
index 90dc820..f3cd654 100644
--- a/man/de/man8/pwck.8
+++ b/man/de/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "PWCK" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "PWCK" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pwck \- verify the integrity of password files
 .SH "\(:UBERSICHT"
 .HP \w'\fBpwck\fR\ 'u
-\fBpwck\fR [Optionen] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
+\fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -85,7 +85,7 @@ eine g\(:ultige Benutzer\- und Gruppenkennung
 .sp -1
 .IP \(bu 2.3
 .\}
-eine g\(:ultige Hauptgruppe
+eine g\(:ultige prim\(:are Gruppe
 .RE
 .sp
 .RS 4
@@ -96,7 +96,7 @@ eine g\(:ultige Hauptgruppe
 .sp -1
 .IP \(bu 2.3
 .\}
-ein g\(:ultiges Home\-Verzeichnis
+ein g\(:ultiges pers\(:onliches Verzeichnis
 .RE
 .sp
 .RS 4
@@ -126,7 +126,11 @@ Diese Tests umfassen Folgendes:
 .sp -1
 .IP \(bu 2.3
 .\}
-ob jedem Eintrag in passwd ein Eintrag in shadow entspricht und umgekehrt
+ob es zu jedem Eintrag in
+passwd
+einen passenden Eintrag in
+shadow
+und umgekehrt gibt
 .RE
 .sp
 .RS 4
@@ -137,7 +141,7 @@ ob jedem Eintrag in passwd ein Eintrag in shadow entspricht und umgekehrt
 .sp -1
 .IP \(bu 2.3
 .\}
-ob die Passw\(:orter in der Shadow\-Datei niedergelegt sind
+ob die Passw\(:orter in der gesch\(:utzten Datei abgelegt sind
 .RE
 .sp
 .RS 4
@@ -148,7 +152,7 @@ ob die Passw\(:orter in der Shadow\-Datei niedergelegt sind
 .sp -1
 .IP \(bu 2.3
 .\}
-ob die shadow\-Eintr\(:age die richtige Anzahl von Feldern haben
+ob die Eintr\(:age der gesch\(:utzten Datei die richtige Anzahl von Feldern haben
 .RE
 .sp
 .RS 4
@@ -159,7 +163,7 @@ ob die shadow\-Eintr\(:age die richtige Anzahl von Feldern haben
 .sp -1
 .IP \(bu 2.3
 .\}
-ob die Shadow\-Eintr\(:age in shadow eindeutig sind
+ob die Eintr\(:age in der gesch\(:utzten Datei nicht mehrfach vorkommen
 .RE
 .sp
 .RS 4
@@ -196,17 +200,17 @@ command are:
 .PP
 \fB\-\-badname\fR\ \&
 .RS 4
-Allow names that do not conform to standards\&.
+erlaube Namen, die nicht den Standards entsprechen\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-q\fR, \fB\-\-quiet\fR
 .RS 4
-meldet nur Fehler\&. Warnungen, die keine Handlung des Benutzers erfordern, werden nicht angezeigt
+meldet nur Fehler\&. Warnungen, die keine Handlung des Benutzers erfordern, werden nicht angezeigt\&.
 .RE
 .PP
 \fB\-r\fR, \fB\-\-read\-only\fR
@@ -263,7 +267,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .SH "R\(:UCKGABEWERTE"
 .PP
diff --git a/man/de/man8/pwconv.8 b/man/de/man8/pwconv.8
index bf02773..98cd602 100644
--- a/man/de/man8/pwconv.8
+++ b/man/de/man8/pwconv.8
@@ -2,12 +2,12 @@
 .\"     Title: pwconv
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "PWCONV" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "PWCONV" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,16 +28,16 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-pwconv, pwunconv, grpconv, grpunconv \- konvertiert zu oder von Shadow\-Passw\(:ortern und \-gruppen
+pwconv, pwunconv, grpconv, grpunconv \- transferieren Passwortdaten \(:uber Benutzer oder Gruppen in gesch\(:utzte Dateien oder zur\(:uck
 .SH "\(:UBERSICHT"
 .HP \w'\fBpwconv\fR\ 'u
-\fBpwconv\fR [\fIOptionen\fR]
+\fBpwconv\fR [\fIoptions\fR]
 .HP \w'\fBpwunconv\fR\ 'u
-\fBpwunconv\fR [\fIOptionen\fR]
+\fBpwunconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpconv\fR\ 'u
-\fBgrpconv\fR [\fIOptionen\fR]
+\fBgrpconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpunconv\fR\ 'u
-\fBgrpunconv\fR [\fIOptionen\fR]
+\fBgrpunconv\fR [\fIoptions\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -119,7 +119,7 @@ commands are:
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
@@ -154,7 +154,7 @@ change the behavior of
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man8/sulogin.8 b/man/de/man8/sulogin.8
index 0b05b63..1244de9 100644
--- a/man/de/man8/sulogin.8
+++ b/man/de/man8/sulogin.8
@@ -2,12 +2,12 @@
 .\"     Title: sulogin
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "SULOGIN" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "SULOGIN" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -88,7 +88,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/de/man8/useradd.8 b/man/de/man8/useradd.8
index 9bcbbfc..7920dbf 100644
--- a/man/de/man8/useradd.8
+++ b/man/de/man8/useradd.8
@@ -2,12 +2,12 @@
 .\"     Title: useradd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "USERADD" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "USERADD" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,11 +31,11 @@
 useradd \- erstellt einen neuen Benutzer oder aktualisiert die Standardwerte f\(:ur neue Benutzer
 .SH "\(:UBERSICHT"
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR [\fIOptionen\fR] \fIANMELDENAME\fR
+\fBuseradd\fR [\fIoptions\fR] \fILOGIN\fR
 .HP \w'\fBuseradd\fR\ 'u
 \fBuseradd\fR \-D
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR \-D [\fIOptionen\fR]
+\fBuseradd\fR \-D [\fIoptions\fR]
 .SH "BESCHREIBUNG"
 .PP
 When invoked without the
@@ -59,7 +59,7 @@ command are:
 .PP
 \fB\-\-badname\fR\ \&
 .RS 4
-Allow names that do not conform to standards\&.
+erlaube Namen, die nicht den Standards entsprechen\&.
 .RE
 .PP
 \fB\-b\fR, \fB\-\-base\-dir\fR\ \&\fIBASE_DIR\fR
@@ -169,12 +169,16 @@ variable in
 .RS 4
 A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
 \fB\-g\fR
-option\&. The default is for the user to belong only to the initial group\&.
+option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
+\fBGROUPS\fR
+to the file
+/etc/default/useradd
+which in turn will add all users to those supplementary groups\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-k\fR, \fB\-\-skel\fR\ \&\fISKEL_DIR\fR
@@ -194,7 +198,11 @@ variable in
 or, by default,
 /etc/skel\&.
 .sp
-Soweit m\(:oglich, werden die ACLs und erweiterten Attribute kopiert\&.
+Absolute symlinks that link back to the skel directory will have the
+/etc/skel
+prefix replaced with the user\*(Aqs home directory\&.
+.sp
+Soweit m\(:oglich, werden die ACLs und erweiterte Attribute kopiert\&.
 .RE
 .PP
 \fB\-K\fR, \fB\-\-key\fR\ \&\fIKEY\fR=\fIVALUE\fR
@@ -219,9 +227,13 @@ options can be specified, e\&.g\&.:
 .PP
 \fB\-l\fR, \fB\-\-no\-log\-init\fR
 .RS 4
-F\(:ugt den Benutzer nicht zu den Datenbanken lastlog und faillog hinzu\&.
+l\(:asst den Benutzer bei den Aufzeichnungen von
+\fBlastlog\fR(8)
+und
+\fBfaillog\fR(8)
+au\(ssen vor\&.
 .sp
-By default, the user\*(Aqs entries in the lastlog and faillog databases are reset to avoid reusing the entry from a previously deleted user\&.
+Standardm\(:a\(ssig werden die Benutzereintr\(:age in den Datenbanken f\(:ur lastlog und faillog zur\(:uckgesetzt, um zu vermeiden, dass der Eintrag eines fr\(:uher gel\(:oschten Benutzers erneut verwendet wird\&.
 .sp
 If this option is not specified,
 \fBuseradd\fR
@@ -366,7 +378,7 @@ description\&.
 .PP
 \fB\-U\fR, \fB\-\-user\-group\fR
 .RS 4
-erstellt eine Gruppe mit dem gleichen Name wie der Benutzer und f\(:ugt diesen der Gruppe hinzu
+erstellt eine Gruppe mit dem gleichen Namen wie der Benutzer und f\(:ugt diesen der Gruppe hinzu\&.
 .sp
 The default behavior (if the
 \fB\-g\fR,
@@ -380,9 +392,21 @@ variable in
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-defines the SELinux user for the new account\&. Without this option, a SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+\fBsemanage\fR(8)
+for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
 \fBsemanage\fR(8)
 for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SS "Die Standardwerte ver\(:andern"
 .PP
@@ -459,7 +483,7 @@ directory (or any other skeleton directory specified in
 or on the command line)\&.
 .SH "WARNUNGEN"
 .PP
-Sie d\(:urfen einen Benutzer nicht einer NIS\- oder LDAP\-Gruppe hinzuf\(:ugen\&. Dies muss auf dem entsprechenden Server durchgef\(:uhrt werden\&.
+Sie d\(:urfen einer NIS\- oder LDAP\-Gruppe keine Benutzer hinzuf\(:ugen\&. Dies muss auf dem entsprechenden Server durchgef\(:uhrt werden\&.
 .PP
 Similarly, if the username already exists in an external user database such as NIS or LDAP,
 \fBuseradd\fR
@@ -469,7 +493,7 @@ Usernames may contain only lower and upper case letters, digits, underscores, or
 \fBls\fR
 output\&.
 .PP
-Benutzernamen d\(:urfen nur bis zu 32 Zeichen lang sein\&.
+Benutzernamen d\(:urfen nur bis zu 256 Zeichen lang sein\&.
 .SH "KONFIGURATION"
 .PP
 The following configuration variables in
@@ -484,7 +508,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/group
@@ -494,7 +518,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .PP
 /etc/default/useradd
@@ -518,22 +542,22 @@ will execute after user addition\&. If a script exits non\-zero then execution w
 .PP
 /etc/skel/
 .RS 4
-Verzeichnis, das die Standarddateien enth\(:alt
+Verzeichnis, das die Dateien mit Standardwerten enth\(:alt
 .RE
 .PP
 /etc/subgid
 .RS 4
-Per user subordinate group IDs\&.
+enth\(:alt untergeordnete Gruppenkennungen der einzelnen Benutzer\&.
 .RE
 .PP
 /etc/subuid
 .RS 4
-Per user subordinate user IDs\&.
+enth\(:alt untergeordnete Benutzerkennungen der einzelnen Benutzer\&.
 .RE
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .SH "R\(:UCKGABEWERTE"
 .PP
diff --git a/man/de/man8/userdel.8 b/man/de/man8/userdel.8
index 2f138b1..752e07f 100644
--- a/man/de/man8/userdel.8
+++ b/man/de/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "USERDEL" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "USERDEL" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 userdel \- l\(:oscht ein Benutzerkonto und die dazugeh\(:origen Dateien
 .SH "\(:UBERSICHT"
 .HP \w'\fBuserdel\fR\ 'u
-\fBuserdel\fR [Optionen] \fIANMELDENAME\fR
+\fBuserdel\fR [options] \fILOGIN\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -62,12 +62,12 @@ This option is dangerous and may leave your system in an inconsistent state\&.
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-r\fR, \fB\-\-remove\fR
 .RS 4
-Die Dateien im Home\-Verzeichnis des Benutzers werden zusammen mit dem Home\-Verzeichnis und dem Mailspool entfernt\&. Dateien, die sich nicht unterhalb des Home\-Verzeichnisses befinden, m\(:ussen per Hand gesucht und gel\(:oscht werden\&.
+entfernt das pers\(:onliche Verzeichnis des Benutzers mit den darin enthaltenen Dateiein und die Mail\-Warteschlange\&. Dateien in anderen Dateisystemen m\(:ussen per Hand gesucht und gel\(:oscht werden\&.
 .sp
 The mail spool is defined by the
 \fBMAIL_DIR\fR
@@ -96,7 +96,7 @@ directory\&. This option does not chroot and is intended for preparing a cross\-
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR
 .RS 4
-entfernt die Zuordnung von SELinux\-Benutzern aus den Anmeldeinformationen des Benutzers
+entfernt jegliche Zuordnung zu SELinux\-Benutzern f\(:ur das Benutzerkonto\&.
 .RE
 .SH "KONFIGURATION"
 .PP
@@ -112,7 +112,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/login\&.defs
 .RS 4
-Konfiguration der Shadow\-Passwort\-Werkzeugsammlung
+konfiguriert die Shadow\-Hilfsprogramme\&.
 .RE
 .PP
 /etc/passwd
@@ -122,7 +122,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .PP
 /etc/shadow\-maint/userdel\-pre\&.d/*, /etc/shadow\-maint/userdel\-post\&.d/*
@@ -142,12 +142,12 @@ will execute after user deletion\&. If a script exits non\-zero then execution w
 .PP
 /etc/subgid
 .RS 4
-Per user subordinate group IDs\&.
+enth\(:alt untergeordnete Gruppenkennungen der einzelnen Benutzer\&.
 .RE
 .PP
 /etc/subuid
 .RS 4
-Per user subordinate user IDs\&.
+enth\(:alt untergeordnete Benutzerkennungen der einzelnen Benutzer\&.
 .RE
 .SH "R\(:UCKGABEWERTE"
 .PP
@@ -196,9 +196,9 @@ will not allow you to remove an account if there are running processes which bel
 \fB\-f\fR
 option can force the deletion of this account\&.
 .PP
-Sie sollten von Hand alle Systemdateien \(:uberpr\(:ufen, um sicherzustellen, dass keine Dateien vorhanden sind, die dem gel\(:oschten Benutzer geh\(:oren\&.
+Sie sollten von Hand alle Dateisysteme in Hinblick auf Dateien dieses Benutzers pr\(:ufen und sie gegebenenfalls l\(:oschen\&.
 .PP
-Sie sollten keine NIS\-Attribute auf einem NIS\-Client l\(:oschen\&. Dies muss auf dem NIS\-Server durchgef\(:uhrt werden\&.
+Sie d\(:urfen keine NIS\-Attribute auf einem NIS\-Client l\(:oschen\&. Dies muss auf dem NIS\-Server durchgef\(:uhrt werden\&.
 .PP
 If
 \fBUSERGROUPS_ENAB\fR
diff --git a/man/de/man8/usermod.8 b/man/de/man8/usermod.8
index 196435d..84a76b6 100644
--- a/man/de/man8/usermod.8
+++ b/man/de/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "USERMOD" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "USERMOD" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 usermod \- ver\(:andert ein Benutzerkonto
 .SH "\(:UBERSICHT"
 .HP \w'\fBusermod\fR\ 'u
-\fBusermod\fR [\fIOptionen\fR] \fIANMELDENAME\fR
+\fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "BESCHREIBUNG"
 .PP
 The
@@ -52,7 +52,7 @@ option\&.
 .PP
 \fB\-b\fR, \fB\-\-badname\fR
 .RS 4
-Allow names that do not conform to standards\&.
+erlaube Namen, die nicht den Standards entsprechen\&.
 .RE
 .PP
 \fB\-c\fR, \fB\-\-comment\fR\ \&\fICOMMENT\fR
@@ -65,7 +65,7 @@ utility\&.
 .PP
 \fB\-d\fR, \fB\-\-home\fR\ \&\fIHOME_DIR\fR
 .RS 4
-das neue Home\-Verzeichnis des Benutzers
+\(:andert das pers\(:onliche Verzeichnis des Benutzers
 .sp
 If the
 \fB\-m\fR
@@ -103,9 +103,9 @@ entry will be created if there were none\&.
 .RS 4
 The name or numerical ID of the user\*(Aqs new primary group\&. The group must exist\&.
 .sp
-Jede Datei im Home\-Verzeichnis des Benutzers, die der alten Hauptgruppe des Benutzers geh\(:orte, wird dieser neuen Gruppe geh\(:oren\&.
+Im pers\(:onlichen Verzeichnis des Benutzers werden alle Dateien, die der alten prim\(:aren Gruppe zugeordnet waren, auf diese Gruppe \(:ubertragen\&.
 .sp
-Die Gruppenzugeh\(:origkeit von Dateien au\(sserhalb des Home\-Verzeichnisses des Benutzers muss per Hand angepasst werden\&.
+Die Gruppenzugeh\(:origkeit von Dateien au\(sserhalb des pers\(:onlichen Verzeichnisses des Benutzers muss per Hand angepasst werden\&.
 .sp
 The change of the group ownership of files inside of the user\*(Aqs home directory is also not done if the home dir owner uid is different from the current or new user id\&. This is a safety measure for special home directories such as
 /\&.
@@ -212,9 +212,9 @@ This value must be unique, unless the
 \fB\-o\fR
 option is used\&. The value must be non\-negative\&.
 .sp
-F\(:ur die Mailbox des Benutzers und alle Dateien, die ihm geh\(:oren und sich in seinem Home\-Verzeichnis befinden, wird die ID des Eigent\(:umers automatisch angepasst\&.
+F\(:ur das Postfach des Benutzers und alle Dateien, die ihm geh\(:oren und sich in seinem pers\(:onlichen Verzeichnis befinden, wird die Eigent\(:umerkennung automatisch angepasst\&.
 .sp
-Der Eigent\(:umer von Dateien au\(sserhalb des Home\-Verzeichnisses des Benutzers muss per Hand angepasst werden\&.
+Der Eigent\(:umer von Dateien au\(sserhalb des pers\(:onlichen Verzeichnisses des Benutzers muss per Hand angepasst werden\&.
 .sp
 The change of the user ownership of files inside of the user\*(Aqs home directory is also not done if the home dir owner uid is different from the current or new user id\&. This is a safety measure for special home directories such as
 /\&.
@@ -246,7 +246,7 @@ value from
 .PP
 \fB\-v\fR, \fB\-\-add\-subuids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
-Add a range of subordinate uids to the user\*(Aqs account\&.
+f\(:ugt dem Konto des Benutzers einen Bereich untergeordneter Benutzerkennungen zu\&.
 .sp
 This option may be specified multiple times to add multiple ranges to a user\*(Aqs account\&.
 .sp
@@ -259,7 +259,7 @@ from /etc/login\&.defs\&.
 .PP
 \fB\-V\fR, \fB\-\-del\-subuids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
-Remove a range of subordinate uids from the user\*(Aqs account\&.
+entfernt aus dem Benutzerkonto einen Bereich untergeordneter Benutzerkennungen\&.
 .sp
 This option may be specified multiple times to remove multiple ranges to a user\*(Aqs account\&. When both
 \fB\-\-del\-subuids\fR
@@ -276,7 +276,7 @@ from /etc/login\&.defs\&.
 .PP
 \fB\-w\fR, \fB\-\-add\-subgids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
-Add a range of subordinate gids to the user\*(Aqs account\&.
+f\(:ugt dem Benutzerkonto einen Bereich untergeordneter Gruppenkennungen zu\&.
 .sp
 This option may be specified multiple times to add multiple ranges to a user\*(Aqs account\&.
 .sp
@@ -289,7 +289,7 @@ from /etc/login\&.defs\&.
 .PP
 \fB\-W\fR, \fB\-\-del\-subgids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
-Remove a range of subordinate gids from the user\*(Aqs account\&.
+entfernt einen Bereich untergeordneter Gruppenkennungen aus dem Benutzerkonto\&.
 .sp
 This option may be specified multiple times to remove multiple ranges to a user\*(Aqs account\&. When both
 \fB\-\-del\-subgids\fR
@@ -309,6 +309,18 @@ from /etc/login\&.defs\&.
 defines the SELinux user to be mapped with
 \fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
 .RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
+.RE
 .SH "WARNUNGEN"
 .PP
 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
@@ -321,7 +333,7 @@ files or
 \fBat\fR
 jobs manually\&.
 .PP
-Sie m\(:ussen alle \(:Anderung in Bezug auf NIS auf dem NIS\-Server vornehmen\&.
+Sie m\(:ussen alle \(:Anderungen, an welchen NIS beteiligt ist, auf dem NIS\-Server vornehmen\&.
 .SH "KONFIGURATION"
 .PP
 The following configuration variables in
@@ -336,7 +348,7 @@ Group account information
 .PP
 /etc/gshadow
 .RS 4
-Secure group account informatio\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/de/man8/vipw.8 b/man/de/man8/vipw.8
index cbdf0e0..865106c 100644
--- a/man/de/man8/vipw.8
+++ b/man/de/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08.11.2022
-.\"    Manual: Befehle zur Systemverwaltung
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21.06.2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: German
 .\"
-.TH "VIPW" "8" "08.11.2022" "shadow\-utils 4\&.13" "Befehle zur Systemverwaltung"
+.TH "VIPW" "8" "21.06.2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,19 +28,19 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-vipw, vigr \- bearbeitet die Passwort\-, Gruppen\-, Shadow\-Passwort\- oder Shadow\-Gruppen\-Datei
+vipw, vigr \- bearbeitet die Passwort\- und die Gruppendatei in den ungesch\(:utzten und gesch\(:utzen Versionen
 .SH "\(:UBERSICHT"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fIOptionen\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fIOptionen\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "BESCHREIBUNG"
 .PP
 The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
@@ -62,17 +62,17 @@ commands are:
 .PP
 \fB\-g\fR, \fB\-\-group\fR
 .RS 4
-bearbeitet die Gruppendatenbank
+bearbeitet die Daten bez\(:uglich Gruppen\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
-zeigt die Hilfe an und beendet das Programm
+zeigt die Hilfe an und beendet das Programm\&.
 .RE
 .PP
 \fB\-p\fR, \fB\-\-passwd\fR
 .RS 4
-bearbeitet die Passwd\-Datenbank
+bearbeitet die Daten bez\(:uglich Benutzern\&.
 .RE
 .PP
 \fB\-q\fR, \fB\-\-quiet\fR
@@ -91,13 +91,13 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-s\fR, \fB\-\-shadow\fR
 .RS 4
-bearbeitet die Shadow\- oder Gshadow\-Datenbank
+bearbeitet die gesch\(:utzten Dateiversionen\&.
 .RE
 .SH "UMGEBUNGSVARIABLEN"
 .PP
 \fBVISUAL\fR
 .RS 4
-der verwendete Editor
+der zu verwendende Editor
 .RE
 .PP
 \fBEDITOR\fR
@@ -115,7 +115,7 @@ Informationen zu den Gruppenkonten
 .PP
 /etc/gshadow
 .RS 4
-sichere Informationen zu den Gruppenkonten
+gesch\(:utzte Informationen zu den Gruppenkonten
 .RE
 .PP
 /etc/passwd
@@ -125,7 +125,7 @@ Informationen zu den Benutzerkonten
 .PP
 /etc/shadow
 .RS 4
-verschl\(:usselte Informationen zu den Benutzerkonten
+gesch\(:utzte Informationen zu den Benutzerkonten
 .RE
 .SH "SIEHE AUCH"
 .PP
diff --git a/man/es/Makefile.in b/man/es/Makefile.in
index 268739b..2c658c7 100644
--- a/man/es/Makefile.in
+++ b/man/es/Makefile.in
@@ -138,6 +138,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -156,6 +158,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -171,9 +174,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -189,6 +198,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -197,6 +207,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -219,6 +231,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
diff --git a/man/fi/Makefile.in b/man/fi/Makefile.in
index e8ffecc..468fe98 100644
--- a/man/fi/Makefile.in
+++ b/man/fi/Makefile.in
@@ -169,6 +169,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -187,6 +189,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -202,9 +205,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -220,6 +229,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -228,6 +238,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -250,6 +262,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
index 230d212..335e029 100644
--- a/man/fr/Makefile.am
+++ b/man/fr/Makefile.am
@@ -21,7 +21,6 @@ man_MANS = \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -44,6 +43,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
diff --git a/man/fr/Makefile.in b/man/fr/Makefile.in
index fb0cf81..daf92b5 100644
--- a/man/fr/Makefile.in
+++ b/man/fr/Makefile.in
@@ -87,10 +87,11 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@ENABLE_SUBIDS_TRUE@am__append_2 = $(man_subids)
-@USE_PAM_TRUE@am__append_3 = $(man_nopam)
-@ENABLE_SUBIDS_FALSE@am__append_4 = $(man_subids)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@ENABLE_SUBIDS_TRUE@am__append_3 = $(man_subids)
+@USE_PAM_TRUE@am__append_4 = $(man_nopam)
+@ENABLE_SUBIDS_FALSE@am__append_5 = $(man_subids)
 subdir = man/fr
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -178,6 +179,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -196,6 +199,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -211,9 +215,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -229,6 +239,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -237,6 +248,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -259,6 +272,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -334,13 +350,13 @@ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
 	man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
 	man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
-	man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
-	man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
-	man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
-	man8/vipw.8 $(am__append_1) $(am__append_2)
+	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man3/shadow.3 \
+	man5/shadow.5 man1/su.1 man5/suauth.5 man8/useradd.8 \
+	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+	$(am__append_1) $(am__append_2) $(am__append_3)
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
@@ -352,9 +368,11 @@ man_subids = \
 	man5/subgid.5 \
 	man5/subuid.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_3) \
-	$(am__append_4)
+EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_4) \
+	$(am__append_5)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -363,8 +381,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -748,10 +773,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -759,7 +784,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -770,11 +795,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/fr/man1/chage.1 b/man/fr/man1/chage.1
index d802a80..364eb3f 100644
--- a/man/fr/man1/chage.1
+++ b/man/fr/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "CHAGE" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "CHAGE" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -136,6 +136,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
diff --git a/man/fr/man1/chfn.1 b/man/fr/man1/chfn.1
index db9a90c..92452c7 100644
--- a/man/fr/man1/chfn.1
+++ b/man/fr/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "CHFN" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "CHFN" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man1/chsh.1 b/man/fr/man1/chsh.1
index 7b2febd..18f1b65 100644
--- a/man/fr/man1/chsh.1
+++ b/man/fr/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "CHSH" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "CHSH" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "CONFIGURATION"
 .PP
 The following configuration variables in
diff --git a/man/fr/man1/expiry.1 b/man/fr/man1/expiry.1
index c2e1506..0b237a9 100644
--- a/man/fr/man1/expiry.1
+++ b/man/fr/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "EXPIRY" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "EXPIRY" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man1/gpasswd.1 b/man/fr/man1/gpasswd.1
index 2aa65f3..c5042b7 100644
--- a/man/fr/man1/gpasswd.1
+++ b/man/fr/man1/gpasswd.1
@@ -2,12 +2,12 @@
 .\"     Title: gpasswd
 .\"    Author: rafal Maszkowski
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GPASSWD" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "GPASSWD" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 gpasswd \- administer /etc/group and /etc/gshadow
 .SH "SYNOPSIS"
 .HP \w'\fBgpasswd\fR\ 'u
-\fBgpasswd\fR [\fIoption\fR] \fIgroupe\fR
+\fBgpasswd\fR [\fIoption\fR] \fIgroup\fR
 .SH "DESCRIPTION"
 .PP
 The
diff --git a/man/fr/man1/groups.1 b/man/fr/man1/groups.1
index 8fd15f6..09413e5 100644
--- a/man/fr/man1/groups.1
+++ b/man/fr/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GROUPS" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "GROUPS" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groups \- Afficher la liste des groupes auxquels appartient l\*(Aqutilisateur
 .SH "SYNOPSIS"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fIutilisateur\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "DESCRIPTION"
 .PP
 The
diff --git a/man/fr/man1/id.1 b/man/fr/man1/id.1
index 299c749..1f96b2a 100644
--- a/man/fr/man1/id.1
+++ b/man/fr/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "ID" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "ID" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man1/login.1 b/man/fr/man1/login.1
index 99d5a5c..6d30e44 100644
--- a/man/fr/man1/login.1
+++ b/man/fr/man1/login.1
@@ -2,12 +2,12 @@
 .\"     Title: login
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "LOGIN" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "LOGIN" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,9 +31,9 @@
 login \- D\('emarrer une session sur le syst\(`eme
 .SH "SYNOPSIS"
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fInom_utilisateur\fR] [\fIENV=VAR\fR...]
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIusername\fR] [\fIENV=VAR\fR...]
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fInom_utilisateur\fR
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIusername\fR
 .HP \w'\fBlogin\fR\ 'u
 \fBlogin\fR [\-p] \-r\ \fIhost\fR
 .SH "DESCRIPTION"
diff --git a/man/fr/man1/newgidmap.1 b/man/fr/man1/newgidmap.1
index f455868..28bbee3 100644
--- a/man/fr/man1/newgidmap.1
+++ b/man/fr/man1/newgidmap.1
@@ -2,12 +2,12 @@
 .\"     Title: newgidmap
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "NEWGIDMAP" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "NEWGIDMAP" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -74,6 +74,16 @@ before setting
 /proc/[pid]/gid_map\&.
 .PP
 Note that newgidmap may be used only once for a given process\&.
+.PP
+Instead of an integer process id, the first argument may be specified as
+\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory
+/proc/[pid]\&. In this case,
+\fBnewgidmap\fR
+will use
+openat(2)
+to open the
+gid_map
+file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&.
 .SH "OPTIONS"
 .PP
 There currently are no options to the
diff --git a/man/fr/man1/newgrp.1 b/man/fr/man1/newgrp.1
index df5a91e..797403c 100644
--- a/man/fr/man1/newgrp.1
+++ b/man/fr/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "NEWGRP" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "NEWGRP" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newgrp \- se connecter avec un nouveau groupe
 .SH "SYNOPSIS"
 .HP \w'\fBnewgrp\fR\ 'u
-\fBnewgrp\fR [\-] [\fIgroupe\fR]
+\fBnewgrp\fR [\-] [\fIgroup\fR]
 .SH "DESCRIPTION"
 .PP
 The
diff --git a/man/fr/man1/newuidmap.1 b/man/fr/man1/newuidmap.1
index 53dedce..da9c65d 100644
--- a/man/fr/man1/newuidmap.1
+++ b/man/fr/man1/newuidmap.1
@@ -2,12 +2,12 @@
 .\"     Title: newuidmap
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "NEWUIDMAP" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "NEWUIDMAP" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -74,6 +74,16 @@ before setting
 /proc/[pid]/uid_map\&.
 .PP
 Note that newuidmap may be used only once for a given process\&.
+.PP
+Instead of an integer process id, the first argument may be specified as
+\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory
+/proc/[pid]\&. In this case,
+\fBnewuidmap\fR
+will use
+openat(2)
+to open the
+uid_map
+file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&.
 .SH "OPTIONS"
 .PP
 There currently are no options to the
diff --git a/man/fr/man1/passwd.1 b/man/fr/man1/passwd.1
index 6aad0b7..ae6e0cb 100644
--- a/man/fr/man1/passwd.1
+++ b/man/fr/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "PASSWD" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "PASSWD" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
 .PP
 Le nouveau mot de passe sera demand\('e deux fois \(`a l\*(Aqutilisateur\&. Le second mot de passe est compar\('e avec le premier\&. Ces deux mots de passe devront \(^etre identiques pour que le mot de passe soit chang\('e\&.
 .PP
-La complexit\('e de ce mot de passe est alors test\('ee\&. Comme ligne de conduite g\('en\('erale, un mot de passe doit toujours \(^etre constitu\('e de 6 \(`a 8 caract\(`eres en en choisissant un ou plus parmi chacun des ensembles suivants\ \&:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-caract\(`eres alphab\('etiques minuscules
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-chiffres de 0 \(`a 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-marques de ponctuation
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "Astuces pour les mots de passe"
 .PP
 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method
 .PP
 Les compromissions de la s\('ecurit\('e des mots de passe r\('esultent le plus souvent d\*(Aqune n\('egligence dans le choix du mot de passe, ou lors de son utilisation\&. Pour cette raison, vous ne devez pas s\('electionner de mot de passe apparaissant dans un dictionnaire ou devant \(^etre \('ecrit\&. Le mot de passe ne doit pas non plus \(^etre un nom propre, un num\('ero min\('eralogique, une date de naissance, ou une adresse\&. En effet ceux\-ci pourraient \(^etre devin\('es pour violer la s\('ecurit\('e du syst\(`eme\&.
 .PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
 Vous pouvez trouver des conseils sur la fa\(,con de choisir un mot de passe robuste sur http://en\&.wikipedia\&.org/wiki/Password_strength (en anglais)\&.
 .SH "OPTIONS"
 .PP
@@ -175,6 +142,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
 Afficher l\*(Aq\('etat d\*(Aqun compte\&. Cet \('etat est constitu\('e de 7 champs\&. Le premier champ est le nom du compte\&. Le second champ indique si le mot de passe est bloqu\('e (L), n\*(Aqa pas de mot de passe (NP) ou a un mot de passe utilisable (P)\&. Le troisi\(`eme champ donne la date de derni\(`ere modification du mot de passe\&. Les quatre champs suivants sont\ \&: la dur\('ee minimum avant modification, la dur\('ee maximum de validit\('e, la dur\('ee d\*(Aqavertissement, et la dur\('ee d\*(Aqinactivit\('e autoris\('ee pour le mot de passe\&. Les dur\('ees sont exprim\('ees en jours\&.
@@ -205,6 +178,11 @@ as
 \fIMAX_DAYS\fR
 will remove checking a password\*(Aqs validity\&.
 .RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
 .SH "AVERTISSEMENTS"
 .PP
 La v\('erification de la complexit\('e des mots de passe peut varier d\*(Aqun site \(`a l\*(Aqautre\&. Il est vivement conseill\('e aux utilisateurs de choisir un mot de passe aussi complexe que possible dans la limite de ce qu\*(Aqil est capable de m\('emoriser\&.
@@ -277,7 +255,10 @@ invalid argument to option
 .SH "VOIR AUSSI"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/fr/man1/sg.1 b/man/fr/man1/sg.1
index df41480..967e2d3 100644
--- a/man/fr/man1/sg.1
+++ b/man/fr/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SG" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "SG" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man1/su.1 b/man/fr/man1/su.1
index ac2f8ee..2b586fb 100644
--- a/man/fr/man1/su.1
+++ b/man/fr/man1/su.1
@@ -2,12 +2,12 @@
 .\"     Title: su
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes utilisateur
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SU" "1" "08/11/2022" "shadow\-utils 4\&.13" "Commandes utilisateur"
+.TH "SU" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 su \- Changer d\*(Aqidentifiant d\*(Aqutilisateur ou devenir superutilisateur
 .SH "SYNOPSIS"
 .HP \w'\fBsu\fR\ 'u
-\fBsu\fR [\fIoptions\fR] [\fI\-\fR] [\fInom_utilisateur\fR\ [\ \fIargs\fR\ ]]
+\fBsu\fR [\fIoptions\fR] [\fI\-\fR] [\fIusername\fR\ [\ \fIargs\fR\ ]]
 .SH "DESCRIPTION"
 .PP
 The
diff --git a/man/fr/man3/shadow.3 b/man/fr/man3/shadow.3
index d2e598c..1e9729f 100644
--- a/man/fr/man3/shadow.3
+++ b/man/fr/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Appels de biblioth\(`eque
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: Library Calls
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SHADOW" "3" "08/11/2022" "shadow\-utils 4\&.13" "Appels de biblioth\(`eque"
+.TH "SHADOW" "3" "21/06/2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -36,7 +36,7 @@ shadow, getspnam \- routines d\*(Aqutilisation des mots de passe cach\('es
 \fIstruct spwd *getspent();\fR
 .PP
 \fIstruct spwd *getspnam(char\fR
-\fI*nom\fR\fI);\fR
+\fI*name\fR\fI);\fR
 .PP
 \fIvoid setspent();\fR
 .PP
@@ -50,7 +50,7 @@ shadow, getspnam \- routines d\*(Aqutilisation des mots de passe cach\('es
 .PP
 \fIint putspent(struct spwd\fR
 \fI*p,\fR
-\fIFICHIER\fR
+\fIFILE\fR
 \fI*fp\fR\fI);\fR
 .PP
 \fIint lckpwdf();\fR
diff --git a/man/fr/man5/faillog.5 b/man/fr/man5/faillog.5
index 81548d0..e729b0b 100644
--- a/man/fr/man5/faillog.5
+++ b/man/fr/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "FAILLOG" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "FAILLOG" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man5/gshadow.5 b/man/fr/man5/gshadow.5
index 0a39493..120301d 100644
--- a/man/fr/man5/gshadow.5
+++ b/man/fr/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GSHADOW" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "GSHADOW" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ Ce fichier ne doit pas \(^etre accessible en lecture par les utilisateurs normau
 .PP
 Chaque ligne de ce fichier contient les champs suivants, s\('epar\('es par des deux\-points (\(Fo\ \&:\ \&\(Fc)\ \&:
 .PP
-\fBnom du groupe\fR
+\fBgroup name\fR
 .RS 4
 Ce doit \(^etre un nom de groupe valable, qui existe sur le syst\(`eme\&.
 .RE
 .PP
-\fBmot de passe chiffr\('e\fR
+\fBencrypted password\fR
 .RS 4
 Refer to
 \fBcrypt\fR(3)
@@ -63,7 +63,7 @@ This password supersedes any password specified in
 /etc/group\&.
 .RE
 .PP
-\fBadministrateurs\fR
+\fBadministrators\fR
 .RS 4
 Ce champ doit \(^etre une liste d\*(Aqutilisateurs, s\('epar\('es par des virgules\&.
 .sp
@@ -72,7 +72,7 @@ Les administrateurs peuvent modifier le mot de passe ou les membres du groupe\&.
 Les administrateurs peuvent aussi avoir les m\(^emes permissions que les membres (voir ci\-dessous)\&.
 .RE
 .PP
-\fBmembres\fR
+\fBmembers\fR
 .RS 4
 Ce champ doit \(^etre une liste d\*(Aqutilisateurs, s\('epar\('es par des virgules\&.
 .sp
diff --git a/man/fr/man5/limits.5 b/man/fr/man5/limits.5
index 45ad0fb..4589e59 100644
--- a/man/fr/man5/limits.5
+++ b/man/fr/man5/limits.5
@@ -2,12 +2,12 @@
 .\"     Title: limits
 .\"    Author: Luca Berra
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "LIMITS" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LIMITS" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -41,11 +41,11 @@ Par d\('efaut, aucun quota (aucune limite) n\*(Aqest impos\('e \(`a \(Fo\ \&root
 .PP
 Chaque ligne d\('ecrit une limite pour un utilisateur, elle est de la forme suivante\ \&:
 .PP
-\fIutilisateur LISTE_DE_LIMITES\fR
+\fIuser LIMITS_STRING\fR
 .PP
 ou sous la forme\ \&:
 .PP
-\fI@groupe LISTE_DE_LIMITES\fR
+\fI@group LIMITS_STRING\fR
 .PP
 The
 \fILIMITS_STRING\fR
diff --git a/man/fr/man5/login.access.5 b/man/fr/man5/login.access.5
index 42ee60b..0d4767d 100644
--- a/man/fr/man5/login.access.5
+++ b/man/fr/man5/login.access.5
@@ -2,12 +2,12 @@
 .\"     Title: login.access
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "LOGIN\&.ACCESS" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.ACCESS" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man5/login.defs.5 b/man/fr/man5/login.defs.5
index 7b2424a..845e10b 100644
--- a/man/fr/man5/login.defs.5
+++ b/man/fr/man5/login.defs.5
@@ -2,12 +2,12 @@
 .\"     Title: login.defs
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "LOGIN\&.DEFS" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.DEFS" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -192,8 +192,7 @@ USERGROUPS_ENAB
 .PP
 sulogin
 .RS 4
-ENV_HZ
-ENV_TZ
+ENV_HZ ENV_TZ
 .RE
 .PP
 useradd
diff --git a/man/fr/man5/passwd.5 b/man/fr/man5/passwd.5
index 989d092..ea061d6 100644
--- a/man/fr/man5/passwd.5
+++ b/man/fr/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "PASSWD" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PASSWD" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man5/porttime.5 b/man/fr/man5/porttime.5
index b392067..7ea4e73 100644
--- a/man/fr/man5/porttime.5
+++ b/man/fr/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "PORTTIME" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PORTTIME" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man5/shadow.5 b/man/fr/man5/shadow.5
index c482e8a..42c8ed2 100644
--- a/man/fr/man5/shadow.5
+++ b/man/fr/man5/shadow.5
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SHADOW" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SHADOW" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ Ce fichier ne doit pas \(^etre accessible en lecture par les utilisateurs normau
 .PP
 Each line of this file contains 9 fields, separated by colons (\(Fo\ \&:\ \&\(Fc), in the following order:
 .PP
-\fBnom de connexion de l\*(Aqutilisateur (\(Fo\ \&login\ \&\(Fc)\fR
+\fBlogin name\fR
 .RS 4
 Ce doit \(^etre un nom de compte valable, qui existe sur le syst\(`eme\&.
 .RE
 .PP
-\fBmot de passe chiffr\('e\fR
+\fBencrypted password\fR
 .RS 4
 This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the
 /etc/shadow
@@ -59,7 +59,7 @@ If the password field contains some string that is not a valid result of
 \fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
 .RE
 .PP
-\fBdate du dernier changement de mot de passe\fR
+\fBdate of last password change\fR
 .RS 4
 The date of the last password change, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -68,14 +68,14 @@ La valeur 0 a une signification particuli\(`ere\ \&: l\*(Aqutilisateur devra cha
 Un champ vide indique que les fonctionnalit\('es de vieillissement de mot de passe sont d\('esactiv\('ees\&.
 .RE
 .PP
-\fB\(^age minimum du mot de passe\fR
+\fBminimum password age\fR
 .RS 4
 L\*(Aq\(^age minimum du mot de passe est la dur\('ee (en jour) que l\*(Aqutilisateur devra attendre avant de pouvoir le changer de nouveau\&.
 .sp
 An empty field and value 0 mean that there is no minimum password age\&.
 .RE
 .PP
-\fB\(^age maximum du mot de passe\fR
+\fBmaximum password age\fR
 .RS 4
 L\*(Aq\(^age maximum du mot de passe est la dur\('ee (en jour) apr\(`es laquelle l\*(Aqutilisateur devra changer son mot de passe\&.
 .sp
@@ -86,14 +86,14 @@ Un champ vide signifie qu\*(Aqil n\*(Aqy a pour le mot de passe aucune limite d\
 Si l\*(Aq\(^age maximum du mot de passe est plus petit que l\*(Aq\(^age minimum du mot de passe, l\*(Aqutilisateur ne pourra pas changer son mot de passe\&.
 .RE
 .PP
-\fBp\('eriode d\*(Aqavertissement d\*(Aqexpiration du mot de passe\fR
+\fBpassword warning period\fR
 .RS 4
 La dur\('ee (en jour) pendant laquelle l\*(Aqutilisateur sera averti avant que le mot de passe n\*(Aqexpire (voir l\*(Aq\(^age maximum du mot de passe ci\-dessus)\&.
 .sp
 Un champ vide ou une valeur de 0 signifie qu\*(Aqil n\*(Aqy aura pas de p\('eriode d\*(Aqavertissement d\*(Aqexpiration du mot de passe\&.
 .RE
 .PP
-\fBp\('eriode d\*(Aqinactivit\('e du mot de passe\fR
+\fBpassword inactivity period\fR
 .RS 4
 La dur\('ee (en jour) pendant laquelle le mot de passe sera quand m\(^eme accept\('e apr\(`es son expiration (voir l\*(Aq\(^age maximum du mot de passe ci\-dessus)\&. L\*(Aqutilisateur devra mettre \(`a jour son mot de passe \(`a la prochaine connexion\&.
 .sp
@@ -102,7 +102,7 @@ After expiration of the password and this expiration period is elapsed, no login
 Un champ vide signifie qu\*(Aqaucune p\('eriode d\*(Aqinactivit\('e n\*(Aqest impos\('ee\&.
 .RE
 .PP
-\fBdate de fin de validit\('e du compte\fR
+\fBaccount expiration date\fR
 .RS 4
 The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -113,7 +113,7 @@ Un champ vide signifie que le compte n\*(Aqexpirera jamais\&.
 La valeur 0 ne doit pas \(^etre utilis\('ee puisqu\*(Aqelle peut \(^etre interpr\('et\('ee soit comme un compte sans expiration, soit comme ayant expir\('e le 1er\ \&janvier\ \&1970\&.
 .RE
 .PP
-\fBchamp r\('eserv\('e\fR
+\fBreserved field\fR
 .RS 4
 Ce champ est r\('eserv\('e pour une utilisation future\&.
 .RE
diff --git a/man/fr/man5/suauth.5 b/man/fr/man5/suauth.5
index f9f3261..40d7b66 100644
--- a/man/fr/man5/suauth.5
+++ b/man/fr/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SUAUTH" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUAUTH" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man5/subgid.5 b/man/fr/man5/subgid.5
index e564095..a035d5f 100644
--- a/man/fr/man5/subgid.5
+++ b/man/fr/man5/subgid.5
@@ -2,12 +2,12 @@
 .\"     Title: subgid
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SUBGID" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUBGID" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man5/subuid.5 b/man/fr/man5/subuid.5
index c5c6387..ebe9255 100644
--- a/man/fr/man5/subuid.5
+++ b/man/fr/man5/subuid.5
@@ -2,12 +2,12 @@
 .\"     Title: subuid
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SUBUID" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUBUID" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -112,7 +112,7 @@ Backup file for /etc/subuid\&.
 \fBlogin.defs\fR(5),
 \fBnewgidmap\fR(1),
 \fBnewuidmap\fR(1),
-\fBnewusers\fR(1),
+\fBnewusers\fR(8),
 \fBsubgid\fR(5),
 \fBuseradd\fR(8),
 \fBuserdel\fR(8),
diff --git a/man/fr/man8/chgpasswd.8 b/man/fr/man8/chgpasswd.8
index 5fd05f0..f8c454e 100644
--- a/man/fr/man8/chgpasswd.8
+++ b/man/fr/man8/chgpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chgpasswd
 .\"    Author: Thomas K\(/loczko <kloczek@pld.org.pl>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "CHGPASSWD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "CHGPASSWD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -63,7 +63,12 @@ command are:
 .RS 4
 Utiliser la m\('ethode pr\('ecis\('ee pour chiffrer les mots de passe\&.
 .sp
-Les m\('ethodes disponibles sont DES, MD5, NONE et SHA256 ou SHA512 si votre libc prend en charge ces m\('ethodes\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
@@ -94,14 +99,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Utiliser le nombre de rounds pr\('ecis\('e pour chiffrer les mots de passe\&.
 .sp
-La valeur 0 signifie que le syst\(`eme choisira la valeur par d\('efaut du nombre de rounds pour la m\('ethode de chiffrement (5\ \&000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Une valeur minimale de 1\ \&000 et une valeur maximale de 999\ \&999\ \&999 seront impos\('ees\&.
-.sp
-Vous ne pouvez utiliser cette m\('ethode qu\*(Aqavec les m\('ethodes de chiffrement SHA256 ou SHA512\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "AVERTISSEMENTS"
 .PP
diff --git a/man/fr/man8/chpasswd.8 b/man/fr/man8/chpasswd.8
index b31a73b..f5cadc8 100644
--- a/man/fr/man8/chpasswd.8
+++ b/man/fr/man8/chpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chpasswd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "CHPASSWD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "CHPASSWD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -68,7 +68,12 @@ command are:
 .RS 4
 Utiliser la m\('ethode pr\('ecis\('ee pour chiffrer les mots de passe\&.
 .sp
-Les m\('ethodes disponibles sont DES, MD5, NONE et SHA256 ou SHA512 si votre libc prend en charge ces m\('ethodes\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .sp
 By default (if none of the
 \fB\-c\fR,
@@ -106,22 +111,23 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
 .RS 4
 Utiliser le nombre de rounds pr\('ecis\('e pour chiffrer les mots de passe\&.
 .sp
-La valeur 0 signifie que le syst\(`eme choisira la valeur par d\('efaut du nombre de rounds pour la m\('ethode de chiffrement (5\ \&000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Une valeur minimale de 1\ \&000 et une valeur maximale de 999\ \&999\ \&999 seront impos\('ees\&.
-.sp
-Vous ne pouvez utiliser cette m\('ethode qu\*(Aqavec les m\('ethodes de chiffrement SHA256 ou SHA512\&.
-.sp
-By default, the number of rounds is defined by the
-\fBSHA_CRYPT_MIN_ROUNDS\fR
-and
-\fBSHA_CRYPT_MAX_ROUNDS\fR
-variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "AVERTISSEMENTS"
 .PP
diff --git a/man/fr/man8/faillog.8 b/man/fr/man8/faillog.8
index a558b3b..b74b763 100644
--- a/man/fr/man8/faillog.8
+++ b/man/fr/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "FAILLOG" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "FAILLOG" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/groupadd.8 b/man/fr/man8/groupadd.8
index b1d0816..3e9b5a3 100644
--- a/man/fr/man8/groupadd.8
+++ b/man/fr/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GROUPADD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "GROUPADD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/groupdel.8 b/man/fr/man8/groupdel.8
index 40cb607..cab97e8 100644
--- a/man/fr/man8/groupdel.8
+++ b/man/fr/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GROUPDEL" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "GROUPDEL" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- Supprimer un groupe
 .SH "SYNOPSIS"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fIoptions\fR] \fIGROUPE\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "DESCRIPTION"
 .PP
 The
diff --git a/man/fr/man8/groupmems.8 b/man/fr/man8/groupmems.8
index b02ff16..4fc0009 100644
--- a/man/fr/man8/groupmems.8
+++ b/man/fr/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GROUPMEMS" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "GROUPMEMS" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
diff --git a/man/fr/man8/groupmod.8 b/man/fr/man8/groupmod.8
index 763b777..cd40d5f 100644
--- a/man/fr/man8/groupmod.8
+++ b/man/fr/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GROUPMOD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "GROUPMOD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupmod \- Modifier la d\('efinition d\*(Aqun groupe du syst\(`eme
 .SH "SYNOPSIS"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fIoptions\fR] \fIGROUPE\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "DESCRIPTION"
 .PP
 The
diff --git a/man/fr/man8/grpck.8 b/man/fr/man8/grpck.8
index 0bc46ef..a5397b9 100644
--- a/man/fr/man8/grpck.8
+++ b/man/fr/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "GRPCK" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "GRPCK" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 grpck \- V\('erifier l\*(Aqint\('egrit\('e des fichiers d\*(Aqadministration des groupes
 .SH "SYNOPSIS"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [options] [\fIgroupe\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "DESCRIPTION"
 .PP
 The
diff --git a/man/fr/man8/lastlog.8 b/man/fr/man8/lastlog.8
index c3059d1..14bb18b 100644
--- a/man/fr/man8/lastlog.8
+++ b/man/fr/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "LASTLOG" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "LASTLOG" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,5 +130,5 @@ S\*(Aqil y a des trous importants dans les valeurs des UID,
 s\*(Aqex\('ecutera plus lentement, sans affichage \(`a l\*(Aq\('ecran (par exemple, s\*(Aqil n\*(Aqy a pas d\*(Aqentr\('ee pour les utilisateurs ayant un UID compris entre 170 et 800 dans base de donn\('ees lastlog, le programme lastlog semblera bloqu\('e comme s\*(Aqil traitait les entr\('ees correspondant aux UID 171 \(`a 799)\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/fr/man8/logoutd.8 b/man/fr/man8/logoutd.8
index 89caea3..43b07eb 100644
--- a/man/fr/man8/logoutd.8
+++ b/man/fr/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "LOGOUTD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "LOGOUTD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/newusers.8 b/man/fr/man8/newusers.8
index e71f59c..4f07001 100644
--- a/man/fr/man8/newusers.8
+++ b/man/fr/man8/newusers.8
@@ -2,12 +2,12 @@
 .\"     Title: newusers
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "NEWUSERS" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "NEWUSERS" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newusers \- Mettre \(`a jour, ou cr\('eer de nouveaux utilisateurs par lots
 .SH "SYNOPSIS"
 .HP \w'\fBnewusers\fR\ 'u
-\fBnewusers\fR [\fIoptions\fR] [\fIfichier\fR]
+\fBnewusers\fR [\fIoptions\fR] [\fIfile\fR]
 .SH "DESCRIPTION"
 .PP
 The
@@ -168,14 +168,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Utiliser le nombre de rounds pr\('ecis\('e pour chiffrer les mots de passe\&.
 .sp
-La valeur 0 signifie que le syst\(`eme choisira la valeur par d\('efaut du nombre de rounds pour la m\('ethode de chiffrement (5\ \&000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Une valeur minimale de 1\ \&000 et une valeur maximale de 999\ \&999\ \&999 seront impos\('ees\&.
-.sp
-Vous ne pouvez utiliser cette m\('ethode qu\*(Aqavec les m\('ethodes de chiffrement SHA256 ou SHA512\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default is 5000\&.
 .RE
 .SH "AVERTISSEMENTS"
 .PP
diff --git a/man/fr/man8/nologin.8 b/man/fr/man8/nologin.8
index 4dbf3c5..6c14f0d 100644
--- a/man/fr/man8/nologin.8
+++ b/man/fr/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "NOLOGIN" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "NOLOGIN" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/pwck.8 b/man/fr/man8/pwck.8
index 64c3473..3a6b15d 100644
--- a/man/fr/man8/pwck.8
+++ b/man/fr/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "PWCK" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "PWCK" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/pwconv.8 b/man/fr/man8/pwconv.8
index 8f3760c..bd6d678 100644
--- a/man/fr/man8/pwconv.8
+++ b/man/fr/man8/pwconv.8
@@ -2,12 +2,12 @@
 .\"     Title: pwconv
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "PWCONV" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "PWCONV" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/sulogin.8 b/man/fr/man8/sulogin.8
index b66fc3a..82f336c 100644
--- a/man/fr/man8/sulogin.8
+++ b/man/fr/man8/sulogin.8
@@ -2,12 +2,12 @@
 .\"     Title: sulogin
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "SULOGIN" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "SULOGIN" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/useradd.8 b/man/fr/man8/useradd.8
index 0c131ec..544c14d 100644
--- a/man/fr/man8/useradd.8
+++ b/man/fr/man8/useradd.8
@@ -2,12 +2,12 @@
 .\"     Title: useradd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "USERADD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "USERADD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -169,7 +169,11 @@ variable in
 .RS 4
 A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
 \fB\-g\fR
-option\&. The default is for the user to belong only to the initial group\&.
+option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
+\fBGROUPS\fR
+to the file
+/etc/default/useradd
+which in turn will add all users to those supplementary groups\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -194,6 +198,10 @@ variable in
 or, by default,
 /etc/skel\&.
 .sp
+Absolute symlinks that link back to the skel directory will have the
+/etc/skel
+prefix replaced with the user\*(Aqs home directory\&.
+.sp
 Si possible, les ACL et les attributs \('etendus seront copi\('es\&.
 .RE
 .PP
@@ -380,9 +388,21 @@ variable in
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-defines the SELinux user for the new account\&. Without this option, a SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+\fBsemanage\fR(8)
+for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
 \fBsemanage\fR(8)
 for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SS "Modifier les valeurs par d\('efaut"
 .PP
@@ -469,7 +489,7 @@ Usernames may contain only lower and upper case letters, digits, underscores, or
 \fBls\fR
 output\&.
 .PP
-Les noms d\*(Aqutilisateur sont limit\('es \(`a 16 caract\(`eres\&.
+Les noms d\*(Aqutilisateur sont limit\('es \(`a 256 caract\(`eres\&.
 .SH "CONFIGURATION"
 .PP
 The following configuration variables in
diff --git a/man/fr/man8/userdel.8 b/man/fr/man8/userdel.8
index 663fe6b..99084c0 100644
--- a/man/fr/man8/userdel.8
+++ b/man/fr/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "USERDEL" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "USERDEL" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/fr/man8/usermod.8 b/man/fr/man8/usermod.8
index f84304d..17893ea 100644
--- a/man/fr/man8/usermod.8
+++ b/man/fr/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "USERMOD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "USERMOD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -309,6 +309,18 @@ from /etc/login\&.defs\&.
 defines the SELinux user to be mapped with
 \fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
 .RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
+.RE
 .SH "AVERTISSEMENTS"
 .PP
 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
@@ -336,7 +348,7 @@ Group account information
 .PP
 /etc/gshadow
 .RS 4
-Secure group account informatio\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/fr/man8/vipw.8 b/man/fr/man8/vipw.8
index 714fd73..323e95b 100644
--- a/man/fr/man8/vipw.8
+++ b/man/fr/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Commandes de gestion du syst\(`eme
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: French
 .\"
-.TH "VIPW" "8" "08/11/2022" "shadow\-utils 4\&.13" "Commandes de gestion du syst\(`em"
+.TH "VIPW" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -40,7 +40,7 @@ The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
diff --git a/man/generate_mans.mak b/man/generate_mans.mak
index a0721b8..47f906f 100644
--- a/man/generate_mans.mak
+++ b/man/generate_mans.mak
@@ -1,3 +1,8 @@
+if HAVE_VENDORDIR
+VENDORDIR_COND=with_vendordir
+else
+VENDORDIR_COND=without_vendordir
+endif
 if USE_PAM
 PAM_COND=pam
 else
@@ -20,12 +25,34 @@ else
 SHA_CRYPT_COND=no_sha_crypt
 endif
 
+if USE_BCRYPT
+BCRYPT_COND=bcrypt
+else
+BCRYPT_COND=no_bcrypt
+endif
+
+if USE_YESCRYPT
+YESCRYPT_COND=yescrypt
+else
+YESCRYPT_COND=no_yescrypt
+endif
+
 if ENABLE_SUBIDS
 SUBIDS_COND=subids
 else
 SUBIDS_COND=no_subids
 endif
 
+if ENABLE_LASTLOG
+if !USE_PAM
+LASTLOG_COND=lastlog
+else
+LASTLOG_COND=no_lastlog
+endif
+else
+LASTLOG_COND=no_lastlog
+endif
+
 if ENABLE_REGENERATE_MAN
 %.xml-config: %.xml
 	if grep -q SHADOW-CONFIG-HERE $<; then \
@@ -35,11 +62,13 @@ if ENABLE_REGENERATE_MAN
 	fi
 
 man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 	            --param "man.authors.section.enabled" "0" \
 	            --stringparam "man.output.base.dir" "" \
+	            --stringparam vendordir "$(VENDORDIR)" \
 	            --param "man.output.in.separate.dir" "1" \
-	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+	            --path "$(srcdir)/login.defs.d" \
+	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 clean-local:
 	rm -rf man1 man3 man5 man8
diff --git a/man/generate_translations.mak b/man/generate_translations.mak
index eb9ac41..4c3beb9 100644
--- a/man/generate_translations.mak
+++ b/man/generate_translations.mak
@@ -6,10 +6,10 @@ config.xml: ../config.xml.in
 	cp ../config.xml $@
 
 messages.mo: ../po/$(LANG).po
-	msgfmt ../po/$(LANG).po -o messages.mo
+	msgfmt $< -o messages.mo
 
 login.defs.d:
-	ln -sf ../login.defs.d login.defs.d
+	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 %.xml: ../%.xml messages.mo login.defs.d
 	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -17,7 +17,7 @@ login.defs.d:
 	else \
 	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 	fi
-	itstool -d -l $(LANG) -m messages.mo -o . $@
+	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 include ../generate_mans.mak
diff --git a/man/gpasswd.1.xml b/man/gpasswd.1.xml
index e0d9c0d..9b89d91 100644
--- a/man/gpasswd.1.xml
+++ b/man/gpasswd.1.xml
@@ -6,10 +6,12 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
 <!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 
diff --git a/man/groupmems.8.xml b/man/groupmems.8.xml
index 7d06c8b..cbc8462 100644
--- a/man/groupmems.8.xml
+++ b/man/groupmems.8.xml
@@ -167,7 +167,7 @@
     <programlisting>
 	$ groupadd -r groups
 	$ chmod 2710 groupmems
-	$ chown root.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems -g groups -a gk4
     </programlisting>
   </refsect1>
diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
index e659aef..205bb0a 100644
--- a/man/hu/Makefile.am
+++ b/man/hu/Makefile.am
@@ -5,7 +5,6 @@ man_MANS = \
 	man1/chsh.1 \
 	man1/gpasswd.1 \
 	man1/groups.1 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man1/newgrp.1 \
 	man1/passwd.1 \
@@ -13,5 +12,9 @@ man_MANS = \
 	man1/sg.1 \
 	man1/su.1
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 EXTRA_DIST = $(man_MANS)
  
diff --git a/man/hu/Makefile.in b/man/hu/Makefile.in
index 6785ad3..45fc8eb 100644
--- a/man/hu/Makefile.in
+++ b/man/hu/Makefile.in
@@ -87,6 +87,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
 subdir = man/hu
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -172,6 +173,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -190,6 +193,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -205,9 +209,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -223,6 +233,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -231,6 +242,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -253,6 +266,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -324,18 +340,9 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-man_MANS = \
-	man1/chsh.1 \
-	man1/gpasswd.1 \
-	man1/groups.1 \
-	man8/lastlog.8 \
-	man1/login.1 \
-	man1/newgrp.1 \
-	man1/passwd.1 \
-	man5/passwd.5 \
-	man1/sg.1 \
-	man1/su.1
-
+man_MANS = man1/chsh.1 man1/gpasswd.1 man1/groups.1 man1/login.1 \
+	man1/newgrp.1 man1/passwd.1 man5/passwd.5 man1/sg.1 man1/su.1 \
+	$(am__append_1)
 EXTRA_DIST = $(man_MANS)
 all: all-am
 
diff --git a/man/id/Makefile.in b/man/id/Makefile.in
index 504ea4b..79a0521 100644
--- a/man/id/Makefile.in
+++ b/man/id/Makefile.in
@@ -170,6 +170,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -188,6 +190,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -203,9 +206,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -221,6 +230,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -229,6 +239,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -251,6 +263,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
diff --git a/man/it/Makefile.am b/man/it/Makefile.am
index 94460aa..b76187f 100644
--- a/man/it/Makefile.am
+++ b/man/it/Makefile.am
@@ -21,7 +21,6 @@ man_MANS = \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -44,6 +43,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
diff --git a/man/it/Makefile.in b/man/it/Makefile.in
index 46f6a42..dd69471 100644
--- a/man/it/Makefile.in
+++ b/man/it/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/it
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -176,6 +177,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -194,6 +197,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -209,9 +213,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -227,6 +237,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -235,6 +246,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -257,6 +270,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -332,20 +348,22 @@ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
 	man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
 	man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
-	man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
-	man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
-	man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
-	man8/vipw.8 $(am__append_1)
+	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man3/shadow.3 \
+	man5/shadow.5 man1/su.1 man5/suauth.5 man8/useradd.8 \
+	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+	$(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
 	man5/porttime.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_2)
+EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_3)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -354,8 +372,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -739,10 +764,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -750,7 +775,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -761,11 +786,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/it/man1/chage.1 b/man/it/man1/chage.1
index 442048a..d5a2742 100644
--- a/man/it/man1/chage.1
+++ b/man/it/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "CHAGE" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "CHAGE" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chage \- cambia le informazioni sulla scadenza della password
 .SH "SINOSSI"
 .HP \w'\fBchage\fR\ 'u
-\fBchage\fR [\fIopzioni\fR] \fILOGIN\fR
+\fBchage\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "DESCRIZIONE"
 .PP
 The
@@ -136,6 +136,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
diff --git a/man/it/man1/chfn.1 b/man/it/man1/chfn.1
index 2fcce5e..0664118 100644
--- a/man/it/man1/chfn.1
+++ b/man/it/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "CHFN" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "CHFN" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chfn \- cambia il nome dell\*(Aqutente e altre informazioni
 .SH "SINOSSI"
 .HP \w'\fBchfn\fR\ 'u
-\fBchfn\fR [\fIopzioni\fR] [\fILOGIN\fR]
+\fBchfn\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man1/chsh.1 b/man/it/man1/chsh.1
index 61b0ffe..77e7d3e 100644
--- a/man/it/man1/chsh.1
+++ b/man/it/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "CHSH" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "CHSH" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chsh \- cambia la shell di login
 .SH "SINOSSI"
 .HP \w'\fBchsh\fR\ 'u
-\fBchsh\fR [\fIopzioni\fR] [\fILOGIN\fR]
+\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "DESCRIZIONE"
 .PP
 The
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "CONFIGURAZIONE"
 .PP
 The following configuration variables in
diff --git a/man/it/man1/expiry.1 b/man/it/man1/expiry.1
index b7922ee..378c08c 100644
--- a/man/it/man1/expiry.1
+++ b/man/it/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "EXPIRY" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "EXPIRY" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 expiry \- controlla e fa rispettare la scadenza della password
 .SH "SINOSSI"
 .HP \w'\fBexpiry\fR\ 'u
-\fBexpiry\fR \fIopzione\fR
+\fBexpiry\fR \fIoption\fR
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man1/gpasswd.1 b/man/it/man1/gpasswd.1
index e6d24a9..6ef70d0 100644
--- a/man/it/man1/gpasswd.1
+++ b/man/it/man1/gpasswd.1
@@ -2,12 +2,12 @@
 .\"     Title: gpasswd
 .\"    Author: Rafal Maszkowski
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GPASSWD" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "GPASSWD" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 gpasswd \- administer /etc/group and /etc/gshadow
 .SH "SINOSSI"
 .HP \w'\fBgpasswd\fR\ 'u
-\fBgpasswd\fR [\fIopzione\fR] \fIgruppo\fR
+\fBgpasswd\fR [\fIoption\fR] \fIgroup\fR
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man1/groups.1 b/man/it/man1/groups.1
index 351bd43..ead76d6 100644
--- a/man/it/man1/groups.1
+++ b/man/it/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GROUPS" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "GROUPS" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groups \- mostra i nomi dei gruppi correnti
 .SH "SINOSSI"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fIutente\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man1/id.1 b/man/it/man1/id.1
index 2e8b950..2197f9b 100644
--- a/man/it/man1/id.1
+++ b/man/it/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "ID" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "ID" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man1/login.1 b/man/it/man1/login.1
index b3a0fff..d35d2b4 100644
--- a/man/it/man1/login.1
+++ b/man/it/man1/login.1
@@ -2,12 +2,12 @@
 .\"     Title: login
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "LOGIN" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "LOGIN" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,9 +31,9 @@
 login \- apre una sessione sul sistema
 .SH "SINOSSI"
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fInome\fR] [\fIENV=VAR\fR...]
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIusername\fR] [\fIENV=VAR\fR...]
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fInome\fR
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIusername\fR
 .HP \w'\fBlogin\fR\ 'u
 \fBlogin\fR [\-p] \-r\ \fIhost\fR
 .SH "DESCRIZIONE"
diff --git a/man/it/man1/newgrp.1 b/man/it/man1/newgrp.1
index 45d7489..f661d12 100644
--- a/man/it/man1/newgrp.1
+++ b/man/it/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "NEWGRP" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "NEWGRP" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newgrp \- effettua l\*(Aqaccesso a un nuovo gruppo
 .SH "SINOSSI"
 .HP \w'\fBnewgrp\fR\ 'u
-\fBnewgrp\fR [\-] [\fIgruppo\fR]
+\fBnewgrp\fR [\-] [\fIgroup\fR]
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man1/passwd.1 b/man/it/man1/passwd.1
index 2c7d110..6f32ad2 100644
--- a/man/it/man1/passwd.1
+++ b/man/it/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "PASSWD" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "PASSWD" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 passwd \- cambia la password utente
 .SH "SINOSSI"
 .HP \w'\fBpasswd\fR\ 'u
-\fBpasswd\fR [\fIopzioni\fR] [\fILOGIN\fR]
+\fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "DESCRIZIONE"
 .PP
 The
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
 .PP
 All\*(Aqutente viene quindi chiesto di inserire la nuova password due volte\&. Le due password sono confrontate e devono essere uguali affinch\('e la password venga accettata\&.
 .PP
-Quindi viene misurata la complessit\(`a della password\&. In linea di massima le password dovrebbero contenere dai 6 agli 8 caratteri, includendovi uno o pi\(`u caratteri da ciascuno dei seguenti insiemi:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-lettere minuscole
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-numeri da 0 a 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-segni di punteggiatura
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "Suggerimenti per password utente"
 .PP
 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method
 .PP
 La compromissione di una password avviene normalmente a seguito di incuria nella scelta o nella gestione della password\&. Per questo motivo non si devono utilizzare password che appaiono nei dizionari o che devono essere scritte\&. La password non deve essere uno nome proprio, il numero della patente, la data di nascita o l\*(Aqindirizzo\&. Uno qualunque di questi potrebbe essere indovinato per violare la sicurezza del sistema\&.
 .PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
 You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
 .SH "OPZIONI"
 .PP
@@ -175,6 +142,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
 Visualizza le informazioni sullo stato di un account\&. Lo stato consiste di 7 campi\&. Il primo campo \(`e il nome dell\*(Aqutente\&. Il secondo campo indica se l\*(Aqaccount ha una password bloccata (L), non ha password (NP) o ha una password valida (P)\&. Il terzo campo contiene la data di ultima modifica della password\&. I successivi quattro campi sono l\*(Aqet\(`a minima, la massima, il periodo di avviso e quello di inattivit\(`a\&. Queste et\(`a sono espresse in giorni\&.
@@ -205,6 +178,11 @@ as
 \fIMAX_DAYS\fR
 will remove checking a password\*(Aqs validity\&.
 .RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
 .SH "AVVISI/CAVEAT"
 .PP
 Il controllo della complessit\(`a delle password varia da sistema a sistema\&. All\*(Aqutente \(`e caldamente consigliato si utilizzare una password che ritenga sufficientemente complessa\&.
@@ -277,7 +255,10 @@ invalid argument to option
 .SH "VEDERE ANCHE"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/it/man1/sg.1 b/man/it/man1/sg.1
index 27348bb..a938344 100644
--- a/man/it/man1/sg.1
+++ b/man/it/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "SG" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "SG" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man1/su.1 b/man/it/man1/su.1
index d259195..cfc0d91 100644
--- a/man/it/man1/su.1
+++ b/man/it/man1/su.1
@@ -2,12 +2,12 @@
 .\"     Title: su
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi utente
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "SU" "1" "08/11/2022" "shadow\-utils 4\&.13" "Comandi utente"
+.TH "SU" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 su \- cambia ID utente o diventa amministratore
 .SH "SINOSSI"
 .HP \w'\fBsu\fR\ 'u
-\fBsu\fR [\fIopzioni\fR] [\fI\-\fR] [\fInome\fR\ [\ \fIargs\fR\ ]]
+\fBsu\fR [\fIoptions\fR] [\fI\-\fR] [\fIusername\fR\ [\ \fIargs\fR\ ]]
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man3/shadow.3 b/man/it/man3/shadow.3
index 7516107..54c3738 100644
--- a/man/it/man3/shadow.3
+++ b/man/it/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Chiamate di libreria
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: Library Calls
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "SHADOW" "3" "08/11/2022" "shadow\-utils 4\&.13" "Chiamate di libreria"
+.TH "SHADOW" "3" "21/06/2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -36,7 +36,7 @@ shadow, getspnam \- routine per file delle password cifrate
 \fIstruct spwd *getspent();\fR
 .PP
 \fIstruct spwd *getspnam(char\fR
-\fI*nome\fR\fI);\fR
+\fI*name\fR\fI);\fR
 .PP
 \fIvoid setspent();\fR
 .PP
diff --git a/man/it/man5/faillog.5 b/man/it/man5/faillog.5
index 3da2352..c5f659c 100644
--- a/man/it/man5/faillog.5
+++ b/man/it/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "FAILLOG" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "FAILLOG" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man5/gshadow.5 b/man/it/man5/gshadow.5
index a8cf154..3032d1d 100644
--- a/man/it/man5/gshadow.5
+++ b/man/it/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GSHADOW" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "GSHADOW" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ Questo file non deve essere leggibile dagli utenti normali se si vuole mantenere
 .PP
 Ogni riga di questo file contiene questi campi separati da due punti:
 .PP
-\fBnome del gruppo\fR
+\fBgroup name\fR
 .RS 4
 Deve essere un nome di gruppo valido, che esista nel sistema\&.
 .RE
 .PP
-\fBpassword cifrata\fR
+\fBencrypted password\fR
 .RS 4
 Refer to
 \fBcrypt\fR(3)
@@ -63,7 +63,7 @@ This password supersedes any password specified in
 /etc/group\&.
 .RE
 .PP
-\fBamministratori\fR
+\fBadministrators\fR
 .RS 4
 Deve essere una lista di nomi utente separati da virgole\&.
 .sp
@@ -72,7 +72,7 @@ Gli amministratori possono cambiare la password o i membri del gruppo\&.
 Gli amministratori hanno anche gli stessi permessi dei membri (vedere sotto),
 .RE
 .PP
-\fBmembri\fR
+\fBmembers\fR
 .RS 4
 Deve essere una lista di nomi utente separati da virgole\&.
 .sp
diff --git a/man/it/man5/limits.5 b/man/it/man5/limits.5
index 02fa5e6..951285b 100644
--- a/man/it/man5/limits.5
+++ b/man/it/man5/limits.5
@@ -2,12 +2,12 @@
 .\"     Title: limits
 .\"    Author: Luca Berra
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "LIMITS" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LIMITS" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -41,11 +41,11 @@ In maniera predefinita non c\*(Aq\(`e nessun limite alla quota di \(Foroot\(Fc\&
 .PP
 Ogni riga descrive un limite per l\*(Aqutente in questo formato:
 .PP
-\fIutente TESTO_LIMITE\fR
+\fIuser LIMITS_STRING\fR
 .PP
 oppure nel formato:
 .PP
-\fI@gruppo TESTO_LIMITE\fR
+\fI@group LIMITS_STRING\fR
 .PP
 The
 \fILIMITS_STRING\fR
diff --git a/man/it/man5/login.access.5 b/man/it/man5/login.access.5
index 0c6d858..e38d2b7 100644
--- a/man/it/man5/login.access.5
+++ b/man/it/man5/login.access.5
@@ -2,12 +2,12 @@
 .\"     Title: login.access
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "LOGIN\&.ACCESS" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.ACCESS" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man5/login.defs.5 b/man/it/man5/login.defs.5
index e75949f..3dbd8ec 100644
--- a/man/it/man5/login.defs.5
+++ b/man/it/man5/login.defs.5
@@ -2,12 +2,12 @@
 .\"     Title: login.defs
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "LOGIN\&.DEFS" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.DEFS" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -192,8 +192,7 @@ USERGROUPS_ENAB
 .PP
 sulogin
 .RS 4
-ENV_HZ
-ENV_TZ
+ENV_HZ ENV_TZ
 .RE
 .PP
 useradd
diff --git a/man/it/man5/passwd.5 b/man/it/man5/passwd.5
index c7e21d1..01c241e 100644
--- a/man/it/man5/passwd.5
+++ b/man/it/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "PASSWD" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PASSWD" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man5/porttime.5 b/man/it/man5/porttime.5
index 103f944..5003271 100644
--- a/man/it/man5/porttime.5
+++ b/man/it/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "PORTTIME" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PORTTIME" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man5/shadow.5 b/man/it/man5/shadow.5
index bff6caa..6f73d44 100644
--- a/man/it/man5/shadow.5
+++ b/man/it/man5/shadow.5
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "SHADOW" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SHADOW" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ Questo file non deve essere leggibile dagli utenti normali se si vuole mantenere
 .PP
 Each line of this file contains 9 fields, separated by colons (\(Fo:\(Fc), in the following order:
 .PP
-\fBnome di login\fR
+\fBlogin name\fR
 .RS 4
 Deve essere un nome valido di un account esistente nel sistema\&.
 .RE
 .PP
-\fBpassword cifrata\fR
+\fBencrypted password\fR
 .RS 4
 This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the
 /etc/shadow
@@ -59,7 +59,7 @@ If the password field contains some string that is not a valid result of
 \fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
 .RE
 .PP
-\fBdata dell\*(Aqultimo cambio di password\fR
+\fBdate of last password change\fR
 .RS 4
 The date of the last password change, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -68,14 +68,14 @@ The value 0 has a special meaning, which is that the user should change her pass
 Un campo vuoto implica che la scadenza della password \(`e disabilitata\&.
 .RE
 .PP
-\fBet\(`a minima password\fR
+\fBminimum password age\fR
 .RS 4
 L\*(Aqet\(`a minima password \(`e il numero di giorni che l\*(Aqutente dovr\(`a attendere prima di poter cambiare nuovamente la propria password\&.
 .sp
 An empty field and value 0 mean that there is no minimum password age\&.
 .RE
 .PP
-\fBet\(`a massima password\fR
+\fBmaximum password age\fR
 .RS 4
 L\*(Aqet\(`a massima password \(`e il numero di giorni dopo il quale l\*(Aqutente deve cambiare la propria password\&.
 .sp
@@ -86,14 +86,14 @@ Un campo vuoto indica che non ci sono una et\(`a massima password, un periodo di
 Se l\*(Aqet\(`a massima password \(`e minore dell\*(Aqet\(`a minima password, l\*(Aqutente non pu\(`o cambiare la propria password\&.
 .RE
 .PP
-\fBperiodo avviso password\fR
+\fBpassword warning period\fR
 .RS 4
 Il numero di giorni prima della scadenza di una password (vedere et\(`a massima password, sopra) durante il quale l\*(Aqutente riceve un avviso\&.
 .sp
 Un campo vuoto e il valore 0 indicano che non c\*(Aq\(`e un periodo di avviso password\&.
 .RE
 .PP
-\fBperiodo inattivit\(`a password\fR
+\fBpassword inactivity period\fR
 .RS 4
 Il numero di giorni dopo la scadenza della password (vedere et\(`a massima password, sopra) durante il quale la password \(`e ancora accettata (e l\*(Aqutente dovrebbe aggiornare la propria password al primo accesso)\&.
 .sp
@@ -102,7 +102,7 @@ After expiration of the password and this expiration period is elapsed, no login
 Un campo vuoto implica che non \(`e applicato il periodo di inattivit\(`a\&.
 .RE
 .PP
-\fBdata scadenza account\fR
+\fBaccount expiration date\fR
 .RS 4
 The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -113,7 +113,7 @@ Un campo vuoto implica che l\*(Aqaccount non scade mai\&.
 Il valore 0 non andrebbe usato perch\('e potrebbe essere interpretato come account che non scade o come scaduto il 1 gennaio 1970\&.
 .RE
 .PP
-\fBcampo riservato\fR
+\fBreserved field\fR
 .RS 4
 Questo campo \(`e riservato per uso futuro\&.
 .RE
diff --git a/man/it/man5/suauth.5 b/man/it/man5/suauth.5
index 9740c69..1b00ff1 100644
--- a/man/it/man5/suauth.5
+++ b/man/it/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
+.\"      Date: 21/06/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "SUAUTH" "5" "08/11/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUAUTH" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man8/chgpasswd.8 b/man/it/man8/chgpasswd.8
index 8e889fd..381d588 100644
--- a/man/it/man8/chgpasswd.8
+++ b/man/it/man8/chgpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chgpasswd
 .\"    Author: Thomas K\(/loczko <kloczek@pld.org.pl>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "CHGPASSWD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "CHGPASSWD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chgpasswd \- aggiorna le password di gruppo in modalit\(`a non interattiva
 .SH "SINOSSI"
 .HP \w'\fBchgpasswd\fR\ 'u
-\fBchgpasswd\fR [\fIopzioni\fR]
+\fBchgpasswd\fR [\fIoptions\fR]
 .SH "DESCRIZIONE"
 .PP
 The
@@ -63,7 +63,12 @@ command are:
 .RS 4
 Utilizza il metodo specificato per cifrare le password\&.
 .sp
-I metodi disponibili sono DES, MD5, NONE e SHA256 o SHA512 se la propria libc lo consente\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
@@ -94,14 +99,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Usa il numero specificato di cicli per cifrare la password\&.
 .sp
-Il valore 0 indica che il sistema utilizzer\(`a il numero predefinito di cicli per il metodo crypt (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-I valori minimo di 1\&.000 e massimo di 999\&.999\&.999 sono forzati\&.
-.sp
-Si pu\(`o utilizzare questa opzione solo con i metodi di cifratura SHA256 o SHA512\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "AVVISI/CAVEAT"
 .PP
diff --git a/man/it/man8/chpasswd.8 b/man/it/man8/chpasswd.8
index fbbf955..15b22f5 100644
--- a/man/it/man8/chpasswd.8
+++ b/man/it/man8/chpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chpasswd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "CHPASSWD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "CHPASSWD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chpasswd \- aggiorna le password in modo non interattivo
 .SH "SINOSSI"
 .HP \w'\fBchpasswd\fR\ 'u
-\fBchpasswd\fR [\fIopzioni\fR]
+\fBchpasswd\fR [\fIoptions\fR]
 .SH "DESCRIZIONE"
 .PP
 The
@@ -68,7 +68,12 @@ command are:
 .RS 4
 Utilizza il metodo specificato per cifrare le password\&.
 .sp
-I metodi disponibili sono DES, MD5, NONE e SHA256 o SHA512 se la propria libc lo consente\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .sp
 By default (if none of the
 \fB\-c\fR,
@@ -106,22 +111,23 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
 .RS 4
 Usa il numero specificato di cicli per cifrare la password\&.
 .sp
-Il valore 0 indica che il sistema utilizzer\(`a il numero predefinito di cicli per il metodo crypt (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-I valori minimo di 1\&.000 e massimo di 999\&.999\&.999 sono forzati\&.
-.sp
-Si pu\(`o utilizzare questa opzione solo con i metodi di cifratura SHA256 o SHA512\&.
-.sp
-By default, the number of rounds is defined by the
-\fBSHA_CRYPT_MIN_ROUNDS\fR
-and
-\fBSHA_CRYPT_MAX_ROUNDS\fR
-variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "AVVISI/CAVEAT"
 .PP
diff --git a/man/it/man8/faillog.8 b/man/it/man8/faillog.8
index b6e565d..d31a17b 100644
--- a/man/it/man8/faillog.8
+++ b/man/it/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "FAILLOG" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "FAILLOG" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 faillog \- mostra le registrazioni e imposta i limiti degli accessi falliti
 .SH "SINOSSI"
 .HP \w'\fBfaillog\fR\ 'u
-\fBfaillog\fR [\fIopzioni\fR]
+\fBfaillog\fR [\fIoptions\fR]
 .SH "DESCRIZIONE"
 .PP
 \fBfaillog\fR
diff --git a/man/it/man8/groupadd.8 b/man/it/man8/groupadd.8
index b0904e3..b977609 100644
--- a/man/it/man8/groupadd.8
+++ b/man/it/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GROUPADD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "GROUPADD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupadd \- crea un nuovo gruppo
 .SH "SINOSSI"
 .HP \w'\fBgroupadd\fR\ 'u
-\fBgroupadd\fR [\fIOPZIONI\fR] \fINEWGROUP\fR
+\fBgroupadd\fR [\fIOPTIONS\fR] \fINEWGROUP\fR
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man8/groupdel.8 b/man/it/man8/groupdel.8
index aab0a5f..6b4b592 100644
--- a/man/it/man8/groupdel.8
+++ b/man/it/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GROUPDEL" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "GROUPDEL" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- rimuove un gruppo
 .SH "SINOSSI"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fIopzioni\fR] \fIGRUPPO\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man8/groupmems.8 b/man/it/man8/groupmems.8
index f5371ec..9b2c0e2 100644
--- a/man/it/man8/groupmems.8
+++ b/man/it/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GROUPMEMS" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "GROUPMEMS" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
diff --git a/man/it/man8/groupmod.8 b/man/it/man8/groupmod.8
index 8616864..b7ae6c1 100644
--- a/man/it/man8/groupmod.8
+++ b/man/it/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GROUPMOD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "GROUPMOD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupmod \- modifica la definizione di un gruppo del sistema
 .SH "SINOSSI"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fIopzioni\fR] \fIGRUPPO\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man8/grpck.8 b/man/it/man8/grpck.8
index 3f28d21..063f3d1 100644
--- a/man/it/man8/grpck.8
+++ b/man/it/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "GRPCK" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "GRPCK" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 grpck \- verifica l\*(Aqintegrit\(`a dei file dei gruppi
 .SH "SINOSSI"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [opzioni] [\fIgruppo\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man8/lastlog.8 b/man/it/man8/lastlog.8
index d743e9f..8faa923 100644
--- a/man/it/man8/lastlog.8
+++ b/man/it/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "LASTLOG" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "LASTLOG" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 lastlog \- riepiloga gli accessi pi\(`u recenti di tutti gli utenti o dell\*(Aqutente dato
 .SH "SINOSSI"
 .HP \w'\fBlastlog\fR\ 'u
-\fBlastlog\fR [\fIopzioni\fR]
+\fBlastlog\fR [\fIoptions\fR]
 .SH "DESCRIZIONE"
 .PP
 \fBlastlog\fR
@@ -129,5 +129,5 @@ Database degli orari dei precedenti accessi utente\&.
 Se ci sono dei grossi scarti tra i valori di UID, il programma lastlog pu\(`o restare in esecuzione per un tempo prolungato senza produrre output sullo schermo (ad es\&. se nel database lastlog non ci sono registrazioni per UID tra 170 e 800, il programma sembrer\(`a bloccato mentre esamina gli UID tra 171 e 799)\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/it/man8/logoutd.8 b/man/it/man8/logoutd.8
index a923e96..b60132b 100644
--- a/man/it/man8/logoutd.8
+++ b/man/it/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "LOGOUTD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "LOGOUTD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man8/newusers.8 b/man/it/man8/newusers.8
index 0ed541d..651dada 100644
--- a/man/it/man8/newusers.8
+++ b/man/it/man8/newusers.8
@@ -2,12 +2,12 @@
 .\"     Title: newusers
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "NEWUSERS" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "NEWUSERS" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newusers \- aggiorna e crea nuovi utenti in blocco
 .SH "SINOSSI"
 .HP \w'\fBnewusers\fR\ 'u
-\fBnewusers\fR [\fIopzioni\fR] [\fIfile\fR]
+\fBnewusers\fR [\fIoptions\fR] [\fIfile\fR]
 .SH "DESCRIZIONE"
 .PP
 The
@@ -168,14 +168,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Usa il numero specificato di cicli per cifrare la password\&.
 .sp
-Il valore 0 indica che il sistema utilizzer\(`a il numero predefinito di cicli per il metodo crypt (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-I valori minimo di 1\&.000 e massimo di 999\&.999\&.999 sono forzati\&.
-.sp
-Si pu\(`o utilizzare questa opzione solo con i metodi di cifratura SHA256 o SHA512\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default is 5000\&.
 .RE
 .SH "AVVISI/CAVEAT"
 .PP
diff --git a/man/it/man8/nologin.8 b/man/it/man8/nologin.8
index 47bcec0..10c276a 100644
--- a/man/it/man8/nologin.8
+++ b/man/it/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "NOLOGIN" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "NOLOGIN" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man8/pwck.8 b/man/it/man8/pwck.8
index 6eaff15..9c4d3e7 100644
--- a/man/it/man8/pwck.8
+++ b/man/it/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "PWCK" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "PWCK" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pwck \- verify the integrity of password files
 .SH "SINOSSI"
 .HP \w'\fBpwck\fR\ 'u
-\fBpwck\fR [opzioni] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
+\fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man8/pwconv.8 b/man/it/man8/pwconv.8
index d648856..b1bea59 100644
--- a/man/it/man8/pwconv.8
+++ b/man/it/man8/pwconv.8
@@ -2,12 +2,12 @@
 .\"     Title: pwconv
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "PWCONV" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "PWCONV" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,13 +31,13 @@
 pwconv, pwunconv, grpconv, grpunconv \- convertono a e da password e gruppi shadow\&.
 .SH "SINOSSI"
 .HP \w'\fBpwconv\fR\ 'u
-\fBpwconv\fR [\fIopzioni\fR]
+\fBpwconv\fR [\fIoptions\fR]
 .HP \w'\fBpwunconv\fR\ 'u
-\fBpwunconv\fR [\fIopzioni\fR]
+\fBpwunconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpconv\fR\ 'u
-\fBgrpconv\fR [\fIopzioni\fR]
+\fBgrpconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpunconv\fR\ 'u
-\fBgrpunconv\fR [\fIopzioni\fR]
+\fBgrpunconv\fR [\fIoptions\fR]
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man8/sulogin.8 b/man/it/man8/sulogin.8
index ce28661..0feea13 100644
--- a/man/it/man8/sulogin.8
+++ b/man/it/man8/sulogin.8
@@ -2,12 +2,12 @@
 .\"     Title: sulogin
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "SULOGIN" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "SULOGIN" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/it/man8/useradd.8 b/man/it/man8/useradd.8
index bdf759e..9810e72 100644
--- a/man/it/man8/useradd.8
+++ b/man/it/man8/useradd.8
@@ -2,12 +2,12 @@
 .\"     Title: useradd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "USERADD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "USERADD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,11 +31,11 @@
 useradd \- crea un nuovo utente o aggiorna le informazioni predefinite per i nuovi utenti
 .SH "SINOSSI"
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR [\fIopzioni\fR] \fILOGIN\fR
+\fBuseradd\fR [\fIoptions\fR] \fILOGIN\fR
 .HP \w'\fBuseradd\fR\ 'u
 \fBuseradd\fR \-D
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR \-D [\fIopzioni\fR]
+\fBuseradd\fR \-D [\fIoptions\fR]
 .SH "DESCRIZIONE"
 .PP
 When invoked without the
@@ -169,7 +169,11 @@ variable in
 .RS 4
 A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
 \fB\-g\fR
-option\&. The default is for the user to belong only to the initial group\&.
+option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
+\fBGROUPS\fR
+to the file
+/etc/default/useradd
+which in turn will add all users to those supplementary groups\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -194,6 +198,10 @@ variable in
 or, by default,
 /etc/skel\&.
 .sp
+Absolute symlinks that link back to the skel directory will have the
+/etc/skel
+prefix replaced with the user\*(Aqs home directory\&.
+.sp
 Se possibile vengono copiate le ACL e gli attributi estesi\&.
 .RE
 .PP
@@ -380,9 +388,21 @@ variable in
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-defines the SELinux user for the new account\&. Without this option, a SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+\fBsemanage\fR(8)
+for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
 \fBsemanage\fR(8)
 for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SS "Cambiare i valori predefiniti"
 .PP
@@ -469,7 +489,7 @@ Usernames may contain only lower and upper case letters, digits, underscores, or
 \fBls\fR
 output\&.
 .PP
-I nomi utente non possono eccedere i 32 caratteri di lunghezza\&.
+I nomi utente non possono eccedere i 256 caratteri di lunghezza\&.
 .SH "CONFIGURAZIONE"
 .PP
 The following configuration variables in
diff --git a/man/it/man8/userdel.8 b/man/it/man8/userdel.8
index e82dc8f..439567d 100644
--- a/man/it/man8/userdel.8
+++ b/man/it/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "USERDEL" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "USERDEL" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 userdel \- rimuove l\*(Aqaccount di un utente ed i file relativi
 .SH "SINOSSI"
 .HP \w'\fBuserdel\fR\ 'u
-\fBuserdel\fR [opzioni] \fILOGIN\fR
+\fBuserdel\fR [options] \fILOGIN\fR
 .SH "DESCRIZIONE"
 .PP
 The
diff --git a/man/it/man8/usermod.8 b/man/it/man8/usermod.8
index ecb29e9..45432d1 100644
--- a/man/it/man8/usermod.8
+++ b/man/it/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "USERMOD" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "USERMOD" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 usermod \- modifica l\*(Aqaccount di un utente
 .SH "SINOSSI"
 .HP \w'\fBusermod\fR\ 'u
-\fBusermod\fR [\fIopzioni\fR] \fILOGIN\fR
+\fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "DESCRIZIONE"
 .PP
 The
@@ -309,6 +309,18 @@ from /etc/login\&.defs\&.
 defines the SELinux user to be mapped with
 \fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
 .RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
+.RE
 .SH "AVVISI/CAVEAT"
 .PP
 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
@@ -336,7 +348,7 @@ Group account information
 .PP
 /etc/gshadow
 .RS 4
-Secure group account informatio\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/it/man8/vipw.8 b/man/it/man8/vipw.8
index 609ca65..25c8127 100644
--- a/man/it/man8/vipw.8
+++ b/man/it/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Comandi per la gestione del sistema
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Italian
 .\"
-.TH "VIPW" "8" "08/11/2022" "shadow\-utils 4\&.13" "Comandi per la gestione del si"
+.TH "VIPW" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,16 @@
 vipw, vigr \- modifica i file delle password, dei gruppi, delle password shadow o dei gruppi shadow
 .SH "SINOSSI"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fIopzioni\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fIopzioni\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "DESCRIZIONE"
 .PP
 The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
diff --git a/man/its.rules b/man/its.rules
new file mode 100644
index 0000000..d6f7299
--- /dev/null
+++ b/man/its.rules
@@ -0,0 +1,16 @@
+<its:rules version="2.0" xmlns:its="http://www.w3.org/2005/11/its">
+  <its:withinTextRule withinText="yes"
+  		selector="//b
+			| //em
+			| //i
+			| //citerefentry
+			| //command
+			| //emphasis
+			| //envar
+			| //filename
+			| //manvolnum
+			| //option
+			| //replacable
+			| //replaceable
+			| //refentrytitle"/>
+</its:rules>
diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
index ffb75a9..13f18da 100644
--- a/man/ja/Makefile.am
+++ b/man/ja/Makefile.am
@@ -17,7 +17,6 @@ man_MANS = \
 	man8/grpck.8 \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -38,6 +37,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
diff --git a/man/ja/Makefile.in b/man/ja/Makefile.in
index 1caa670..9ef122d 100644
--- a/man/ja/Makefile.in
+++ b/man/ja/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/ja
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -174,6 +175,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -192,6 +195,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -207,9 +211,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -225,6 +235,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -233,6 +244,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -255,6 +268,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -329,19 +345,19 @@ top_srcdir = @top_srcdir@
 man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \
 	man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \
 	man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/groups.1 \
-	man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
-	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \
-	man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \
-	man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1)
+	man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man1/passwd.1 man5/passwd.5 man8/pwck.8 man8/pwconv.8 \
+	man8/pwunconv.8 man1/sg.1 man5/shadow.5 man1/su.1 \
+	man5/suauth.5 man8/useradd.8 man8/userdel.8 man8/usermod.8 \
+	man8/vigr.8 man8/vipw.8 $(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
 	man5/porttime.5
 
 EXTRA_DIST = $(man_MANS) man1/id.1 man3/shadow.3 man8/sulogin.8 \
-	$(am__append_2)
+	$(am__append_3)
 all: all-am
 
 .SUFFIXES:
diff --git a/man/ko/Makefile.in b/man/ko/Makefile.in
index 661e1e8..cabdc54 100644
--- a/man/ko/Makefile.in
+++ b/man/ko/Makefile.in
@@ -172,6 +172,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -190,6 +192,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -205,9 +208,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -223,6 +232,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -231,6 +241,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -253,6 +265,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
diff --git a/man/lastlog.8.xml b/man/lastlog.8.xml
index 7a4ba96..6700791 100644
--- a/man/lastlog.8.xml
+++ b/man/lastlog.8.xml
@@ -211,8 +211,8 @@
       to hang as it processes entries with UIDs 171-799).
     </para>
     <para>
-      Having high UIDs can create problems when handling the <term><filename>
-      /var/log/lastlog</filename></term> with external tools. Although the
+      Having high UIDs can create problems when handling the <filename>
+      /var/log/lastlog</filename> with external tools. Although the
       actual file is sparse and does not use too much space, certain
       applications are not designed to identify sparse files by default and may
       require a specific option to handle them.
diff --git a/man/login.1.xml b/man/login.1.xml
index fbfbbf1..0826b1f 100644
--- a/man/login.1.xml
+++ b/man/login.1.xml
@@ -277,7 +277,7 @@
       &CONSOLE;
       &CONSOLE_GROUPS;
       &DEFAULT_HOME;
-      <phrase condition="no_pam">&ENV_HZ;</phrase>
+      &ENV_HZ;
       <phrase>&ENV_PATH;</phrase>
       <phrase>&ENV_SUPATH;</phrase>
       &ENV_TZ;
diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
index ab62fa8..05ef512 100644
--- a/man/login.defs.5.xml
+++ b/man/login.defs.5.xml
@@ -7,6 +7,7 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" 
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY CHFN_AUTH             SYSTEM "login.defs.d/CHFN_AUTH.xml">
 <!ENTITY CHFN_RESTRICT         SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
 <!ENTITY CHSH_AUTH             SYSTEM "login.defs.d/CHSH_AUTH.xml">
@@ -74,6 +75,7 @@
 <!ENTITY USERDEL_CMD           SYSTEM "login.defs.d/USERDEL_CMD.xml">
 <!ENTITY USERGROUPS_ENAB       SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
 <!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
+<!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 
@@ -145,6 +147,7 @@
     <para>The following configuration items are provided:</para>
 
     <variablelist remap='IP'>
+      &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
       &CHFN_AUTH;
       &CHFN_RESTRICT;
       &CHSH_AUTH;
@@ -218,6 +221,7 @@
       &USERDEL_CMD;
       &USERGROUPS_ENAB;
       &USE_TCB;
+      &YESCRYPT_COST_FACTOR;
     </variablelist>
   </refsect1>
 
@@ -249,9 +253,12 @@
 	<term>chgpasswd</term>
 	<listitem>
 	  <para>
+	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+	    BCRYPT_MIN_ROUNDS</phrase>
 	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
 	    SHA_CRYPT_MIN_ROUNDS</phrase>
+	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
 	</listitem>
       </varlistentry>
@@ -259,10 +266,13 @@
 	<term>chpasswd</term>
 	<listitem>
 	  <para>
+	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+	    BCRYPT_MIN_ROUNDS</phrase>
 	    <phrase condition="no_pam">ENCRYPT_METHOD
 	    MD5_CRYPT_ENAB </phrase>
 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
 	    SHA_CRYPT_MIN_ROUNDS</phrase>
+	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
 	</listitem>
       </varlistentry>
@@ -280,9 +290,12 @@
 	<term>gpasswd</term>
 	<listitem>
 	  <para>
+	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+	    BCRYPT_MIN_ROUNDS</phrase>
 	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
 	    SHA_CRYPT_MIN_ROUNDS</phrase>
+	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
 	</listitem>
       </varlistentry>
@@ -380,6 +393,8 @@
 	<term>newusers</term>
 	<listitem>
 	  <para>
+	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+	    BCRYPT_MIN_ROUNDS</phrase>
 	    ENCRYPT_METHOD
 	    GID_MAX GID_MIN
 	    MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
@@ -391,6 +406,7 @@
 	    SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
 	    SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
 	    UMASK
+	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
 	</listitem>
       </varlistentry>
@@ -399,10 +415,13 @@
 	<term>passwd</term>
 	<listitem>
 	  <para>
+	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+	    BCRYPT_MIN_ROUNDS</phrase>
 	    ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
 	    PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
 	    SHA_CRYPT_MIN_ROUNDS</phrase>
+	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
 	</listitem>
       </varlistentry>
@@ -449,12 +468,12 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry>
+      <varlistentry condition="no_pam">
 	<term>sulogin</term>
 	<listitem>
 	  <para>
 	    ENV_HZ
-	    <phrase condition="no_pam">ENV_TZ</phrase>
+	    ENV_TZ
 	  </para>
 	</listitem>
       </varlistentry>
diff --git a/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml
new file mode 100644
index 0000000..81ee5c9
--- /dev/null
+++ b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml
@@ -0,0 +1,40 @@
+<!--
+   SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
+   SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="bcrypt">
+  <term><option>BCRYPT_MIN_ROUNDS</option> (number)</term>
+  <term><option>BCRYPT_MAX_ROUNDS</option> (number)</term>
+  <listitem>
+    <para>
+      When <option>ENCRYPT_METHOD</option> is set to
+      <replaceable>BCRYPT</replaceable>, this defines the number of
+      BCRYPT rounds used by the encryption algorithm by default (when the
+      number of rounds is not specified on the command line).
+    </para>
+    <para>
+      With a lot of rounds, it is more difficult to brute force the
+      password. But note also that more CPU resources will be needed to
+      authenticate users.
+    </para>
+    <para>
+      The values must be inside the 4-31 range.
+    </para>
+    <para>
+      If only one of the <option>BCRYPT_MIN_ROUNDS</option> or
+      <option>BCRYPT_MAX_ROUNDS</option> values is set, then this value
+      will be used.
+    </para>
+    <para>
+      If <option>BCRYPT_MIN_ROUNDS</option> &gt;
+      <option>BCRYPT_MAX_ROUNDS</option>, the highest value will be
+      used.
+    </para>
+    <para condition="pam">
+      Note: This only affect the generation of group passwords.
+      The generation of user passwords is done by PAM and subject to the
+      PAM configuration. It is recommended to set this variable
+      consistently with the PAM configuration.
+    </para>
+  </listitem>
+</varlistentry>
diff --git a/man/login.defs.d/CONSOLE_GROUPS.xml b/man/login.defs.d/CONSOLE_GROUPS.xml
index 0fd874c..1875bc6 100644
--- a/man/login.defs.d/CONSOLE_GROUPS.xml
+++ b/man/login.defs.d/CONSOLE_GROUPS.xml
@@ -4,7 +4,7 @@
    SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
    SPDX-License-Identifier: BSD-3-Clause
 -->
-<varlistentry>
+<varlistentry condition="no_pam">
   <term><option>CONSOLE_GROUPS</option> (string)</term>
   <listitem>
     <para>
diff --git a/man/login.defs.d/ENCRYPT_METHOD.xml b/man/login.defs.d/ENCRYPT_METHOD.xml
index 85dd79b..531ce04 100644
--- a/man/login.defs.d/ENCRYPT_METHOD.xml
+++ b/man/login.defs.d/ENCRYPT_METHOD.xml
@@ -10,11 +10,13 @@
       passwords (if no algorithm are specified on the command line).
     </para>
     <para>
-      It can take one of these values:
+      It can take one of these values: <phrase condition="bcrypt">
+      <replaceable>BCRYPT</replaceable>,</phrase>
       <replaceable>DES</replaceable> (default),
       <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
       <replaceable>SHA256</replaceable>,
-      <replaceable>SHA512</replaceable></phrase>.
+      <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+      <replaceable>YESCRYPT</replaceable></phrase>.
       MD5 and DES should not be used for new hashes, see
       <refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
       for recommendations.
diff --git a/man/login.defs.d/ENV_HZ.xml b/man/login.defs.d/ENV_HZ.xml
index daf1752..e1298cb 100644
--- a/man/login.defs.d/ENV_HZ.xml
+++ b/man/login.defs.d/ENV_HZ.xml
@@ -4,8 +4,7 @@
    SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
    SPDX-License-Identifier: BSD-3-Clause
 -->
-<varlistentry>
-  <!-- XXX: When compiled with PAM support, only sulogin uses ENV_HZ -->
+<varlistentry condition="no_pam">
   <term><option>ENV_HZ</option> (string)</term>
   <listitem>
     <para>
@@ -14,10 +13,6 @@
       <replaceable>HZ=</replaceable>. A common value on Linux is
       <replaceable>HZ=100</replaceable>.
     </para>
-    <para condition="pam">
-      The <envar>HZ</envar> environment variable is only set when the user
-      (the superuser) logs in with <command>sulogin</command>.
-    </para>
     <!-- TODO: it can in fact be used to set any other variable-->
   </listitem>
 </varlistentry>
diff --git a/man/login.defs.d/PASS_WARN_AGE.xml b/man/login.defs.d/PASS_WARN_AGE.xml
index 0feeb7e..f55afaf 100644
--- a/man/login.defs.d/PASS_WARN_AGE.xml
+++ b/man/login.defs.d/PASS_WARN_AGE.xml
@@ -9,8 +9,8 @@
   <listitem>
     <para>
       The number of days warning given before a password expires. A zero
-      means warning is given only upon the day of expiration, a negative
-      value means no warning is given. If not specified, no warning will
+      means warning is given only upon the day of expiration, a value of
+      -1 means no warning is given. If not specified, no warning will
       be provided.
     </para>
   </listitem>
diff --git a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
index 43972d7..a22c324 100644
--- a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
+++ b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
@@ -14,7 +14,7 @@
       of rounds is not specified on the command line).
     </para>
     <para>
-      With a lot of rounds, it is more difficult to brute forcing the
+      With a lot of rounds, it is more difficult to brute force the
       password. But note also that more CPU resources will be needed to
       authenticate users.
     </para>
diff --git a/man/login.defs.d/TTYGROUP.xml b/man/login.defs.d/TTYGROUP.xml
index e7cb53d..8e0a9e8 100644
--- a/man/login.defs.d/TTYGROUP.xml
+++ b/man/login.defs.d/TTYGROUP.xml
@@ -14,15 +14,16 @@
       <option>TTYPERM</option>.
     </para>
     <para>
-      By default, the ownership of the terminal is set to the user's
-      primary group and the permissions are set to
-      <replaceable>0600</replaceable>.
-    </para>
-    <para>
       <option>TTYGROUP</option> can be either the name of a group or a
       numeric group identifier.
     </para>
     <para>
+      If TTYGROUP is not defined, then the group ownership of the terminal is
+      set to the user's primary group.  If TTYPERM is not defined, then the
+      permissions are set to
+      <replaceable>0600</replaceable>.
+    </para>
+    <para>
       If you have a <command>write</command> program which is "setgid" to
       a special group which owns the terminals, define TTYGROUP to the
       group number and TTYPERM to 0620.  Otherwise leave TTYGROUP
diff --git a/man/login.defs.d/YESCRYPT_COST_FACTOR.xml b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml
new file mode 100644
index 0000000..b9c5314
--- /dev/null
+++ b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml
@@ -0,0 +1,29 @@
+<!--
+   SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
+   SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="yescrypt">
+  <term><option>YESCRYPT_COST_FACTOR</option> (number)</term>
+  <listitem>
+    <para>
+      When <option>ENCRYPT_METHOD</option> is set to
+      <replaceable>YESCRYPT</replaceable>, this defines the cost factor
+      used by the encryption algorithm by default (when the cost factor
+      is not specified on the command line).
+    </para>
+    <para>
+      With a high cost factor, it is more difficult to brute force the
+      password. But note also that more CPU resources will be needed to
+      authenticate users.
+    </para>
+    <para>
+      The value must be inside the 1-11 range.
+    </para>
+    <para condition="pam">
+      Note: This only affect the generation of group passwords.
+      The generation of user passwords is done by PAM and subject to the
+      PAM configuration. It is recommended to set this variable
+      consistently with the PAM configuration.
+    </para>
+  </listitem>
+</varlistentry>
diff --git a/man/man1/chage.1 b/man/man1/chage.1
index 37f72d1..0998ae8 100644
--- a/man/man1/chage.1
+++ b/man/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "CHAGE" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "CHAGE" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -136,6 +136,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
diff --git a/man/man1/chfn.1 b/man/man1/chfn.1
index d73f7f1..315f32b 100644
--- a/man/man1/chfn.1
+++ b/man/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "CHFN" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "CHFN" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man1/chsh.1 b/man/man1/chsh.1
index 97458a4..597f3ff 100644
--- a/man/man1/chsh.1
+++ b/man/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "CHSH" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "CHSH" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "CONFIGURATION"
 .PP
 The following configuration variables in
diff --git a/man/man1/expiry.1 b/man/man1/expiry.1
index 6f5a120..93dc97d 100644
--- a/man/man1/expiry.1
+++ b/man/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "EXPIRY" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "EXPIRY" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man1/getsubids.1 b/man/man1/getsubids.1
index 2d92334..fa026b0 100644
--- a/man/man1/getsubids.1
+++ b/man/man1/getsubids.1
@@ -2,12 +2,12 @@
 .\"     Title: getsubids
 .\"    Author: Iker Pedrosa
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GETSUBIDS" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "GETSUBIDS" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man1/gpasswd.1 b/man/man1/gpasswd.1
index e11bcdf..68810fc 100644
--- a/man/man1/gpasswd.1
+++ b/man/man1/gpasswd.1
@@ -2,12 +2,12 @@
 .\"     Title: gpasswd
 .\"    Author: Rafal Maszkowski
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GPASSWD" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "GPASSWD" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -196,7 +196,7 @@ is set to
 or
 \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
 .sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
 .sp
 If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
 .sp
diff --git a/man/man1/groups.1 b/man/man1/groups.1
index 7b9fbf2..473f1ee 100644
--- a/man/man1/groups.1
+++ b/man/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GROUPS" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "GROUPS" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man1/id.1 b/man/man1/id.1
index 010db36..34eb349 100644
--- a/man/man1/id.1
+++ b/man/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "ID" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "ID" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man1/login.1 b/man/man1/login.1
index eaa39db..36028e8 100644
--- a/man/man1/login.1
+++ b/man/man1/login.1
@@ -2,12 +2,12 @@
 .\"     Title: login
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "LOGIN" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "LOGIN" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -375,12 +375,12 @@ The terminal permissions: the login tty will be owned by the
 group, and the permissions will be set to
 \fBTTYPERM\fR\&.
 .sp
-By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to
-\fI0600\fR\&.
-.sp
 \fBTTYGROUP\fR
 can be either the name of a group or a numeric group identifier\&.
 .sp
+If TTYGROUP is not defined, then the group ownership of the terminal is set to the user\*(Aqs primary group\&. If TTYPERM is not defined, then the permissions are set to
+\fI0600\fR\&.
+.sp
 If you have a
 \fBwrite\fR
 program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&.
diff --git a/man/man1/newgidmap.1 b/man/man1/newgidmap.1
index c60cf7f..7328aef 100644
--- a/man/man1/newgidmap.1
+++ b/man/man1/newgidmap.1
@@ -2,12 +2,12 @@
 .\"     Title: newgidmap
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "NEWGIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "NEWGIDMAP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -74,6 +74,16 @@ before setting
 /proc/[pid]/gid_map\&.
 .PP
 Note that newgidmap may be used only once for a given process\&.
+.PP
+Instead of an integer process id, the first argument may be specified as
+\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory
+/proc/[pid]\&. In this case,
+\fBnewgidmap\fR
+will use
+openat(2)
+to open the
+gid_map
+file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&.
 .SH "OPTIONS"
 .PP
 There currently are no options to the
diff --git a/man/man1/newgrp.1 b/man/man1/newgrp.1
index 312e6ca..04cf7e7 100644
--- a/man/man1/newgrp.1
+++ b/man/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "NEWGRP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "NEWGRP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man1/newuidmap.1 b/man/man1/newuidmap.1
index d4dda67..71b7226 100644
--- a/man/man1/newuidmap.1
+++ b/man/man1/newuidmap.1
@@ -2,12 +2,12 @@
 .\"     Title: newuidmap
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "NEWUIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "NEWUIDMAP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -74,6 +74,16 @@ before setting
 /proc/[pid]/uid_map\&.
 .PP
 Note that newuidmap may be used only once for a given process\&.
+.PP
+Instead of an integer process id, the first argument may be specified as
+\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory
+/proc/[pid]\&. In this case,
+\fBnewuidmap\fR
+will use
+openat(2)
+to open the
+uid_map
+file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&.
 .SH "OPTIONS"
 .PP
 There currently are no options to the
diff --git a/man/man1/passwd.1 b/man/man1/passwd.1
index cc1a46e..04a48c2 100644
--- a/man/man1/passwd.1
+++ b/man/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "PASSWD" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "PASSWD" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
 .PP
 The user is then prompted twice for a replacement password\&. The second entry is compared against the first and both are required to match in order for the password to be changed\&.
 .PP
-Then, the password is tested for complexity\&. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-lower case alphabetics
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-digits 0 thru 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-punctuation marks
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "Hints for user passwords"
 .PP
 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method
 .PP
 Compromises in password security normally result from careless password selection or handling\&. For this reason, you should not select a password which appears in a dictionary or which must be written down\&. The password should also not be a proper name, your license number, birth date, or street address\&. Any of these may be used as guesses to violate system security\&.
 .PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
 You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
 .SH "OPTIONS"
 .PP
@@ -175,6 +142,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
 Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&.
@@ -205,6 +178,11 @@ as
 \fIMAX_DAYS\fR
 will remove checking a password\*(Aqs validity\&.
 .RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
 .SH "CAVEATS"
 .PP
 Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&.
@@ -282,7 +260,7 @@ is set to
 or
 \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
 .sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
 .sp
 If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
 .sp
@@ -361,7 +339,10 @@ invalid argument to option
 .SH "SEE ALSO"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/man1/sg.1 b/man/man1/sg.1
index 860c58e..1e104ab 100644
--- a/man/man1/sg.1
+++ b/man/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SG" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "SG" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man1/su.1 b/man/man1/su.1
index a7c5cb3..ebd2629 100644
--- a/man/man1/su.1
+++ b/man/man1/su.1
@@ -2,12 +2,12 @@
 .\"     Title: su
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: User Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SU" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "SU" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man3/shadow.3 b/man/man3/shadow.3
index 4249c5d..8489607 100644
--- a/man/man3/shadow.3
+++ b/man/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: Library Calls
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SHADOW" "3" "11/08/2022" "shadow\-utils 4\&.13" "Library Calls"
+.TH "SHADOW" "3" "06/21/2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/faillog.5 b/man/man5/faillog.5
index 63a0df8..ebf45b9 100644
--- a/man/man5/faillog.5
+++ b/man/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "FAILLOG" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "FAILLOG" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/gshadow.5 b/man/man5/gshadow.5
index 663c4c3..c3cdbea 100644
--- a/man/man5/gshadow.5
+++ b/man/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas François <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GSHADOW" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "GSHADOW" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/limits.5 b/man/man5/limits.5
index 46c5432..e2f1611 100644
--- a/man/man5/limits.5
+++ b/man/man5/limits.5
@@ -2,12 +2,12 @@
 .\"     Title: limits
 .\"    Author: Luca Berra
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "LIMITS" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LIMITS" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/login.access.5 b/man/man5/login.access.5
index 37d57b2..f7d5bc7 100644
--- a/man/man5/login.access.5
+++ b/man/man5/login.access.5
@@ -2,12 +2,12 @@
 .\"     Title: login.access
 .\"    Author: Marek Michałkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "LOGIN\&.ACCESS" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.ACCESS" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/login.defs.5 b/man/man5/login.defs.5
index 350870e..7852241 100644
--- a/man/man5/login.defs.5
+++ b/man/man5/login.defs.5
@@ -2,12 +2,12 @@
 .\"     Title: login.defs
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "LOGIN\&.DEFS" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.DEFS" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -417,7 +417,7 @@ The minimum number of days allowed between password changes\&. Any password chan
 .PP
 \fBPASS_WARN_AGE\fR (number)
 .RS 4
-The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a value of \-1 means no warning is given\&. If not specified, no warning will be provided\&.
 .RE
 .PP
 \fBPASS_MAX_DAYS\fR,
@@ -458,7 +458,7 @@ is set to
 or
 \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
 .sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
 .sp
 If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
 .sp
@@ -595,12 +595,12 @@ The terminal permissions: the login tty will be owned by the
 group, and the permissions will be set to
 \fBTTYPERM\fR\&.
 .sp
-By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to
-\fI0600\fR\&.
-.sp
 \fBTTYGROUP\fR
 can be either the name of a group or a numeric group identifier\&.
 .sp
+If TTYGROUP is not defined, then the group ownership of the terminal is set to the user\*(Aqs primary group\&. If TTYPERM is not defined, then the permissions are set to
+\fI0600\fR\&.
+.sp
 If you have a
 \fBwrite\fR
 program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&.
@@ -844,8 +844,7 @@ USERGROUPS_ENAB
 .PP
 sulogin
 .RS 4
-ENV_HZ
-ENV_TZ
+ENV_HZ ENV_TZ
 .RE
 .PP
 useradd
diff --git a/man/man5/passwd.5 b/man/man5/passwd.5
index d1171d3..83c203f 100644
--- a/man/man5/passwd.5
+++ b/man/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "PASSWD" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PASSWD" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/porttime.5 b/man/man5/porttime.5
index b9f9e3d..f59c016 100644
--- a/man/man5/porttime.5
+++ b/man/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "PORTTIME" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PORTTIME" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/shadow.5 b/man/man5/shadow.5
index 5ab04b8..706aa2b 100644
--- a/man/man5/shadow.5
+++ b/man/man5/shadow.5
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SHADOW" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SHADOW" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/suauth.5 b/man/man5/suauth.5
index 7c7729c..533961d 100644
--- a/man/man5/suauth.5
+++ b/man/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Michałkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SUAUTH" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUAUTH" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/subgid.5 b/man/man5/subgid.5
index 73b8617..5471ab7 100644
--- a/man/man5/subgid.5
+++ b/man/man5/subgid.5
@@ -2,12 +2,12 @@
 .\"     Title: subgid
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SUBGID" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUBGID" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man5/subuid.5 b/man/man5/subuid.5
index 655fbb9..1e6ba8a 100644
--- a/man/man5/subuid.5
+++ b/man/man5/subuid.5
@@ -2,12 +2,12 @@
 .\"     Title: subuid
 .\"    Author: Eric Biederman
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SUBUID" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUBUID" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -112,7 +112,7 @@ Backup file for /etc/subuid\&.
 \fBlogin.defs\fR(5),
 \fBnewgidmap\fR(1),
 \fBnewuidmap\fR(1),
-\fBnewusers\fR(1),
+\fBnewusers\fR(8),
 \fBsubgid\fR(5),
 \fBuseradd\fR(8),
 \fBuserdel\fR(8),
diff --git a/man/man8/chgpasswd.8 b/man/man8/chgpasswd.8
index 67c1325..b65edaf 100644
--- a/man/man8/chgpasswd.8
+++ b/man/man8/chgpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chgpasswd
 .\"    Author: Thomas KÅ‚oczko <kloczek@pld.org.pl>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "CHGPASSWD" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "CHGPASSWD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -63,7 +63,12 @@ command are:
 .RS 4
 Use the specified method to encrypt the passwords\&.
 .sp
-The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
@@ -94,14 +99,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Use the specified number of rounds to encrypt the passwords\&.
 .sp
-The value 0 means that the system will choose the default number of rounds for the crypt method (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-A minimal value of 1000 and a maximal value of 999,999,999 will be enforced\&.
-.sp
-You can only use this option with the SHA256 or SHA512 crypt method\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "CAVEATS"
 .PP
@@ -170,7 +174,7 @@ is set to
 or
 \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
 .sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
 .sp
 If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
 .sp
diff --git a/man/man8/chpasswd.8 b/man/man8/chpasswd.8
index 67b4156..107f4ae 100644
--- a/man/man8/chpasswd.8
+++ b/man/man8/chpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chpasswd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "CHPASSWD" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "CHPASSWD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -68,7 +68,12 @@ command are:
 .RS 4
 Use the specified method to encrypt the passwords\&.
 .sp
-The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .sp
 By default (if none of the
 \fB\-c\fR,
@@ -106,22 +111,23 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
 .RS 4
 Use the specified number of rounds to encrypt the passwords\&.
 .sp
-The value 0 means that the system will choose the default number of rounds for the crypt method (5000)\&.
-.sp
-A minimal value of 1000 and a maximal value of 999,999,999 will be enforced\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-You can only use this option with the SHA256 or SHA512 crypt method\&.
-.sp
-By default, the number of rounds is defined by the
-\fBSHA_CRYPT_MIN_ROUNDS\fR
-and
-\fBSHA_CRYPT_MAX_ROUNDS\fR
-variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "CAVEATS"
 .PP
@@ -173,7 +179,7 @@ is set to
 or
 \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
 .sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
 .sp
 If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
 .sp
diff --git a/man/man8/faillog.8 b/man/man8/faillog.8
index dd2285c..b5042c2 100644
--- a/man/man8/faillog.8
+++ b/man/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "FAILLOG" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "FAILLOG" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/groupadd.8 b/man/man8/groupadd.8
index af8afcf..9ab8fb2 100644
--- a/man/man8/groupadd.8
+++ b/man/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GROUPADD" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "GROUPADD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/groupdel.8 b/man/man8/groupdel.8
index c9d5176..8503eba 100644
--- a/man/man8/groupdel.8
+++ b/man/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GROUPDEL" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "GROUPDEL" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/groupmems.8 b/man/man8/groupmems.8
index febe008..3518fc0 100644
--- a/man/man8/groupmems.8
+++ b/man/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GROUPMEMS" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "GROUPMEMS" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
diff --git a/man/man8/groupmod.8 b/man/man8/groupmod.8
index 371e6b1..a1e695c 100644
--- a/man/man8/groupmod.8
+++ b/man/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GROUPMOD" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "GROUPMOD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/grpck.8 b/man/man8/grpck.8
index 22a372d..f408294 100644
--- a/man/man8/grpck.8
+++ b/man/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "GRPCK" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "GRPCK" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/lastlog.8 b/man/man8/lastlog.8
index ee7adca..1bbda99 100644
--- a/man/man8/lastlog.8
+++ b/man/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "LASTLOG" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "LASTLOG" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -137,5 +137,5 @@ Database times of previous user logins\&.
 Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i\&.e\&. if in lastlog database there is no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171\-799)\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/man8/logoutd.8 b/man/man8/logoutd.8
index 115fe28..6f7a8de 100644
--- a/man/man8/logoutd.8
+++ b/man/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "LOGOUTD" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "LOGOUTD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/newusers.8 b/man/man8/newusers.8
index 58c05d8..560ca0c 100644
--- a/man/man8/newusers.8
+++ b/man/man8/newusers.8
@@ -2,12 +2,12 @@
 .\"     Title: newusers
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "NEWUSERS" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "NEWUSERS" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -168,14 +168,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Use the specified number of rounds to encrypt the passwords\&.
 .sp
-The value 0 means that the system will choose the default number of rounds for the crypt method (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-A minimal value of 1000 and a maximal value of 999,999,999 will be enforced\&.
-.sp
-You can only use this option with the SHA256 or SHA512 crypt method\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default is 5000\&.
 .RE
 .SH "CAVEATS"
 .PP
@@ -272,7 +271,7 @@ The minimum number of days allowed between password changes\&. Any password chan
 .PP
 \fBPASS_WARN_AGE\fR (number)
 .RS 4
-The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a value of \-1 means no warning is given\&. If not specified, no warning will be provided\&.
 .RE
 .PP
 \fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number)
@@ -284,7 +283,7 @@ is set to
 or
 \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
 .sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
 .sp
 If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
 .sp
diff --git a/man/man8/nologin.8 b/man/man8/nologin.8
index cc1c114..64131b7 100644
--- a/man/man8/nologin.8
+++ b/man/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas François <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "NOLOGIN" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "NOLOGIN" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/pwck.8 b/man/man8/pwck.8
index 834cc83..53fb29e 100644
--- a/man/man8/pwck.8
+++ b/man/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "PWCK" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "PWCK" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -267,7 +267,7 @@ The minimum number of days allowed between password changes\&. Any password chan
 .PP
 \fBPASS_WARN_AGE\fR (number)
 .RS 4
-The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a value of \-1 means no warning is given\&. If not specified, no warning will be provided\&.
 .RE
 .SH "FILES"
 .PP
diff --git a/man/man8/pwconv.8 b/man/man8/pwconv.8
index 147f21f..74a81fc 100644
--- a/man/man8/pwconv.8
+++ b/man/man8/pwconv.8
@@ -2,12 +2,12 @@
 .\"     Title: pwconv
 .\"    Author: Marek Michałkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "PWCONV" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "PWCONV" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -178,7 +178,7 @@ The minimum number of days allowed between password changes\&. Any password chan
 .PP
 \fBPASS_WARN_AGE\fR (number)
 .RS 4
-The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a value of \-1 means no warning is given\&. If not specified, no warning will be provided\&.
 .RE
 .SH "FILES"
 .PP
diff --git a/man/man8/sulogin.8 b/man/man8/sulogin.8
index f33405d..a1d8196 100644
--- a/man/man8/sulogin.8
+++ b/man/man8/sulogin.8
@@ -2,12 +2,12 @@
 .\"     Title: sulogin
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "SULOGIN" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "SULOGIN" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/useradd.8 b/man/man8/useradd.8
index e6530b3..3ec476b 100644
--- a/man/man8/useradd.8
+++ b/man/man8/useradd.8
@@ -2,12 +2,12 @@
 .\"     Title: useradd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "USERADD" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "USERADD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -169,7 +169,11 @@ variable in
 .RS 4
 A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
 \fB\-g\fR
-option\&. The default is for the user to belong only to the initial group\&.
+option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
+\fBGROUPS\fR
+to the file
+/etc/default/useradd
+which in turn will add all users to those supplementary groups\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -194,6 +198,10 @@ variable in
 or, by default,
 /etc/skel\&.
 .sp
+Absolute symlinks that link back to the skel directory will have the
+/etc/skel
+prefix replaced with the user\*(Aqs home directory\&.
+.sp
 If possible, the ACLs and extended attributes are copied\&.
 .RE
 .PP
@@ -380,9 +388,21 @@ variable in
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-defines the SELinux user for the new account\&. Without this option, a SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+\fBsemanage\fR(8)
+for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
 \fBsemanage\fR(8)
 for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SS "Changing the default values"
 .PP
@@ -469,7 +489,7 @@ Usernames may contain only lower and upper case letters, digits, underscores, or
 \fBls\fR
 output\&.
 .PP
-Usernames may only be up to 32 characters long\&.
+Usernames may only be up to 256 characters long\&.
 .SH "CONFIGURATION"
 .PP
 The following configuration variables in
@@ -573,7 +593,7 @@ The minimum number of days allowed between password changes\&. Any password chan
 .PP
 \fBPASS_WARN_AGE\fR (number)
 .RS 4
-The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a value of \-1 means no warning is given\&. If not specified, no warning will be provided\&.
 .RE
 .PP
 \fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number)
diff --git a/man/man8/userdel.8 b/man/man8/userdel.8
index acfc412..6ee18e9 100644
--- a/man/man8/userdel.8
+++ b/man/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "USERDEL" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "USERDEL" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/man8/usermod.8 b/man/man8/usermod.8
index f419a69..4b93a18 100644
--- a/man/man8/usermod.8
+++ b/man/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "USERMOD" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "USERMOD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -309,6 +309,18 @@ from /etc/login\&.defs\&.
 defines the SELinux user to be mapped with
 \fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
 .RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
+.RE
 .SH "CAVEATS"
 .PP
 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
@@ -435,7 +447,7 @@ Group account information
 .PP
 /etc/gshadow
 .RS 4
-Secure group account informatio\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/man8/vipw.8 b/man/man8/vipw.8
index d686fdd..ba1b2e0 100644
--- a/man/man8/vipw.8
+++ b/man/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Michałkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: System Management Commands
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: English
 .\"
-.TH "VIPW" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands"
+.TH "VIPW" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -40,7 +40,7 @@ The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
diff --git a/man/newgidmap.1.xml b/man/newgidmap.1.xml
index e4ebc69..e5b770e 100644
--- a/man/newgidmap.1.xml
+++ b/man/newgidmap.1.xml
@@ -116,6 +116,17 @@
     <para>
       Note that newgidmap may be used only once for a given process.
     </para>
+    <para>
+      Instead of an integer process id, the first argument may be
+      specified as <replaceable>fd:N</replaceable>, where the integer N
+      is the file descriptor number for the calling process's opened
+      file descriptor for the directory <filename>/proc/[pid]</filename>.
+      In this case, <command>newgidmap</command> will use
+      <refentrytitle>openat</refentrytitle><manvolnum>2</manvolnum>
+      to open the <filename>gid_map</filename> file under that
+      directory, avoiding a TOCTTOU in case the process exits and
+      the pid is immediately reused.
+    </para>
 
   </refsect1>
 
diff --git a/man/newuidmap.1.xml b/man/newuidmap.1.xml
index f5cb5b4..7aed0d5 100644
--- a/man/newuidmap.1.xml
+++ b/man/newuidmap.1.xml
@@ -116,6 +116,17 @@
     <para>
       Note that newuidmap may be used only once for a given process.
     </para>
+    <para>
+      Instead of an integer process id, the first argument may be
+      specified as <replaceable>fd:N</replaceable>, where the integer N
+      is the file descriptor number for the calling process's opened
+      file descriptor for the directory <filename>/proc/[pid]</filename>.
+      In this case, <command>newuidmap</command> will use
+      <refentrytitle>openat</refentrytitle><manvolnum>2</manvolnum>
+      to open the <filename>uid_map</filename> file under that
+      directory, avoiding a TOCTTOU in case the process exits and
+      the pid is immediately reused.
+    </para>
   </refsect1>
 
   <refsect1 id='options'>
diff --git a/man/newusers.8.xml b/man/newusers.8.xml
index 4ff0052..6812c75 100644
--- a/man/newusers.8.xml
+++ b/man/newusers.8.xml
@@ -6,6 +6,7 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY GID_MAX               SYSTEM "login.defs.d/GID_MAX.xml">
 <!ENTITY HOME_MODE             SYSTEM "login.defs.d/HOME_MODE.xml">
@@ -21,6 +22,7 @@
 <!ENTITY SYS_UID_MAX           SYSTEM "login.defs.d/SYS_UID_MAX.xml">
 <!ENTITY UID_MAX               SYSTEM "login.defs.d/UID_MAX.xml">
 <!ENTITY UMASK                 SYSTEM "login.defs.d/UMASK.xml">
+<!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 
@@ -316,29 +318,48 @@
       </varlistentry>
     </variablelist>
     <variablelist remap='IP' condition="no_pam">
-      <varlistentry condition="sha_crypt">
+      <varlistentry condition="bcrypt;sha_crypt;yescrypt">
 	<term><option>-s</option>, <option>--sha-rounds</option></term>
 	<listitem>
 	  <para>
 	    Use the specified number of rounds to encrypt the passwords.
 	  </para>
 	  <para>
-	    The value 0 means that the system will choose the default
-	    number of rounds for the crypt method (5000).
+	    You can only use this option with crypt method:
+	    <phrase condition="bcrypt">
+	    <replaceable>BCRYPT</replaceable></phrase>
+	    <phrase condition="sha_crypt">
+	    <replaceable>SHA256</replaceable>
+	    <replaceable>SHA512</replaceable></phrase>
+	    <phrase condition="yescrypt">
+	    <replaceable>YESCRYPT</replaceable></phrase>
 	  </para>
-	  <para>
-	    A minimal value of 1000 and a maximal value of 999,999,999
-	    will be enforced.
+	  <para condition="bcrypt">
+	    By default, the number of rounds for BCRYPT is defined by the
+	    BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+	    <filename>/etc/login.defs</filename>.
 	  </para>
-	  <para>
-	    You can only use this option with the SHA256 or SHA512
-	    crypt method.
+	  <para condition="bcrypt">
+	    A minimal value of 4 and a maximal value of 31
+	    will be enforced for BCRYPT. The default is 13.
 	  </para>
-	  <para>
-	    By default, the number of rounds is defined by the
+	  <para condition="sha_crypt">
+	    By default, the number of rounds for SHA256 or SHA512 is defined by the
 	    SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 	    <filename>/etc/login.defs</filename>.
 	  </para>
+	  <para condition="sha_crypt">
+	    A minimal value of 1000 and a maximal value of 999,999,999
+	    will be enforced for SHA256 and SHA512. The default is 5000.
+	  </para>
+	  <para condition="yescrypt">
+	    By default, the number of rounds for YESCRYPT is defined by the
+	    YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+	  </para>
+	  <para condition="yescrypt">
+	    A minimal value of 1 and a maximal value of 11
+	    will be enforced for YESCRYPT. The default is 5.
+	  </para>
 	</listitem>
       </varlistentry>
     </variablelist>
diff --git a/man/passwd.1.xml b/man/passwd.1.xml
index 52b8637..506b134 100644
--- a/man/passwd.1.xml
+++ b/man/passwd.1.xml
@@ -6,6 +6,7 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY OBSCURE_CHECKS_ENAB   SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
@@ -13,6 +14,7 @@
 <!ENTITY PASS_CHANGE_TRIES     SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
 <!ENTITY PASS_MAX_LEN          SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 <refentry id='passwd.1'>
@@ -94,27 +96,10 @@
       </para>
 
       <para>
-	Then, the password is tested for complexity. As a general guideline,
-	passwords should consist of 6 to 8 characters including one or more
-	characters from each of the following sets:
-      </para>
-
-      <itemizedlist mark='bullet'>
-	<listitem>
-	  <para>lower case alphabetics</para>
-	</listitem>
-	<listitem>
-	  <para>digits 0 thru 9</para>
-	</listitem>
-	<listitem>
-	  <para>punctuation marks</para>
-	</listitem>
-      </itemizedlist>
-
-      <para>
-	Care must be taken not to include the system default erase or kill
-	characters. <command>passwd</command> will reject any password which
-	is not suitably complex.
+	Then, the password is tested for complexity.
+	<command>passwd</command> will reject any password which is not
+	suitably complex.  Care must be taken not to include the system
+	default erase or kill characters.
       </para>
 
     </refsect2>
@@ -140,6 +125,17 @@
       </para>
 
       <para>
+	As a general guideline, passwords should be long and random.  It's
+	fine to use simple character sets, such as passwords consisting
+	only of lowercase letters, if that helps memorizing longer
+	passwords.  For a password consisting only of lowercase English
+	letters randomly chosen, and a length of 32, there are 26^32
+	(approximately 2^150) different possible combinations.  Being an
+	exponential equation, it's apparent that the exponent (the length)
+	is more important than the base (the size of the character set).
+      </para>
+
+      <para>
 	You can find advice on how to choose a strong password on
 	http://en.wikipedia.org/wiki/Password_strength
       </para>
@@ -288,6 +284,21 @@
       </varlistentry>
       <varlistentry>
 	<term>
+	  <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    Apply changes to configuration files under the root filesystem
+	    found under the directory <replaceable>PREFIX_DIR</replaceable>.
+	    This option does not chroot and is intended for preparing a cross-compilation
+	    target.  Some limitations: NIS and LDAP users/groups are
+	    not verified.  PAM authentication is using the host files.
+	    No SELINUX support.
+	  </para>
+	</listitem>
+      </varlistentry>
+      <varlistentry>
+	<term>
 	  <option>-S</option>, <option>--status</option>
 	</term>
 	<listitem>
@@ -347,6 +358,17 @@
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>-s</option>, <option>--stdin</option>
+	</term>
+	<listitem>
+	  <para>
+	    This option is used to indicate that passwd should read the new password from standard
+	    input, which can be a pipe.
+	  </para>
+	</listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -474,6 +496,9 @@
 	<refentrytitle>chpasswd</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citerefentry>
+	<refentrytitle>makepasswd</refentrytitle><manvolnum>1</manvolnum>
+      </citerefentry>,
+      <citerefentry>
 	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>,
       <citerefentry>
@@ -488,5 +513,11 @@
 	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>.
     </para>
+
+    <para>
+	The following web page comically (yet correctly) compares the
+	strength of two different methods for choosing a password:
+	"https://xkcd.com/936/"
+    </para>
   </refsect1>
 </refentry>
diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
index 724d25f..b2f096f 100644
--- a/man/pl/Makefile.am
+++ b/man/pl/Makefile.am
@@ -15,7 +15,6 @@ man_MANS = \
 	man8/groupmod.8 \
 	man1/groups.1 \
 	man8/grpck.8 \
-	man8/lastlog.8 \
 	man8/logoutd.8 \
 	man1/newgrp.1 \
 	man1/sg.1 \
@@ -25,6 +24,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/porttime.5
 
diff --git a/man/pl/Makefile.in b/man/pl/Makefile.in
index d6350e5..9737dc1 100644
--- a/man/pl/Makefile.in
+++ b/man/pl/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/pl
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -176,6 +177,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -194,6 +197,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -209,9 +213,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -227,6 +237,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -235,6 +246,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -257,6 +270,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -333,14 +349,16 @@ top_srcdir = @top_srcdir@
 man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \
 	man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \
-	man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
-	man8/vipw.8 $(am__append_1)
+	man8/logoutd.8 man1/newgrp.1 man1/sg.1 man3/shadow.3 \
+	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+	$(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/porttime.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 $(am__append_2)
+EXTRA_DIST = $(man_MANS) man1/id.1 $(am__append_3)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -349,8 +367,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -734,10 +759,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -745,7 +770,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -756,11 +781,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/pl/man1/chage.1 b/man/pl/man1/chage.1
index 920915a..7f0513b 100644
--- a/man/pl/man1/chage.1
+++ b/man/pl/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia użytkownik\('ow
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "CHAGE" "1" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia użytkownik\('ow"
+.TH "CHAGE" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chage \- zmiana informacji o terminie ważności has\(/la użytkownika
 .SH "STRESZCZENIE"
 .HP \w'\fBchage\fR\ 'u
-\fBchage\fR [\fIopcje\fR] \fILOGIN\fR
+\fBchage\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "OPIS"
 .PP
 The
@@ -138,6 +138,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
diff --git a/man/pl/man1/chsh.1 b/man/pl/man1/chsh.1
index 3097b56..58aa47b 100644
--- a/man/pl/man1/chsh.1
+++ b/man/pl/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia użytkownik\('ow
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "CHSH" "1" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia użytkownik\('ow"
+.TH "CHSH" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chsh \- zmiana pow\(/loki zg\(/loszeniowej
 .SH "STRESZCZENIE"
 .HP \w'\fBchsh\fR\ 'u
-\fBchsh\fR [\fIopcje\fR] [\fILOGIN\fR]
+\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "OPIS"
 .PP
 The
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "CONFIGURATION"
 .PP
 The following configuration variables in
diff --git a/man/pl/man1/expiry.1 b/man/pl/man1/expiry.1
index 7d5c76d..40d4fb9 100644
--- a/man/pl/man1/expiry.1
+++ b/man/pl/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia użytkownik\('ow
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "EXPIRY" "1" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia użytkownik\('ow"
+.TH "EXPIRY" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man1/groups.1 b/man/pl/man1/groups.1
index 8adbf6c..312e682 100644
--- a/man/pl/man1/groups.1
+++ b/man/pl/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia użytkownik\('ow
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "GROUPS" "1" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia użytkownik\('ow"
+.TH "GROUPS" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man1/id.1 b/man/pl/man1/id.1
index b182dc2..74523a3 100644
--- a/man/pl/man1/id.1
+++ b/man/pl/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia użytkownik\('ow
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "ID" "1" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia użytkownik\('ow"
+.TH "ID" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man1/newgrp.1 b/man/pl/man1/newgrp.1
index 8cde0f6..7604ea0 100644
--- a/man/pl/man1/newgrp.1
+++ b/man/pl/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia użytkownik\('ow
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "NEWGRP" "1" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia użytkownik\('ow"
+.TH "NEWGRP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man1/sg.1 b/man/pl/man1/sg.1
index afcc14b..517013f 100644
--- a/man/pl/man1/sg.1
+++ b/man/pl/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia użytkownik\('ow
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "SG" "1" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia użytkownik\('ow"
+.TH "SG" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man3/shadow.3 b/man/pl/man3/shadow.3
index e935d42..de813ed 100644
--- a/man/pl/man3/shadow.3
+++ b/man/pl/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: Library Calls
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "SHADOW" "3" "11/08/2022" "shadow\-utils 4\&.13" "Library Calls"
+.TH "SHADOW" "3" "06/21/2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,7 +38,7 @@ shadow, getspnam \- encrypted password file routines
 \fIstruct spwd *getspnam(char\fR
 \fI*name\fR\fI);\fR
 .PP
-\fIvoid setspent()\fR
+\fIvoid setspent();\fR
 .PP
 \fIvoid endspent();\fR
 .PP
diff --git a/man/pl/man5/faillog.5 b/man/pl/man5/faillog.5
index cab3443..66d970d 100644
--- a/man/pl/man5/faillog.5
+++ b/man/pl/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "FAILLOG" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "FAILLOG" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man5/porttime.5 b/man/pl/man5/porttime.5
index 5ad1b3b..62878bf 100644
--- a/man/pl/man5/porttime.5
+++ b/man/pl/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "PORTTIME" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PORTTIME" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man8/faillog.8 b/man/pl/man8/faillog.8
index b70d9f3..7abd9e1 100644
--- a/man/pl/man8/faillog.8
+++ b/man/pl/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "FAILLOG" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "FAILLOG" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 faillog \- display faillog records or set login failure limits
 .SH "STRESZCZENIE"
 .HP \w'\fBfaillog\fR\ 'u
-\fBfaillog\fR [\fIopcje\fR]
+\fBfaillog\fR [\fIoptions\fR]
 .SH "OPIS"
 .PP
 \fBfaillog\fR
diff --git a/man/pl/man8/groupadd.8 b/man/pl/man8/groupadd.8
index 2e715fb..4b0b811 100644
--- a/man/pl/man8/groupadd.8
+++ b/man/pl/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "GROUPADD" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "GROUPADD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupadd \- utw\('orz nowÄ… grupÄ™
 .SH "STRESZCZENIE"
 .HP \w'\fBgroupadd\fR\ 'u
-\fBgroupadd\fR [\fIOPCJE\fR] \fINEWGROUP\fR
+\fBgroupadd\fR [\fIOPTIONS\fR] \fINEWGROUP\fR
 .SH "OPIS"
 .PP
 The
diff --git a/man/pl/man8/groupdel.8 b/man/pl/man8/groupdel.8
index 3febfce..af2e67c 100644
--- a/man/pl/man8/groupdel.8
+++ b/man/pl/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "GROUPDEL" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "GROUPDEL" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- delete a group
 .SH "STRESZCZENIE"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fIopcje\fR] \fIGRUPA\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "OPIS"
 .PP
 The
diff --git a/man/pl/man8/groupmems.8 b/man/pl/man8/groupmems.8
index 2b309eb..f0c5d4d 100644
--- a/man/pl/man8/groupmems.8
+++ b/man/pl/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "GROUPMEMS" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "GROUPMEMS" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
diff --git a/man/pl/man8/groupmod.8 b/man/pl/man8/groupmod.8
index 53c4e0f..cfbd44c 100644
--- a/man/pl/man8/groupmod.8
+++ b/man/pl/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "GROUPMOD" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "GROUPMOD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupmod \- modyfikuj definicjÄ™ grupy systemowej
 .SH "STRESZCZENIE"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fIopcje\fR] \fIGRUPA\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "OPIS"
 .PP
 The
diff --git a/man/pl/man8/grpck.8 b/man/pl/man8/grpck.8
index a37d171..72c742f 100644
--- a/man/pl/man8/grpck.8
+++ b/man/pl/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "GRPCK" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "GRPCK" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 grpck \- verify integrity of group files
 .SH "STRESZCZENIE"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [opcje] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "OPIS"
 .PP
 The
diff --git a/man/pl/man8/lastlog.8 b/man/pl/man8/lastlog.8
index 540c5e4..f0288ce 100644
--- a/man/pl/man8/lastlog.8
+++ b/man/pl/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "LASTLOG" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "LASTLOG" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 lastlog \- wyświetla informacje o ostanim logowaniu dla wybranego lub wszystkich użytkowanik\('ow
 .SH "STRESZCZENIE"
 .HP \w'\fBlastlog\fR\ 'u
-\fBlastlog\fR [\fIopcje\fR]
+\fBlastlog\fR [\fIoptions\fR]
 .SH "OPIS"
 .PP
 \fBlastlog\fR
@@ -128,5 +128,5 @@ Baza danych ostatnich logowań użytkownik\('ow\&.
 Duże luki w numeracji UID powodują, że program będzie pracowa\(/l d\(/lużej, nie wyświetlając wynik\('ow (np\&. jeśli w bazie lastlog nie ma wpis\('ow dla o UID pomiedzy 170, a 800, to program będzie sprawia\(/l wrażenie zawieszonego w trakcie przetwarzania wpis\('ow dla użytkowanik\('o\(/l o UID 171\-799)\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/pl/man8/logoutd.8 b/man/pl/man8/logoutd.8
index 488ddbf..3e5665e 100644
--- a/man/pl/man8/logoutd.8
+++ b/man/pl/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "LOGOUTD" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "LOGOUTD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/pl/man8/userdel.8 b/man/pl/man8/userdel.8
index 4173329..147dffb 100644
--- a/man/pl/man8/userdel.8
+++ b/man/pl/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "USERDEL" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "USERDEL" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 userdel \- plik chroniony informacji o użytkownikach
 .SH "STRESZCZENIE"
 .HP \w'\fBuserdel\fR\ 'u
-\fBuserdel\fR [opcje] \fILOGIN\fR
+\fBuserdel\fR [options] \fILOGIN\fR
 .SH "OPIS"
 .PP
 The
diff --git a/man/pl/man8/usermod.8 b/man/pl/man8/usermod.8
index d7e1c00..c5b06db 100644
--- a/man/pl/man8/usermod.8
+++ b/man/pl/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "USERMOD" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "USERMOD" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 usermod \- zmiana danych konta użytkownika
 .SH "STRESZCZENIE"
 .HP \w'\fBusermod\fR\ 'u
-\fBusermod\fR [\fIopcje\fR] \fILOGIN\fR
+\fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "OPIS"
 .PP
 The
@@ -309,6 +309,18 @@ from /etc/login\&.defs\&.
 defines the SELinux user to be mapped with
 \fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
 .RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
+.RE
 .SH "OSTRZEŻENIA"
 .PP
 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
@@ -336,7 +348,7 @@ Group account information
 .PP
 /etc/gshadow
 .RS 4
-Secure group account informatio\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/pl/man8/vipw.8 b/man/pl/man8/vipw.8
index 3836968..2af9cd4 100644
--- a/man/pl/man8/vipw.8
+++ b/man/pl/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Polecenia ZarzÄ…dzania Systemem
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Polish
 .\"
-.TH "VIPW" "8" "11/08/2022" "shadow\-utils 4\&.13" "Polecenia ZarzÄ…dzania Systemem"
+.TH "VIPW" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,16 @@
 vipw, vigr \- edytuj plik hase\(/l, grup lub ich wersji chronionych
 .SH "STRESZCZENIE"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fIopcje\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fIopcje\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "OPIS"
 .PP
 The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
diff --git a/man/po/Makefile.in b/man/po/Makefile.in
index f194957..d0f738f 100644
--- a/man/po/Makefile.in
+++ b/man/po/Makefile.in
@@ -86,35 +86,38 @@ stamp-po: $(srcdir)/$(DOMAIN).pot
 # This target rebuilds $(DOMAIN).pot; it is an expensive operation.
 # Note that $(DOMAIN).pot is not touched if it doesn't need to be changed.
 # TODO: set MSGID_BUGS_ADDRESS, COPYRIGHT_HOLDER
-$(DOMAIN).pot-update: $(XMLFILES) $(srcdir)/XMLFILES remove-potcdate.sed
-	@set -e; tmpdir=`pwd`; \
-	echo "cd $(top_srcdir)/man"; \
+$(DOMAIN).pot-update: $(XMLFILES) $(srcdir)/XMLFILES
+	@set -ex; tmpdir=`mktemp -d`; \
+	origdir=`pwd`; \
 	cd $(top_srcdir)/man; \
+	cp *.xml $$tmpdir/; \
 	files=""; \
 	for file in $(notdir $(XMLFILES)); do \
+		base=`basename $$file`; \
+		outfile=$$tmpdir/$$base.out; \
 		if grep -q SHADOW-CONFIG-HERE $$file ; then \
-			sed -e 's/^<!-- SHADOW-CONFIG-HERE -->/<!ENTITY % config SYSTEM "config.xml">%config;/' $$file > $$file.out; \
+			sed -e 's/^<!-- SHADOW-CONFIG-HERE -->/<!ENTITY % config SYSTEM "config.xml">%config;/' $$file > $$outfile; \
 		else \
-			sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $$file > $$file.out; \
+			sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $$file > $$outfile; \
 		fi; \
-		files="$$files $$file.out"; \
+		files="$$files $$outfile"; \
 	done; \
 	itstool -d -o $$tmpdir/$(DOMAIN).po $$files; \
-	cd $$tmpdir; \
-	test ! -f $(DOMAIN).po || { \
+	sed -i '1i \
+# To re-generate, run "cd man/po; make update-po"' $$tmpdir/$(DOMAIN).po; \
+	cd $$origdir; \
+	test ! -f $$tmpdir/$(DOMAIN).po || { \
 	  if test -f $(srcdir)/$(DOMAIN).pot; then \
-	    sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
-	    sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \
-	    if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \
-	      rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \
-	    else \
-	      rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \
-	      mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
+	    sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $$tmpdir/$(DOMAIN).1po && \
+	    sed -f remove-potcdate.sed < $$tmpdir/$(DOMAIN).po > $$tmpdir/$(DOMAIN).2po && \
+	    if ! cmp $$tmpdir/$(DOMAIN).1po $$tmpdir/$(DOMAIN).2po >/dev/null 2>&1; then \
+	      rm -f $(srcdir)/$(DOMAIN).pot && \
+	      mv $$tmpdir/$(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
 	    fi; \
 	  else \
-	    mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
+	    mv $$tmpdir/$(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
 	  fi; \
-	}
+	} ; rm -rf $$tmpdir
 
 # This rule has no dependencies: we don't need to update $(DOMAIN).pot at
 # every "make" invocation, only create it when it is missing.
@@ -212,26 +215,25 @@ update-po: Makefile
 
 .nop.po-update:
 	@lang=`echo $@ | sed -e 's/\.po-update$$//'`; \
-	tmpdir=`pwd`; \
+	ptmpdir=`mktemp -d`; \
 	echo "$$lang:"; \
 	test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
 	echo "$${cdcmd}$(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \
 	cd $(srcdir); \
-	if $(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$tmpdir/$$lang.new.po; then \
-	  if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
-	    rm -f $$tmpdir/$$lang.new.po; \
-	  else \
-	    if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
+	if $(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$ptmpdir/$$lang.new.po; then \
+	  sed -f remove-potcdate.sed < $$lang.po > $$ptmpdir/$$lang.1po; \
+	  sed -f remove-potcdate.sed < $$ptmpdir/$$lang.new.po > $$ptmpdir/$$lang.new.1po; \
+	  if ! cmp $$ptmpdir/$$lang.1po $$ptmpdir/$$lang.new.1po >/dev/null 2>&1; then \
+	    if mv -f $$ptmpdir/$$lang.new.po $$lang.po; then \
 	      :; \
 	    else \
-	      echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
+	      echo "msgmerge for $$lang.po failed: cannot move $$ptmpdir/$$lang.new.po to $$lang.po" 1>&2; \
 	      exit 1; \
 	    fi; \
 	  fi; \
 	else \
 	  echo "msgmerge for $$lang.po failed!" 1>&2; \
-	  rm -f $$tmpdir/$$lang.new.po; \
-	fi
+	fi ; rm -rf $$ptmpdir
 
 $(DUMMYPOFILES):
 
diff --git a/man/po/da.po b/man/po/da.po
index 25f78b5..49b838d 100644
--- a/man/po/da.po
+++ b/man/po/da.po
@@ -20,7 +20,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow-man\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2013-08-23 01:35+0200\n"
 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
 "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
@@ -30,12 +30,12 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -43,12 +43,12 @@ msgid "Julianne Frances"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -61,14 +61,14 @@ msgid "Creation, 1990"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -77,14 +77,14 @@ msgid "Thomas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -93,14 +93,14 @@ msgid "KÅ‚oczko"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -109,14 +109,14 @@ msgid "kloczek@pld.org.pl"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -125,15 +125,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -142,15 +142,15 @@ msgid "Nicolas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -159,15 +159,15 @@ msgid "François"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -176,15 +176,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -199,9 +199,9 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr ""
 
@@ -209,11 +209,11 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -221,44 +221,44 @@ msgstr ""
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr ""
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr ""
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -267,20 +267,20 @@ msgid "shadow-utils"
 msgstr "shadow-utils"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -290,10 +290,10 @@ msgstr "ændr udløbsinformation om brugeradgangskode"
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -306,22 +306,22 @@ msgstr "tilvalg"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
 msgstr "LOGIND"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -339,12 +339,12 @@ msgstr ""
 
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -352,12 +352,12 @@ msgid "OPTIONS"
 msgstr "TILVALG"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>chfn</command> command are:"
@@ -366,9 +366,9 @@ msgstr "Tilvalgende som gælder for kommandoen <command>chfn</command> er:"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 msgid "-d"
 msgstr ""
 
@@ -386,44 +386,44 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr ""
 
@@ -442,7 +442,7 @@ msgid "-E"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -450,7 +450,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -480,7 +480,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 msgid "-1"
 msgstr ""
 
@@ -493,78 +493,78 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
 msgstr "<option>-a</option>, <option>--all</option>"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "Vis hjælpeteksten og afslut."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 msgid "-i"
 msgstr ""
 
@@ -584,8 +584,8 @@ msgid "-I"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -593,8 +593,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -618,10 +618,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -638,29 +638,29 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 msgid "-m"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 msgid ""
 "Set the minimum number of days between password changes to <_:replaceable-1/"
 ">. A value of zero for this field indicates that the user may change their "
@@ -669,26 +669,26 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 msgid "-M"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 msgid "-W"
 msgstr ""
 
@@ -703,30 +703,30 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 msgid ""
 "Passing the number <_:emphasis-1/> as <_:replaceable-2/> will remove "
 "checking a password's validity."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "-R"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -735,22 +735,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -758,12 +758,12 @@ msgid "CHROOT_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 #| msgid ""
@@ -779,19 +779,56 @@ msgstr ""
 "konfigurationsfilerne fra mappen <replaceable>CHROOT_DIR</replaceable>."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "-P"
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 msgid ""
 "Set the number of days of warning before a password change is required. The "
 "<_:replaceable-1/> option is the number of days prior to the password "
@@ -799,12 +836,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 msgid ""
 "If none of the options are selected, <_:command-1/> operates in an "
 "interactive fashion, prompting the user with the current values for all of "
@@ -814,13 +851,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -832,7 +869,7 @@ msgstr ""
 "er tilgængelig."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -846,7 +883,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -855,7 +892,7 @@ msgid "pwck"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -863,7 +900,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> command is restricted to the root user, "
@@ -881,52 +918,54 @@ msgstr ""
 "konto står til at udløbe."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr "KONFIGURATION"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 #, fuzzy
 #| msgid ""
@@ -940,126 +979,126 @@ msgstr ""
 "ændrer opførelsen for dette værktøj:"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "FILER"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "Information om brugerkonto."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "Information om sikret brugerkonto."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "tilladelse nægtet"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "Kan ikke finde shadows adgangskodefil"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1072,18 +1111,18 @@ msgstr ""
 "<placeholder-1/>"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "SE OGSÃ…"
 
@@ -1096,53 +1135,53 @@ msgstr "SE OGSÃ…"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr ""
 
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1155,20 +1194,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1180,10 +1219,10 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr ""
 
@@ -1201,8 +1240,8 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 msgid "-o"
 msgstr ""
 
@@ -1240,7 +1279,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1299,12 +1338,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1327,14 +1366,14 @@ msgstr "Ændr brugerens værelsesnummer."
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 msgid "-u"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 msgid "-w"
 msgstr ""
 
@@ -1365,11 +1404,11 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr ""
 
@@ -1382,8 +1421,8 @@ msgstr ""
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr ""
 
@@ -1391,25 +1430,25 @@ msgstr ""
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr ""
 
@@ -1418,19 +1457,19 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr ""
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1443,43 +1482,43 @@ msgstr ""
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
 msgstr "Kommandoer for systemhåndtering"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 msgid ""
 "The <_:command-1/> command reads a list of group name and password pairs "
 "from standard input and uses this information to update a set of existing "
@@ -1489,12 +1528,12 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1503,28 +1542,28 @@ msgid "password"
 msgstr "/etc/passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 msgid ""
 "By default the supplied password must be in clear-text, and is encrypted by "
 "<_:command-1/>."
 msgstr ""
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 msgid "ENCRYPT_METHOD"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "-e"
 msgstr ""
@@ -1532,16 +1571,16 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> variable of <_:filename-2/>, and can be overwritten with the <_:"
@@ -1549,53 +1588,107 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr "Brug den angivne metode til at kryptere adgangskoderne."
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "BESKRIVELSE"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
-"De tilgængelige metoder er DES, Md5, NONE og SHA256 eller SHA512 hvis din "
-"libc understøtter disse metoder."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 msgid "--encrypted"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1603,80 +1696,134 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 msgid "-s"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr "Brug det angivet antal rundet til at kryhptere adgangskoderne."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
-"Værdien 0 betyder at systemet vil vælge antallet af standardrunder for "
-"krypteringsmetoden (5000)."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+"Som standard er antallet af runder defineret af variablerne "
+"SHA_CRYPT_MIN_ROUNDS og SHA_CRYPT_MAX_ROUNDS i <filename>/etc/login.defs</"
+"filename>."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr ""
 "En minimusværdi på 1000 og en maksimumsværdi på 999.999.999 vil blive "
 "påtvunget."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
-"Du kan kun bruge dette tilvalg med SHA256- eller SHA512-krypteringsmetoden."
+"Som standard er antallet af runder defineret af variablerne "
+"SHA_CRYPT_MIN_ROUNDS og SHA_CRYPT_MAX_ROUNDS i <filename>/etc/login.defs</"
+"filename>."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
+msgstr ""
+"En minimusværdi på 1000 og en maksimumsværdi på 999.999.999 vil blive "
+"påtvunget."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
 #| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
 #| "filename>."
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
 msgstr ""
 "Som standard er antallet af runder defineret af variablerne "
 "SHA_CRYPT_MIN_ROUNDS og SHA_CRYPT_MAX_ROUNDS i <filename>/etc/login.defs</"
 "filename>."
 
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
+msgstr ""
+"En minimusværdi på 1000 og en maksimumsværdi på 999.999.999 vil blive "
+"påtvunget."
+
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1688,8 +1835,8 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1697,19 +1844,19 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "Information om gruppekonto."
@@ -1717,8 +1864,8 @@ msgstr "Information om gruppekonto."
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1726,17 +1873,17 @@ msgstr "Information om gruppekonto."
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "Information om sikret gruppekonto."
 
@@ -1746,12 +1893,12 @@ msgstr "Information om sikret gruppekonto."
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr ""
 
@@ -1761,19 +1908,19 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -1785,20 +1932,20 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 msgid ""
 "The <_:command-1/> command reads a list of user name and password pairs from "
 "standard input and uses this information to update a group of existing "
@@ -1808,25 +1955,25 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 msgid ""
 "By default the passwords must be supplied in clear-text, and are encrypted "
 "by <_:command-1/>. Also the password age will be updated, if present."
 msgstr ""
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 msgid "MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> or <_:option-2/> variables of <_:filename-3/>, and can be "
@@ -1834,7 +1981,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 msgid ""
 "By default, passwords are encrypted by PAM, but (even if not recommended) "
 "you can select a different encryption method with the <_:option-1/>, <_:"
@@ -1842,21 +1989,21 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 #, fuzzy
 #| msgid "Use the specified method to encrypt the passwords."
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr "Brug den angivne metode til at kryptere adgangskoderne."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 msgid ""
 "<_:phrase-1/> <_:command-2/> first updates all the passwords in memory, and "
 "then commits all the changes to disk if no errors occurred for any user."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 msgid ""
 "When PAM is used to encrypt the passwords (and update the passwords in the "
 "system database) then if a password cannot be updated <_:command-1/> "
@@ -1865,17 +2012,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 msgid ""
 "By default (if none of the <_:option-1/>, <_:option-2/>, or <_:option-3/> "
 "options are specified), the encryption method is defined by the <_:option-4/"
@@ -1883,44 +2030,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-#, fuzzy
-#| msgid "<option>SHA_CRYPT_MIN_ROUNDS</option> (number)"
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr "<option>SHA_CRYPT_MIN_ROUNDS</option> (antal)"
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-#, fuzzy
-#| msgid ""
-#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
-#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
-#| "filename>."
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
-"Som standard er antallet af runder defineret af variablerne "
-"SHA_CRYPT_MIN_ROUNDS og SHA_CRYPT_MAX_ROUNDS i <filename>/etc/login.defs</"
-"filename>."
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 #, fuzzy
 #| msgid "PAM configuration for <command>passwd</command>."
 msgid "PAM configuration for <_:command-1/>."
@@ -1932,17 +2052,17 @@ msgstr "PAM-konfiguration for <command>passwd</command>."
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -1952,21 +2072,21 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -1987,15 +2107,15 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 msgid "--shell"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -2019,12 +2139,13 @@ msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2040,11 +2161,93 @@ msgid ""
 "original value."
 msgstr ""
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/skel/"
+msgid "/etc/shells.d/*"
+msgstr "/etc/skel/"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+msgid "/etc/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr ""
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+msgid "User defined list of valid login shells."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/skel/"
+msgid "/etc/shells.d"
+msgstr "/etc/skel/"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "Directory containing default files."
+msgid "Directory for additional user defined configuration files."
+msgstr "Mappe indeholdende standardfiler."
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2060,7 +2263,7 @@ msgid "check and enforce password expiration policy"
 msgstr ""
 
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 msgid "option"
 msgstr ""
 
@@ -2095,7 +2298,7 @@ msgstr ""
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr ""
@@ -2116,7 +2319,7 @@ msgstr ""
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 msgid "File Formats and Configuration Files"
 msgstr ""
@@ -2185,14 +2388,14 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 msgid "-a"
 msgstr ""
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -2402,8 +2605,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -2411,28 +2614,28 @@ msgid "login"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 msgid "administer <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 msgid "administer <_:filename-1/> and <_:filename-2/>"
 msgstr ""
 
@@ -2440,9 +2643,9 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -2451,19 +2654,19 @@ msgid "group"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 #, fuzzy
 #| msgid "administrators"
 msgid "administrators,"
 msgstr "administratorer"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -2471,12 +2674,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 msgid "-A"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 msgid ""
 "System administrators can use the <_:option-1/> option to define group "
 "administrator(s) and the <_:option-2/> option to define members. They have "
@@ -2484,21 +2687,21 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 #, fuzzy
 #| msgid "administrators"
 msgid "a group administrator"
 msgstr "administratorer"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 #, fuzzy
 #| msgid "administrators"
 msgid "a system administrator"
 msgstr "administratorer"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -2509,8 +2712,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -2519,19 +2722,19 @@ msgid "newgrp"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 msgid ""
 "If a password is set the members can still use <_:citerefentry-1/> without a "
 "password, and non-members must supply the password."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -2539,58 +2742,58 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 msgid ""
 "Except for the <_:option-1/> and <_:option-2/> options, the options cannot "
 "be combined."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "bruger"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 msgid "Add the <_:replaceable-1/> to the named <_:replaceable-2/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 msgid "Remove the <_:replaceable-1/> from the named <_:replaceable-2/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 msgid "-Q"
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 msgid ""
 "Remove the password from the named <_:replaceable-1/>. The group password "
 "will be empty. Only group members will be allowed to use <_:command-2/> to "
@@ -2598,12 +2801,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 msgid ""
 "Restrict the access to the named <_:replaceable-1/>. The group password is "
 "set to \"!\". Only group members with a password will be allowed to use <_:"
@@ -2611,48 +2814,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "administrators"
 msgid "--administrators"
 msgstr "administratorer"
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 #, fuzzy
 #| msgid "members"
 msgid "--members"
 msgstr "medlemmer"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 msgid "and <_:filename-1/> files."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 #, fuzzy
 #| msgid "file"
 msgid "file."
 msgstr "fil"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 #, fuzzy
 #| msgid ""
 #| "You may not add a user to a NIS or LDAP group. This must be performed on "
@@ -2671,11 +2874,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr ""
 
@@ -2685,11 +2888,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr ""
 
@@ -2699,10 +2902,10 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr ""
@@ -2712,7 +2915,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -2720,12 +2923,12 @@ msgid "gshadow"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -2773,8 +2976,8 @@ msgstr "Brugernavne må kun være op til 32 tegn lange."
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 msgid "-g"
 msgstr ""
@@ -2790,7 +2993,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -2799,8 +3002,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr ""
 
@@ -2828,7 +3031,7 @@ msgid "GID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "See also the <option>-r</option> option and the <option>GID_MAX</option> "
@@ -2841,29 +3044,29 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 msgid "-K"
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "VALUE"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 #| msgid ""
 #| "<option>-o</option>, <option>--other</option>&nbsp;<replaceable>OTHER</"
@@ -2881,12 +3084,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 msgid "100"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -2900,7 +3103,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr ""
 
@@ -2912,7 +3115,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -2932,19 +3135,19 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "--password"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -2953,8 +3156,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -2964,11 +3167,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -2988,7 +3191,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3001,14 +3204,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -3036,42 +3239,10 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "-P"
-msgstr ""
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 msgid "-U"
 msgstr ""
@@ -3093,21 +3264,21 @@ msgstr "Administratorer kan ændre adgangskoden eller medlemmerne af gruppen."
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 msgid "-N"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 msgid ""
 "The default behavior (if the <_:option-1/>, <_:option-2/>, and <_:option-3/> "
 "options are not specified) is defined by the <_:option-4/> variable in <_:"
@@ -3129,13 +3300,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "Ugyldigt argument for tilvalg"
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3147,7 +3318,7 @@ msgid "GID is already used (when called without <_:option-1/>)"
 msgstr "UID er allerede i brug (og intet <option>-o</option>)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3159,7 +3330,7 @@ msgid "group name is already used"
 msgstr "gruppenavn er allerede i brug"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr ""
@@ -3171,11 +3342,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr ""
 
@@ -3186,11 +3357,11 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3216,8 +3387,8 @@ msgstr "slet en gruppe"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GRUPPE"
 
@@ -3270,13 +3441,13 @@ msgstr ""
 "filer fortsat er ejet af denne gruppe."
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "angivet gruppe findes ikke"
 
@@ -3321,7 +3492,7 @@ msgstr ""
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr ""
 
@@ -3462,7 +3633,7 @@ msgstr ""
 #. (itstool) path: refsect1/programlisting
 #: groupmems.8.xml.out:167
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 
@@ -3541,7 +3712,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 msgid "-n"
 msgstr ""
 
@@ -3633,7 +3804,7 @@ msgid "E_CLEANUP_SERVICE: can't setup cleanup service"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr ""
 
@@ -3802,7 +3973,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr "fil"
 
@@ -3831,7 +4002,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -3856,8 +4027,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 msgid "-S"
 msgstr ""
 
@@ -4071,7 +4242,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -4085,7 +4256,7 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr ""
 
@@ -4125,7 +4296,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 msgid "-b"
 msgstr ""
@@ -4445,7 +4616,7 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr ""
 
@@ -4887,8 +5058,8 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -5047,12 +5218,12 @@ msgid "<_:citerefentry-1/>."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 msgid ""
 "The <_:filename-1/> file defines the site-specific configuration for the "
 "shadow password suite. This file is required. Absence of this file will not "
@@ -5060,7 +5231,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -5076,18 +5247,18 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 msgid "0x"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 msgid ""
 "Parameter values may be of four types: strings, booleans, numbers, and long "
 "numbers. A string is comprised of any printable characters. A boolean should "
@@ -5100,32 +5271,32 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr "De følgende konfigurationspunkter tilbydes:"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 msgid ""
 "<_:option-1/>, <_:option-2/> and <_:option-3/> are only used at the time of "
 "account creation. Any changes to these settings won't affect existing "
@@ -5133,12 +5304,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -5150,59 +5321,73 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 #| msgid "user LIMITS_STRING"
 msgid "LOGIN_STRING"
 msgstr "bruger LIMITS_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr ""
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr ""
 
@@ -5210,61 +5395,61 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 msgid "FAILLOG_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 msgid "FTMP_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -5274,38 +5459,40 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
 msgstr ""
 
@@ -5315,7 +5502,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -5328,7 +5515,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -5336,22 +5523,22 @@ msgid "pwunconv"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -5359,28 +5546,22 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 msgid "sulogin"
 msgstr ""
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 msgid ""
 "CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR "
 "MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE "
@@ -5390,19 +5571,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 msgid ""
 "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB <_:"
 "phrase-1/>"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 msgid "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 msgstr ""
 
@@ -5411,18 +5592,18 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 msgid ""
 "Much of the functionality that used to be provided by the shadow password "
 "suite is now handled by PAM. Thus, <_:filename-1/> is no longer used by <_:"
@@ -5431,12 +5612,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 msgid "pam"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -5540,12 +5721,12 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr "opdater og opret nye brugere i et job"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 msgid ""
 "The <_:command-1/> command reads a <_:replaceable-2/> (or the standard input "
 "by default) and uses this information to update a set of existing users or "
@@ -5554,22 +5735,22 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr "Dette er navnet på brugeren."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing user (or the name of an "
@@ -5585,12 +5766,12 @@ msgstr ""
 "den angivne bruger blive brugt."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
@@ -5599,17 +5780,17 @@ msgstr ""
 "adgangskode."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr "Dette flet bruges til at definere UID for brugeren."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 #, fuzzy
 #| msgid ""
 #| "If the field is empty, an new (unused) UID will be defined automatically "
@@ -5622,13 +5803,13 @@ msgstr ""
 "<command>newusers</command>."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr ""
 "Hvis dette felt indeholer et tal, så vil dette tal blive brugt som UID'en."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing user (or the name of an "
@@ -5644,7 +5825,7 @@ msgstr ""
 "den angivne bruger blive brugt."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
@@ -5653,17 +5834,17 @@ msgstr ""
 "ejerskab for brugerens fil rettes manuelt."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr "Dette felt bruges til at definere det primære gruppe-id for brugeren."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing user (or the name of an "
@@ -5679,7 +5860,7 @@ msgstr ""
 "den angivne bruger blive brugt."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -5687,7 +5868,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 msgid ""
 "If this field is empty, a new group will be created with the name of the "
 "user and a GID will be automatically defined by <_:command-1/> to be used as "
@@ -5695,7 +5876,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 msgid ""
 "If this field contains the name of a group which does not exist (and was not "
 "created before by <_:command-1/>), a new group will be created with the "
@@ -5704,32 +5885,32 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr "Dette felt er kopieret i GECOS-feltet for brugeren."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr "Dette felt bruges til at definere hjemmemappen for brugeren."
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -5742,7 +5923,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 #, fuzzy
 #| msgid ""
 #| "If the home directory of an existing user is changed, <command>newusers</"
@@ -5758,12 +5939,12 @@ msgstr ""
 "den nye placering. Dette ksal gøres manuelt."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
@@ -5772,7 +5953,7 @@ msgstr ""
 "felt."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 msgid ""
 "<_:command-1/> first tries to create or change all the specified users, and "
 "then write these changes to the user or group databases. If an error occurs "
@@ -5781,7 +5962,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -5790,7 +5971,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
@@ -5799,48 +5980,57 @@ msgstr ""
 "opdateres på en gang."
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+"De tilgængelige metoder er DES, Md5, NONE og SHA256 eller SHA512 hvis din "
+"libc understøtter disse metoder."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 #, fuzzy
 #| msgid ""
 #| "System users will be created with no aging information in <filename>/etc/"
@@ -5862,8 +6052,47 @@ msgstr ""
 "<option>UID_MAX</option> (og deres <option>GID</option>-modparte for "
 "oprettelsen af grupper.)."
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr ""
+"En minimusværdi på 1000 og en maksimumsværdi på 999.999.999 vil blive "
+"påtvunget."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr ""
+"En minimusværdi på 1000 og en maksimumsværdi på 999.999.999 vil blive "
+"påtvunget."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr ""
+"En minimusværdi på 1000 og en maksimumsværdi på 999.999.999 vil blive "
+"påtvunget."
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
@@ -5871,57 +6100,57 @@ msgstr ""
 "krypteret."
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr "/etc/pam.d/newusers"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -5966,12 +6195,12 @@ msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr "Kommandoen <command>nologin</command> fremkom i BSD 4.4."
 
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 msgid ""
 "The <_:command-1/> command changes passwords for user accounts. A normal "
 "user may only change the password for their own account, while the superuser "
@@ -5980,12 +6209,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -5994,7 +6223,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 msgid ""
 "After the password has been entered, password aging information is checked "
 "to see if the user is permitted to change the password at this time. If not, "
@@ -6002,7 +6231,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -6010,48 +6239,25 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr ""
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
+#: passwd.1.xml.out:98
 msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 msgid ""
 "The security of a password depends upon the strength of the encryption "
 "algorithm and the size of the key space. The legacy <_:emphasis-1/> System "
@@ -6061,7 +6267,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -6071,7 +6277,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 #, fuzzy
 #| msgid ""
 #| "You can find advices on how to choose a strong password on http://en."
@@ -6084,7 +6302,7 @@ msgstr ""
 "wikipedia.org/wiki/Password_strength"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 #, fuzzy
 #| msgid ""
 #| "This option can be used only with <option>-S</option> and causes show "
@@ -6097,7 +6315,7 @@ msgstr ""
 "alle brugere."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
@@ -6107,12 +6325,12 @@ msgstr ""
 "uden adgangskode."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 msgid "--expire"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
@@ -6121,7 +6339,7 @@ msgstr ""
 "bruger til at ændre sin adgangskode ved brugerens næste logind."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 #, fuzzy
 #| msgid ""
 #| "This option is used to disable an account after the password has been "
@@ -6141,17 +6359,17 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 msgid "-k"
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
@@ -6159,12 +6377,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
@@ -6172,12 +6390,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 msgid ""
 "Note that this does not disable the account. The user may still be able to "
 "login using another authentication token (e.g. an SSH key). To disable the "
@@ -6186,50 +6404,50 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "-q"
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "Stille tilstand."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 #, fuzzy
 #| msgid "EDITOR"
 msgid "REPOSITORY"
 msgstr "REDIGERINGSPROGRAM"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 msgid "change password in <_:replaceable-1/> repository"
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -6241,12 +6459,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 msgid ""
 "Unlock the password of the named account. This option re-enables a password "
 "by changing the password back to its previous value (to the value before "
@@ -6254,7 +6472,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 msgid ""
 "Set the number of days of warning before a password change is required. The "
 "<_:replaceable-1/> option is the number of days prior to the password "
@@ -6262,71 +6480,97 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 msgid "-x"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 msgid ""
 "Set the maximum number of days a password remains valid. After <_:"
 "replaceable-1/>, the password is required to be changed."
 msgstr ""
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 msgid ""
 "<_:command-1/> uses PAM to authenticate users and to change their passwords."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "Ugyldig kombination af tilvalg"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "uventet fejl, intet udført"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 #, fuzzy
 #| msgid "unexpected failure, <filename>passwd</filename> file missing"
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr "uventet fejl, <filename>passwd</filename>-filen mangler"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 #, fuzzy
 #| msgid "<filename>passwd</filename> file busy, try again"
 msgid "<_:filename-1/> file busy, try again"
 msgstr "<filename>passwd</filename>-filen er optaget, forsøg igen"
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "/etc/passwd"
+msgid "makepasswd"
+msgstr "/etc/passwd"
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:494
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:517
+msgid ""
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -7796,6 +8040,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -8077,7 +8326,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr ""
 
@@ -8099,14 +8348,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 msgid "BASE_DIR"
 msgstr ""
 
@@ -8126,18 +8375,18 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -8215,7 +8464,7 @@ msgstr ""
 "formatet <emphasis remap=\"I\">Ã…Ã…Ã…Ã…-MM-DD</emphasis>."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -8246,7 +8495,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 msgid "-F"
 msgstr ""
 
@@ -8334,6 +8583,13 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GRUPPE"
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
 msgid ""
@@ -8341,21 +8597,23 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "SKEL_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by <_:"
@@ -8364,55 +8622,55 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 msgid ""
 "This option is only valid if the <_:option-1/> (or <_:option-2/>) option is "
 "specified."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 msgid ""
 "If this option is not set, the skeleton directory is defined by the <_:"
 "option-1/> variable in <_:filename-2/> or, by default, <_:filename-3/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -8421,29 +8679,29 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 msgid ""
 "By default, the user's entries in the lastlog and faillog databases are "
 "reset to avoid reusing the entry from a previously deleted user."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -8451,7 +8709,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 msgid ""
 "Create the user's home directory if it does not exist. The files and "
 "directories contained in the skeleton directory (which can be defined with "
@@ -8459,19 +8717,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 msgid ""
 "By default, if this option is not specified and <_:option-1/> is not "
 "enabled, no home directories are created."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -8479,24 +8737,24 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 msgid ""
 "Do not create the user's home directory, even if the system wide setting "
 "from <_:filename-1/> (<_:option-2/>) is set to <_:replaceable-3/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 msgid ""
 "Do not create a group with the same name as the user, but add the user to "
 "the group specified by the <_:option-1/> option or by the <_:option-2/> "
@@ -8504,12 +8762,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 msgid "allows the creation of an account with an already existing UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -8519,7 +8777,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -8527,7 +8785,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -8536,14 +8794,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 msgid ""
 "<_:emphasis-1/>Avoid this option on the command line because the password "
 "(or encrypted password) will be visible by users listing the processes."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 msgid ""
 "Note that <_:command-1/> will not create a home directory for such a user, "
 "regardless of the default setting in <_:filename-2/> (<_:option-3/>). You "
@@ -8552,7 +8810,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 msgid ""
 "Note that this option will not update <_:filename-1/> and <_:filename-2/>. "
 "You have to specify the <_:option-3/> options if you want to update the "
@@ -8560,7 +8818,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -8569,17 +8827,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "UID"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 msgid ""
 "The numerical value of the user's ID. This value must be unique, unless the "
 "<_:option-1/> option is used. The value must be non-negative. The default is "
@@ -8588,52 +8846,74 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 msgid "-Z"
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 msgid ""
 "When invoked with only the <_:option-1/> option, <_:command-2/> will display "
 "the current default values. When invoked with <_:option-3/> plus other "
@@ -8642,7 +8922,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 msgid ""
 "sets the path prefix for a new user's home directory. The user's name will "
 "be affixed to the end of <_:replaceable-1/> to form the new user's home "
@@ -8651,8 +8931,8 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 #, fuzzy
 #| msgid ""
 #| "This option sets the <option>INACTIVE</option> variable in <filename>/etc/"
@@ -8663,12 +8943,12 @@ msgstr ""
 "default/useradd</filename>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -8676,7 +8956,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -8684,23 +8964,23 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 msgid ""
 "The system administrator is responsible for placing the default user files "
 "in the <_:filename-1/> directory (or any other skeleton directory specified "
@@ -8708,7 +8988,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
@@ -8717,19 +8997,19 @@ msgstr ""
 "udføres på den tilsvarende server."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 msgid ""
 "Similarly, if the username already exists in an external user database such "
 "as NIS or LDAP, <_:command-1/> will deny the user account creation request."
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -8740,56 +9020,56 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
-msgstr "Brugernavne må kun være op til 32 tegn lange."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
+msgstr "Brugernavne må kun være op til 256 tegn lange."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "Standardværdier for kontooprettelse."
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "TILVALG"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "useradd-pre.d"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "useradd-post.d"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -8799,48 +9079,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr "Mappe indeholdende standardfiler."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr "UID er allerede i brug (og intet <option>-o</option>)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "group name already in use"
 msgid "username or group name already in use"
 msgstr "gruppenavn er allerede i brug"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr "kan ikke oprette hjemmemappe"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 #, fuzzy
 #| msgid "4"
 msgid "14"
 msgstr "4"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -9486,9 +9766,16 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
 msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
+msgid ""
 "You must make certain that the named user is not executing any processes "
 "when this command is being executed if the user's numerical user ID, the "
 "user's name, or the user's home directory is being changed. <_:command-1/> "
@@ -9497,67 +9784,67 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 msgid ""
 "You must change the owner of any <_:command-1/> files or <_:command-2/> jobs "
 "manually."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
 msgstr "Information om gruppekonto."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
+msgid "Secure group account information"
 msgstr "Information om sikret gruppekonto."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 msgid "Shadow password suite configuration"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
 msgstr "Information om brugerkonto."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
 msgstr "Information om sikret brugerkonto."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr ""
 
@@ -9610,7 +9897,7 @@ msgstr "vipw"
 #| "envar>, and finally the default editor, <citerefentry><refentrytitle>vi</"
 #| "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -10215,6 +10502,9 @@ msgstr ""
 #~ msgid "<option>PASS_MIN_LEN</option> (number)"
 #~ msgstr "<option>PASS_MIN_LEN</option> (antal)"
 
+#~ msgid "<option>SHA_CRYPT_MIN_ROUNDS</option> (number)"
+#~ msgstr "<option>SHA_CRYPT_MIN_ROUNDS</option> (antal)"
+
 #~ msgid ""
 #~ "The <command>passwd</command> command exits with the following values: "
 #~ "<placeholder-1/>"
@@ -10242,6 +10532,18 @@ msgstr ""
 #~ msgid "<option>-s</option>, <option>--sha-rounds</option>"
 #~ msgstr "<option>-s</option>, <option>--sha-rounds</option>"
 
+#~ msgid ""
+#~ "The value 0 means that the system will choose the default number of "
+#~ "rounds for the crypt method (5000)."
+#~ msgstr ""
+#~ "Værdien 0 betyder at systemet vil vælge antallet af standardrunder for "
+#~ "krypteringsmetoden (5000)."
+
+#~ msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#~ msgstr ""
+#~ "Du kan kun bruge dette tilvalg med SHA256- eller SHA512-"
+#~ "krypteringsmetoden."
+
 #~ msgid "PAM configuration for <command>newusers</command>."
 #~ msgstr "PAM-konfiguration for <command>newusers</command>."
 
@@ -10287,7 +10589,7 @@ msgstr ""
 #~ msgstr "<option>FAIL_DELAY</option> (antal)"
 
 #~ msgid "Enable logging of successful logins."
-#~ msgstr "Aktiver logning af succesfulde logind."
+#~ msgstr "Aktiver logning af successfulde logind."
 
 #~ msgid "<option>LOG_UNKFAIL_ENAB</option> (boolean)"
 #~ msgstr "<option>LOG_UNKFAIL_ENAB</option> (boolesk)"
diff --git a/man/po/de.po b/man/po/de.po
index 28dd653..7063b52 100644
--- a/man/po/de.po
+++ b/man/po/de.po
@@ -1,27 +1,31 @@
 # German translation of shadow-man-pages
 # Copyright (C) 2006 Free Software Foundation, Inc.
 # Simon Brandmair <sbrandmair@gmx.net>, 2005, 2006, 2007, 2011, 2012.
-#
+# Markus Hiereth <translation@hiereth.de>, 2021, 2022, 2023
+# Remark
+# This message catalogue does not contain strings for manpages
+# subuid(5), subgid(5), cpgr(8), cppw(8),
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow-man-pages\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
-"PO-Revision-Date: 2013-08-23 01:36+0200\n"
-"Last-Translator: Simon Brandmair <sbrandmair@gmx.net>\n"
-"Language-Team: debian-l10n-german <http://lists.debian.org/debian-l10n-"
-"german/>\n"
-"Language: \n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
+"PO-Revision-Date: 2023-02-08 22:03+0100\n"
+"Last-Translator: Markus Hiereth <translation@hiereth.de>\n"
+"Language-Team: debian-l10n-german <debian-l10n-german@lists.debian.org>\n"
+"Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 2.4.2\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -29,12 +33,12 @@ msgid "Julianne Frances"
 msgstr "Julianne Frances"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -44,17 +48,17 @@ msgstr "Haugh"
 #. (itstool) path: author/contrib
 #: chage.1.xml.out:18 chfn.1.xml.out:20 chsh.1.xml.out:20 expiry.1.xml.out:21
 msgid "Creation, 1990"
-msgstr "ursprünglicher Autor, 1990"
+msgstr "Erstellung, 1990"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -63,14 +67,14 @@ msgid "Thomas"
 msgstr "Thomas"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -79,14 +83,14 @@ msgid "KÅ‚oczko"
 msgstr "KÅ‚oczko"
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -95,14 +99,14 @@ msgid "kloczek@pld.org.pl"
 msgstr "kloczek@pld.org.pl"
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -111,15 +115,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr "shadow-utils-Betreuer, 2000 - 2007"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -128,15 +132,15 @@ msgid "Nicolas"
 msgstr "Nicolas"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -145,15 +149,15 @@ msgid "François"
 msgstr "François"
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -162,15 +166,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr "nicolas.francois@centraliens.net"
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -185,9 +189,9 @@ msgstr "shadow-utils-Betreuer, 2007 - heute"
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -195,11 +199,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -207,44 +211,44 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
-msgstr "Dienstprogramme für Benutzer"
+msgstr "Befehle für Benutzer"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -253,33 +257,39 @@ msgid "shadow-utils"
 msgstr "shadow-utils"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
+# ENDE Teil 38 weiter mit chage
+# BEGINN Teil 39 setzt chfn fort
+# MH171: This description ignores a part of the commands applications, e.g.
+# it edits the date of the last password change, the earliest date for a
+# password change. Thus write
+# edit data with reference to the password's and the account's validity
 #. (itstool) path: refnamediv/refpurpose
 #: chage.1.xml.out:42
 msgid "change user password expiry information"
-msgstr "ändert die Information zum Passwortverfall"
+msgstr "ändert das Ablaufdatum des Passworts und damit verknüpfte Fristen"
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -292,22 +302,22 @@ msgstr "Optionen"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
 msgstr "ANMELDENAME"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -315,6 +325,13 @@ msgstr "ANMELDENAME"
 msgid "DESCRIPTION"
 msgstr "BESCHREIBUNG"
 
+# MH172: This is a really bad description of the command: Hard to
+# understand and not really covering the scope of it, e.g.  editing the
+# date of the last password change, the earliest date for a password
+# change.
+# MH173
+# s/user must change their/user must change his or her
+# or s/user must change their/users must change their
 #. (itstool) path: refsect1/para
 #: chage.1.xml.out:58
 #, fuzzy
@@ -328,19 +345,19 @@ msgid ""
 "changes and the date of the last password change. This information is used "
 "by the system to determine when a user must change their password."
 msgstr ""
-"Der Befehl <command>chage</command> verändert die Anzahl der Tage zwischen "
-"dem letzten Wechsel des Passworts und dem nächsten Wechsel. Mit dieser "
-"Information bestimmt das System, wann ein Benutzer sein Passwort verändern "
-"muss."
+"Der Befehl <command>chage</command> verändert den Tag des letzten "
+"Passwortwechsels, das Ablaufdatum des Passworts, seine minimale und maximale "
+"Verwendungsdauer die Warnzeit vor und die Karenzzeit nach dessen Ablauf "
+"sowie das Datum, an dem das Benutzerkontos stillgelegt soll"
 
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -348,24 +365,25 @@ msgid "OPTIONS"
 msgstr "OPTIONEN"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>su</command> command are:"
 msgid "The options which apply to the <_:command-1/> command are:"
 msgstr ""
-"Die Optionen, die vom Befehl <command>su</command> unterstützt werden, sind:"
+"Der Befehl <command>su</command> kann mit folgenden Optionen verwendet "
+"werden:"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 #, fuzzy
 #| msgid "-"
 msgid "-d"
@@ -379,54 +397,58 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:74 chage.1.xml.out:81 chage.1.xml.out:175
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "LAST_DAY"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
 # SB: So I could also do DD.MM.YYYY or MM.DD.YYYY? How does system know which format I chose?
+# MH174: A test showed that dates in format YYYY-MM-DD are accepted,
+# whereas the German format DD.MM.YYYY is not accepted.
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:77
 #, fuzzy
@@ -440,10 +462,10 @@ msgid ""
 "format more commonly used in your area). If the <_:replaceable-1/> is set to "
 "<_:emphasis-2/> the user is forced to change his password on the next log on."
 msgstr ""
-"Legt die Anzahl der Tage, gerechnet ab dem 1. Januar 1970, fest, seit denen "
-"das Passwort das letzte Mal gewechselt wurde. Das Datum kann auch im Format "
-"JJJJ-MM-TT (oder in dem Format, das in Ihrer Region verbreitet ist) "
-"angegeben werden."
+"setzt den Tag, angegeben als Anzahl von Tagen nach dem 1. Januar 1970, an "
+"dem das Passwort zuletzt geändert wurde. Das Datum kann auch im Format JJJJ-"
+"MM-TT (oder in dem Format, das in Ihrer Region verbreitet ist) angegeben "
+"werden."
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:89
@@ -453,7 +475,7 @@ msgid "-E"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -461,7 +483,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -475,12 +497,12 @@ msgid ""
 "whose account is locked must contact the system administrator before being "
 "able to use the system again."
 msgstr ""
-"Setzt das Datum oder die Anzahl der Tage seit dem 1. Januar 1970, ab dem auf "
-"das Benutzerkonto nicht mehr zugegriffen werden kann. Das Datum kann auch im "
+"setzt den Tag angegeben als Anzahl von Tagen nach dem 1. Januar 1970, ab dem "
+"das Benutzerkonto nicht mehr zugänglich sein soll. Das Datum kann auch im "
 "Format JJJJ-MM-TT (oder in dem Format, das in Ihrer Region verbreitet ist) "
-"angegeben werden. Ein Benutzer, dessen Konto gesperrt ist, muss sich mit dem "
-"Systemadministrator in Verbindung setzen, ehe er sich wieder am System "
-"anmelden kann."
+"angegeben werden. Ein Benutzer, dessen Konto stillgelegt ist, muss sich mit "
+"dem Systemadministrator in Verbindung setzen, ehe er das System wieder "
+"verwenden kann."
 
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:100
@@ -497,7 +519,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 #, fuzzy
 #| msgid "1"
 msgid "-1"
@@ -514,83 +536,83 @@ msgid ""
 "Passing the number <_:emphasis-1/> as the <_:replaceable-2/> will remove an "
 "account expiration date."
 msgstr ""
-"Wenn <emphasis remap=\"I\">-1</emphasis> als <replaceable>VERFALLSDATUM</"
-"replaceable> angegeben wird, wird das Verfallsdatum für das Konto entfernt."
+"Wenn <emphasis remap=\"I\">-1</emphasis> als <replaceable>STILLLEGUNGSDATUM</"
+"replaceable> angegeben wird, wird das Stilllegungsdatum gelöscht."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
 msgstr "<option>-a</option>, <option>--all</option>"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
-msgstr "zeigt die Hilfe an und beendet das Programm"
+msgstr "zeigt die Hilfe an und beendet das Programm."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 #, fuzzy
 #| msgid "-"
 msgid "-i"
@@ -604,7 +626,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:123
 msgid "When printing dates, use YYYY-MM-DD format."
-msgstr ""
+msgstr "Bei der Datumsausgabe das ISO-Format JJJJ-MM-TT verwenden"
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:128
@@ -614,8 +636,8 @@ msgid "-I"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -623,8 +645,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -644,12 +666,11 @@ msgid ""
 "inactivity. A user whose account is locked must contact the system "
 "administrator before being able to use the system again."
 msgstr ""
-"Legt die Anzahl der Tage der Untätigkeit fest, nach denen ein Passwort "
-"abgelaufen ist, bevor das Konto gesperrt wird. Die Option "
-"<replaceable>INAKTIV</replaceable> bezeichnet die Anzahl der Tage, für die "
-"das Konto inaktiv ist. Ein Benutzer, dessen Konto gesperrt ist, muss sich "
-"mit dem Systemadministrator in Verbindung setzen, ehe er sich wieder am "
-"System anmelden kann."
+"legt eine Karenzzeit nach Ablaufen des Passwortes fest. Danach ist das Konto "
+"nicht mehr zugänglich. Die Eingabe <repleable>INAKTIV</replaceable> ist die "
+"Länge dieser Karenzzeit in Tagen. Nach ihrem Ablauf muss sich der Benutzer "
+"mit dem Systemadministrator in Verbindung setzen, ehe er das System wieder "
+"nutzen kann."
 
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:138
@@ -662,16 +683,16 @@ msgid ""
 "account's inactivity."
 msgstr ""
 "Wenn <emphasis remap=\"I\">-1</emphasis> als <replaceable>INAKTIV</"
-"replaceable> angegeben wird, wird die Ãœberwachung der fehlenden Verwendung "
-"des Kontos entfernt."
+"replaceable> eingegeben wird, wird der vorliegende Wert entfernt und das "
+"Passworts verliert seine Gültigkeit unverzüglich."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -681,18 +702,22 @@ msgstr "-l"
 msgid "--list"
 msgstr ""
 
+# MH177: both the account's and the password's validity are subject to time restrictions.
+# s
+# /Show account aging information.
+# /Show usage and validity information on the password and the account.
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:150
 msgid "Show account aging information."
-msgstr "zeigt Informationen zur Kontoalterung an"
+msgstr "zeigt den Zugang zum Benutzerkonto betreffende Fristen an."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 #, fuzzy
 #| msgid "-"
@@ -700,19 +725,23 @@ msgid "-m"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
+# MH105 inconsistency on singular / plural
+# s/force a user to/force users to
+# or, as before
+# s/their/his or her
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 #, fuzzy
 #| msgid ""
 #| "Set the minimum number of days between password changes to "
@@ -723,38 +752,42 @@ msgid ""
 ">. A value of zero for this field indicates that the user may change their "
 "password at any time."
 msgstr ""
-"Setzt die Anzahl von Tagen, die mindestens zwischen zwei Änderungen eines "
-"Passworts vergehen müssen, auf <replaceable>MIN_TAGE</replaceable>. Ein Wert "
-"von Null in diesem Feld bedeutet, dass der Benutzer sein Passwort jederzeit "
-"ändern darf."
+"setzt die Anzahl von Tagen, die mindestens zwischen zwei Änderungen eines "
+"Passworts vergehen müssen, auf <replaceable>MIN_TAGE</replaceable> Tage. Ein "
+"Wert von Null in diesem Feld bedeutet, dass der Benutzer sein Passwort "
+"jederzeit ändern darf."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 msgid "-M"
 msgstr "-M"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 #, fuzzy
 #| msgid "-"
 msgid "-W"
 msgstr "-"
 
+# MH "user will be required to change their" is only one possibilty of two. In case INAKTIVE=0,
+# the user is not asked for a change and cannot use this password anymore
+# MH178: The third phrase needs to be simplified
+# MH179: singular of "user" needs the pronoun "his" or "her", not "their"
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:172
 #, fuzzy
@@ -772,15 +805,15 @@ msgid ""
 "their account. This occurrence can be planned for in advance by use of the "
 "<_:option-3/> option, which provides the user with advance warning."
 msgstr ""
-"Bestimmt die maximale Anzahl von Tagen, die das Passwort gültig bleibt. Wenn "
-"<replaceable>MAX_TAGE</replaceable> plus <replaceable>LETZTER_TAG</"
-"replaceable> älter als das aktuelle Datum ist, muss der Benutzer sein "
-"Passwort ändern, ehe er sein Konto benutzen kann. Mit der Option <option>-W</"
-"option> werden die Benutzer vor dem drohenden Verfall ihres Passworts "
-"gewarnt."
+"bestimmt die Anzahl von Tagen, die das Passwort höchstens verwendbar ist. "
+"Wenn <replaceable>MAX_TAGE</replaceable> plus <replaceable>LETZTER_TAG</"
+"replaceable> vor dem aktuellen Datum liegt, wird der Benutzer aufgefordert, "
+"sein Passwort zu ändern. Erst danach kann er sein Konto wieder nutzen. Mit "
+"der Option <option>-W</option> kann ein Zeitraum festgelegt werden, in dem "
+"der Benutzer vor dem Ablaufen des Passworts gewarnt wird."
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 #, fuzzy
 #| msgid ""
 #| "Passing the number <emphasis remap=\"I\">-1</emphasis> as "
@@ -791,15 +824,15 @@ msgid ""
 "checking a password's validity."
 msgstr ""
 "Wenn <emphasis remap=\"I\">-1</emphasis> als <replaceable>MAX_TAGE</"
-"replaceable> angegeben wird, wird der Passwortverfall entfernt."
+"replaceable> angegeben wird, wird die Gültigkeit des Passworts nicht geprüft."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 #, fuzzy
 #| msgid "-"
@@ -807,12 +840,12 @@ msgid "-R"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -821,22 +854,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -844,12 +877,12 @@ msgid "CHROOT_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 #| msgid ""
@@ -861,24 +894,83 @@ msgid ""
 "files from the <_:replaceable-2/> directory. Only absolute paths are "
 "supported."
 msgstr ""
-"führt die Veränderungen in dem Verzeichnis  <replaceable>CHROOT_VERZ</"
+"führt die Veränderungen in dem Verzeichnis <replaceable>CHROOT_VERZ</"
 "replaceable> durch und verwendet die Konfigurationsdateien aus dem "
-"Verzeichnis <replaceable>CHROOT_VERZ</replaceable>"
+"Verzeichnis <replaceable>CHROOT_VERZ</replaceable>."
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+#, fuzzy
+#| msgid "-"
+msgid "-P"
+msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+# MH option makes usermod work on a directory tree where PREFIX is the root
+# directory for the system: e.g. PREFIX = /mnt  usermod -e "2022-02-20" tester2
+# will work on /mnt/etc/shadow
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+#, fuzzy
+#| msgid ""
+#| "Apply changes in the <replaceable>PREFIX_DIR</replaceable> directory and "
+#| "use the configuration files from the <replaceable>PREFIX_DIR</"
+#| "replaceable> directory. This option does not chroot and is intended for "
+#| "preparing a cross-compilation target. Some limitations: NIS and LDAP "
+#| "users/groups are not verified. PAM authentication is using the host "
+#| "files. No SELINUX support."
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+"die Änderungen sind auf Daten im <replaceable>PRAEFIX_VERZ</replaceable> "
+"anzuwenden und ebenso die dortigen Konfigurationsdateien zu verwenden. Diese "
+"Option nimmt kein anderes Dateisystem zum Wurzelverzeichnis (chroot) und ist "
+"gedacht, Kompilierungen für fremde Systeme vorzubereiten (cross "
+"compilation). Einige Beschränkungen: Die in NIS und LDAP vorliegenden Daten "
+"zu Benutzern und Gruppen werden nicht kontrolliert. Zur PAM-"
+"Authentifizierung werden die Daten des Host-Computers herangezogen. SELINUX "
+"steht nicht zur Verfügung."
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
+# MH180: string is almost identical to string passwd.1.xml:348
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -890,18 +982,17 @@ msgid ""
 "<_:replaceable-1/> option is the number of days prior to the password "
 "expiring that a user will be warned their password is about to expire."
 msgstr ""
-"Legt die Anzahl der Tage fest, an denen der Benutzer eine Warnung erhält, "
-"bevor sein Passwort geändert werden muss. Die Option <replaceable>WARN_TAGE</"
-"replaceable> bezeichnet die Anzahl der Tage, für die ein Benutzer vor "
-"Verfall seines Passworts gewarnt wird."
+"legt den Zeitraum fest, in denen der Benutzer darauf hingewiesen wird, dass "
+"sein Passwort geändert werden muss. Dieser Zeitraum wird mit "
+"<replaceable>WARN_TAGE</replaceable> als Anzahl Tagen angegeben."
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 #, fuzzy
 #| msgid ""
 #| "If none of the options are selected, <command>chage</command> operates in "
@@ -917,20 +1008,19 @@ msgid ""
 "<_:emphasis-2/> marks."
 msgstr ""
 "Wenn keine Option ausgewählt wird, arbeitet <command>chage</command> "
-"interaktiv. Dabei wird der Benutzer nach den aktuellen Werten für alle "
-"Felder befragt. Bei Eingabe eines neuen Wertes wird dieser verwendet, bei "
-"Eingabe einer Leerzeile stattdessen der Originalwert beibehalten. Der "
-"aktuelle Wert wird zwischen einem Paar von <emphasis remap=\"B\">[ ]</"
-"emphasis> angezeigt."
+"interaktiv. Dabei wird dem Benutzer für alle Felder der aktuelle Werte "
+"vorgelegt. Ein neu eingegebener Wert wird übernommen. Wird nur die "
+"Eingabetaste gedrückt, gilt der vorliegende Wert weiter. Dieser Wert wird "
+"zwischen einem Paar von <emphasis remap=\"B\">[ ]</emphasis> angezeigt."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "ANMERKUNGEN"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -938,11 +1028,11 @@ msgstr "ANMERKUNGEN"
 msgid ""
 "The <_:command-1/> program requires a shadow password file to be available."
 msgstr ""
-"Für das Programm <command>chage</command> ist es notwendig, dass eine Shadow-"
-"Passwort-Datei vorhanden ist."
+"Das Programm <command>chage</command> setzt das Vorhandensein einer "
+"geschützten Passwortdatei voraus."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -950,13 +1040,15 @@ msgid ""
 "not be shown in the chage output."
 msgstr ""
 
+# ENDE Teil 11 weiter mit pwck.8
+# BEGINN Teil 12 setzt pwconv fort
 #. (itstool) path: para/command
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -965,15 +1057,18 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
 "command-2/> can be used to check for this kind of inconsistencies."
 msgstr ""
 
+# MH182: singular of "user" needs the pronoun "his" or "her", not "their"
+# FIXME -l gives not only the two expiration dates but as well update
+# dates, grace and warn period. Say probably "all date settings for password and account usage"
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> command is restricted to the root user, "
@@ -985,57 +1080,60 @@ msgid ""
 "option-2/> option, which may be used by an unprivileged user to determine "
 "when their password or account is due to expire."
 msgstr ""
-"Der Befehl <command>chage</command> kann nur von Root ausgeführt werden. "
-"Alle anderen Benutzer können nur die Option <option>-l</option> verwenden, "
-"um die Verfallsdaten für ihr Konto einzusehen."
+"Der Befehl <command>chage</command> kann nur vom Systemadministrator "
+"verwendet werden. Anderen Benutzern steht nur die Option <option>-l</option> "
+"zur Verfügung, mit der sie alle die Gültigkeit von Konto und Passwort "
+"betreffenden Fristen einsehen können."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr "KONFIGURATION"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 #, fuzzy
 #| msgid ""
@@ -1046,130 +1144,135 @@ msgid ""
 "of this tool:"
 msgstr ""
 "Die folgenden Konfigurationsvariablen in <filename>/etc/login.defs</"
-"filename> beeinflussen das Verhalten dieses Werkzeugs:"
+"filename> beeinflussen das Verhalten dieses Hilfsprogramms:"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "DATEIEN"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
+# MH4: no full stop at the strings end necessary
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "Informationen zu den Benutzerkonten"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
+# MH5: Unsicherheit der Ãœbersetzung: in vipw.8.xml:206 wurde "secure" mit
+# "sicher übersetzt", hier mit "verschlüsselt". Vielleicht heißt es auch
+# "geschützt".
+# MH6: no full stop at the strings end necessary
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
-msgstr "verschlüsselte Informationen zu den Benutzerkonten"
+msgstr "geschützte Informationen zu den Benutzerkonten"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "RÃœCKGABEWERTE"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "Erfolg"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "Berechtigung verweigert"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
-msgstr "unzulässige Syntax für diesen Befehl"
+msgstr "für diesen Befehl unzulässige Syntax"
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
-msgstr "Eine Shadow-Passwort-Datei kann nicht gefunden werden."
+msgstr "Die geschützte Passwortdatei kann nicht gefunden werden."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1182,21 +1285,24 @@ msgstr ""
 "<placeholder-1/>"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "SIEHE AUCH"
 
+# MH this string is the argument for pwck. Elsewhere, capital letters are used in this context
+# s/passwd/PASSWD
+# The same refers to the argument shadow s/shadow/SHADOW
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/filename
 #. (itstool) path: varlistentry/term
@@ -1206,57 +1312,59 @@ msgstr "SIEHE AUCH"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
 
+# ENDE Teil 08 weiter mit shadow.5
+# BEGINN Teil 09 setzt sg fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: arg/replaceable
 #. (itstool) path: phrase/emphasis
@@ -1265,20 +1373,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr "shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1290,20 +1398,19 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
-# SB: Translation of chfn.1 based on Josef Spillner's
-# (josef@ggzgamingzone.org) from 2003. Mention somewhere else as well?
+# ENDE Teil 37 weiter mit chfn
+# BEGINN Teil 38 setzt chgpasswd.8 fort
 #. (itstool) path: refnamediv/refpurpose
 #: chfn.1.xml.out:44
 msgid "change real user name and information"
-msgstr ""
-"ändert den vollständigen Namen eines Benutzers und sonstige Informationen"
+msgstr "ändert den vollständigen Namen und sonstige Informationen zum Benutzer"
 
 #. (itstool) path: citerefentry/refentrytitle
 #: chfn.1.xml.out:65 passwd.5.xml.out:117
@@ -1314,13 +1421,16 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 #, fuzzy
 #| msgid "-"
 msgid "-o"
 msgstr "-"
 
+# MH Remnant of the original version of Julianne Frances Hugh version that
+# politely addressed female users: "for her own account". Consider using
+# female forms throughout this manual page.
 #. (itstool) path: refsect1/para
 #: chfn.1.xml.out:61
 #, fuzzy
@@ -1347,16 +1457,17 @@ msgid ""
 "option-4/> option to change the undefined portions of the GECOS field."
 msgstr ""
 "Der Befehl <command>chfn</command> ändert den vollständigen Namen, die "
-"Bürozimmernummer sowie die berufliche und private Telefonnummer für ein "
-"Benutzerkonto. Diese Informationen werden typischerweise von "
+"Raumnummer sowie die berufliche und private Telefonnummer für ein "
+"Benutzerkonto in den entsprechenden Feldern der Datei <filename>/etc/passwd</"
+"filename>. Diese Informationen werden typischerweise von "
 "<citerefentry><refentrytitle>finger</refentrytitle><manvolnum>1</manvolnum></"
-"citerefentry> und ähnlichen Programmen verwendet. Ein normaler Benutzer darf "
-"nur die Felder seines eigenen Kontos ändern und muss dabei zudem die "
-"Einschränkungen in <filename>/etc/login.defs</filename> beachten. So ist es "
-"Benutzern standardmäßig nicht möglich, ihren vollständigen Namen zu ändern. "
-"Root kann die Felder aller Konten verändern. Außerdem darf nur Root mittels "
-"der Option <option>-o</option> die undefinierten Teile des GECOS-Feldes "
-"ändern."
+"citerefentry> und ähnlichen Programmen verwendet. Eine normale Benutzerin "
+"darf nur die Felder ihres eigenen Kontos ändern und ist dabei Beschränkungen "
+"in <filename>/etc/login.defs</filename> unterworfen. So ist es Benutzern "
+"standardmäßig nicht möglich, ihren vollständigen Namen zu ändern. Der "
+"Systemadministrator kann alle Felder aller Konten verändern. Außerdem darf "
+"nur er mit der Option <option>-o</option> die undefinierten Teile des GECOS-"
+"Feldes ändern."
 
 #. (itstool) path: para/emphasis
 #: chfn.1.xml.out:77 chfn.1.xml.out:80
@@ -1382,10 +1493,11 @@ msgid ""
 msgstr ""
 "Diese Felder dürfen keinen Doppelpunkt enthalten. Mit Ausnahme des Feldes "
 "<emphasis remap=\"I\">sonstiges</emphasis> sollten sie kein Komma oder "
-"Gleichheitszeichen enthalten. Außerdem wird abgeraten, andere Zeichen als US-"
-"ASCII zu verwenden, aber nur für die Telefonnummern ist dies zwingend. Das "
-"Feld <emphasis remap=\"I\">sonstiges</emphasis> wird von anderen Anwendungen "
-"verwendet, um dort Informationen über das Konto abzuspeichern."
+"Gleichheitszeichen enthalten. Außerdem wird davon abgeraten, andere Zeichen "
+"als US-ASCII zu verwenden, aber nur für die Telefonnummern wird dies "
+"erzwungen. Das Feld <emphasis remap=\"I\">sonstiges</emphasis> wird von "
+"anderen Anwendungen verwendet, um dort Informationen über das Konto "
+"abzuspeichern."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
@@ -1393,7 +1505,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1413,7 +1525,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: chfn.1.xml.out:97
 msgid "Change the user's full name."
-msgstr "verändert den vollständigen Namen des Benutzers"
+msgstr "ändert den vollständigen Namen des Benutzers."
 
 #. (itstool) path: term/option
 #: chfn.1.xml.out:102
@@ -1430,7 +1542,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: chfn.1.xml.out:105
 msgid "Change the user's home phone number."
-msgstr "ändert die private Telefonnummer des Benutzers"
+msgstr "ändert die private Telefonnummer des Benutzers."
 
 #. (itstool) path: term/option
 #: chfn.1.xml.out:110
@@ -1451,19 +1563,19 @@ msgid ""
 "accounting information used by other applications, and can be changed only "
 "by a superuser."
 msgstr ""
-"Verändert die sonstigen Informationen über den Benutzer in der GECOS-Zeile. "
-"In diesem Feld werden Kontoinformationen anderer Anwendungen gespeichert. Es "
-"kann nur vom Superuser verändert werden."
+"ändert sonstige GECOS-Informationen über den Benutzer. In diesem Feld werden "
+"Kontoinformationen anderer Anwendungen gespeichert. Es kann nur vom "
+"Systemadministrator verändert werden."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1482,14 +1594,14 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: chfn.1.xml.out:125
 msgid "Change the user's room number."
-msgstr "ändert die Zimmernummer des Benutzers"
+msgstr "ändert die Raumnummer des Benutzers."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 #, fuzzy
 #| msgid "-"
@@ -1497,7 +1609,7 @@ msgid "-u"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 #, fuzzy
 #| msgid "-"
 msgid "-w"
@@ -1518,7 +1630,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: chfn.1.xml.out:154
 msgid "Change the user's office phone number."
-msgstr "verändert die berufliche Telefonnummer des Benutzers"
+msgstr "ändert die berufliche Telefonnummer des Benutzers."
 
 #. (itstool) path: refsect1/para
 #: chfn.1.xml.out:158
@@ -1539,20 +1651,22 @@ msgid ""
 "current user account."
 msgstr ""
 "Wenn keine Option ausgewählt wird, arbeitet <command>chfn</command> "
-"interaktiv. Dabei wird der Benutzer nach den aktuellen Werten für alle "
-"Felder befragt. Bei Eingabe eines neuen Wertes wird dieser verwendet, bei "
-"keiner Eingabe stattdessen der Originalwert beibehalten. Der aktuelle Wert "
-"wird zwischen einem Paar von <emphasis remap=\"B\">[ ]</emphasis> angezeigt. "
-"Ohne Optionen fragt <command>chfn</command> nach einem Benutzerkonto."
-
-#. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+"interaktiv. Dabei werden nach und nach die aktuellen Werte ausgegeben und "
+"der Benutzer zu einer neuen Eingabe aufgefordert. Bei Eingabe eines Wertes "
+"wird dieser in das Feld übernommen, ohne Eingabe einer Zeichenkette bleibt "
+"der Originalwert erhalten. Der aktuelle Wert wird zwischen eckigen Klammern "
+"angezeigt. Wenn kein Anmeldename angegeben wurde, gilt der Dialog von "
+"<command>chfn</command> dem aktuellen Benutzerkonto."
+
+# MH full stop at the end of the string is not necessary
+#. (itstool) path: listitem/para
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
-msgstr "Konfiguration der Shadow-Passwort-Werkzeugsammlung"
+msgstr "konfiguriert die Shadow-Hilfsprogramme."
 
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: refmeta/refentrytitle
@@ -1563,55 +1677,57 @@ msgstr "Konfiguration der Shadow-Passwort-Werkzeugsammlung"
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
+# ENDE Teil 19 weiter mit login.defs.5
+# BEGINN Teil 20 setzt logoutd.8 fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
-msgstr "ursprünglicher Autor, 2006"
+msgstr "Erstellung, 2006"
 
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1624,43 +1740,49 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
 msgstr "Befehle zur Systemverwaltung"
 
+# ENDE Teil 36 weiter mit chgpasswd.8
+# BEGINN Teil 37 setzt chpasswd.8 fort
+# MH In xml source file,
+# replace <emphasis> and <option> by adequate xml-Element <replaceable>, <envar>, etc
+# MH a test showed, that chgpassword writes the encrypted password
+# in both files, /etc/group and /etc/gshadow
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
-msgstr "aktualisiert Gruppenpasswörter im Batch-Modus"
+msgstr "aktualisiert Gruppenpasswörter im Stapel-Modus"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 #, fuzzy
 #| msgid ""
 #| "The <command>chgpasswd</command> command reads a list of group name and "
@@ -1672,18 +1794,21 @@ msgid ""
 "groups. Each line is of the format:"
 msgstr ""
 "Der Befehl <command>chgpasswd</command> liest eine Liste von Gruppenname-"
-"Passwort-Paaren von der Standardeingabe. Damit werden Gruppendaten "
-"aktualisiert. Jede Zeile muss folgendes Format haben:"
+"Passwort-Paaren von der Standardeingabe. Damit werden Daten mehrerer "
+"existierender Gruppen aktualisiert. Jede Zeile hat das Format:"
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
-msgstr "Gruppen_Name"
+msgstr "Gruppenname"
 
+# MH this string is the argument for pwck. Elsewhere, capital letters are used in this context
+# s/passwd/PASSWD
+# The same refers to the argument shadow s/shadow/SHADOW
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1692,12 +1817,12 @@ msgid "password"
 msgstr "passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 #, fuzzy
 #| msgid ""
 #| "By default the supplied password must be in clear-text, and is encrypted "
@@ -1706,12 +1831,12 @@ msgid ""
 "By default the supplied password must be in clear-text, and is encrypted by "
 "<_:command-1/>."
 msgstr ""
-"Das Passwort wird standardmäßig im Klartext angegeben. Die "
-"Standardalgorithmus zur Verschlüsselung ist DES."
+"Standardmäßig wird das Passwort in Klartext angegeben und von "
+"<command>chgpasswd</command> verschlüsselt."
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "ENCRYPT_METHOD"
@@ -1719,9 +1844,9 @@ msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #, fuzzy
 #| msgid "-"
@@ -1731,183 +1856,293 @@ msgstr "-"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
+# FIXME s/overwritten/overridden
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
 #| "<option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</"
-#| "filename>, and can be overwiten with the <option>-e</option>, <option>-m</"
-#| "option>, or <option>-c</option> options."
+#| "filename>, and can be overwritten with the <option>-e</option>, <option>-"
+#| "m</option>, or <option>-c</option> options."
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> variable of <_:filename-2/>, and can be overwritten with the <_:"
 "option-3/>, <_:option-4/>, or <_:option-5/> options."
 msgstr ""
-"Der standardmäßige Verschlüsselungsalgorithmus wird systemweit mit der "
-"Variable <option>ENCRYPT_METHOD</option> in <filename>/etc/login.defs</"
-"filename> bestimmt. Dies kann mit den Optionen <option>-e</option>, <option>-"
-"m</option> oder <option>-c</option> überschrieben werden."
+"Der Verschlüsselungsalgorithmus des Systems wird mit der Variablen "
+"<option>ENCRYPT_METHOD</option> in <filename>/etc/login.defs</filename> "
+"festgelegt. Diese Voreinstellung kann mit den Optionen <option>-e</option>, "
+"<option>-m</option> oder <option>-c</option> außer Kraft gesetzt werden."
 
+# MH119b english check, suggestion for replacement
+# "This command is intended for large systems when numerous passwords "
+# "need to be updated at a single time."
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
 msgstr ""
-"Dieser Befehl ist für den Einsatz in großen Umgebungen vorgesehen, in der "
-"viele Konten gleichzeitig erstellt werden müssen."
+"Dieser Befehl ist für weitreichende Systeme gedacht, bei denenviele "
+"Passwörter gleichzeitig aktualisiert werden müssen."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
-msgstr "Definiert die Methode, mit der die Passwörter verschlüsselt werden."
+msgstr "definiert die Methode, mit der die Passwörter verschlüsselt werden."
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
-msgstr "Die verfügbaren Methoden sind DES, MD5 und NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "BESCHREIBUNG"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
+msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
-"Die verfügbaren Methoden sind DES, MD5, NONE und SHA256 oder SHA512, soweit "
-"Ihre libc sie unterstützt."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 #, fuzzy
 #| msgid "encrypted password"
 msgid "--encrypted"
 msgstr "verschlüsseltes Passwort"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
-msgstr "Passwörter werden verschlüsselt angegeben."
+msgstr "Passwörter werden verschlüsselt geliefert."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
 msgstr ""
-"werwendet zur Verschlüsselung MD5 anstelle von DES, wenn die Passwörter "
-"unverschlüsselt angegeben werden"
+"Zur Verschlüsselung MD5 anstelle von DES verwenden, wenn die Passwörter "
+"unverschlüsselt geliefert werden."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 msgid "-s"
 msgstr "-s"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
+msgstr "legt die Anzahl von Runden beim Verschlüsseln von Passwörtern fest."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
+msgid ""
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
-"Verwendet die angegebene Anzahl von Runden, um die Passwörter zu "
-"verschlüsseln."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
-"Ein Wert von 0 bedeutet, dass das System die Standardanzahl der Runden "
-"(5000) für die Verschlüsselung verwenden wird."
+"Standardmäßig wird die Anzahl der Runden mit den Variablen "
+"SHA_CRYPT_MIN_ROUNDS und SHA_CRYPT_MAX_ROUNDS in <filename>/etc/login.defs</"
+"filename> definiert."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr "Der Mindestwert ist 1000, der Höchstwert 999.999.999."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
-"Sie können diese Option nur mit den Verschlüsselungsmethoden SHA256 und "
-"SHA512 verwenden."
+"Standardmäßig wird die Anzahl der Runden mit den Variablen "
+"SHA_CRYPT_MIN_ROUNDS und SHA_CRYPT_MAX_ROUNDS in <filename>/etc/login.defs</"
+"filename> definiert."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
+msgstr "Der Mindestwert ist 1000, der Höchstwert 999.999.999."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
 #| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
 #| "filename>."
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
 msgstr ""
 "Standardmäßig wird die Anzahl der Runden mit den Variablen "
-"SHA_CRYPT_MIN_ROUNDS und SHA_CRYPT_MAX_ROUNDS  in <filename>/etc/login.defs</"
+"SHA_CRYPT_MIN_ROUNDS und SHA_CRYPT_MAX_ROUNDS in <filename>/etc/login.defs</"
 "filename> definiert."
 
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
+msgstr "Der Mindestwert ist 1000, der Höchstwert 999.999.999."
+
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "WARNUNGEN"
 
+# MH I assume this hint is only relevant for the file that is piped towards
+# chpasswd. Thus, this hint shall concentrate on this file:
+# "Make sure that the file that provides the login data has the permissions set in
+# a way that prevents it from being read by other users."
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
 msgstr ""
-"Achten Sie darauf, dass die Rechte und Umask korrekt vergeben sind, um zu "
-"verhindern, dass andere Benutzer unverschlüsselte Dateien lesen können."
+"Achten Sie darauf, dass die Zugriffsrechte der unverschlüsselten Datei "
+"beziehungsweise <envar>UMASK</envar> ausschließen, dass andere Benutzer sie "
+"lesen können."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
 msgstr ""
 "Sie sollten darauf achten, dass Passwörter und Verschlüsselungsmethode in "
-"Einklage mit der Passwortrichtlinie des Systems stehen."
+"Einklang mit der Passwortrichtlinie des Systems stehen."
 
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1915,19 +2150,20 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
+# MH2: no full stop at the strings' end necessary
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "Informationen zu den Gruppenkonten"
@@ -1935,8 +2171,8 @@ msgstr "Informationen zu den Gruppenkonten"
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1944,20 +2180,21 @@ msgstr "Informationen zu den Gruppenkonten"
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
+# MH3: no full stop at the strings end necessary
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
-msgstr "sichere Informationen zu den Gruppenkonten"
+msgstr "geschützte Informationen zu den Gruppenkonten"
 
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: refmeta/refentrytitle
@@ -1965,12 +2202,12 @@ msgstr "sichere Informationen zu den Gruppenkonten"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -1980,19 +2217,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -2004,20 +2241,25 @@ msgstr "ursprünglicher Autor, 1991"
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
+# ENDE Teil 35 weiter mit chpasswd.8
+# BEGINN Teil 36 setzt chsh.1 fort
+# FIXME Troughout: It would make sense to improve usage of xml-elements,
+# e.g. use <replaceable> instead of <emphasis remap="I">
+# e.g. use <envar> instead of <option>
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
-msgstr "aktualisiert Passwörter im Batch-Modus"
+msgstr "aktualisiert Passwörter im Stapel-Modus"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 #, fuzzy
 #| msgid ""
 #| "The <command>chpasswd</command> command reads a list of user name and "
@@ -2028,20 +2270,23 @@ msgid ""
 "standard input and uses this information to update a group of existing "
 "users. Each line is of the format:"
 msgstr ""
-"Der Befehl <command>chpasswd</command> liest eine Liste von Benutzername-"
-"Passwort-Paaren von der Standardeingabe. Damit werden Benutzerdaten "
-"aktualisiert. Jede Zeile muss folgendes Format haben:"
+"Der Befehl <command>chpasswd</command> liest eine Liste von Anmeldename-"
+"Passwort-Paaren von der Standardeingabe und aktualisiert damit eine Gruppe "
+"existierender Benutzer. Die Zeilen müssen folgenden Aufbau haben:"
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
-msgstr "Benutzer_Name"
+msgstr "Anmeldename"
 
+# MH Assumed meaning: The date of the last password change is updated or
+# in case there is non, is inserted. Furthermore, does the shadow file
+# not store the age of a password but the day it was created.
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "By default the passwords must be supplied in clear-text, and are "
@@ -2051,37 +2296,38 @@ msgid ""
 "By default the passwords must be supplied in clear-text, and are encrypted "
 "by <_:command-1/>. Also the password age will be updated, if present."
 msgstr ""
-"Das Passwort muss standardmäßig im Klartext angegeben werden und von "
-"<command>chpasswd</command> verschlüsselt. Soweit vorhanden, wird auch das "
-"Alter des Passworts aktualisiert."
+"Passwörter müssen standardmäßig im Klartext angegeben werden und "
+"<command>chpasswd</command> verschlüsselt sie. Soweit vorhanden, wird auch "
+"das zum Passwort gehörende Datum aktualisiert."
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
+# FIXME s/overwritten/overridden
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
 #| "<option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</"
-#| "filename>, and can be overwiten with the <option>-e</option>, <option>-m</"
-#| "option>, or <option>-c</option> options."
+#| "filename>, and can be overwritten with the <option>-e</option>, <option>-"
+#| "m</option>, or <option>-c</option> options."
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> or <_:option-2/> variables of <_:filename-3/>, and can be "
 "overwritten with the <_:option-4/>, <_:option-5/>, or <_:option-6/> options."
 msgstr ""
-"Der standardmäßige Verschlüsselungsalgorithmus wird systemweit mit der "
-"Variable <option>ENCRYPT_METHOD</option> in <filename>/etc/login.defs</"
-"filename> bestimmt. Dies kann mit den Optionen <option>-e</option>, <option>-"
-"m</option> oder <option>-c</option> überschrieben werden."
+"Der Verschlüsselungsalgorithmus des Systems wird mit der Variablen "
+"<option>ENCRYPT_METHOD</option> in <filename>/etc/login.defs</filename> "
+"festgelegt. Diese Voreinstellung kann mit den Optionen <option>-e</option>, "
+"<option>-m</option> oder <option>-c</option> außer Kraft gesetzt werden."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 #, fuzzy
 #| msgid ""
 #| "By default, passwords are encrypted by PAM, but (even if not recommended) "
@@ -2093,36 +2339,40 @@ msgid ""
 "option-2/>, or <_:option-3/> options."
 msgstr ""
 "Standardmäßig werden die Passwörter von PAM verschlüsselt. Sie können aber "
-"eine andere Verschlüsselungsmethode mit den Optionen <option>-e</option>, "
-"<option>-m</option> oder <option>-c</option> festlegen (dies wird jedoch "
-"nicht angeraten)."
+"mit den Optionen <option>-e</option>, <option>-m</option> oder <option>-c</"
+"option> eine andere Verschlüsselungsmethode festlegen, obgleich davon "
+"abgeraten wird."
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 #, fuzzy
 #| msgid "By default, PAM is used to encrypt the passwords."
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr "Standardmäßig verschlüsselt PAM die Passwörter."
 
+# FIXME missing space:
+# s#the passwords,</#the passwords, </
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 #, fuzzy
 #| msgid ""
 #| "<phrase condition=\"pam\">Except when PAM is used to encrypt the "
 #| "passwords,</phrase><command>chpasswd</command> first updates all the "
 #| "passwords in memory, and then commits all the changes to disk if no "
-#| "errors occured for any user."
+#| "errors occurred for any user."
 msgid ""
 "<_:phrase-1/> <_:command-2/> first updates all the passwords in memory, and "
 "then commits all the changes to disk if no errors occurred for any user."
 msgstr ""
-"<phrase condition=\"pam\">PAM wird nicht zur Verschlüsselung der Passwörter "
-"verwendet:</phrase><command>chpasswd</command> aktualisiert zunächst alle "
-"Passwörter im Arbeitsspeicher und schreibt dann die Änderungen auf das "
-"Speichermedium, falls keine Fehler aufgetreten sind."
+"<command>chpasswd</command> aktualisiert zunächst alle Passwörter im "
+"Arbeitsspeicher und schreibt, falls keine Fehler aufgetreten sind, für alle "
+"Benutzer die Änderungen auf die Festplatte. <phrase condition=\"pam\">Dies "
+"gilt nicht, wenn PAM zur Verschlüsselung der Passwörter verwendet wird.</"
+"phrase>"
 
+# MH system database presumeably means the shadow password file
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "When PAM is used to encrypt the passwords (and update the passwords in "
@@ -2135,23 +2385,24 @@ msgid ""
 "continues updating the passwords of the next users, and will return an error "
 "code on exit."
 msgstr ""
-"Wenn PAM zur Verschlüsselung der Passwörter (und ihrer Aktualisierung in der "
-"Systemdatenbank) verwendet wird, wird <command>chpasswd</command> die "
-"Aktualisierung der Passwörter auch dann fortsetzen, wenn ein Passwort nicht "
-"geändert werden kann, und beim Beenden eine Fehlermeldung zurückgeben."
+"Wenn PAM zur Verschlüsselung der Passwörter (und deren Aktualisierung im "
+"System) verwendet wird, wird <command>chpasswd</command> auch in dem Fall, "
+"dass ein Passwort nicht aktualisiert werden kann, die Aktualisierung "
+"derPasswörter weiterer Benutzer fortsetzen und beim Beenden einen Fehlercode "
+"ausgeben."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr "Standardmäßig verschlüsselt PAM die Passwörter."
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 #, fuzzy
 #| msgid ""
 #| "By default (if none of the <option>-c</option>, <option>-m</option>, or "
@@ -2170,98 +2421,73 @@ msgstr ""
 "bestimmt."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-#, fuzzy
-#| msgid ""
-#| "By default, the number of rounds is defined by the "
-#| "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
-#| "option> variables in <filename>/etc/login.defs</filename>."
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
-"Standardmäßig wird die Anzahl der Runden von den Variablen "
-"<option>SHA_CRYPT_MIN_ROUNDS</option> und <option>SHA_CRYPT_MAX_ROUNDS</"
-"option> <filename>/etc/login.defs</filename> bestimmt."
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/pam.d/chpasswd"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 #, fuzzy
 #| msgid "PAM configuration for <command>passwd</command>."
 msgid "PAM configuration for <_:command-1/>."
 msgstr "PAM-Konfiguration für <command>passwd</command>"
 
+# ENDE Teil 16 weiter mit newusers.8
+# BEGINN Teil 17 setzt nologin.8 fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
+# ENDE Teil 04 weiter mit useradd
+# BEGINN Teil 05 setzt userdel fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
 
-# SB: Translation of chsh.1 based on Josef Spillner's
-# (josef@ggzgamingzone.org) from 2003. Mention somewhere else as well?
+# ENDE Teil 34 weiter mit chsh.1
+# BEGINN Teil 35 setzt expiry.1 fort
 #. (itstool) path: refnamediv/refpurpose
 #: chsh.1.xml.out:44
 msgid "change login shell"
@@ -2284,37 +2510,36 @@ msgstr ""
 "Der Befehl <command>chsh</command> ändert die Anmelde-Shell eines Benutzers. "
 "Er legt den Befehl fest, der bei der Anmeldung ausgeführt wird. Ein normaler "
 "Benutzer kann nur die Anmelde-Shell seines eigenen  Kontos ändern, während "
-"Root dies für alle Konten darf."
+"der Systemadministrator dies für alle Konten darf."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 #, fuzzy
 #| msgid "pw_shell"
 msgid "--shell"
-msgstr "pw_shell"
+msgstr "pw_Shell"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
 
+# Original message is about to be improved SG 2022-02-11
 #. (itstool) path: listitem/para
 #: chsh.1.xml.out:100
-#, fuzzy
-#| msgid ""
-#| "The path of the user's new login shell. Setting this field to blank "
-#| "causes the system to select the default login shell."
 msgid ""
 "The name of the user's new login shell. Setting this field to blank causes "
 "the system to select the default login shell."
 msgstr ""
-"Der Pfad der neuen Anmelde-Shell des Benutzers. Falls dieses Feld leer "
-"gelassen wird, verwendet das System die Standard-Anmelde-Shell."
+"ändert die Anmelde-Shell des Benutzers. Mit dem Leerstring als "
+"<replaceable>SHELL</replaceable> wird dieser in die Datei <filename>/etc/"
+"passwd</filename> übernommen und dem Benutzer nach der Anmeldung die "
+"Standard-Shell des Systems zur Verfügung gestellt."
 
 #. (itstool) path: refsect1/para
 #: chsh.1.xml.out:107
@@ -2332,21 +2557,22 @@ msgid ""
 "current one. The current shell is displayed between a pair of <_:emphasis-3/"
 "> marks."
 msgstr ""
-"Wenn die Option <option>-s</option> nicht ausgewählt ist, wird "
-"<command>chsh</command> im interaktiven Modus betrieben. Dabei wird der "
-"Benutzer mit der aktuellen Anmelde-Shell zur Eingabe einer neuen "
-"aufgefordert. Durch Eingabe eines Wertes wird die Shell geändert, während "
-"sie bei einer leeren Zeile beibehalten wird. Die aktuelle Shell wird "
-"zwischen einem Paar von <emphasis>[ ]</emphasis> angezeigt."
+"Ohne die Option <option>-s</option> wird <command>chsh</command> im "
+"interaktiven Modus betrieben. Dabei wird der Benutzer mit der aktuellen "
+"Anmelde-Shell zur Eingabe einer neuen aufgefordert. Durch Eingabe eines "
+"neuen Wertes wird die Shell geändert; geben Sie hingegen nichts ein, bleibt "
+"es bei der aktuellen Shell. Diese wird zwischen einem Paar von "
+"<emphasis>[ ]</emphasis> angezeigt."
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2371,20 +2597,108 @@ msgid ""
 "shell would prevent the user from ever changing her login shell back to its "
 "original value."
 msgstr ""
-"Die einzige Beschränkung für die Anmelde-Shell ist, dass der Name des "
-"Befehls in der Datei <filename>/etc/shells</filename> enthalten sein muss. "
-"Root darf allerdings jeden beliebigen Befehl vergeben. Bei Konten, denen "
-"eine beschränkte Anmelde-Shell zugewiesen ist, ist es nicht möglich, die "
-"Anmelde-Shell zu ändern. Daher ist es nicht ratsam, <filename>/bin/rsh</"
+"Die einzige Beschränkung für die Anmelde-Shell ist, dass ihr Aufruf in der "
+"Datei <filename>/etc/shells</filename> enthalten sein muss. Der "
+"Systemadministrator darf allerdings beliebige Eingaben machen. Bei Konten, "
+"denen eine beschränkte Anmelde-Shell zugewiesen ist, ist es nicht möglich, "
+"die Anmelde-Shell zu ändern. Daher ist es nicht ratsam, <filename>/bin/rsh</"
 "filename> in <filename>/etc/shells</filename> einzutragen, da ein Benutzer "
 "nicht zu seiner ursprünglichen Anmelde-Shell zurückwechseln kann, falls er "
 "versehentlich eine beschränkte Shell als Anmelde-Shell auswählt."
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
-msgstr "Liste der möglichen Anmelde-Shells"
+msgstr "Liste gültiger Anmelde-Shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "Liste gültiger Anmelde-Shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "Directory containing default files."
+msgid "Directory for additional user defined configuration files."
+msgstr "Verzeichnis, das die Dateien mit Standardwerten enthält"
+
+# ENDE Teil 33 weiter mit expiry.1
+# BEGINN Teil 34 setzt faillog.5 fort
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2394,13 +2708,20 @@ msgstr "Liste der möglichen Anmelde-Shells"
 msgid "expiry"
 msgstr "expiry"
 
+# MH168: on my system. expiry -c yields no output, whether a password is expired or not
+# -c informed about a password that expires today or tomorrow
+# output of -f with an expired password: error message "initgroup Operation nicht erlaubt"
+# I do not see that this command enforces the password policy, it just checks and
+# it is said to introduce a password change. But it fails with this here. Thus
+# s/check and enforce password expiration policy/checks whether password is valid or expired
 #. (itstool) path: refnamediv/refpurpose
 #: expiry.1.xml.out:45
 msgid "check and enforce password expiration policy"
-msgstr "überprüft die Regeln für den Verfall des Passworts und setzt diese um"
+msgstr "überprüft das Passwort auf Gültigkeit"
 
+# MH154 with gpasswd, more than one options are possible. Use plural
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 msgid "option"
 msgstr "Option"
 
@@ -2417,9 +2738,9 @@ msgid ""
 "as a normal user command."
 msgstr ""
 "Mit der Option <option>-c</option> überprüft der Befehl <command>expiry</"
-"command> den aktuellen Status des Verfalls des Passworts. Mit der Option "
-"<option>-f</option> werden die notwendigen Veränderungen umgesetzt. Er kann "
-"von normalen Benutzern aufgerufen werden."
+"command>, ob das Passwort abgelaufen ist. Mit der Option <option>-f</option> "
+"wird, falls nötig, der Benutzer zur Änderung das Passworts aufgefordert. Der "
+"Befehl steht normalen Benutzern zur Verfügung."
 
 #. (itstool) path: term/option
 #: expiry.1.xml.out:73
@@ -2429,7 +2750,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: expiry.1.xml.out:75
 msgid "Check the password expiration of the current user."
-msgstr "überprüft den Verfall des Passworts des aktuellen Benutzers"
+msgstr "überprüft, ob das Passwort des aktuellen Benutzers abgelaufen ist."
 
 #. (itstool) path: term/option
 #: expiry.1.xml.out:79 groupadd.8.xml.out:88 groupdel.8.xml.out:72
@@ -2446,11 +2767,13 @@ msgstr ""
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr "ursprünglicher Autor, 1989"
 
+# ENDE Teil 31 weiter mit faillog.8
+# BEGINN Teil 32 setzt gpasswd fort
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: citerefentry/refentrytitle
@@ -2467,17 +2790,19 @@ msgstr "faillog"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 #, fuzzy
 #| msgid "File Formats and Conversions"
 msgid "File Formats and Configuration Files"
-msgstr "Dateiformate und konvertierung"
+msgstr "Dateiformate und Konvertierungen"
 
+# ENDE Teil 32 weiter mit faillog.5
+# BEGINN Teil 33 setzt faillog.8 fort
 #. (itstool) path: refnamediv/refpurpose
 #: faillog.5.xml.out:41
 msgid "login failure logging file"
-msgstr "Datei mit fehlgeschlagenen Anmeldungen"
+msgstr "Datei zur Protokollierung von Anmeldefehlschlägen"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
@@ -2497,10 +2822,10 @@ msgid ""
 "<_:filename-1/> maintains a count of login failures and the limits for each "
 "account."
 msgstr ""
-"In <filename>/var/log/faillog</filename> wird der Zählerstand von "
-"fehlgeschlagenen Anmeldungen und die Beschränkungen für jedes Konto "
-"niedergelegt."
+"Die Datei <filename>/var/log/faillog</filename> enthält Zählerstände für "
+"Anmeldefehlschläge und die für einzelne Konten geltenden Beschränkungen."
 
+# MH167: the "line" on which the last...? Means the "device"/"Gerät" or the "time"?
 #. (itstool) path: refsect1/para
 #: faillog.5.xml.out:50
 msgid ""
@@ -2511,18 +2836,17 @@ msgid ""
 "and the duration (in seconds) during which the account will be locked after "
 "a failure."
 msgstr ""
-"Einträge in dieser Datei haben eine festgelegte Länge und sind der "
-"zahlenmäßigen UID nach angeordnet. Jeder Eintrag besteht aus der Anzahl der "
-"fehlgeschlagenen Anmeldungen seit der letzten erfolgreichen Anmeldung, der "
-"maximalen Anzahl von Fehlschlägen, ehe das Konto abgeschaltet wird, dem "
-"Gerät, auf dem die letzte fehlgeschlagene Anmeldung erfolgte, das Datum der "
-"letzten fehlgeschlagenen Anmeldung und die Dauer in Sekunden, für die das "
-"Konto nach einem Fehlschlag gesperrt ist."
+"Einträge in dieser Datei haben eine feste Länge und sind mit der "
+"Benutzerkennung als Index versehen. Jeder Eintrag besteht aus der Anzahl der "
+"Anmeldefehlschläge seit der letzten erfolgreichen Anmeldung, der maximalen "
+"Anzahl von Fehlschlägen, ehe das Konto gesperrt wird, der xxx Leitung|"
+"Verbindung, auf der der letzte Anmeldefehlschlag erfolgte, dessen Datum und "
+"die Zeit in Sekunden, für die nach einem Fehlschlag das Konto gesperrt wird. "
 
 #. (itstool) path: refsect1/para
 #: faillog.5.xml.out:60
 msgid "The structure of the file is:"
-msgstr "Die Datei ist so aufgebaut:"
+msgstr "Die Datei ist folgendermaßen aufgebaut:"
 
 #. (itstool) path: refsect1/programlisting
 #: faillog.5.xml.out:61
@@ -2552,15 +2876,17 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: faillog.5.xml.out:77 faillog.8.xml.out:225
 msgid "Failure logging file."
-msgstr "Datei mit fehlgeschlagenen Anmeldungen"
+msgstr "Datei zur Protokollierung von Anmeldefehlchlägen"
 
 #. (itstool) path: refnamediv/refpurpose
 #: faillog.8.xml.out:41
 msgid "display faillog records or set login failure limits"
-msgstr ""
-"zeigt Aufzeichnungen der fehlgeschlagenen Anmeldungen an oder richtet "
-"Beschränkungen für fehlgeschlagene Anmeldungen ein"
+msgstr "zeigt Aufzeichnungen von Anmeldefehlschlägen an oder begrenzt sie"
 
+# MH158: last phrase not in accordance with findings here:
+# running without arguments: no output. This
+# is in accordance with Bugreport #776314 which states that /var/log/faillog
+# is not changed after failed attempts to log in
 #. (itstool) path: refsect1/para
 #: faillog.8.xml.out:55
 #, fuzzy
@@ -2576,17 +2902,16 @@ msgid ""
 "command-3/> is run without arguments, it only displays the faillog records "
 "of the users who had a login failure."
 msgstr ""
-"<command>faillog</command> zeigt den Inhalt der Datenbank der "
-"fehlgeschlagenen Anmeldungen (<filename>/var/log/faillog</filename>) an. Es "
-"kann auch die Zählung und Beschränkung der Fehlversuche verwalten. Wenn "
-"<command>faillog</command> ohne Optionen ausgeführt wird, wird nur die Liste "
-"der fehlgeschlagenen Anmeldungen aller Benutzer angezeigt, deren Anmeldung "
-"jemals gescheitert ist."
+"<command>faillog</command> zeigt die Aufzeichnungen über "
+"Anmeldefehlschlägein <filename>/var/log/faillog</filename>. Es kann auch die "
+"Zahl zulässiger Fehlversuche beschränken und die Zähler dafür zurücksetzen. "
+"Wenn <command>faillog</command> ohne Optionen aufgerufen wird, zeigt es die "
+"Anmeldefehlschläge für alle Benutzerkonten."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 #, fuzzy
 #| msgid "-"
@@ -2594,10 +2919,11 @@ msgid "-a"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
+# MH183 Remove parenthesis as acting on is as important as displaying
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:74
 #, fuzzy
@@ -2608,9 +2934,11 @@ msgid ""
 "Display (or act on) faillog records for all users having an entry in the <_:"
 "filename-1/> database."
 msgstr ""
-"zeigt (oder bearbeitet) die faillog-Einträge aller Benutzer, die einen "
-"Eintrag in der Datenbank <filename>faillog</filename> haben"
+"zeigt (oder bearbeitet) die faillog-Aufzeichnungen aller Benutzer mit einem "
+"Eintrag in der Datei <filename>faillog</filename>."
 
+# MH159: For a range of users to be displayed, -u has to be combined with -a
+# Option
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:78
 #, fuzzy
@@ -2621,14 +2949,16 @@ msgstr ""
 "Die Spanne der Benutzer kann mit der Option <option>-u</option> eingegrenzt "
 "werden."
 
+# MH160 Why "display mode". Preferentially write "When displaying failed login attempts
+# of existing users, even if they are empty"
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:82
 msgid ""
 "In display mode, this is still restricted to existing users but forces the "
 "display of the faillog entries even if they are empty."
 msgstr ""
-"Im Anzeigemodus ist dies auf vorhandene Benutzer beschränkt, erzwingt aber "
-"die Anzeige der Faillog-Einträge, auch wenn diese leer sind."
+"Im Anzeigemodus bleibt die Beschränkung auf existierende Benutzer, erzwingt "
+"aber die Anzeige der Faillog-Einträge, selbst wenn diese leer sind."
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
@@ -2638,6 +2968,8 @@ msgstr ""
 msgid "-t"
 msgstr "-"
 
+# MH161 Improve the explanation
+# s/the users' records are /all or the specified records are
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:87
 #, fuzzy
@@ -2655,9 +2987,9 @@ msgid ""
 msgstr ""
 "Mit den Optionen <option>-l</option>, <option>-m</option>, <option>-r</"
 "option> und <option>-t</option> werden die Benutzereinträge selbst dann "
-"geändert, wenn der Benutzer auf dem System nicht vorhanden ist. Dies kann "
-"sinnvoll sein, wenn die Einträge von gelöschten Benutzer zurückgesetzt "
-"werden sollen oder vorsorglich eine Richtlinie für eine Anzahl von Benutzern "
+"geändert, wenn der Benutzer auf dem System nicht existiert. Dies kann "
+"sinnvoll sein, wenn die Einträge von gelöschten Benutzern zurückgesetzt "
+"werden sollen oder vorab eine Richtlinie für einen Bereich von Benutzern "
 "eingerichtet werden soll."
 
 #. (itstool) path: term/option
@@ -2682,7 +3014,7 @@ msgstr "USE_TCB"
 msgid "Lock account for <_:replaceable-1/> seconds after failed login."
 msgstr ""
 "sperrt nach einer fehlgeschlagenen Anmeldung das Konto für <replaceable>SEK</"
-"replaceable> Sekunden"
+"replaceable> Sekunden."
 
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:112 faillog.8.xml.out:137 faillog.8.xml.out:149
@@ -2692,8 +3024,8 @@ msgstr ""
 #| "this option."
 msgid "Write access to <_:filename-1/> is required for this option."
 msgstr ""
-"Für diese Option muss ein Schreibzugriff auf <filename>/var/log/faillog</"
-"filename> bestehen."
+"diese Option setzt Schreibrecht für <filename>/var/log/faillog</filename> "
+"voraus."
 
 #. (itstool) path: term/option
 #: faillog.8.xml.out:120
@@ -2706,6 +3038,11 @@ msgstr ""
 msgid "MAX"
 msgstr ""
 
+# MH162 on this system, failures are not counted, the entry in the column remains 0
+# the respective time stamp is always 1.1.1970 00:00
+# MH163 bad english, relative phrase needed: "failures, after which the account" or
+# "set the number of acceptable failures to <replaceable>MAX</replaceable>. The
+# account will be disabled when additional failures occur."
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:123
 #, fuzzy
@@ -2716,7 +3053,7 @@ msgid ""
 "Set the maximum number of login failures after the account is disabled to <_:"
 "replaceable-1/>."
 msgstr ""
-"setzt den Zähler der fehlgeschlagene Anmeldungen, nach denen das Konto "
+"setzt die maximale Anzahl von Anmeldefehlschlägen, nach denen das Konto "
 "abgeschaltet wird, auf <replaceable>MAX</replaceable>"
 
 #. (itstool) path: listitem/para
@@ -2729,8 +3066,8 @@ msgid ""
 "Selecting a <_:replaceable-1/> value of 0 has the effect of not placing a "
 "limit on the number of failed logins."
 msgstr ""
-"Wenn <replaceable>MAX</replaceable> den Wert 0 hat, besteht keine "
-"Beschränkung für die Anzahl fehlgeschlagener Anmeldeversuche."
+"Wenn <replaceable>MAX</replaceable> den Wert 0 hat, wird die Zahl der "
+"Anmeldefehlschläge nicht beschränkt."
 
 #. (itstool) path: para/emphasis
 #: faillog.8.xml.out:134 groupmems.8.xml.out:160 porttime.5.xml.out:85
@@ -2747,9 +3084,10 @@ msgid ""
 "The maximum failure count should always be 0 for <_:emphasis-1/> to prevent "
 "a denial of services attack against the system."
 msgstr ""
-"Für <emphasis>root</emphasis> sollte der Wert der maximalen Anmeldeversuche "
-"immer 0 betragen, um eine durch einen Angriff ausgelöste Dienstverweigerung "
-"(denial of service) zu verhindern."
+"Für den <emphasis>Systemadministrator</emphasis> sollte der Wert der "
+"maximalen Anmeldeversuche immer 0 betragen. Dies soll verhindern, dass eine "
+"Anmeldung nach einem Angriff, der auf eine Systemüberlastung abzielt "
+"(»Denial of service«, DoS), nicht mehr möglich ist."
 
 #. (itstool) path: term/option
 #: faillog.8.xml.out:144
@@ -2759,7 +3097,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:146
 msgid "Reset the counters of login failures."
-msgstr "setzt die Zählerstände der fehlgeschlagenen Anmeldeversuche zurück"
+msgstr "setzt die Zähler für Anmeldefehlschläge zurück."
 
 #. (itstool) path: term/option
 #: faillog.8.xml.out:169 lastlog.8.xml.out:128
@@ -2780,8 +3118,8 @@ msgstr ""
 #| "Display faillog records more recent than <replaceable>DAYS</replaceable>."
 msgid "Display faillog records more recent than <_:replaceable-1/>."
 msgstr ""
-"zeigt die Einträge der fehlgeschlagenen Anmeldungen an, die aktueller als "
-"<replaceable>TAGE</replaceable> sind"
+"zeigt Anmeldefehlschläge an, die weniger als <replaceable>TAGE</replaceable> "
+"zurückliegen."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
@@ -2810,6 +3148,10 @@ msgstr ""
 "<option>-u</option>, <option>--uid</option>&nbsp;<replaceable>UID</"
 "replaceable>"
 
+# MH164: Alternative text:
+# "Display faillog record, reset counters or update limits (if used .."
+# Alternative:
+# s/for the specified user(s)/for the specified users
 #. (itstool) path: listitem/para
 #: faillog.8.xml.out:183
 #, fuzzy
@@ -2822,10 +3164,9 @@ msgid ""
 "with <_:option-1/>, <_:option-2/> or <_:option-3/> options) only for the "
 "specified user(s)."
 msgstr ""
-"zeigt die Aufzeichnungen der fehlgeschlagenen Anmeldungen nur der "
-"angegebenen Benutzer an oder bearbeitet (wenn mit den Optionen <option>-l</"
-"option>, <option>-m</option> oder <option>-r</option> verwendet) nur deren "
-"Zählerstände und Beschränkungen"
+"bezieht die Abfrage zu Anmeldefehlschlägen oder verwalte Zähler und "
+"Beschränkungen (mit den Optionen <option>-l</option>, <option>-m</option> "
+"oder <option>-r</option>) nur auf den angegebenen Benutzer."
 
 #. (itstool) path: para/replaceable
 #: faillog.8.xml.out:193 lastlog.8.xml.out:149
@@ -2834,8 +3175,10 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #: faillog.8.xml.out:194 lastlog.8.xml.out:150
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "-UID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: para/replaceable
 #: faillog.8.xml.out:195 lastlog.8.xml.out:151
@@ -2858,13 +3201,16 @@ msgid ""
 "with a min and max values (<_:replaceable-3/>), a max value (<_:"
 "replaceable-4/>), or a min value (<_:replaceable-5/>)."
 msgstr ""
-"Die Bestimmung der Benutzer erfolgt durch ihren Anmeldenamen, ihrer "
-"zahlenmäßigen Benutzer-ID oder einer <replaceable>MENGE</replaceable> von "
-"Benutzern. Diese <replaceable>MENGE</replaceable> kann mit Minimum- und "
-"Maximumwerten (<replaceable>UID_MIN-UID_MAX</replaceable>), nur mit einem "
-"Maximumwert (<replaceable>UID_MIN-UID_MAX</replaceable>) oder nur einem "
-"Minimumwert (<replaceable>UID_MIN-</replaceable>) bestimmt werden."
+"Die Benutzer können durch ihren Anmeldenamen, ihre Benutzerkennung oder "
+"einen <replaceable>BEREICH</replaceable> von Kennungen angegeben werden. "
+"Dieser <replaceable>BEREICH</replaceable> wird durch Minimum- und "
+"Maximumwert (<replaceable>UID_MIN-UID_MAX</replaceable>), nur mit einem "
+"Maximalwert (<replaceable>-UID_MAX</replaceable>) oder nur einem Minimalwert "
+"(<replaceable>UID_MIN-</replaceable>) für die Benutzerkennung abgesteckt."
 
+# MH165: Isn't this too much redundancy? Shall be combined with or integrated in
+# the first paragraph of option -u , i.e. faillog.8.xml:206
+#
 #. (itstool) path: refsect1/para
 #: faillog.8.xml.out:201
 #, fuzzy
@@ -2878,9 +3224,13 @@ msgid ""
 msgstr ""
 "Wenn keine der Optionen <option>-l</option>, <option>-m</option> oder "
 "<option>-r</option> verwendet wird, zeigt <command>faillog</command> die "
-"Aufzeichnung der fehlgeschlagenen Anmeldeversuche der angegebenen Benutzer "
-"an."
+"faillog-Aufzeichnung des angegebenen Benutzers an."
 
+# MH166: This is not in accordance with findings here:
+# -running without arguments: no output
+# -running with -a: complete list of users with and without login failures
+# This manual page does not answer the question whether the faillog counter is reset after
+# a login success. It shall not only be mentioned in man 5 faillog.
 #. (itstool) path: refsect1/para
 #: faillog.8.xml.out:210
 #, fuzzy
@@ -2898,9 +3248,9 @@ msgid ""
 msgstr ""
 "<command>faillog</command> zeigt nur die Benutzer an, die sich seit der "
 "letzten fehlgeschlagenen Anmeldung nicht erfolgreich anmelden konnten. Um "
-"die übrigen Benutzer anzuzeigen, müssen Sie diese explizit mit der Option "
-"<option>-u</option> benennen oder sich alle Benutzer mit der Option <option>-"
-"a</option> anzeigen lassen."
+"Benutzer mit einer späteren, erfolgreichen Anmeldung auszugeben, müssen Sie "
+"diese Benutzer explizit mit der Option <option>-u</option> benennen oder "
+"sich mit <option>-a</option> alle anzeigen lassen."
 
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/command
@@ -2914,39 +3264,41 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
 msgid "login"
 msgstr "login"
 
+# ENDE Teil 302 weiter mit gpaswd.1
+# BEGINN Teil 31 setzt groupadd.8 fort
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr "Rafal"
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr "Maszkowski"
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
-msgstr "ursprünglicher Autor, 1996"
+msgstr "Erstellung, 1996"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 #, fuzzy
 #| msgid "administer <placeholder-1/>"
 msgid "administer <_:filename-1/>"
 msgstr "verwaltet <placeholder-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 #, fuzzy
 #| msgid "administer <placeholder-1/> and <placeholder-2/>"
 msgid "administer <_:filename-1/> and <_:filename-2/>"
@@ -2956,9 +3308,9 @@ msgstr "verwaltet <placeholder-1/> und <placeholder-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -2967,20 +3319,19 @@ msgid "group"
 msgstr "Gruppe"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
-# SB: Gruppenverwalter ist besser als Administrator, weil so keine Verwechslung mit Systemadminstrator.
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 #, fuzzy
 #| msgid "administrators"
 msgid "administrators,"
 msgstr "Gruppenverwalter"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -2988,14 +3339,16 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "-"
 msgid "-A"
 msgstr "-"
 
+# MH Who is "they" in the second phrase ? Probably systemadminstrators. It should
+# be said explicitly.
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 #, fuzzy
 #| msgid ""
 #| "System administrators can use the <option>-A</option> option to define "
@@ -3007,40 +3360,40 @@ msgid ""
 "all rights of group administrators and members."
 msgstr ""
 "Der Systemadministrator kann mit der Option <option>-A</option> "
-"Gruppenverwalter bestimmen. Mit der Option <option>-M</option> legt er die "
-"Mitglieder fest. Er besitzt alle Rechte, die Gruppenverwalter und Mitglieder "
-"haben können."
+"Gruppenverwalter bestimmen. Mit der Option <option>-M</option> legt er "
+"Gruppenmitglieder fest. Er besitzt alle Rechte, die Gruppenverwalter und "
+"Mitglieder haben können."
 
-# SB: Gruppenverwalter ist besser als Administrator, weil so keine Verwechslung mit Systemadminstrator.
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 #, fuzzy
 #| msgid "administrators"
 msgid "a group administrator"
 msgstr "Gruppenverwalter"
 
-# SB: Gruppenverwalter ist besser als Administrator, weil so keine Verwechslung mit Systemadminstrator.
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 #, fuzzy
 #| msgid "administrators"
 msgid "a system administrator"
 msgstr "Gruppenverwalter"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
 msgstr ""
 
+# ENDE Teil 17 weiter mit newgrp.1
+# BEGINN Teil 18 setzt nnwusers.8 fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/command
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -3049,7 +3402,7 @@ msgid "newgrp"
 msgstr "newgrp"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 #, fuzzy
 #| msgid ""
 #| "If a password is set the members can still use "
@@ -3060,29 +3413,29 @@ msgid ""
 "If a password is set the members can still use <_:citerefentry-1/> without a "
 "password, and non-members must supply the password."
 msgstr ""
-"Wenn ein Passwort vergeben wurde, können Mitglieder der Gruppe dennoch ohne "
+"Auch wenn ein Passwort vergeben ist, können Mitglieder der Gruppe ohne "
 "Passwort <citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</"
-"manvolnum></citerefentry> ausführen. Alle anderen Benutzer benötigen dazu "
-"das Passwort."
+"manvolnum></citerefentry> ausführen. Alle anderen Benutzer benötigen das "
+"Passwort."
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr "Hinweise zu Gruppenpasswörtern"
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
 "permitting co-operation between different users."
 msgstr ""
-"Gruppenpasswörter beinhalten ein Sicherheitsrisiko, da mehrere Personen das "
-"Passwort kennen. Dennoch können sie sinnvoll sein, um die Zusammenarbeit "
-"zwischen Benutzern zu erleichtern."
+"Gruppenpasswörter bergen ein Sicherheitsrisiko, da mehrere Personen das "
+"Passwort kennen. Dennoch sind Gruppen ein nützliches Mittel für die "
+"Zusammenarbeit zwischen Benutzern."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 #, fuzzy
 #| msgid ""
 #| "Except for the <option>-A</option> and <option>-M</option> options, the "
@@ -3091,69 +3444,77 @@ msgid ""
 "Except for the <_:option-1/> and <_:option-2/> options, the options cannot "
 "be combined."
 msgstr ""
-"Außer die Optionen <option>-A</option> und <option>-M</option> können die "
-"übrigen Optionen nicht zusammen verwendet werden."
+"Abgesehen von den Optionen <option>-A</option> und <option>-M</option> "
+"können Optionen nicht kombiniert werden."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr "Die Optionen können nicht zusammen verwendet werden."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "Benutzer"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 #, fuzzy
 #| msgid ""
 #| "Add the <replaceable>user</replaceable> to the named <replaceable>group</"
 #| "replaceable>."
 msgid "Add the <_:replaceable-1/> to the named <_:replaceable-2/>."
 msgstr ""
-"Fügt den <replaceable>Benutzer</replaceable> der bezeichneten "
+"Fügt den <replaceable>Benutzer</replaceable> der angegebenen "
 "<replaceable>Gruppe</replaceable> zu."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 #, fuzzy
 #| msgid ""
 #| "Remove the <replaceable>user</replaceable> from the named "
 #| "<replaceable>group</replaceable>."
 msgid "Remove the <_:replaceable-1/> from the named <_:replaceable-2/>."
 msgstr ""
-"entfernt den <replaceable>Benutzer</replaceable> aus der bezeichneten "
-"<replaceable>Gruppe</replaceable>"
+"entfernt den <replaceable>Benutzer</replaceable> aus der angegebenen "
+"<replaceable>Gruppe</replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #, fuzzy
 #| msgid "-"
 msgid "-Q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
+# MH155: The group password is deleted. newgroup still asks anyone
+# for a password and rejects access (when using the user's own password.
+# Probably newgrp does not work with PAM.
+# MH as newgroup affects the mapping to a single / primary group
+#   s / to join the named group
+#     / to fetch the membership of the named group
+#     / to replace his current group by the named one
+#     / to replace his current primary group by the named one
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 #, fuzzy
 #| msgid ""
 #| "Remove the password from the named <replaceable>group</replaceable>. The "
@@ -3165,18 +3526,27 @@ msgid ""
 "will be empty. Only group members will be allowed to use <_:command-2/> to "
 "join the named <_:replaceable-3/>."
 msgstr ""
-"Entfernt das Passwort der bezeichneten <replaceable>Gruppe</replaceable>. "
-"Das Gruppenpasswort wird leer sein. Damit können nur noch Gruppenmitglieder "
-"mit <command>newgrp</command> zu der bezeichneten <replaceable>Gruppe</"
-"replaceable> wechseln."
+"entfernt das Passwort der angegebenen <replaceable>Gruppe</replaceable>. Das "
+"Gruppenpasswort wird leer sein. Damit erlaubt <command>newgrp</command> nur "
+"noch Gruppenmitgliedern, in die <replaceable>Gruppe</replaceable> zu "
+"wechseln."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
+# MH156: The group password is set to "!", there is no group password anymore
+# which is in contradiction to group members "with a password" will be allowed.
+# Which password? There is the user's password. But in my tests, it did not work
+# either. Probably newgrp does not work with PAM.
+# MH as newgroup affects the mapping to a single / primary group
+#   s / to join the named group
+#     / to fetch the membership of the named group
+#     / to replace his current group by the named one
+#     / to replace his current primary group by the named one
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 #, fuzzy
 #| msgid ""
 #| "Restrict the access to the named <replaceable>group</replaceable>. The "
@@ -3188,55 +3558,54 @@ msgid ""
 "set to \"!\". Only group members with a password will be allowed to use <_:"
 "command-2/> to join the named <_:replaceable-3/>."
 msgstr ""
-"Schränkt den Zugang zur bezeichneten <replaceable>Gruppe</replaceable> ein. "
+"schränkt den Zugang zur bezeichneten <replaceable>Gruppe</replaceable> ein. "
 "Das Gruppenpasswort wird auf »!« gesetzt. Damit können nur noch "
-"Gruppenmitglieder mit einem Passwort mit <command>newgrp</command> zu der "
-"bezeichneten <replaceable>Gruppe</replaceable> wechseln."
+"Gruppenmitglieder mit einem Passwort mit <command>newgrp</command> in die "
+"angegebene <replaceable>Gruppe</replaceable> wechseln."
 
-# SB: Gruppenverwalter ist besser als Administrator, weil so keine Verwechslung mit Systemadminstrator.
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "administrators"
 msgid "--administrators"
 msgstr "Gruppenverwalter"
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
-msgstr "Liste der Gruppenverwalter bestimmen"
+msgstr "definiert eine Liste von Benutzern als Gruppenverwalter"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 #, fuzzy
 #| msgid "members"
 msgid "--members"
 msgstr "Mitglieder"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
-msgstr "Liste der Mitglieder der Gruppe bestimmen"
+msgstr "definiert eine Liste von Benutzern als Gruppenmitglieder"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 msgid "and <_:filename-1/> files."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 #, fuzzy
 #| msgid "file"
 msgid "file."
 msgstr "Datei"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 #, fuzzy
 #| msgid ""
 #| "This tool only operates on the <filename>/etc/group</filename><phrase "
@@ -3249,10 +3618,10 @@ msgid ""
 "Thus you cannot change any NIS or LDAP group. This must be performed on the "
 "corresponding server."
 msgstr ""
-"Dieses Werkzeug bearbeitet nur <phrase condition=\"gshadow\">die Dateien "
-"<filename>/etc/group</filename> und <filename>/etc/gshadow</filename> </"
-"phrase><phrase condition=\"no_gshadow\">die Datei <filename>/etc/group</"
-"filename></phrase>. Sie können daher keine NIS- oder LDAP-Gruppen "
+"Dieses Hilfsprogramm bearbeitet nur <phrase condition=\"gshadow\">die "
+"Dateien <filename>/etc/group</filename> und <filename>/etc/gshadow</"
+"filename></phrase>. <phrase condition=\"no_gshadow\">die Datei <filename>/"
+"etc/group</filename></phrase>. Sie können daher keine NIS- oder LDAP-Gruppen "
 "bearbeiten. Dies muss auf dem entsprechenden Server durchgeführt werden."
 
 #. (itstool) path: citerefentry/refentrytitle
@@ -3261,11 +3630,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -3275,11 +3644,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -3289,20 +3658,22 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
 
+# ENDE Teil 24 weiter mit gshadow.5
+# BEGINN Teil 25 setzt lastlog.8 fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -3310,17 +3681,19 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
 msgstr ""
 
+# ENDE Teil 301 weiter mit groupadd.8
+# BEGINN Teil 302 setzt groupdel.8 fort
 #. (itstool) path: refnamediv/refpurpose
 #: groupadd.8.xml.out:44
 msgid "create a new group"
@@ -3334,6 +3707,9 @@ msgstr "erstellt eine neue Gruppe"
 msgid "NEWGROUP"
 msgstr "GRUPPE"
 
+# Improvements in originial message suggested:
+# s/the system files/the system's account files
+# and reference to section "Files" MH 2022-02-18
 #. (itstool) path: refsect1/para
 #: groupadd.8.xml.out:61
 #, fuzzy
@@ -3346,10 +3722,10 @@ msgid ""
 "specified on the command line plus the default values from the system. The "
 "new group will be entered into the system files as needed."
 msgstr ""
-"Der Befehl <command>groupadd</command> erstellt ein neues Gruppenkonto. "
-"Dabei verwendet er die Werte, die auf der Befehlszeile angegeben wurden, "
-"oder die Standardwerte des Systems. Soweit es notwendig ist, wird die neue "
-"Gruppe den Systemdateien hinzugefügt."
+"Der Befehl <command>groupadd</command> erstellt ein neues Gruppenkonto. Es "
+"werden dabei die mit der Befehlszeile übergebenen Werte sowie  Standardwerte "
+"des Systems berücksichtigt. Die Gruppe wird in die Gruppenkontendateien des "
+"Systems (siehe Abschnitt »Dateien«) eingefügt."
 
 #. (itstool) path: refsect1/para
 #: groupadd.8.xml.out:66
@@ -3372,14 +3748,17 @@ msgstr "Benutzernamen dürfen nur bis zu 32 Zeichen lang sein."
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 #, fuzzy
 #| msgid "-"
 msgid "-g"
 msgstr "-"
 
+# Die Argumente "options" und "group" in der Synopsis gelangten nicht in den
+# Meldungskatalog und so können für sie nicht die Übersetzungen OPTIONEN
+# und GRUPPE oder GRUPPENNAME eingeführt werden MH 2022-02-17
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:91
 #, fuzzy
@@ -3394,15 +3773,16 @@ msgid ""
 "specified GID already exists, another (unique) GID is chosen (i.e. <_:"
 "option-2/> is turned off)."
 msgstr ""
-"Die Option führt dazu, dass der Befehl nur dann erfolgreich beendet wird, "
-"wenn die angegebene Gruppe existiert. Falls diese Option zusammen mit der "
-"Option <option>-g</option> verwendet wird und die angegebene GID schon "
-"vergeben ist, wird eine andere, eindeutige GID gewählt (d.h. <option>-g</"
-"option> wird nicht beachtet)."
+"führt dazu, dass der Befehl einfach ordnungsgemäße Ausführung meldet, wenn "
+"die angegebene Gruppe schon existiert. Falls diese Option zusammen mit der "
+"Option <option>-g</option> verwendet wird und die angegebene Gruppenkennung "
+"schon vergeben ist, wird eine andere gewählt. Diese Kennung wird eindeutig "
+"auf <replaceable>group</replaceable> verweisen, <option>-g</option> wird "
+"also ignoriert."
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -3411,8 +3791,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr ""
 
@@ -3423,6 +3803,7 @@ msgstr ""
 msgid "GID_MIN"
 msgstr ""
 
+# Änderung im Original vorgeschlagen MH 2022-02-17
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:105
 #, fuzzy
@@ -3437,60 +3818,62 @@ msgid ""
 "default is to use the smallest ID value greater than or equal to <_:option-3/"
 "> and greater than every other group."
 msgstr ""
-"Der zahlenmäßige Wert der Gruppen-ID. Dieser Wert muss eindeutig sein, "
-"sofern nicht die Option <option>-o</option> verwendet wird. Der Wert darf "
-"nicht negativ sein. Standardmäßig wird der kleinste Wert größer als oder "
-"gleich <option>GID_MIN</option> und größer als jeder andere Wert einer "
-"Gruppe verwendet."
+"gibt die Gruppenkennung vor. Sofern nicht die Option <option>-o</option> "
+"benutzt wird, darf <replaceable>GID</replaceable> noch nicht vergeben sein. "
+"Der Wert darf nicht negativ sein. Standardmäßig wird der kleinste Wert "
+"größer als oder gleich <option>GID_MIN</option> und größer als jede andere "
+"Gruppenkennung verwendet."
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
 #: groupadd.8.xml.out:113 groupadd.8.xml.out:135 groupadd.8.xml.out:138
 #: groupadd.8.xml.out:195 groupmod.8.xml.out:107
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "GID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "See also the <option>-r</option> option and the <option>UID_MAX</option> "
 #| "description."
 msgid "See also the <_:option-1/> option and the <_:option-2/> description."
 msgstr ""
-"Vergleichen Sie auch die Option <option>-r</option> und die Ausführungen zu "
-"<option>UID_MAX</option>."
+"Beachten Sie diesbezüglich auch die Erläuterungen zur Option <option>-r</"
+"option> und zur Konfigurationsvariablen <option>UID_MAX</option>."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 #, fuzzy
 #| msgid "-"
 msgid "-K"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 #, fuzzy
 #| msgid "EXIT VALUES"
 msgid "VALUE"
 msgstr "RÃœCKGABEWERTE"
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 #| msgid ""
 #| "<option>-u</option>, <option>--uid</option>&nbsp;<replaceable>UID</"
@@ -3510,18 +3893,19 @@ msgid ""
 "Overrides <_:filename-1/> defaults (GID_MIN, GID_MAX and others). Multiple "
 "<_:option-2/> options can be specified."
 msgstr ""
-"Ãœberschreibt die Standardwerte von <filename>/etc/login.defs</filename> "
-"(GID_MIN, GID_MAX und weitere). Diese Option kann mehrfach verwendet werden."
+"setzt die Standardwerte von <filename>/etc/login.defs</filename> (GID_MIN, "
+"GID_MAX und weitere) außer Kraft. Die Option <option>-K</option> kann "
+"mehrfach verwendet werden."
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 #, fuzzy
 #| msgid "10"
 msgid "100"
 msgstr "10"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -3535,13 +3919,13 @@ msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> <_:option-4/> "
 "<_:replaceable-5/>=<_:replaceable-6/>"
 msgstr ""
-"entfernt den <replaceable>Benutzer</replaceable> aus der bezeichneten "
-"<replaceable>Gruppe</replaceable>"
+"entfernt den <replaceable>Benutzer</replaceable> aus der angegebenen "
+"<replaceable>Gruppe</replaceable>."
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -3561,7 +3945,7 @@ msgstr ""
 "replaceable>=<replaceable>499</replaceable> funktioniert noch nicht."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -3581,13 +3965,16 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
+# MH this string is the argument for pwck. Elsewhere, capital letters are used in this context
+# s/passwd/PASSWD
+# The same refers to the argument shadow s/shadow/SHADOW
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 #, fuzzy
 #| msgid "passwd"
@@ -3595,7 +3982,7 @@ msgid "--password"
 msgstr "passwd"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -3604,8 +3991,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -3615,11 +4002,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3639,7 +4026,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3655,12 +4042,12 @@ msgid ""
 "<_:emphasis-1/> This option is not recommended because the password (or "
 "encrypted password) will be visible by users listing the processes."
 msgstr ""
-"<emphasis role=\"bold\">Hinweis:</emphasis> Diese Option ist nicht "
-"empfehlenswert, weil das Passwort (auch wenn es verschlüsselt ist) für "
-"Benutzer sichtbar ist, die sich den Prozess anzeigen lassen."
+"<emphasis role=\"bold\">Hinweis:</emphasis> Von dieser Option wird "
+"abgeraten, weil das Passwort (auch wenn es verschlüsselt ist) für Benutzer "
+"sichtbar ist, die sich den Prozess anzeigen lassen."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
@@ -3669,14 +4056,14 @@ msgstr ""
 "Systems entspricht."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:188
 msgid "Create a system group."
-msgstr "erstellt eine neue Systemgruppe"
+msgstr "erstelle eine neue Systemgruppe."
 
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:193 groupmod.8.xml.out:108
@@ -3685,8 +4072,10 @@ msgstr ""
 
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:193 groupmod.8.xml.out:108
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "SYS_GID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:191
@@ -3701,50 +4090,16 @@ msgid ""
 "<_:option-2/> range, defined in <_:filename-3/>, instead of <_:option-4/>-<_:"
 "option-5/>."
 msgstr ""
-"Die zahlenmäßige Kennung einer neuen Systemgruppe wird aus der Spanne von "
-"<option>SYS_GID_MIN</option> bis <option>SYS_GID_MAX</option> gewählt, "
-"welche in <filename>login.defs</filename> festgelegt wird, anstelle von "
-"<option>GID_MIN</option> bis <option>GID_MAX</option>."
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-#, fuzzy
-#| msgid "-"
-msgid "-P"
-msgstr "-"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
+"Die Kennung einer neuen Systemgruppe wird nicht dem Bereich von "
+"<option>GID_MIN</option> bis <option>GID_MAX</option>, sondern dem Bereich "
+"<option>SYS_GID_MIN</option> bis <option>SYS_GID_MAX</option> entnommen. "
+"Diese Eckwerte sind in in <filename>login.defs</filename> festgelegt."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 #, fuzzy
 #| msgid "-"
@@ -3769,7 +4124,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 #, fuzzy
 #| msgid "-"
 msgid "-N"
@@ -3777,15 +4132,15 @@ msgstr "-"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 #, fuzzy
 #| msgid ""
 #| "The default behavior (if the <option>-g</option>, <option>-N</option>, "
@@ -3808,8 +4163,8 @@ msgid ""
 "You may not add a NIS or LDAP group. This must be performed on the "
 "corresponding server."
 msgstr ""
-"Sie können einen Benutzer nicht einer NIS- oder LDAP-Gruppe hinzufügen. Dies "
-"müssen Sie auf dem entsprechenden Server durchführen."
+"NIS- oder LDAP-Gruppe können nicht erzeugt werden. Dies müssen Sie auf dem "
+"entsprechenden Server durchführen."
 
 #. (itstool) path: refsect1/para
 #: groupadd.8.xml.out:290
@@ -3821,18 +4176,18 @@ msgid ""
 "If the groupname already exists in an external group database such as NIS or "
 "LDAP, <_:command-1/> will deny the group creation request."
 msgstr ""
-"Falls der Gruppenname bereits in einer externen Datenbank (wie etwa NIS oder "
-"LDAP) vergeben ist, wird <command>groupadd</command> die Gruppe nicht "
-"erstellen."
+"Falls der Gruppenname in einer externen Datenbank (wie etwa NIS oder LDAP) "
+"bereits vergeben ist, wird <command>groupadd</command> es ablehnen, die "
+"Gruppe zu erstellen."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "ungültiges Argument für Option"
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3841,26 +4196,30 @@ msgstr "4"
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "GID is already used (when called without <_:option-1/>)"
-msgstr "UID ist schon vergeben (und kein <option>-o</option>)"
+msgstr ""
+"Benutzerkennung ist schon in Gebrauch (und <option>-o</option> wurde nicht "
+"angegeben)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:329
 #, fuzzy
-#| msgid "group name already in use"
+#| msgid "username already in use"
 msgid "group name is already used"
-msgstr "Gruppenname wird schon verwendet"
+msgstr "Benutzername ist schon vergeben"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
-msgstr "Die Gruppendatei kann nicht aktualisieren werden."
+msgstr "Die Gruppendatei kann nicht aktualisiert werden."
 
+# ENDE Teil 03 weiter mit userdel
+# BEGINN Teil 04 setzt usermod fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #. (itstool) path: refmeta/refentrytitle
@@ -3868,14 +4227,16 @@ msgstr "Die Gruppendatei kann nicht aktualisieren werden."
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
+# ENDE Teil 02 weiter mit usermod.8
+# BEGINN Teil 03 setzt vipw fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #. (itstool) path: para/command
@@ -3883,11 +4244,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3900,6 +4261,8 @@ msgid ""
 "citerefentry-10/>."
 msgstr ""
 
+# ENDE Teil 29 weiter mit groupdel.8
+# BEGINN Teil 301 setzt groupmems.8 fort
 #. (itstool) path: refnamediv/refpurpose
 #: groupdel.8.xml.out:42
 msgid "delete a group"
@@ -3913,8 +4276,8 @@ msgstr "löscht eine Gruppe"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GRUPPE"
 
@@ -3929,9 +4292,10 @@ msgid ""
 "The <_:command-1/> command modifies the system account files, deleting all "
 "entries that refer to <_:replaceable-2/>. The named group must exist."
 msgstr ""
-"Der Befehl <command>groupdel</command> bearbeitet die Kontodateien des "
-"Systems und löscht darin alle Einträge, die auf die <replaceable>Gruppe</"
-"replaceable> verweisen. Die bezeichnete Gruppe muss existieren."
+"Der Befehl <command>groupdel</command> bearbeitet die Dateien mit den Konten "
+"des Systems dahingehend, dass alle Einträge zur "
+"angegebenen<replaceable>GRUPPE</replaceable> gelöscht werden. Die angegebene "
+"Gruppe muss existieren."
 
 #. (itstool) path: listitem/para
 #: groupdel.8.xml.out:75
@@ -3940,8 +4304,19 @@ msgid ""
 "having the group as the primary one."
 msgstr ""
 
+# MH option makes usermod work on a directory tree where PREFIX is the root
+# directory for the system: e.g. PREFIX = /mnt  usermod -e "2022-02-20" tester2
+# will work on /mnt/etc/shadow
 #. (itstool) path: listitem/para
 #: groupdel.8.xml.out:105 groupmod.8.xml.out:180 userdel.8.xml.out:139
+#, fuzzy
+#| msgid ""
+#| "Apply changes in the <replaceable>PREFIX_DIR</replaceable> directory and "
+#| "use the configuration files from the <replaceable>PREFIX_DIR</"
+#| "replaceable> directory. This option does not chroot and is intended for "
+#| "preparing a cross-compilation target. Some limitations: NIS and LDAP "
+#| "users/groups are not verified. PAM authentication is using the host "
+#| "files. No SELINUX support."
 msgid ""
 "Apply changes in the <_:replaceable-1/> directory and use the configuration "
 "files from the <_:replaceable-2/> directory. This option does not chroot and "
@@ -3949,6 +4324,14 @@ msgid ""
 "and LDAP users/groups are not verified. PAM authentication is using the host "
 "files. No SELINUX support."
 msgstr ""
+"die Änderungen sind auf Daten im <replaceable>PRAEFIX_VERZ</replaceable> "
+"anzuwenden und ebenso die dortigen Konfigurationsdateien zu verwenden. Diese "
+"Option nimmt kein anderes Dateisystem zum Wurzelverzeichnis (chroot) und ist "
+"gedacht, Kompilierungen für fremde Systeme vorzubereiten (cross "
+"compilation). Einige Beschränkungen: Die in NIS und LDAP vorliegenden Daten "
+"zu Benutzern und Gruppen werden nicht kontrolliert. Zur PAM-"
+"Authentifizierung werden die Daten des Host-Computers herangezogen. SELINUX "
+"steht nicht zur Verfügung."
 
 #. (itstool) path: refsect1/para
 #: groupdel.8.xml.out:122
@@ -3956,8 +4339,8 @@ msgid ""
 "You may not remove the primary group of any existing user. You must remove "
 "the user before you remove the group."
 msgstr ""
-"Sie können nicht die Hauptgruppe eines Benutzers entfernen. Dazu müssten Sie "
-"zunächst den betreffenden Benutzer löschen."
+"Sie können nicht die primäre Gruppe eines existierenden Benutzers entfernen. "
+"Dazu müssen Sie zunächst den betreffenden Benutzer löschen."
 
 #. (itstool) path: refsect1/para
 #: groupdel.8.xml.out:126
@@ -3965,24 +4348,24 @@ msgid ""
 "You should manually check all file systems to ensure that no files remain "
 "owned by this group."
 msgstr ""
-"Sie sollten von Hand alle Systemdateien überprüfen, um sicherzustellen, dass "
-"keine Dateien, die der gelöschten Gruppe angehören, vorhanden sind."
+"Sie sollten von Hand alle Dateisysteme überprüfen, um sicherzustellen, dass "
+"keine der gelöschten Gruppe zugehörigen Dateien zurückbleiben."
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "angegebene Gruppe ist nicht vorhanden"
 
 #. (itstool) path: listitem/para
 #: groupdel.8.xml.out:188
 msgid "can't remove user's primary group"
-msgstr "Die Hauptgruppe eines Benutzers kann nicht entfernen werden."
+msgstr "Die primäre Gruppe eines Benutzers kann nicht entfernt werden."
 
 #. (itstool) path: refsect1/para
 #: groupdel.8.xml.out:203 login.1.xml.out:375 shadow.5.xml.out:260
@@ -3992,6 +4375,12 @@ msgid ""
 "citerefentry-7/>, <_:citerefentry-8/>, <_:citerefentry-9/>."
 msgstr ""
 
+# ENDE Teil 28 weiter mit groupmems.8
+# BEGINN Teil 29 setzt groupmod.8 fort
+# MH According to a post by Maintainer Serge Hallyn
+# following my Debian bugreport #1004472
+# the command groupmems is not well understood
+# and mistakes within the manual page are possible.
 #. (itstool) path: author/firstname
 #: groupmems.8.xml.out:18
 msgid "George"
@@ -4010,7 +4399,7 @@ msgstr "IV"
 #. (itstool) path: author/contrib
 #: groupmems.8.xml.out:21
 msgid "Creation, 2000"
-msgstr "ursprünglicher Autor, 2000"
+msgstr "Erstellung, 2000"
 
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
@@ -4020,14 +4409,14 @@ msgstr "ursprünglicher Autor, 2000"
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
 #. (itstool) path: refnamediv/refpurpose
 #: groupmems.8.xml.out:45
 msgid "administer members of a user's primary group"
-msgstr "verwaltet die Mitglieder der Hauptgruppe eines Benutzers"
+msgstr "verwaltet die Mitglieder der primären Gruppe des Benutzers"
 
 #. (itstool) path: group/arg
 #: groupmems.8.xml.out:52
@@ -4050,7 +4439,9 @@ msgstr "-d <placeholder-1/>"
 msgid "-g <_:replaceable-1/>"
 msgstr "-g <placeholder-1/>"
 
-# SB: 1. I don't understand "sake"? A typo? But of what? 2. I think we shouldn't have the notorious guest account here as an example.
+# FIXME, according to SB: I think we shouldn't have the notorious guest account here as an example.
+# FIXME s / (i.e., /(e.g.,
+# MH152 s/allows a user to/allows users to
 #. (itstool) path: refsect1/para
 #: groupmems.8.xml.out:62
 #, fuzzy
@@ -4066,11 +4457,10 @@ msgid ""
 "command-2/> utility is for systems that configure its users to be in their "
 "own name sake primary group (i.e., guest / guest)."
 msgstr ""
-"Mit dem Befehl <command>groupmems</command> kann ein Benutzer die "
-"Mitgliederliste seiner eigenen Gruppe verwalten, ohne Root-Rechte zu "
-"benötigen. Das Werkzeug <command>groupmems</command> ist für Systeme "
-"gedacht, auf denen die Hauptgruppe eines Benutzers den gleichen Namen hat "
-"wie der Benutzer (z.B. fritz/fritz)."
+"Mit dem Befehl <command>groupmems</command> kann ein Benutzer ohne die "
+"Rechte des Systemadministrators Mitgliedschaften seiner eigenen primären "
+"Gruppe verwalten. <command>groupmems</command> ist für Systeme gedacht, die "
+"für jeden Benutzer eine eigene primäre Gruppe (z.B. fritz/fritz) anlegen. "
 
 #. (itstool) path: refsect1/para
 #: groupmems.8.xml.out:70
@@ -4082,16 +4472,20 @@ msgid ""
 "Only the superuser, as administrator, can use <_:command-1/> to alter the "
 "memberships of other groups."
 msgstr ""
-"Nur Root als Administrator kann mit <command>groupmems</command> die "
+"Nur der Systemadministrator kann mit <command>groupmems</command> die "
 "Mitgliederlisten anderer Gruppen bearbeiten."
 
 #. (itstool) path: listitem/para
 #: groupmems.8.xml.out:85
-#, fuzzy
-#| msgid "Add an user to the group membership list."
 msgid "Add a user to the group membership list."
-msgstr "Fügt einen Benutzer der Mitgliederliste der Gruppe hinzu."
+msgstr "fügt einen Benutzer der Mitgliederliste der Gruppe hinzu."
 
+# MH The explanation could be improved in a way that it is said the
+# group does not exist in gshadow to exclude the thought that it is a
+# group with no entries, i.e. no members. Possible solution
+# s
+# /and the group has no entry in
+# /and the group is not listed in
 #. (itstool) path: listitem/para
 #: groupmems.8.xml.out:86 groupmems.8.xml.out:102 groupmems.8.xml.out:133
 #, fuzzy
@@ -4109,8 +4503,9 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: groupmems.8.xml.out:96
 msgid "Delete a user from the group membership list."
-msgstr "Löscht einen Benutzer aus der Mitgliederliste der Gruppe."
+msgstr "löscht einen Benutzer aus der Mitgliederliste der Gruppe."
 
+# MH s/file exist,/file exists,
 #. (itstool) path: listitem/para
 #: groupmems.8.xml.out:97
 #, fuzzy
@@ -4135,12 +4530,13 @@ msgstr "Gruppe"
 #: groupmems.8.xml.out:112
 msgid "The superuser can specify which group membership list to modify."
 msgstr ""
-"Root kann eine Gruppen bestimmen, deren Mitgliederliste er bearbeiten will."
+"gibt die Gruppe an, wenn eine Mitgliederliste durch den Systemadministrator "
+"bearbeitet wird."
 
 #. (itstool) path: listitem/para
 #: groupmems.8.xml.out:126
 msgid "List the group membership list."
-msgstr "gibt die Mitgliederliste aus"
+msgstr "gibt die Mitgliederliste aus."
 
 #. (itstool) path: term/option
 #: groupmems.8.xml.out:130
@@ -4150,7 +4546,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: groupmems.8.xml.out:132
 msgid "Purge all users from the group membership list."
-msgstr "löscht alle Benutzer aus der Mitgliederliste der Gruppe"
+msgstr "löscht alle Benutzer aus der Mitgliederliste der Gruppe."
 
 #. (itstool) path: refsect1/title
 #: groupmems.8.xml.out:157
@@ -4162,6 +4558,8 @@ msgstr "EINRICHTUNG"
 msgid "2710"
 msgstr ""
 
+# ENDE Teil 26 weiter mit groups.1
+# BEGINN Teil 27 setzt grpck.8 fort
 #. (itstool) path: para/emphasis
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
@@ -4188,12 +4586,13 @@ msgid ""
 "users to group <_:emphasis-5/> to allow or disallow them using the <_:"
 "command-6/> utility to manage their own group membership list."
 msgstr ""
-"Die ausführbare Datei <command>groupmems</command> sollte die Rechte "
-"<literal>2710</literal> haben und dem Benutzer <emphasis>root</emphasis> und "
-"der Gruppe <emphasis>groups</emphasis> gehören. Der Systemadministrator kann "
-"Benutzer der Gruppe <emphasis>groups</emphasis> hinzufügen, um ihnen zu "
-"ermöglichen, mit <command>groupmems</command> die Mitgliederliste ihrer "
-"eigenen Gruppe zu verwalten."
+"Für die ausführbare Datei <command>groupmems</command> sollte der "
+"Berechtigungsmodus <literal>2710</literal> gelten, sie soll Benutzer "
+"<emphasis>root</emphasis> gehören und der Gruppe <emphasis>groups</emphasis> "
+"zugeordnet sein. Der Systemadministrator kann in der Gruppe "
+"<emphasis>groups</emphasis> die Benutzer zusammenfassen, welche mit "
+"<command>groupmems</command> die Mitgliederliste ihrer eigenen Gruppe "
+"verwalten können sollen."
 
 #. (itstool) path: refsect1/programlisting
 #: groupmems.8.xml.out:167
@@ -4206,7 +4605,7 @@ msgstr ""
 #| "\t$ groupmems -g groups -a gk4\n"
 #| "    "
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "\n"
@@ -4219,7 +4618,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: groupmems.8.xml.out:199
 msgid "secure group account information"
-msgstr "verschlüsselte Informationen zu den Gruppenkonten"
+msgstr "geschützte Informationen zu den Gruppenkonten"
 
 #. (itstool) path: refsect1/para
 #: groupmems.8.xml.out:207
@@ -4229,10 +4628,11 @@ msgid ""
 "citerefentry-7/>, <_:citerefentry-8/>."
 msgstr ""
 
+# BEGINN Teil 28 setzt groups.1 fort
 #. (itstool) path: refnamediv/refpurpose
 #: groupmod.8.xml.out:42
 msgid "modify a group definition on the system"
-msgstr "ändert die Eigenschaften einer Gruppe auf dem System"
+msgstr "ändert eine Gruppendefinition auf dem System"
 
 #. (itstool) path: refsect1/para
 #: groupmod.8.xml.out:57
@@ -4245,9 +4645,9 @@ msgid ""
 "The <_:command-1/> command modifies the definition of the specified <_:"
 "replaceable-2/> by modifying the appropriate entry in the group database."
 msgstr ""
-"Der Befehl <command>groupmod</command> ändert die Eigenschaften der "
-"angegebenen <replaceable>GRUPPE</replaceable>, indem die passenden Einträge "
-"in der Gruppendatenbank geändert werden."
+"Der Befehl <command>groupmod</command> ändert die Definition der angegebenen "
+"<replaceable>GRUPPE</replaceable>, indem der zugehörige Eintrag in den "
+"Dateien, die zur Administration der Gruppen dienen, modifiziert wird."
 
 #. (itstool) path: term/option
 #: groupmod.8.xml.out:73 usermod.8.xml.out:78
@@ -4271,8 +4671,8 @@ msgid ""
 "The group ID of the given <_:replaceable-1/> will be changed to <_:"
 "replaceable-2/>."
 msgstr ""
-"Die Gruppen-ID der angegebenen <replaceable>GRUPPE</replaceable> wird zu "
-"<replaceable>GID</replaceable> geändert."
+"ändert die Gruppenkennung der angegebenen <replaceable>GRUPPE</replaceable> "
+"in <replaceable>GID</replaceable>."
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:89
@@ -4285,18 +4685,19 @@ msgid ""
 "The value of <_:replaceable-1/> must be a non-negative decimal integer. This "
 "value must be unique, unless the <_:option-2/> option is used."
 msgstr ""
-"Der Wert von <replaceable>GID</replaceable> muss eine nicht negative, "
-"dezimale Zahl sein. Er muss eindeutig sein, außer wenn die Option <option>-"
-"o</option> verwendet wird."
+"Als Gruppenkennung <replaceable>GID</replaceable> wird eine nicht negative, "
+"dezimale Ganzzahl erwartet. Sie darf nur einmal vorkommen, es sei denn, die "
+"Option <option>-o</option> wird benutzt."
 
+# MH The file to be updated, /etc/passwd, should be mentioned explicitely
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:95
 msgid ""
 "Users who use the group as primary group will be updated to keep the group "
 "as their primary group."
 msgstr ""
-"Benutzer, welche die Gruppe als Hauptgruppe verwenden, werden aktualisiert, "
-"um die Gruppe als Hauptgruppe zu behalten."
+"Bei Benutzern, für die die Gruppe die primäre Gruppe darstellt, wird der "
+"Eintrag aktualisiert, damit die Zuordnung zu dieser Gruppe erhalten bleibt."
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:99
@@ -4309,9 +4710,9 @@ msgid ""
 "Any files that have the old group ID and must continue to belong to <_:"
 "replaceable-1/>, must have their group ID changed manually."
 msgstr ""
-"Bei Dateien, welche die alte Gruppen-ID haben und weiterhin der Gruppe "
-"<replaceable>GROUP</replaceable> gehören sollen, muss die Gruppen-ID per "
-"Hand angepasst werden."
+"Bei Dateien, welche die alte Gruppenkennung haben und weiterhin der Gruppe "
+"<replaceable>GRUPPE</replaceable> zugeordnet sein sollen, muss die "
+"Gruppenkennung manuell angepasst werden."
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:105 usermod.8.xml.out:395
@@ -4329,7 +4730,7 @@ msgstr ""
 "etc/login.defs</filename> werden nicht geprüft."
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 #, fuzzy
 #| msgid "-"
 msgid "-n"
@@ -4337,8 +4738,10 @@ msgstr "-"
 
 #. (itstool) path: term/option
 #: groupmod.8.xml.out:121
+#, fuzzy
+#| msgid "--badname"
 msgid "--new-name"
-msgstr ""
+msgstr "--badname"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
@@ -4358,8 +4761,8 @@ msgid ""
 "The name of the group will be changed from <_:replaceable-1/> to <_:"
 "replaceable-2/> name."
 msgstr ""
-"Der Gruppenname wird vom Namen <replaceable>GRUPPE</replaceable> zu "
-"<replaceable>NEUE_GRUPPE</replaceable> geändert."
+"ändert den Gruppennamen von <replaceable>GRUPPE</replaceable> nach "
+"<replaceable>NEUE_GRUPPE</replaceable>."
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:135
@@ -4371,9 +4774,9 @@ msgid ""
 "When used with the <_:option-1/> option, allow to change the group <_:"
 "replaceable-2/> to a non-unique value."
 msgstr ""
-"Wenn sie mit der Option <option>-g</option> verwendet wird, kann mit ihr der "
-"Wert der Gruppen-<replaceable>GID</replaceable> auf einen nicht eindeutigen "
-"Wert gesetzt werden."
+"in Kombination mit <option>-g</option> bewirkt diese Option, dass eine schon "
+"vergebene Gruppenkennung <replaceable>GID</replaceable> akzeptiert wird. "
+"Damit ist diese Kennung hinsichtlich der Gruppen nicht mehr eindeutig."
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:146
@@ -4383,64 +4786,57 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:261
 msgid "E_SUCCESS: success"
-msgstr ""
+msgstr "E_SUCCESS: Erfolg"
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:267
-#, fuzzy
-#| msgid "invalid command syntax"
 msgid "E_USAGE: invalid command syntax"
-msgstr "unzulässige Syntax für diesen Befehl"
+msgstr "E_USAGE: ungültige Befehlssyntax"
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:273
-#, fuzzy
-#| msgid "invalid argument to option"
 msgid "E_BAD_ARG: invalid argument to option"
-msgstr "ungültiges Argument für Option"
+msgstr "E_BAD_ARG: Option mit ungültigem Argument"
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:279
 #, fuzzy
-#| msgid "group name already in use"
+#| msgid "E_NAME_IN_USE: group name already in use"
 msgid "E_GID_IN_USE: group id already in use"
-msgstr "Gruppenname wird schon verwendet"
+msgstr "E_NAME_IN_USE: Der Gruppenname wird schon verwendet"
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:285
-#, fuzzy
-#| msgid "specified group doesn't exist"
 msgid "E_NOTFOUND: specified group doesn't exist"
-msgstr "angegebene Gruppe ist nicht vorhanden"
+msgstr "E_NOTFOUND: die angegebene Gruppe existiert nicht"
 
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:291
-#, fuzzy
-#| msgid "group name already in use"
 msgid "E_NAME_IN_USE: group name already in use"
-msgstr "Gruppenname wird schon verwendet"
+msgstr "E_NAME_IN_USE: Der Gruppenname wird schon verwendet"
 
+# MH use xml element <filename>
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:297
-#, fuzzy
-#| msgid "can't update group file"
 msgid "E_GRP_UPDATE: can't update group file"
-msgstr "Die Gruppendatei kann nicht aktualisieren werden."
+msgstr ""
+"E_GRP_UPDATE: Die Datei <filename>group</filename> kann nicht aktualisieren "
+"werden"
 
 #. (itstool) path: term/replaceable
 #: groupmod.8.xml.out:301
-#, fuzzy
-#| msgid "1"
 msgid "11"
-msgstr "1"
+msgstr "11"
 
+# MH150 What des "setup cleanup service" mean?
+# ; fuzzy
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:303
 msgid "E_CLEANUP_SERVICE: can't setup cleanup service"
-msgstr ""
+msgstr "E_CLEANUP_SERVICE: Fehler im Zusammenhang mit dem Aufräumen"
 
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -4448,24 +4844,41 @@ msgstr "12"
 #: groupmod.8.xml.out:309
 msgid "E_PAM_USERNAME: can't determine your username for use with pam"
 msgstr ""
+"E_PAM_USERNAME: Ihr für die Verwendung von PAM gebrauchter Benutzername "
+"konnte nicht bestimmt werden"
 
 #. (itstool) path: term/replaceable
 #: groupmod.8.xml.out:313
 msgid "13"
 msgstr "13"
 
+# MH151 "syslog facility id groupmod" is probably false.
+# there is a logfile auth.log where PAM reports to. Assure accordance with suauth.c.
+# MH translation of "facility" has been discussed within the language team, see MH 2022-01-22
 #. (itstool) path: listitem/para
 #: groupmod.8.xml.out:315
 msgid ""
 "E_PAM_ERROR: pam returned an error, see syslog facility id groupmod for the "
 "PAM error message"
 msgstr ""
+"E_PAM_ERROR: PAM meldete einen Fehler. Nutzen Sie die Protokollierung durch "
+"<command>syslog</command> und suchen nach einem Eintrag mit groupmod als "
+"Ursprung (»facilitiy«)."
 
+# MH147 groups(1) from coreutils 8.23 explains the purpose as
+# "print the groups a user is in",
+# which is better
 #. (itstool) path: refnamediv/refpurpose
 #: groups.1.xml.out:41
 msgid "display current group names"
-msgstr "zeigt die aktuell verwendeten Gruppennamen an"
-
+msgstr "gibt die aktuellen Gruppenzugehörigkeiten des Benutzers aus"
+
+# MH148: shorten and more precise, as, in general, a user is a member of more than one group
+# s/
+# /the value will be displayed as the numerical group value
+# /the numerical values for the groups will be displayed
+# MH replace xml-markup emphasis for the first occurance of user in the third
+# phrase wiht xml-markup replaceable and omit it in the second occurence.
 #. (itstool) path: refsect1/para
 #: groups.1.xml.out:55
 #, fuzzy
@@ -4481,12 +4894,14 @@ msgid ""
 "will be displayed as the numerical group value. The optional <_:"
 "replaceable-3/> parameter will display the groups for the named user."
 msgstr ""
-"Der Befehl <command>groups</command> zeigt die momentan verwendeten "
-"Gruppennamen oder IDs an. Wenn einem Wert kein Eintrag in <filename>/etc/"
-"group</filename> entspricht, wird die Gruppennummer ausgegeben. Mit der "
-"Option <emphasis remap=\"I\">user</emphasis> werden nur die Gruppen des "
-"bezeichneten <emphasis remap=\"I\">Benutzers</emphasis> angezeigt."
+"Der Befehl <command>groups</command> gibt die Namen oder Kennungen der "
+"Gruppenaus, denen der Benutzer aktuell angehört. Wenn ein zugehöriger "
+"Eintrag in <filename>/etc/group</filename> fehlt, wird statt des Namens die "
+"Kennung angezeigt. Mit dem optionalen Argument <replaceable>Benutzer</"
+"replaceable> werden dessen Gruppenzugehörigkeiten angezeigt."
 
+# ENDE Teil 26 weiter mit groups.1
+# BEGINN Teil 27 setzt grpck.8 fort
 #. (itstool) path: citerefentry/refentrytitle
 #: groups.1.xml.out:68 groups.1.xml.out:104
 #, fuzzy
@@ -4494,6 +4909,8 @@ msgstr ""
 msgid "initgroups"
 msgstr "groups"
 
+# ENDE Teil 07 weiter mit sg
+# BEGINN Teil 08 setzt su fort
 #. (itstool) path: para/command
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: refmeta/refentrytitle
@@ -4505,7 +4922,16 @@ msgstr "groups"
 msgid "sg"
 msgstr "sg"
 
-# SB: Ãœbersetzung von "concurrent group set"?
+# SB7: Is this manual page still in use? Debian distributes groups(1) from coreutils.
+# Ohne Klärung von Inhalt und Relevanz dieser Handbuchseite ist Aktualisierung
+# der Ãœbersetzung sinnlos
+# MH149:
+# What is a "concurrent group set"? "real" and "effective" group IDs need  to be explained?
+# The fact that there are supplementary group memberships, apparently the counterpart
+# to primary group of a user. Include references to passwd(5) group(5), id(2)
+# Maintainer (SH 2022-02-18) erklärte, dass "systems which do not support concurrent group sets" auch
+# angesprochen werden können als "systems which do not support supplementary groups"
+# or "systems which do not support initgroups(3)"
 #. (itstool) path: refsect1/para
 #: groups.1.xml.out:66
 #, fuzzy
@@ -4520,16 +4946,20 @@ msgid ""
 "<_:command-3/> or <_:command-4/> to change his current real and effective "
 "group ID."
 msgstr ""
-"Auf Systemen, die keine simultanen Gruppen unterstützen, werden die "
+"Auf Systemen, auf denen <citerefentry><refentrytitle>initgroups</"
+"refentrytitle><manvolnum>3</manvolnum></citerefentry> nicht verfügbar ist "
+"und es daher keine Zugehörigkeiten zu ergänzenden Gruppen gibt, werden die "
 "Informationen aus <filename>/etc/group</filename> ausgegeben. Wenn der "
-"Benutzer seine tatsächliche und effektive Gruppen-ID ändern will, muss er "
-"<command>newgrp</command> oder <command>sg</command> verwenden."
+"Benutzer seine tatsächliche und effektive Gruppenkennung ändern will, muss "
+"er <command>newgrp</command> oder <command>sg</command> verwenden."
 
 #. (itstool) path: citerefentry/refentrytitle
 #: groups.1.xml.out:95
 msgid "getgid"
 msgstr ""
 
+# ENDE Teil 26 weiter mit groups.1
+# BEGINN Teil 27 setzt grpck.8 fort
 #. (itstool) path: citerefentry/refentrytitle
 #: groups.1.xml.out:98
 #, fuzzy
@@ -4552,8 +4982,10 @@ msgstr ""
 #. (itstool) path: author/contrib
 #: grpck.8.xml.out:17 lastlog.8.xml.out:19 pwck.8.xml.out:24
 msgid "Creation, 1992"
-msgstr "ursprünglicher Autor, 1992"
+msgstr "Erstellung, 1992"
 
+# ENDE Teil 25 weiter mit grpck.8
+# BEGINN Teil 26 setzt gshadow.5 fort
 #. (itstool) path: refnamediv/refpurpose
 #: grpck.8.xml.out:41
 msgid "verify integrity of group files"
@@ -4582,7 +5014,7 @@ msgid ""
 msgstr ""
 "Der Befehl <command>grpwck</command> überprüft die Stimmigkeit der "
 "Informationen über die Gruppen. Alle Einträge in <filename>/etc/group</"
-"filename><phrase condition=\"gshadow\">und <filename>/etc/gshadow</"
+"filename> <phrase condition=\"gshadow\">und <filename>/etc/gshadow</"
 "filename></phrase> werden darauf überprüft, ob sie das richtige Format haben "
 "und gültige Daten enthalten. Bei einem Eintrag, der falsch formatiert ist "
 "oder andere unbehebbare Fehler enthält, wird der Benutzer aufgefordert, ihn "
@@ -4615,7 +5047,6 @@ msgstr ""
 msgid "a valid group identifier <_:phrase-1/>"
 msgstr "eine gültige Benutzer- und Gruppenkennung"
 
-# SB: Gruppenverwalter ist besser als Administrator, weil so keine Verwechslung mit Systemadminstrator.
 #. (itstool) path: para/phrase
 #: grpck.8.xml.out:88
 #, fuzzy
@@ -4639,8 +5070,8 @@ msgid ""
 "a corresponding entry in the <_:filename-1/> file (respectively <_:"
 "filename-2/> for the <_:filename-3/> checks)"
 msgstr ""
-"einen passenden Eintrag in der Datei <filename>/etc/gshadow</filename>  "
-"(oder in <filename>/etc/group</filename> bei der Überprüfung von "
+"einen dazu gehörenden Eintrag in der Datei <filename>/etc/gshadow</filename> "
+"(beziehungsweise in <filename>/etc/group</filename> bei der Überprüfung von "
 "<filename>gshadow</filename>)"
 
 #. (itstool) path: refsect1/para
@@ -4663,20 +5094,19 @@ msgid ""
 "warnings and the user is encouraged to run the <_:command-1/> command to "
 "correct the error."
 msgstr ""
-"Fehler bei der Überprüfung der richtigen Anzahl der Felder und des "
-"eindeutigen Benutzernamens sind schwerwiegend. Wenn ein Eintrag die falsche "
-"Anzahl von Feldern aufweist, wird der Benutzer aufgefordert, die gesamte "
-"Zeile zu löschen. Wenn er dies ablehnt, werden alle weiteren Tests "
-"ausgelassen. Bei einem Eintrag mit einem mehrfach verwendeten Benutzernamen "
-"wird der Benutzer aufgefordert, diesen Eintrag zu löschen. Sollte er dies "
-"ablehnen, werden dennoch die übrigen Tests ausgeführt. Bei allen anderen "
-"Fehlern wird eine Warnung ausgegeben und der Benutzer aufgefordert, den "
-"Fehler mittels des Befehls <command>groupmod</command> zu beheben."
+"Eine nicht richtige Anzahl von Feldern und mehrfach vorkommende Gruppen- "
+"namen sind schwerwiegende Fehler. Bei einer falschen Feldanzahl wird der "
+"Benutzer aufgefordert, die gesamte Zeile zu löschen. Wenn er dies ablehnt, "
+"werden alle weiteren Tests ausgelassen. Sollte ein Gruppenname ein zweites "
+"Mal vorkommen, folgt eineAufforderung, diesen Eintrag zu löschen, aber davon "
+"unabhängig werdendie übrigen Tests ausgeführt. Alle anderen Fehlern lösen "
+"nur eineWarnung aus und der Benutzer wird darauf hingewiesen, den Fehler "
+"mittels des Befehls <command>groupmod</command> zu beheben."
 
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr "Datei"
 
@@ -4698,10 +5128,10 @@ msgid ""
 "are not able to alter corrupted or duplicated entries. <_:command-4/> should "
 "be used in those circumstances to remove the offending entries."
 msgstr ""
-"Die Befehle, welche die Datei <filename>/etc/passwd</filename> bearbeiten, "
-"können falsche oder doppelte Einträge nicht verändern. In solchen Fällen "
-"sollte <command>pwck</command> verwendet werden, um den betreffenden Eintrag "
-"zu entfernen."
+"Befehle, die die Datei <filename>/etc/passwd</filename> bearbeiten, können "
+"falsche oder doppelte Einträge nicht verändern. In solchen Fällen sollte "
+"<command>pwck</command> verwendet werden, um den betreffenden Eintrag zu "
+"entfernen."
 
 #. (itstool) path: refsect1/para
 #: grpck.8.xml.out:123 pwck.8.xml.out:154
@@ -4721,7 +5151,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -4738,10 +5168,9 @@ msgid ""
 "questions regarding changes to be answered <_:emphasis-2/> without user "
 "intervention."
 msgstr ""
-"Führt den Befehl <command>grpck</command> im Modus Nur-Lesen aus. Dies hat "
-"zur Folge, dass alle Fragen, ob Veränderungen vorgenommen werden sollen, mit "
-"<emphasis>no</emphasis> beantworteten werden, ohne dass der Benutzer "
-"einzugreifen braucht."
+"führt den Befehl <command>grpck</command> im Nur-Lesen-Modus  aus. Daraufhin "
+"gelten alle Fragen, ob Veränderungen vorgenommen werden sollen, vorab als "
+"mit <emphasis>no</emphasis> beantwortet."
 
 #. (itstool) path: term/option
 #: grpck.8.xml.out:161 pwck.8.xml.out:209
@@ -4755,8 +5184,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 #, fuzzy
 #| msgid "-"
 msgid "-S"
@@ -4803,7 +5232,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: grpck.8.xml.out:251
 msgid "one or more bad group entries"
-msgstr "ein oder mehrere fehlerhafte Gruppeneinträge"
+msgstr "einer oder mehrere fehlerhafte Gruppeneinträge"
 
 #. (itstool) path: listitem/para
 #: grpck.8.xml.out:257
@@ -4835,12 +5264,12 @@ msgstr ""
 #. (itstool) path: author/contrib
 #: gshadow.5.xml.out:17
 msgid "Creation, 2005"
-msgstr "ursprünglicher Autor, 2005"
+msgstr "Erstellung, 2005"
 
 #. (itstool) path: refnamediv/refpurpose
 #: gshadow.5.xml.out:30
 msgid "shadowed group file"
-msgstr "Shadow-Datei für Gruppen"
+msgstr "geschützte Datei mit Benutzergruppen"
 
 #. (itstool) path: refsect1/para
 #: gshadow.5.xml.out:35
@@ -4850,8 +5279,8 @@ msgstr "Shadow-Datei für Gruppen"
 #| "group accounts."
 msgid "<_:filename-1/> contains the shadowed information for group accounts."
 msgstr ""
-"In <filename>/etc/gshadow</filename> befinden sich die Informationen für das "
-"Shadow-Gruppen-System."
+"<filename>/etc/gshadow</filename> enthält Informationen zu den Gruppenkonten "
+"in geschützter Form."
 
 #. (itstool) path: refsect1/para
 #: gshadow.5.xml.out:40 shadow.5.xml.out:52
@@ -4866,14 +5295,15 @@ msgstr ""
 #: gshadow.5.xml.out:45
 msgid "Each line of this file contains the following colon-separated fields:"
 msgstr ""
-"Die darin enthaltenen Zeilen haben folgende Felder, die durch Doppelpunkt "
-"getrennt sind:"
+"Jede Zeile dieser Datei setzt sich aus folgenden, durch Doppelpunkt "
+"getrennte Felder zusammen:"
 
 #. (itstool) path: term/emphasis
 #: gshadow.5.xml.out:51
 msgid "group name"
 msgstr "Gruppenname"
 
+# FIXME s/which exist/which exists
 #. (itstool) path: listitem/para
 #: gshadow.5.xml.out:53
 msgid "It must be a valid group name, which exist on the system."
@@ -4896,9 +5326,9 @@ msgstr "verschlüsseltes Passwort"
 msgid ""
 "Refer to <_:citerefentry-1/> for details on how this string is interpreted."
 msgstr ""
-"Sie sollten in <citerefentry><refentrytitle>crypt</"
-"refentrytitle><manvolnum>3</manvolnum></citerefentry> nachsehen, wenn Sie "
-"mehr über die Bedeutung dieser Zeichenkette wissen wollen."
+"Sehen Sie in <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
+"manvolnum></citerefentry> nach, wenn Sie etwas über die Verarbeitung dieser "
+"Zeichenkette erfahren möchten."
 
 #. (itstool) path: listitem/para
 #: gshadow.5.xml.out:66
@@ -4914,17 +5344,17 @@ msgid ""
 "citerefentry-1/>, for instance ! or *, users will not be able to use a unix "
 "password to access the group (but group members do not need the password)."
 msgstr ""
-"Wenn das Passwortfeld eine Zeichenkette enthält, die kein zulässiges "
-"Ergebnis von <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
-"manvolnum></citerefentry> ist, z.B. ! oder *, können Benutzer nicht mit "
-"einem Unix-Passwort Zugang zu der Gruppe erhalten, wobei Gruppenmitglieder "
-"kein Passwort benötigen."
+"Wenn das Passwortfeld eine Zeichenkette enthält, die kein gültiges Ergebnis "
+"von <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
+"manvolnum></citerefentry> darstellt, z.B. ! oder *, ist Benutzern der Zugang "
+"zu der Gruppe mittels Unix-Passwort verwehrt (Gruppenmitglieder benötigen "
+"hingegen kein Passwort)."
 
 #. (itstool) path: listitem/para
 #: gshadow.5.xml.out:73
 #, fuzzy
 #| msgid ""
-#| "The password is used when an user who is not a member of the group wants "
+#| "The password is used when a user who is not a member of the group wants "
 #| "to gain the permissions of this group (see "
 #| "<citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</"
 #| "manvolnum></citerefentry>)."
@@ -4943,23 +5373,18 @@ msgid ""
 "This field may be empty, in which case only the group members can gain the "
 "group permissions."
 msgstr ""
-"Dieses Feld kann leer bleiben. Dies hat zur Folge, dass nur "
-"Gruppenmitglieder von den Rechten der Gruppe Gebrauch machen können."
+"Dieses Feld kann leer bleiben. Dies hat zur Folge, dass die Rechte der "
+"Gruppe Gruppenmitglieder vorbehalten sind."
 
 #. (itstool) path: listitem/para
 #: gshadow.5.xml.out:83 shadow.5.xml.out:81
-#, fuzzy
-#| msgid ""
-#| "A password field which starts with a exclamation mark means that the "
-#| "password is locked. The remaining characters on the line represent the "
-#| "password field before the password was locked."
 msgid ""
 "A password field which starts with an exclamation mark means that the "
 "password is locked. The remaining characters on the line represent the "
 "password field before the password was locked."
 msgstr ""
 "Ein Passwortfeld, das mit einem Ausrufezeichen beginnt, führt dazu, dass das "
-"Passwort gesperrt ist. Die übrigen Zeichen sind das Passwort vor der "
+"Passwort gesperrt ist. Die übrigen Zeichen entsprechen dem Passwort vor der "
 "Sperrung."
 
 #. (itstool) path: listitem/para
@@ -4970,10 +5395,9 @@ msgstr ""
 #| "filename>."
 msgid "This password supersedes any password specified in <_:filename-1/>."
 msgstr ""
-"Dieses Passwort geht den in <filename>/etc/group</filename> definierten "
-"Passwörtern vor."
+"Dieses Passwort hat gegenüber den in <filename>/etc/group</filename> "
+"definierten Passwörtern Vorrang."
 
-# SB: Gruppenverwalter ist besser als Administrator, weil so keine Verwechslung mit Systemadminstrator.
 #. (itstool) path: term/emphasis
 #: gshadow.5.xml.out:97
 msgid "administrators"
@@ -5009,7 +5433,8 @@ msgstr "Mitglieder"
 #: gshadow.5.xml.out:118
 msgid "Members can access the group without being prompted for a password."
 msgstr ""
-"Mitglieder haben Zugang zu der Gruppe, ohne eine Passwort eingeben zu müssen."
+"Mitglieder haben, ohne um ein Passwort gebeten zu werden, Zugang zu der "
+"Gruppe."
 
 #. (itstool) path: listitem/para
 #: gshadow.5.xml.out:122
@@ -5027,7 +5452,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -5041,10 +5466,12 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
+# ENDE Teil 23 weiter mit lastlog.8
+# BEGINN Teil 24 setzt limits.5 fort
 #. (itstool) path: refnamediv/refpurpose
 #: lastlog.8.xml.out:43
 msgid "reports the most recent login of all users or of a given user"
@@ -5063,6 +5490,9 @@ msgstr "/var/log/lastlog"
 msgid "login-name"
 msgstr "Anmeldename"
 
+# ENDE Teil 12 weiter mit porttime.5
+# BEGINN Teil 13 setzt pwck.8 fort
+# MH87 Is man 5 porttime published or distributed somewhere?
 #. (itstool) path: para/emphasis
 #: lastlog.8.xml.out:60
 #, fuzzy
@@ -5093,16 +5523,15 @@ msgid ""
 "will be printed. The default (no flags) causes lastlog entries to be "
 "printed, sorted by their order in <_:filename-6/>."
 msgstr ""
-"<command>lastlog</command> formatiert und gibt den Inhalt der Datei mit den "
-"letzten Anmeldungen, <filename>/var/log/lastlog</filename>, aus. Der "
+"<command>lastlog</command> formatiert und gibt den Inhalt der Datei "
+"<filename>/var/log/lastlog</filename> mit den letzten Anmeldungen aus. Der "
 "<emphasis>Anmeldename</emphasis>, der <emphasis>Port</emphasis> und der "
-"<emphasis>Zeitpunkt der letzten Anmeldung</emphasis> werden angezeigt. "
-"Standardmäßig (keine Optionen) werden die Lastlog-Einträge in der "
-"Reihenfolge, wie sie sich in <filename>/etc/passwd</filename> befinden, "
-"ausgegeben."
+"<emphasis>Zeitpunkt</emphasis> der letzten Anmeldung werden angezeigt. Ohne "
+"Optionen entspricht die Reihung der Lastlog-Einträge jener in der Datei "
+"<filename>/etc/passwd</filename>."
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 #, fuzzy
 #| msgid "-"
@@ -5114,6 +5543,7 @@ msgstr "-"
 msgid "--before"
 msgstr ""
 
+# MH Why using emphasis instead of replaceable tag for DAYS? PR/patch to github 2022-01-20, mh
 #. (itstool) path: listitem/para
 #: lastlog.8.xml.out:78
 #, fuzzy
@@ -5122,8 +5552,8 @@ msgstr ""
 #| "emphasis>."
 msgid "Print only lastlog records older than <_:replaceable-1/>."
 msgstr ""
-"gibt nur Lastlog-Einträge aus, die älter als <emphasis remap=\"I\">TAGE</"
-"emphasis> sind"
+"gibt nur Lastlog-Einträge aus, die älter als <replaceable>TAGE</replaceable> "
+"sind."
 
 #. (itstool) path: term/option
 #: lastlog.8.xml.out:85
@@ -5141,14 +5571,15 @@ msgstr ""
 #: lastlog.8.xml.out:88
 #, fuzzy
 #| msgid ""
-#| "This option is only valid in combination with the <option>-d</option> (or "
-#| "<option>--home</option>) option."
+#| "Clear lastlog record of a user. This option can be used only together "
+#| "with <option>-u</option> (<option>--user</option>))."
 msgid ""
 "Clear lastlog record of a user. This option can be used only together with "
 "<_:option-1/> (<_:option-2/>))."
 msgstr ""
-"Diese Option ist nur in Verbindung mit der Option <option>-d</option> (oder "
-"<option>--home</option>) zulässig."
+"löscht den lastlog-Eintrag eines Benutzers. Diese Option ist nur in "
+"Verbindung mit der Option <option>-u</option> oder <option>--user</option> "
+"zulässig."
 
 #. (itstool) path: term/option
 #: lastlog.8.xml.out:117
@@ -5159,15 +5590,18 @@ msgstr ""
 #: lastlog.8.xml.out:120
 #, fuzzy
 #| msgid ""
-#| "This option is only valid in combination with the <option>-d</option> (or "
-#| "<option>--home</option>) option."
+#| "Set lastlog record of a user to the current time. This option can be used "
+#| "only together with <option>-u</option> (<option>--user</option>))."
 msgid ""
 "Set lastlog record of a user to the current time. This option can be used "
 "only together with <_:option-1/> (<_:option-2/>))."
 msgstr ""
-"Diese Option ist nur in Verbindung mit der Option <option>-d</option> (oder "
-"<option>--home</option>) zulässig."
+"hinterlegt die aktuelle Zeit als Lastlog-Eintrag eines Benutzers. Diese "
+"Option ist nur in Verbindung mit der Option <option>-u</option> oder "
+"<option>--user</option> zulässig."
 
+# MH Why using emphasis instead of replaceable tag for DAYS?
+# Patch mailed to Serge Hallyn, 2022-01-20, mh
 #. (itstool) path: listitem/para
 #: lastlog.8.xml.out:131
 #, fuzzy
@@ -5176,13 +5610,13 @@ msgstr ""
 #| "emphasis>."
 msgid "Print the lastlog records more recent than <_:replaceable-1/>."
 msgstr ""
-"gibt nur Lastlog-Einträge aus, die neuer als <emphasis remap=\"I\">TAGE</"
-"emphasis> sind"
+"gibt nur Lastlog-Einträge aus, die neuer als <replaceable>TAGE</replaceable> "
+"sind."
 
 #. (itstool) path: listitem/para
 #: lastlog.8.xml.out:142
 msgid "Print the lastlog record of the specified user(s)."
-msgstr "gibt nur die Lastlog-Einträge für die angegebenen Benutzer aus"
+msgstr "gibt nur die Lastlog-Einträge für die angegebenen Benutzer aus."
 
 #. (itstool) path: para/emphasis
 #: lastlog.8.xml.out:158
@@ -5199,9 +5633,8 @@ msgid ""
 "If the user has never logged in the message <_:emphasis-1/> will be "
 "displayed instead of the port and time."
 msgstr ""
-"Wenn sich ein Benutzer noch nie angemeldet hat, wird die Meldung "
-"<emphasis>** Never logged in**</emphasis> anstatt von Port und Zeit "
-"angezeigt."
+"Wenn sich ein Benutzer noch nie angemeldet hat, wird anstatt von Port und "
+"Zeit die Meldung <emphasis>**Noch nie angemeldet**</emphasis> angezeigt."
 
 #. (itstool) path: refsect1/para
 #: lastlog.8.xml.out:162
@@ -5209,8 +5642,8 @@ msgid ""
 "Only the entries for the current users of the system will be displayed. "
 "Other entries may exist for users that were deleted previously."
 msgstr ""
-"Es werden nur Einträge für auf dem System vorhandene Benutzer angezeigt, "
-"selbst wenn Einträge über gelöschte Benutzer noch vorhanden sind."
+"Es werden nur Einträge für derzeit angelegte Benutzer angezeigt, Weitere zu "
+"gelöschten Benutzern gehörende Einträge können vorhanden sein."
 
 #. (itstool) path: para/command
 #: lastlog.8.xml.out:175
@@ -5241,13 +5674,13 @@ msgid ""
 ">\"."
 msgstr ""
 "Bei der Datei <filename>lastlog</filename> handelt es sich um eine "
-"Datenbank, die Informationen zur letzten Anmeldung der Benutzer enthält. Sie "
-"sollten sie nicht austauschen. Es handelt sich um eine Sparse-Datei, so dass "
-"die tatsächliche Größe auf dem Speichermedium gewöhnlich viel kleiner ist "
-"als von »<command>ls -l</command>« angezeigt wird (was eine sehr große Datei "
-"anzeigen kann, wenn sich Benutzer mit einer großen UID in <filename>passwd</"
-"filename> befinden). Die wirkliche Dateigröße lässt sich mit »<command>ls -"
-"s</command>« anzeigen."
+"Datenbank, die zu jedem Benutzer Informationen zur letzten Anmeldung "
+"enthält. Sie sollte nicht in die Rotation von Protokolldateien einbezogen "
+"werden. Es handelt sich um eine Sparse-Datei, so dass die tatsächliche Größe "
+"auf dem Speichermedium gewöhnlich viel kleiner ist als von »<command>ls -l</"
+"command>« angezeigt wird (was eine sehr große Datei anzeigt, wenn es in "
+"<filename>passwd</filename> Benutzer mit hohen Kennungen gibt). Die "
+"wirkliche Dateigröße lässt sich mit »<command>ls -s</command>« anzeigen."
 
 #. (itstool) path: listitem/para
 #: lastlog.8.xml.out:199
@@ -5262,11 +5695,11 @@ msgid ""
 "users with UID between 170 and 800 lastlog will appear to hang as it "
 "processes entries with UIDs 171-799)."
 msgstr ""
-"Große Lücken in den UID-Zahlen haben zur Folge, dass das Lastlog-Programm "
-"längere Zeit ohne Bildschirmausgabe läuft. Wenn sich z.B. in der Datenbank "
-"von Lastlog kein Eintrag für Benutzer mit der UID zwischen 170 und 800 "
-"befindet, wird es scheinen, als ob lastlog stehen geblieben ist, während es "
-"die Einträge mit der UID 171 bis 799 verarbeitet."
+"Große Lücken in den Benutzerkennungen haben zur Folge, dass das Lastlog-"
+"Programm längere Zeit nichts auf den Bildschirm ausgibt. Wenn sich z.B. in "
+"der Lastlog-Datenbank kein Eintrag für Benutzer mit der Kennung zwischen 170 "
+"und 800 befindet, wird es, während der Verarbeitung der Einträge zu den "
+"Kennungen 171 bis 799, scheinen, als sei lastlog stehen geblieben."
 
 #. (itstool) path: refsect1/para
 #: lastlog.8.xml.out:213
@@ -5277,6 +5710,8 @@ msgid ""
 "default and may require a specific option to handle them."
 msgstr ""
 
+# ENDE Teil 22 weiter mit limits.5
+# BEGINN Teil 23 setzt login.1 fort
 #. (itstool) path: author/firstname
 #: limits.5.xml.out:17
 msgid "Luca"
@@ -5302,7 +5737,7 @@ msgstr "limits"
 #. (itstool) path: refnamediv/refpurpose
 #: limits.5.xml.out:43
 msgid "resource limits definition"
-msgstr "Festlegung von Resourcenbeschränkungen"
+msgstr "legt Beschränkungen zur Nutzung von Ressourcen fest"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
@@ -5330,18 +5765,21 @@ msgid ""
 msgstr ""
 "Die <emphasis remap=\"I\">limits</emphasis>-Datei (standardmäßig <filename>/"
 "etc/limits</filename> oder die durch LIMITS_FILE in <filename>config.h</"
-"filename> festgelegte) bezeichnet die von Ihnen eingeführte Beschränkung von "
-"Ressourcen. Sie sollte Root gehören und nur von ihm lesbar sein."
+"filename> genannte Datei) beinhaltet die Ihrerseits gewünschten "
+"Beschränkungen zur Nutzung von Ressourcen. Sie sollte dem "
+"Systemadministrator gehören und nur für ihn lesbar sein."
 
+# MH String would get much easier when referring to "account with UID 0 with no
+# regard to the login name for this account"
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:57
 msgid ""
 "By default no quota is imposed on 'root'. In fact, there is no way to impose "
 "limits via this procedure to root-equiv accounts (accounts with UID 0)."
 msgstr ""
-"Standardmäßig bestehen für Root keine Einschränkungen. Tatsächlich gibt es "
-"keine Möglichkeit, mit diesem Verfahren Root-Konten (Konten mit der UID 0) "
-"Beschränkungen aufzuerlegen."
+"Standardmäßig sind dem Benutzer »root« keine Beschränkungen auferlegt. "
+"Tatsächlich gibt ist keinen Weg, ihm oder ähnlich privilegierten Nutzern "
+"(Konten mit der Benutzerkennung 0) Beschränkungen aufzuerlegen."
 
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:63
@@ -5352,7 +5790,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #: limits.5.xml.out:66
 msgid "user LIMITS_STRING"
-msgstr "Benutzer BESCHRÄNKUNGSZEICHENKETTE"
+msgstr "Anmeldename BESCHRÄNKUNGSZEICHENKETTE"
 
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:69
@@ -5362,14 +5800,14 @@ msgstr "oder in der Form:"
 #. (itstool) path: para/emphasis
 #: limits.5.xml.out:72
 msgid "@group LIMITS_STRING"
-msgstr "@Gruppe BESCHRÄNKUNGSZEICHENKETTE"
+msgstr "@Gruppenname BESCHRÄNKUNGSZEICHENKETTE"
 
 #. (itstool) path: para/emphasis
 #: limits.5.xml.out:76 limits.5.xml.out:112
 #, fuzzy
 #| msgid "user LIMITS_STRING"
 msgid "LIMITS_STRING"
-msgstr "Benutzer BESCHRÄNKUNGSZEICHENKETTE"
+msgstr "Anmeldename BESCHRÄNKUNGSZEICHENKETTE"
 
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:75
@@ -5394,25 +5832,24 @@ msgstr "Gültige Kennungen sind:"
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:84
 msgid "A: max address space (KB)"
-msgstr "A: maximaler Adressraum (KB)"
+msgstr "A: maximaler Adressraum (kB)"
 
-# SB: Uebersetzung von "core file"?
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:85
 msgid "C: max core file size (KB)"
-msgstr "C: maximale Größe der Speicherabbild-Datei"
+msgstr "C: maximale Größe der Speicherauszugs-Datei (kB)"
 
+# MH Relevante Wortwahl: "data size" und nicht "file size" wie in nächster Meldung.
+# es wurde daher "amount of data" vermutet
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:86
 msgid "D: max data size (KB)"
-msgstr "D: maximale Datengröße (KB)"
+msgstr "D: maximale Datenmenge (kB)"
 
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:87
-#, fuzzy
-#| msgid "F: maximum filesize (KB)"
 msgid "F: maximum file size (KB)"
-msgstr "F: maximale Dateigröße (KB)"
+msgstr "F: maximale Dateigröße (kB)"
 
 #. (itstool) path: citerefentry/refentrytitle
 #: limits.5.xml.out:90
@@ -5433,12 +5870,12 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:95
 msgid "L: max number of logins for this user"
-msgstr "L: maximale Anzahl von Logins für diesen Benutzer"
+msgstr "L: maximale Anzahl von Anmeldungen für diesen Benutzer"
 
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:96
 msgid "M: max locked-in-memory address space (KB)"
-msgstr "M: maximaler gesperrter Adressbereich im Speicher (KB)"
+msgstr "M: maximaler gesperrter Adressbereich im Speicher (kB)"
 
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:97
@@ -5448,7 +5885,7 @@ msgstr "N: maximale Anzahl offener Dateien"
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:98
 msgid "O: max real time priority"
-msgstr "O: Maximale Echtzeit-Priorität "
+msgstr "O: maximale Echtzeit-Priorität"
 
 #. (itstool) path: citerefentry/refentrytitle
 #: limits.5.xml.out:101 limits.5.xml.out:188
@@ -5460,20 +5897,28 @@ msgstr ""
 msgid "P: process priority, set by <_:citerefentry-1/>."
 msgstr ""
 
+# MH "resident set size" according to
+# https://stackoverflow.com/questions/60779173/what-does-maximum-resident-set-size-mean
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:104
 msgid "R: max resident set size (KB)"
-msgstr "R: maximale Resident Set Size (KB)"
+msgstr ""
+"R: maximale Arbeitsspeicherbelegung, siehe "
+"<citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></"
+"citerefentry> »resident set size« (kB)"
 
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:105
 msgid "S: max stack size (KB)"
-msgstr "S: maximale Größe des Stapelverarbeitungsspeichers (KB)"
+msgstr ""
+"S: maximale Größe des Stapelverarbeitungsspeichers, siehe "
+"<citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></"
+"citerefentry> »stack« (kB)"
 
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:106
 msgid "T: max CPU time (MIN)"
-msgstr "T: maximale CPU-Zeit (Min)"
+msgstr "T: maximale CPU-Zeit (min)"
 
 #. (itstool) path: listitem/para
 #: limits.5.xml.out:107
@@ -5511,8 +5956,8 @@ msgstr ""
 msgid "username L2D2048N5 username L2 D2048 N5"
 msgstr ""
 "\n"
-"      Benutzername L2D2048N5\n"
-"      Benutzername L2 D2048 N5\n"
+"      Anmeldename L2D2048N5\n"
+"      Anmeldename L2 D2048 N5\n"
 "    "
 
 #. (itstool) path: para/emphasis
@@ -5522,16 +5967,16 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
-msgstr "Benutzername"
+msgstr "Anmeldename"
 
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:121
 #, fuzzy
 #| msgid ""
 #| "Be aware that after <emphasis remap=\"I\">username</emphasis> the rest of "
-#| "the line is considered a limit string, thus comments are not allowed. A "
+#| "the line is considered a limit string, thus comments are not allowed. An "
 #| "invalid limits string will be rejected (not considered) by the "
 #| "<command>login</command> program."
 msgid ""
@@ -5539,9 +5984,9 @@ msgid ""
 "limit string, thus comments are not allowed. An invalid limits string will "
 "be rejected (not considered) by the <_:command-2/> program."
 msgstr ""
-"Beachten Sie, dass nach <emphasis remap=\"I\">Benutzername</emphasis> die "
+"Denken Sie daran, dass nach <emphasis remap=\"I\">Anmeldename</emphasis> die "
 "übrige Zeile als Zeichenkette für Beschränkungen angesehen wird. Kommentare "
-"sind daher nicht zulässig. Eine ungültige Zeichenkette wird von "
+"sind also nicht vorgesehen. Eine ungültige Zeichenkette wird von "
 "<command>login</command> ignoriert."
 
 #. (itstool) path: para/emphasis
@@ -5559,6 +6004,8 @@ msgstr ""
 msgid "LIMITS_FILE"
 msgstr ""
 
+# MH A source for confusion <emphasis remap=\"I\">default</emphasis> entries.
+# Just write "default entries" without markup as the asteriks is the expected value
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:128
 #, fuzzy
@@ -5572,10 +6019,9 @@ msgid ""
 "multiple <_:emphasis-2/> entries in your <_:emphasis-3/>, then the last one "
 "will be used as the default entry."
 msgstr ""
-"Standardwerte werden mit dem Benutzernamen »<emphasis>*</emphasis>« "
-"festgelegt. Falls Sie mehrfach <emphasis remap=\"I\">Standard</emphasis>-"
-"Werte in der <emphasis>BESCHRÄNKUNGSDATEI</emphasis> bestimmen, wird nur der "
-"letzte berücksichtigt."
+"Standardwerte werden mit dem Anmeldenamen »<emphasis>*</emphasis>« "
+"festgelegt. Falls in <emphasis>LIMITS_FILE</emphasis> mehrfach Standardwerte "
+"auftreten, wird nur der letzte berücksichtigt."
 
 #. (itstool) path: para/replaceable
 #: limits.5.xml.out:136 limits.5.xml.out:148
@@ -5594,28 +6040,30 @@ msgid ""
 "The limits specified in the form \"<_:replaceable-1/>\" apply to the members "
 "of the specified <_:replaceable-2/>."
 msgstr ""
-"Beschränkungen, die in der Form »<replaceable>@group</replaceable>« "
-"festgelegt wurden, gelten für alle Mitglieder der angegebenen Gruppe "
-"<replaceable>group</replaceable>."
+"Beschränkungen, die in der Form <replaceable>@Gruppenname</replaceable> "
+"festgelegt wurden, gelten für alle Mitglieder der angegebenen Gruppe."
 
+# MH Die erste Autorin der Handbuchseiten von shadow-utils war Julianne Frances Haugh (1991),
+# die die weiblichen Benutzerinnen ansprechen wollte. Im aktuellen Original sind die
+# weiblichen Formen leider (mit automatischen Ersetzungen und entsprechenden Grammatik-Folgefehlern)
+# getilgt worden. "Benutzerin" blieb hier bewusst. stehen. Diese Form hat ihre Berechtigung
+# und ist anders als Benutzer:in und dergleichen einfaches und sprechbares Deutsch.
+# Es wäre zu überlegen, für diese Handbuchseiten-Übersetzung  ein "genenerisches
+# Femininum" zu verwenden.
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:141
-#, fuzzy
-#| msgid ""
-#| "If more than one line with limits for an user exist, only the first line "
-#| "for this user will be considered."
 msgid ""
 "If more than one line with limits for a user exist, only the first line for "
 "this user will be considered."
 msgstr ""
-"Wenn mehr als eine Zeile mit Beschränkungen für einen Benutzer vorhanden "
-"ist, wird für ihn nur die erste Zeile berücksichtigt."
+"Wenn mehr als eine Zeile mit Beschränkungen für eine Benutzerin vorhanden "
+"ist, wird für sie nur die erste Zeile berücksichtigt."
 
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:146
 #, fuzzy
 #| msgid ""
-#| "If no lines are specified for an user, the last <replaceable>@group</"
+#| "If no lines are specified for a user, the last <replaceable>@group</"
 #| "replaceable> line matching a group whose the user is a member of will be "
 #| "considered, or the last line with default limits if no groups contain the "
 #| "user."
@@ -5625,10 +6073,9 @@ msgid ""
 "last line with default limits if no groups contain the user."
 msgstr ""
 "Wenn keine Zeile auf einen Benutzer zutrifft, wird auf ihn die letzte Zeile "
-"mit <replaceable>@group</replaceable> angewendet, die auf eine Gruppe "
-"verweist, deren Mitglied er ist. Wenn er auch nicht Mitglied einer der "
-"aufgeführten Gruppe ist, wird auf ihn die letzte Zeile, in der Standardwerte "
-"bestimmt sind, angewendet."
+"für eine Gruppe <replaceable>@Gruppenname</replaceable> angewendet, deren "
+"Mitglied er ist. Wenn keine Gruppe den Benutzer enthält, wird die letzte "
+"Zeile mit Standardwerten herangezogen."
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
@@ -5653,7 +6100,7 @@ msgid ""
 "will do."
 msgstr ""
 "Mit einem Gedankenstrich »<emphasis>-</emphasis>« können Sie alle "
-"Beschränkungen für einen Benutzer zu entfernen."
+"Beschränkungen für einen Benutzer aufheben."
 
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:158
@@ -5665,11 +6112,12 @@ msgid ""
 "To disable a limit for a user, a single dash \"<_:replaceable-1/>\" can be "
 "used instead of the numerical value for this limit."
 msgstr ""
-"Um für einen Benutzer eine bestimmte Beschränkung zu entfernen, müssen Sie "
+"Um für einen Benutzer eine bestimmte Beschränkung zu entfernen, können Sie "
 "für diese Beschränkung anstelle des numerischen Wertes einen Gedankenstrich "
 "»<replaceable>-</replaceable>« setzen."
 
-# SB: Well, there is PAM with /etc/security/limits.conf
+# SB6: Well, there is PAM with /etc/security/limits.conf
+# delete phrase on "global limits" as limits seems to be superseded by PAM limits
 #. (itstool) path: refsect1/para
 #: limits.5.xml.out:164
 msgid ""
@@ -5677,9 +6125,10 @@ msgid ""
 "global, nor are they permanent. Perhaps global limits will come, but for now "
 "this will have to do ;)"
 msgstr ""
-"Berücksichtigen Sie auch, dass alle Beschränkungen nur JE ANMELDUNG gelten. "
-"Sie sind nicht global und auch nicht dauerhaft. Vielleicht wird es einmal "
-"globale Beschränkungen geben, für jetzt muss dies aber reichen ;)"
+"Berücksichtigen Sie auch, dass alle Beschränkungen nur <emphasis>je "
+"Anmeldung</emphasis> gelten. Sie sind nicht global und auch nicht dauerhaft. "
+"Vielleicht wird es einmal globale Beschränkungen geben, für jetzt muss dies "
+"aber reichen ;)"
 
 #. (itstool) path: citerefentry/refentrytitle
 #: limits.5.xml.out:191
@@ -5688,7 +6137,10 @@ msgstr ""
 msgid "setrlimit"
 msgstr "/etc/limits"
 
-# SB: Translation of login.1 based on Josef Spillner's
+# ENDE Teil 21 weiter mit login.1
+# BEGINN Teil 22 setzt login.access.5 fort
+# SB3: s/begin session/begins a session
+# SB4: Translation of login.1 based on Josef Spillner's
 # (josef@ggzgamingzone.org) from 2003. Mention somewhere else as well?
 #. (itstool) path: refnamediv/refpurpose
 #: login.1.xml.out:74
@@ -5707,6 +6159,8 @@ msgstr "Rechner"
 msgid "-h <_:replaceable-1/>"
 msgstr "-h <placeholder-1/>"
 
+# MH I assume that this expresses the possibility to set environment variables
+# thus, use ENV=VALUE and refer to Section Configuration
 #. (itstool) path: arg/replaceable
 #: login.1.xml.out:84
 msgid "ENV=VAR"
@@ -5761,13 +6215,13 @@ msgstr ""
 "auf dem System zu starten. Es wird normalerweise automatisch als Antwort auf "
 "die <emphasis remap=\"I\">login:</emphasis>-Eingabeaufforderung auf dem "
 "Terminal des Benutzers ausgeführt. <command>login</command> kann von der "
-"Shell besonders behandelt werden und kann nicht als Subprozess gestartet "
+"Shell speziell behandelt werden und kann nicht als Subprozess gestartet "
 "werden. Wenn <command>login</command> von einer Shell aufgerufen wird, "
 "sollte es als <emphasis remap=\"B\">exec login</emphasis> ausgeführt werden, "
-"so dass die aktuelle Shell des Benutzers beendet wird (und somit verhindert "
-"wird, dass der neue Benutzer in die Sitzung des alten zurückkehren kann). "
-"Der Versuch, von einer Shell außer der Anmelde-Shell <command>login</"
-"command> auszuführen, wird eine Fehlermeldung erzeugen."
+"so dass die aktuelle Shell des Benutzers beendet wird, was verhindert, dass "
+"der neue Benutzer in die Sitzung des alten zurückkehren kann. Der Versuch, "
+"von einer Shell außer der Anmelde-Shell <command>login</command> "
+"auszuführen, wird eine Fehlermeldung erzeugen."
 
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:116
@@ -5783,10 +6237,10 @@ msgid ""
 "failures are permitted before <_:command-1/> exits and the communications "
 "link is severed."
 msgstr ""
-"Falls  erforderlich, wird der Benutzer anschließend nach einem Passwort "
-"gefragt. Dieses wird während der Eingabe nicht angezeigt. Es sind nur eine "
-"kleine Anzahl von Anmeldeversuchen zulässig, ehe <command>login</command> "
-"abbricht und die Kommunikation getrennt wird."
+"Falls erforderlich, wird der Benutzer dann nach einem Passwort gefragt. Um "
+"es nicht offenzulegen, wird es bei der Eingabe nicht angezeigt. Es sind nur "
+"wenige falsche Passworteingaben zulässig, ehe sich <command>login</command> "
+"beendet und die Kommunikation getrennt wird."
 
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:123
@@ -5803,10 +6257,10 @@ msgid ""
 "password and the new password before continuing. Please refer to <_:"
 "citerefentry-1/> for more information."
 msgstr ""
-"Falls der Passwortverfall für Ihr Konto aktiviert wurde, kann es sein, dass "
-"Sie vor der weiteren Nutzung nach einem neuen Passwort gefragt werden. Sie "
-"müssen Ihr altes und neues Passwort angegeben, bevor Sie fortfahren können. "
-"In der Dokumentation zu <citerefentry><refentrytitle>passwd</"
+"Falls das Passwort für Ihr Konto nur befristete Gültigkeit hat, kann es "
+"sein, dass Sie aufgefordert werden, Ihr Passwort zu ändern. Ehe Sie "
+"fortfahren können, müssen Sie Ihr altes und neues Passwort angegeben. In der "
+"Dokumentation zu <citerefentry><refentrytitle>passwd</"
 "refentrytitle><manvolnum>1</manvolnum></citerefentry> finden sich weitere "
 "Informationen."
 
@@ -5857,14 +6311,13 @@ msgid ""
 "\"<_:emphasis-4/>\", or \"<_:emphasis-5/>\" according to the condition of "
 "your mailbox."
 msgstr ""
-"Nach einer erfolgreichen Anmeldung werden Ihnen Systemmeldungen präsentiert, "
-"sowie das Vorhandensein von Mails angezeigt. Die Anzeige der systemweiten "
+"Nach einer erfolgreichen Anmeldung werden Systemmeldungen sowie das "
+"Vorhandensein von E-Mails angezeigt. Die Anzeige der systemweiten "
 "Nachrichtendatei <filename>/etc/motd</filename> kann abgeschaltet werden, "
 "indem im Anmeldeverzeichnis eine leere Datei <filename>.hushlogin</filename> "
-"angelegt wird. Je nach Zustand der Mailbox des Benutzers ist die "
-"Mailnachricht entweder »<emphasis>Sie haben neue Mails.</emphasis>«, "
-"»<emphasis>Sie haben Mails.</emphasis>« oder »<emphasis>Keine Mails.</"
-"emphasis>«."
+"angelegt wird. Je nach Zustand Ihres Postfaches wird entweder gemeldet "
+"»<emphasis>Neue E-Mails vorhanden.</emphasis>«, »<emphasis>E-Mails vorhanden."
+"</emphasis>« oder »<emphasis>Keine E-Mails vorhanden.</emphasis>«."
 
 #. (itstool) path: para/envar
 #: login.1.xml.out:146 passwd.5.xml.out:126 su.1.xml.out:247
@@ -5893,6 +6346,10 @@ msgstr ""
 msgid "$MAIL"
 msgstr ""
 
+# MH140: I am astonished, that a comment field is used for MAIL, PATH,
+# umask, ulimit and nice. Is this correct?
+# MH mention that we deal with system call umask, system call ulimit and command nice
+# referring to a manual page?
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:143
 #, fuzzy
@@ -5910,12 +6367,12 @@ msgid ""
 "in the password entry. Ulimit, umask and nice values may also be set "
 "according to entries in the GECOS field."
 msgstr ""
-"Die Benutzer- und Gruppen-IDs werden gemäß den Werten in <filename>/etc/"
+"Die Benutzer- und Gruppenkennung wird gemäß den Werten in <filename>/etc/"
 "passwd</filename> gesetzt. Die Werte für <envar>$HOME</envar>, "
 "<envar>$SHELL</envar>, <envar>$PATH</envar>, <envar>$LOGNAME</envar> und "
-"<envar>$MAIL</envar> werden ebenfalls entsprechend den Feldern im "
-"Passworteintrag gesetzt. Werte für ulimit, umask und nice können ebenfalls "
-"gemäß den Werten im GECOS-Feld gesetzt werden."
+"<envar>$MAIL</envar> werden ebenfalls den entsprechenden Feldern dieser "
+"Datei entnommen. Werte für ulimit, umask und nice können im GECOS-Feld "
+"hinterlegt sein und von dort übernommen werden."
 
 #. (itstool) path: para/envar
 #: login.1.xml.out:154 su.1.xml.out:264
@@ -5941,8 +6398,8 @@ msgid ""
 "filename-2/>."
 msgstr ""
 "Bei einigen Installationen wird anfänglich die Umgebungsvariable "
-"<envar>$TERM</envar> entsprechend dem Terminaltyp Ihrer tty-Zeile, wie sie "
-"in <filename>/etc/ttytype</filename> angegeben ist, gesetzt."
+"<envar>$TERM</envar> entsprechend mit dem Typ Ihrer TTY-Verbindung belegt; "
+"so wie er in <filename>/etc/ttytype</filename> angegeben ist."
 
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:158
@@ -5952,10 +6409,15 @@ msgid ""
 "function."
 msgstr ""
 "Ein  Startskript für Ihren Befehlsinterpreter kann auch ausgeführt werden. "
-"Sehen Sie bitte in den entsprechenden Handbuchseiten für weitere "
-"Informationen darüber nach."
-
-# SB: Not quite sure what subsystem logins are.
+"Für weitere Informationen darüber sehen Sie bitte in den entsprechenden "
+"Handbuchseiten nach."
+
+# MH65: ein * als erstes Zeichen im Feld für die Shell in der datei /etc/passwd löst
+# Fehlermeldung aus und macht es unmöglich, mit su die entsprechende Zielidentität anzunehmen
+# in changelog zum Paket passwd steht etwas zu subsystem
+# explain "subsystem login" in the beginning or do not use it at all
+# unclear, where the mentioned asteriks appears or is to be placed.
+# "file system" shall be replaced by "origin of the directory tree"
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:164 su.1.xml.out:112
 msgid ""
@@ -5964,9 +6426,8 @@ msgid ""
 "root of a new file system which the user is actually logged into."
 msgstr ""
 "Eine Subsystem-Anmeldung wird durch einen »*« als erstes Zeichen der Anmelde-"
-"Shell gekennzeichnet. Das angegebene Home-Verzeichnis wird als Wurzel für "
-"das Dateisystem verwendet, auf welchem der Benutzer tatsächlich angemeldet "
-"ist."
+"Shell gekennzeichnet. Das angegebene persönliche Verzeichnis wird zur Wurzel "
+"des Verzeichnisbaumes, in dem der Benutzer tatsächlich angemeldet ist."
 
 #. (itstool) path: citerefentry/refentrytitle
 #: login.1.xml.out:173 login.1.xml.out:249 login.1.xml.out:401
@@ -6004,20 +6465,23 @@ msgid ""
 "user you use will continue to appear to be logged in even after you log out "
 "of the \"subsession\"."
 msgstr ""
-"Es liegt NICHT in der Verantwortung von <command>login</command>, Benutzer "
-"aus der utmp-Datei zu entfernen. Sowohl <citerefentry><refentrytitle>getty</"
+"Es obliegt nicht dem Befehl <command>login</command>, Benutzer aus der utmp-"
+"Datei zu entfernen. Sowohl <citerefentry><refentrytitle>getty</"
 "refentrytitle><manvolnum>8</manvolnum></citerefentry> als auch "
 "<citerefentry><refentrytitle>init</refentrytitle><manvolnum>8</manvolnum></"
-"citerefentry> sind dafür zuständig, die offenkundige Eigentümerstellung "
-"einer Terminalsitzung aufzuräumen. Falls Sie <command>login</command> von "
-"der Shell ohne <command>exec</command> verwenden, wird der Benutzer, den Sie "
-"verwenden, weiterhin als angemeldet erscheinen, obwohl Sie die "
+"citerefentry> sind dafür zuständig, den Eintrag zum Eigentümer einer Sitzung "
+"am Terminal zu löschen. Falls Sie <command>login</command> von der Shell "
+"ohne <command>exec</command> verwenden, wird der Benutzer, den Sie "
+"verwenden, weiterhin als angemeldet erscheinen, selbst nachdem Sie die "
 "»untergeordnete Sitzung« beendet haben."
 
+# MH preauthentification is neither explained nor used anywhere else
+# than here
 #. (itstool) path: listitem/para
 #: login.1.xml.out:193
 msgid "Do not perform authentication, user is preauthenticated."
-msgstr "Keine Authentifizierung durchführen, Benutzer ist bereits angemeldet."
+msgstr ""
+"Keine Authentifizierung durchführen, der Benutzer ist vorauthentifiziert. "
 
 #. (itstool) path: listitem/para
 #: login.1.xml.out:196
@@ -6026,23 +6490,28 @@ msgstr "Keine Authentifizierung durchführen, Benutzer ist bereits angemeldet."
 #| "Note: In that case, <replaceable>username</replaceable> is mandatory."
 msgid "Note: In that case, <_:replaceable-1/> is mandatory."
 msgstr ""
-"Hinweis: In diesem Fall muss <replaceable>Benutzername</replaceable> "
+"Hinweis: In diesem Fall muss der <replaceable>Anmeldename</replaceable> "
 "angegeben werden."
 
 #. (itstool) path: listitem/para
 #: login.1.xml.out:207
 msgid "Name of the remote host for this login."
-msgstr "Name des entfernt stehenden Rechners für die Anmeldung"
+msgstr "Name des fernen Rechners für diese Anmeldung."
 
 #. (itstool) path: listitem/para
 #: login.1.xml.out:215
 msgid "Preserve environment."
-msgstr "behält die Umgebungseinstellungen bei"
+msgstr "behält die Umgebung bei."
 
+# FIXME in case command rlogin is meant, use xml element <command>
+# MH rlogin seem to be an alias for ssh. Perhaps use this name
+# of the command as it is the one generally known
+# MH Is "autologin" the protocol that allows login without a password?
+# This possibility is mentioned on some manual page
 #. (itstool) path: listitem/para
 #: login.1.xml.out:223
 msgid "Perform autologin protocol for rlogin."
-msgstr "führt das Autologin-Protokoll für rlogin aus"
+msgstr "führt das Autologin-Protokoll für <command>rlogin</command> aus."
 
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:228
@@ -6055,8 +6524,8 @@ msgid ""
 "when <_:command-4/> is invoked by root."
 msgstr ""
 "Die Optionen <option>-r</option>, <option>-h</option> und <option>-f</"
-"option> können nur verwendet werden, wenn <command>login</command> von Root "
-"ausgeführt wird."
+"option> können nur verwendet werden, wenn <command>login</command> vom "
+"Systemadministrator aufgerufen wird."
 
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:237 su.1.xml.out:307
@@ -6068,16 +6537,14 @@ msgid ""
 "This version of <_:command-1/> has many compilation options, only some of "
 "which may be in use at any particular site."
 msgstr ""
-"Diese Version von <command>su</command> hat viele Kompilierungsoptionen. "
-"Deren Nützlichkeit hängt von den Anforderungen der jeweiligen Umgebung ab."
+"Diese Version von <command>su</command> weist viele Kompilierungsoptionen "
+"auf. Im speziellen Fall könnten nur einige davon genutzt worden sein."
 
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:242
 msgid ""
 "The location of files is subject to differences in system configuration."
-msgstr ""
-"Der Ort der Konfigurationsdateien kann je nach Konfiguration des Systems "
-"unterschiedlich sein."
+msgstr "Der Ort von Dateien ist von der Konfiguration des Systems abhängig."
 
 #. (itstool) path: refsect1/para
 #: login.1.xml.out:258
@@ -6095,13 +6562,12 @@ msgid ""
 "machine. Under Linux, the SAK mechanism can be used by users to initiate a "
 "trusted path and prevent this kind of attack."
 msgstr ""
-"Wie bei jedem anderen Programm kann auch das Erscheinungsbild von "
-"<command>login</command> vorgespiegelt werden. Falls unseriöse Benutzer "
-"physischen Zugriff auf den Rechner haben, kann dies von einem Angreifer "
-"verwendet werden, um das Passwort der Person zu erhalten, die sich als "
-"nächste vor den Rechner setzt. In Linux können Benutzer den SAK-Mechanismus "
-"verwenden, um einen vertrauenswürdigen Pfad zu erstellen und somit diesem "
-"Angriff zu entgehen."
+"Wie bei jedem anderen Programm kann ein Dialog mit <command>login</command> "
+"vorgespiegelt werden. Falls nicht vertrauenswürdige Benutzer physischen "
+"Zugriff auf den Rechner haben, kann dies von einem Angreifer ausgenutzt "
+"werden, um das Passwort der Person zu erhalten, die sich als nächste vor den "
+"Rechner setzt. Bei Linux können Benutzer den SAK-Mechanismus verwenden, um "
+"einen gesicherten Pfad zu erstellen und dieser Art von Angriffen vorzubeugen."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
@@ -6112,17 +6578,21 @@ msgstr "/var/run/utmp"
 #. (itstool) path: listitem/para
 #: login.1.xml.out:319 logoutd.8.xml.out:76
 msgid "List of current login sessions."
-msgstr "Liste der aktuellen angemeldeten Sitzungen"
+msgstr "Liste aktueller Anmeldungen"
 
+# MH In file login.1.xml, section Configuration, there seem to be a number of
+# configuration variables that to no make sense in combination with login,
+# are not applicable
 #. (itstool) path: term/filename
 #: login.1.xml.out:323
 msgid "/var/log/wtmp"
 msgstr "/var/log/wtmp"
 
+# MH142 if acceptable, shorten: s/login sessions/sessions
 #. (itstool) path: listitem/para
 #: login.1.xml.out:325
 msgid "List of previous login sessions."
-msgstr "Liste der vorangegangenen angemeldeten Sitzungen"
+msgstr "Liste vorangegangener Anmeldungen"
 
 #. (itstool) path: listitem/para
 #: login.1.xml.out:343
@@ -6134,10 +6604,15 @@ msgstr "Datei mit der Systemmeldung des Tages"
 msgid "/etc/nologin"
 msgstr "/etc/nologin"
 
+# MH Improved description:
+# In case this file is present, it prevents non-root users from logging in. The content
+# provides users with background information why the system is not available.
 #. (itstool) path: listitem/para
 #: login.1.xml.out:349
 msgid "Prevent non-root users from logging in."
-msgstr "verhindert, dass sich Benutzer außer Root anmelden"
+msgstr ""
+"existiert diese Datei, kann sich mit Ausnahme des Systemadministrators "
+"niemand anmelden."
 
 #. (itstool) path: listitem/para
 #: login.1.xml.out:355
@@ -6149,10 +6624,15 @@ msgstr "Liste der Terminaltypen"
 msgid "$HOME/.hushlogin"
 msgstr "$HOME/.hushlogin"
 
+# MH Improvement:
+# s
+# /Suppress printing of system messages.
+# /Suppresses printing of system messages after a successful login.
 #. (itstool) path: listitem/para
 #: login.1.xml.out:361
 msgid "Suppress printing of system messages."
-msgstr "unterdrückt die Ausgabe von Systemnachrichten"
+msgstr ""
+"unterdrückt die Ausgabe von Systemnachrichten nach erfolgreicher Anmeldung"
 
 #. (itstool) path: citerefentry/refentrytitle
 #: login.1.xml.out:377
@@ -6166,14 +6646,19 @@ msgstr ""
 msgid "sh"
 msgstr "chsh"
 
+# ENDE Teil 06 weiter mit su
+# BEGINN Teil 07 setzt suauth fort
+# MH63: Remark There are several implemenation for su. Debian seems to use
+# another one, thus distributes another manual page
+# see: https://lists.debian.org/debian-l10n-german/2018/11/msg00051.html
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -6181,6 +6666,8 @@ msgstr "chsh"
 msgid "su"
 msgstr "su"
 
+# ENDE Teil 15 weiter mit nologin.8
+# BEGINN Teil 16 setzt passwd.1 fort
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
@@ -6209,6 +6696,9 @@ msgstr "Marek"
 msgid "Michałkiewicz"
 msgstr "Michałkiewicz"
 
+# ENDE Teil 20 weiter mit login.access.5
+# BEGINN Teil 21 setzt login.defs.5 fort
+# FIXME: Please check and improve usage of xml-elements within the xml source file
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
@@ -6220,7 +6710,7 @@ msgstr "login.access"
 #. (itstool) path: refnamediv/refpurpose
 #: login.access.5.xml.out:42
 msgid "login access control table"
-msgstr "Tabelle für die Zugangskontrolle zur Anmeldung"
+msgstr "Tabelle zur Zugangssteuerung"
 
 #. (itstool) path: refsect1/para
 #: login.access.5.xml.out:47
@@ -6233,9 +6723,9 @@ msgid ""
 "The <_:emphasis-1/> file specifies (user, host) combinations and/or (user, "
 "tty) combinations for which a login will be either accepted or refused."
 msgstr ""
-"Die Datei <emphasis remap=\"I\">login.access</emphasis> legt Kombinationen "
-"von (Benutzer, Rechner) und (Benutzer, tty) fest, für die eine Anmeldung "
-"erlaubt oder abgelehnt wird."
+"Die Datei <filename>login.access</filename> legt Kombinationen von Benutzern "
+"einerseits und Rechnern beziehungsweise Terminals andererseits fest, für die "
+"eine Anmeldung erlaubt oder abgelehnt wird."
 
 #. (itstool) path: refsect1/para
 #: login.access.5.xml.out:53
@@ -6253,11 +6743,10 @@ msgid ""
 "permissions field of that table entry determines whether the login will be "
 "accepted or refused."
 msgstr ""
-"Wenn sich jemand anmeldet, wird <emphasis remap=\"I\">login.access</"
-"emphasis> nach dem ersten Eintrag durchsucht, auf den die Kombination von "
-"(Benutzer, Rechner) oder, bei lokalen Anmeldungen, von (Benutzer, tty) "
-"zutrifft. Das Feld für die Erlaubnis bestimmt, ob die Anmeldung zugelassen "
-"oder abgelehnt wird."
+"Wenn sich jemand anmeldet, wird <filename>login.access</filename> nach dem "
+"ersten Eintrag durchsucht, auf den die Kombination von Benutzer / Rechner "
+"oder, bei lokalen Anmeldungen, von Benutzer / Terminal zutrifft. Dessen "
+"Erlaubnisfeld bestimmt, ob die Anmeldung erfolgt oder abgelehnt wird."
 
 #. (itstool) path: refsect1/para
 #: login.access.5.xml.out:61
@@ -6265,8 +6754,8 @@ msgid ""
 "Each line of the login access control table has three fields separated by a "
 "\":\" character:"
 msgstr ""
-"Jede Zeile der Tabelle für die Zugangskontrolle enthält drei Felder, die "
-"jeweils durch einen Doppelpunkt »:« getrennt sind:"
+"Jede Zeile der Tabelle zur Zugangssteuerung enthält drei Felder, die durch "
+"einen Doppelpunkt »:« getrennt sind:"
 
 #. (itstool) path: para/emphasis
 #: login.access.5.xml.out:67
@@ -6313,6 +6802,9 @@ msgstr ""
 msgid "LOCAL"
 msgstr ""
 
+# FIXME: Declare, what sign is to be used as separator within the mentioned lists
+# MH Is the last phrase meant this way:
+# Accepted are hostnames like "host1@netgroup1" and "user2@netgroup1"
 #. (itstool) path: refsect1/para
 #: login.access.5.xml.out:70
 #, fuzzy
@@ -6339,17 +6831,17 @@ msgid ""
 "does not contain a \"<_:literal-8/>\" character). If you run NIS you can use "
 "@netgroupname in host or user patterns."
 msgstr ""
-"Das erste Feld kann das Zeichen »<emphasis>+</emphasis>« (Zugriff erlaubt) "
-"oder »<emphasis>-</emphasis>« (Zugriff verweigert) sein. Das zweite Feld "
-"kann eine Liste von einem oder mehreren Anmeldenamen, Gruppennamen oder "
-"<emphasis>ALL<emphasis> (trifft immer zu) sein. Das dritte Feld kann eine "
-"Liste von einem oder mehreren tty-Namen (für lokale Anmeldungen), Rechner-"
-"Namen, Domain-Namen (beginnen mit einem »<literal>.</literal>«), Rechner-"
-"Adressen, Internet-Netzwerk-Nummern (enden mit einem »<literal>.</"
-"literal>«), <emphasis>ALL</emphasis> (trifft immer zu) oder <emphasis>LOCAL</"
-"emphasis> (trifft auf alle Zeichenketten zu, die keinen »<literal>.</"
-"literal>« enthalten). Falls Sie NIS einsetzen, können Sie in den Rechner- "
-"und Benutzerangaben auch @netgroupname verwenden."
+"Das erste Feld sollte das Zeichen »<emphasis>+</emphasis>« (Zugriff erlaubt) "
+"oder »<emphasis>-</emphasis>« (Zugriff verweigert) enthalten. Das zweite "
+"Feld sollte eine Liste von einem oder mehreren Anmeldenamen, Gruppennamen "
+"oder <emphasis>ALL<emphasis> (trifft immer zu) enthalten. Das dritte Feld "
+"ist für eine Liste von einem oder mehreren Terminals (für lokale "
+"Anmeldungen), Rechner-Namen, Domain-Namen (beginnen mit einem »<literal>.</"
+"literal>«), Rechner-Adressen, Internet-Netzwerk-Nummern (enden mit einem "
+"»<literal>.</literal>«) oder <emphasis>ALL</emphasis> (trifft immer zu) oder "
+"<emphasis>LOCAL</emphasis> (trifft auf alle Zeichenketten zu, die keinen "
+"»<literal>.</literal>« enthalten) vorgesehen. Falls Sie NIS einsetzen, "
+"können Sie in den Rechner- und Benutzerangaben auch @netgroupname verwenden."
 
 #. (itstool) path: para/emphasis
 #: login.access.5.xml.out:85
@@ -6365,9 +6857,26 @@ msgstr ""
 msgid ""
 "The <_:emphasis-1/> operator makes it possible to write very compact rules."
 msgstr ""
-"Der Operator <emphasis>EXCEPT</emphasis> ermöglicht es, sehr kurze Regeln zu "
-"schreiben."
-
+"Mit dem Operator <emphasis>EXCEPT</emphasis> lassen sich Regeln sehr "
+"prägnant formulieren."
+
+# MH136: Is login.access still in use on a system or outdated?
+# MH137: Why "the logged-in user"? The table is used to check whether a login is acceptable!
+# Therefore: s/logged-in user/user
+# MH
+# s
+# / wenn ein Name nicht mit dem des angemeldeten Benutzers übereinstimmt.
+# / wenn die Eingabe mit keinem der Benutzernamen übereinstimmt
+# MH138 Phrase on groups without listed users seems obsolete, can probably be left out
+# s
+# /Eine Ãœbereinstimmung mit Gruppen wird nur festgestellt, wenn darin der Benutzer
+# ausdrücklich aufgeführt ist.
+# /Einer Gruppe sind die namentlich aufgelisteten Benutzer zugehörig.
+# MH139 short and precise
+# s/primary group id value/primary group
+# s
+# /nicht den Wert der Hauptgruppe des Benutzers
+# /nicht die primäre Gruppe des Benutzers
 #. (itstool) path: refsect1/para
 #: login.access.5.xml.out:89
 msgid ""
@@ -6375,10 +6884,10 @@ msgid ""
 "logged-in user. Only groups are matched in which users are explicitly "
 "listed: the program does not look at a user's primary group id value."
 msgstr ""
-"Die Gruppendatei wird nur durchsucht, wenn ein Name nicht mit dem des "
-"angemeldeten Benutzers übereinstimmt. Eine Übereinstimmung mit Gruppen wird "
-"nur festgestellt, wenn darin der Benutzer ausdrücklich aufgeführt ist. Das "
-"Programm beachtet also nicht den Wert der Hauptgruppe des Benutzers."
+"Die Datei »group« wird nur berücksichtigt, wenn ein Name nicht mit dem des "
+"angemeldeten Benutzers übereinstimmt. Als passend gelten nur Gruppen, in "
+"welchen Benutzer ausdrücklich aufgeführt sind. Das Programm beachtet die "
+"primäre Gruppe des Benutzers nicht."
 
 #. (itstool) path: refsect1/para
 #: login.access.5.xml.out:110 porttime.5.xml.out:119 suauth.5.xml.out:199
@@ -6386,12 +6895,16 @@ msgid "<_:citerefentry-1/>."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
-msgstr "Konfiguration der Werkzeugsammlung für Shadow-Passwörter"
+msgstr "Konfiguration der Shadow-Passwort-Programmsammlung"
 
+# MH128: Was ist mit operation gemeint? Das Laufen des Systems selbst oder
+# die Bedienung/Verwendung des Systems.
+# What is meant with "operation"? The operation, i.e. the state that
+# runs or the usage of the system by a user who was able to login?
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 #, fuzzy
 #| msgid ""
 #| "The <filename>/etc/login.defs</filename> file defines the site-specific "
@@ -6403,13 +6916,13 @@ msgid ""
 "shadow password suite. This file is required. Absence of this file will not "
 "prevent system operation, but will probably result in undesirable operation."
 msgstr ""
-"Die Datei <filename>/etc/login.defs</filename> legt die systemspezifische "
-"Konfiguration der Werkzeugsammlung für Shadow-Passwörter fest. Diese Datei "
-"muss vorhanden sein. Wenn sie fehlt, wird das System zwar laufen, es können "
-"aber unerwünschte Ergebnisse auftauchen."
+"Die Datei <filename>/etc/login.defs</filename> enthält die lokale "
+"Konfiguration der Shadow-Passwort-Programmsammlung. Diese Datei muss "
+"vorhanden sein. Wenn sie fehlt, wird das System zwar arbeiten, sich aber "
+"womöglich unerwünscht verhalten."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -6418,28 +6931,27 @@ msgid ""
 "the first non-white character of the line."
 msgstr ""
 "Diese Datei ist eine lesbare Textdatei. Jede Zeile der Datei beschreibt "
-"einen Konfigurationsparameter. Eine Zeile besteht aus einem "
-"Konfigurationsnamen und einem Wert, die durch ein Leerzeichen getrennt sind. "
-"Leer- und Kommentarzeilen werden nicht beachtet. Kommentare werden mit dem "
-"Rautezeichen »#« eingeleitet. Die Raute muss das erste nicht leere Zeichen "
-"der Zeile sein."
+"einen Konfigurationsparameter und besteht aus dessen Namen und einem Wert; "
+"beides durch Leerraumzeichen voneinander getrennt. Leer- und Kommentarzeilen "
+"werden nicht beachtet. Kommentare werden mit dem Rautezeichen »#« "
+"eingeleitet, wobei es das erste nicht leere Zeichen der Zeile sein muss."
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 #, fuzzy
 #| msgid "0"
 msgid "0x"
 msgstr "0"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 #, fuzzy
 #| msgid ""
 #| "Parameter values may be of four types: strings, booleans, numbers, and "
@@ -6462,41 +6974,42 @@ msgid ""
 "hexadecimal values (precede the value with <_:replaceable-5/>). The maximum "
 "value of the regular and long numeric parameters is machine-dependent."
 msgstr ""
-"Die Parameterwerte können aus vier Typen bestehen: Zeichenketten, Boolesch, "
-"Zahlen und lange Zahlen. Eine Zeichenkette kann aus jedem druckbaren Zeichen "
-"bestehen. Ein Boolesch sollte »yes« oder »no« sein. Einem anderen oder "
-"undefinierten Parameter für Boolesch wird der Wert »no« zugewiesen. Normale "
-"und lange Zahlen können aus Dezimalzahlen, Oktalzahlen (beginnen mit »0«) "
-"oder Hexadezimalzahlen (beginnen mit »0x«) bestehen. Die maximale Größe der "
-"Parameter normaler und langer Zahlen ist systemabhängig."
+"Als Werte für Parameter kommen vier Typen in Frage: Zeichenketten, ein "
+"Wahrheitswert, Zahlen und lange Zahlen. Eine Zeichenkette kann aus jedem "
+"druckbaren Zeichen bestehen. Als Wahrheitswerte sollten <replaceable>yes</"
+"replaceable> oder <replaceable>no</replaceable> verwendet werden. Fehlenden "
+"oder anders belegten Parametern dieses Typs wird <replaceable>no</"
+"replaceable> zugewiesen. Normale und lange Zahlen können Dezimalzahlen, "
+"Oktalzahlen (beginnen mit »0«) oder Hexadezimalzahlen (beginnen mit »0x«) "
+"sein. Die maximale Größe von normalen und langen Zahlen ist systemabhängig."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
-msgstr "Die folgenden Konfigurationsmöglichkeiten sind vorhanden:"
+msgstr "Folgende Merkmale können konfiguriert werden:"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 #, fuzzy
 #| msgid ""
 #| "<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and "
@@ -6509,85 +7022,102 @@ msgid ""
 msgstr ""
 "<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> und "
 "<option>PASS_WARN_AGE</option> werden nur bei der Erstellung eines Kontos "
-"verwendet. Spätere Änderungen dieser Werte berühren bestehende Konten nicht."
+"verwendet. Spätere Änderungen dieser Werte wirken sich auf bestehende Konten "
+"nicht aus."
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr "QUERVERWEISE"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
 msgstr ""
 "Die folgenden Querverweise zeigen, welche Programme aus der Shadow-Passwort-"
-"Werkzeugsammlung welche Parameter verwenden."
+"Sammlung welche Parameter verwenden."
 
 #. (itstool) path: listitem/para
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr "USE_TCB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 #| msgid "CHSH_AUTH LOGIN_STRING"
 msgid "LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+#, fuzzy
+#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr "MAX_MEMBERS_PER_GROUP"
 
@@ -6595,65 +7125,67 @@ msgstr "MAX_MEMBERS_PER_GROUP"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 #, fuzzy
 #| msgid "SYSLOG_SG_ENAB"
 msgid "FAILLOG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 #, fuzzy
 #| msgid "FILE"
 msgid "FTMP_FILE"
-msgstr "DATEIEN"
+msgstr "DATEI"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -6663,57 +7195,61 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr "newgrp / sg"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-#| "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
+#| "HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</"
-#| "phrase> SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
-#| "UMASK"
+#| "phrase> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+#| "SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX "
+#| "UID_MIN UMASK"
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
+"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase> "
+"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
 "SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 #| "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 #, fuzzy
 #| msgid ""
 #| "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -6723,13 +7259,15 @@ msgstr ""
 "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase condition=\"tcb\">USE_TCB</"
 "phrase>"
 
+# ENDE Teil 10 weiter mit pwconv
+# BEGINN Teil 11 setzt shadow.3 fort
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -6742,7 +7280,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -6750,22 +7288,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -6773,34 +7311,30 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 msgid "sulogin"
 msgstr "sulogin"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 #, fuzzy
 #| msgid ""
-#| "CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS "
-#| "PASS_MIN_DAYS PASS_WARN_AGE SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX "
-#| "SYS_UID_MIN UID_MAX UID_MIN UMASK <phrase "
-#| "condition=\"tcb\">TCB_AUTH_GROUP TCB_SYMLINK USE_TCB</phrase>"
+#| "CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR "
+#| "MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE "
+#| "SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+#| "SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX "
+#| "UID_MIN UMASK <phrase condition=\"tcb\">TCB_AUTH_GROUP TCB_SYMLINK "
+#| "USE_TCB</phrase>"
 msgid ""
 "CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR "
 "MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE "
@@ -6808,18 +7342,19 @@ msgid ""
 "SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK <_:"
 "phrase-1/>"
 msgstr ""
-"CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS "
-"PASS_MIN_DAYS PASS_WARN_AGE SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN "
-"UID_MAX UID_MIN UMASK <phrase condition=\"tcb\">TCB_AUTH_GROUP TCB_SYMLINK "
-"USE_TCB</phrase>"
+"CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR "
+"MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE "
+"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
+"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK "
+"<phrase condition=\"tcb\">TCB_AUTH_GROUP TCB_SYMLINK USE_TCB</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB "
@@ -6832,14 +7367,14 @@ msgstr ""
 "condition=\"tcb\">TCB_SYMLINKS USE_TCB</phrase>"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 #, fuzzy
 #| msgid ""
-#| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
+#| "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
 #| "condition=\"tcb\">TCB_SYMLINKS USE_TCB</phrase>"
 msgid "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 msgstr ""
-"MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
+"LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
 "condition=\"tcb\">TCB_SYMLINKS USE_TCB</phrase>"
 
 #. (itstool) path: varlistentry/term
@@ -6847,18 +7382,22 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "FEHLER"
 
+# MH A reference would be an improvement
+# s
+# /PAM
+# /<citerefentry><refentrytitle>PAM</refentrytitle><manvolnum>7</manvolnum></citerefentry>
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 #, fuzzy
 #| msgid ""
 #| "Much of the functionality that used to be provided by the shadow password "
@@ -6875,31 +7414,34 @@ msgid ""
 "citerefentry-2/>, or less used by <_:citerefentry-3/>, and <_:citerefentry-4/"
 ">. Please refer to the corresponding PAM configuration files instead."
 msgstr ""
-"Ein Großteil der Funktionen, die früher einmal durch die Shadow-Passwort-"
-"Werkzeugsammlung angeboten wurden, wird heute durch PAM zur Verfügung "
-"gestellt. Daher wird <filename>/etc/login.defs</filename> nicht länger von "
-"Programmen wie <citerefentry><refentrytitle>passwd</"
-"refentrytitle><manvolnum>1</manvolnum></citerefentry> ausgewertet und von "
-"Programmen wie <citerefentry><refentrytitle>login</"
-"refentrytitle><manvolnum>1</manvolnum></citerefentry> oder "
-"<citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></"
-"citerefentry> nur noch in geringem Umfang beachtet. Sie sollten daher für "
-"eine entsprechende Konfiguration in den Dateien von PAM nachsehen."
+"Viele Funktionen, die einst durch die Shadow-Passwort-Programmsammlung "
+"bereitgestellt wurden, werden nun von PAM ausgeführt. Daher wird <filename>/"
+"etc/login.defs</filename> nicht länger von "
+"<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></"
+"citerefentry> ausgewertet und von den Programmen "
+"<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></"
+"citerefentry> und <citerefentry><refentrytitle>su</"
+"refentrytitle><manvolnum>1</manvolnum></citerefentry> weniger benutzt. Bitte "
+"arbeiten Sie stattdessen mit den entsprechenden Konfigurationsdateien von "
+"<citerefentry><refentrytitle>PAM</refentrytitle><manvolnum>7</manvolnum></"
+"citerefentry>."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #, fuzzy
 #| msgid "pw_name"
 msgid "pam"
 msgstr "pw_Name"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
 msgstr ""
 
+# ENDE Teil 18 weiter mit logoutd.8
+# BEGINN Teil 19 setzt newgrp.1 fort
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -6912,7 +7454,7 @@ msgstr "logoutd"
 #. (itstool) path: refnamediv/refpurpose
 #: logoutd.8.xml.out:41
 msgid "enforce login time restrictions"
-msgstr "richtet Beschränkung von Anmeldezeiten ein"
+msgstr "setzt die zeitlichen Einschränkungen für Anmeldungen durch"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
@@ -6928,7 +7470,6 @@ msgstr "/etc/porttime"
 msgid "/etc/rc"
 msgstr "/etc/group"
 
-# SB: /etc/rc is not in Debian. Probably doesn't matter, since logoutd is not in Debian either.
 #. (itstool) path: refsect1/para
 #: logoutd.8.xml.out:52
 #, fuzzy
@@ -6948,24 +7489,37 @@ msgid ""
 "Any login session which is violating the restrictions in <_:filename-6/> is "
 "terminated."
 msgstr ""
-"<command>logoutd</command> setzt die Anmeldezeiten und Portbeschränkungen "
-"aus <filename>/etc/porttime</filename> um. <command>logoutd</command> sollte "
-"aus <filename>/etc/rc</filename> gestartet werden. Die Datei <filename>/var/"
-"run/utmp</filename> wird regelmäßig abgerufen, wobei jeder Benutzername "
-"darauf überprüft wird, ob er für den jeweiligen Port zur jeweiligen Zeit "
-"zugelassen ist. Alle angemeldeten Sitzungen, die gegen die Beschränkungen in "
-"<filename>/etc/porttime</filename> verstoßen, werden beendet."
+"<command>logoutd</command> setzt die Zeiten und Ports (Zugangsgeräte) "
+"betreffenden Beschränkungen aus <filename>/etc/porttime</filename> durch. "
+"<command>logoutd</command> sollte durch <filename>/etc/rc</filename> "
+"gestartet werden. Anhand der Datei <filename>/var/run/utmp</filename> wird "
+"regelmäßig überprüft, ob jeder genannte Benutzer für den jeweiligen Port zur "
+"jeweiligen Zeit zugelassen ist. Alle Anmeldungen, die gegen die "
+"Beschränkungen in <filename>/etc/porttime</filename> verstoßen, werden "
+"beendet."
 
+# MH91: normally, no full stop at the end of the strings in section FILES
 #. (itstool) path: listitem/para
 #: logoutd.8.xml.out:70 porttime.5.xml.out:111
 msgid "File containing port access."
-msgstr "Datei, die den Port-Zugriff enthält."
+msgstr "Datei, die Zugriffe auf Ports regelt"
 
+# MH apparently, the primary group membership is changed by newgrp, therefore
+# s/log in to a new group/log in anew using another primary group
 #. (itstool) path: refnamediv/refpurpose
 #: newgrp.1.xml.out:42
 msgid "log in to a new group"
-msgstr "als neue Gruppe anmelden"
-
+msgstr "sich mit einer anderen Gruppenzugehörigkeit anmelden"
+
+# MH120 Replaces the new group the group that was the primary group before?
+# The output of the command groups shows the new group first within the list of memberships
+# MH122: change a GID and the fact that a user has a set of memberships in
+# implies that this command allows a user to replace his own primary group with another one
+# In this case, it should be mentioned explicitely:
+# s/current group ID/current primary group ID
+# Mit tester1 und
+# der Gruppe users mit Passworteintrag in gshadow ließ sich das
+# hier nicht klären
 #. (itstool) path: refsect1/para
 #: newgrp.1.xml.out:54
 #, fuzzy
@@ -6982,27 +7536,28 @@ msgid ""
 "otherwise the current environment, including current working directory, "
 "remains unchanged."
 msgstr ""
-"Mit dem Befehl <command>newgrp</command> kann während einer angemeldeten "
-"Sitzung die aktuelle Gruppen-ID geändert werden. Wenn zusätzlich der "
-"Schalter <option>-</option> angegeben wird, wird die Benutzerumgebung neu "
-"gestartet, so als ob sich der Benutzer neu angemeldet hätte. Anderenfalls "
-"bleibt die aktuelle Umgebung einschließlich des aktuellen "
-"Arbeitsverzeichnisses unverändert."
-
+"Mit dem Befehl <command>newgrp</command> kann während einer Sitzung die "
+"Gruppenkennung geändert werden. Wenn zusätzlich der Schalter <option>-</"
+"option> angegeben wird, wird die Benutzerumgebung neu eingerichtet, und "
+"zwar, als ob sich der Benutzer neu angemeldet hätte. Anderenfalls bleibt die "
+"aktuelle Umgebung einschließlich des aktuellen Arbeitsverzeichnisses "
+"unverändert."
+
+# MH123 Why does the attribute "real" appears with group ID?
+# According to SH 2022-02-19, real/effective GIDs and primary/supplementary groups are
+# different concepts
+# The counterpart is "effective group" that might be entered. See and refer to sg, newgrp
+# and id(1) from coreutils. id(1) from shadow-utils was apparenty ignored when creating
+# the message catalogue
+# MH125 The third phrase just produces confusion, probably due to missing marks
+# (comma, dot, semicolon, ...)
+# MH newgrp expected as well a password when neither /etc/group
+# nor /etc/gshadow contained a password, i.e. there was nothing (
+# no character, no x, no !) in the second field between the two colons
+# Due to the problems with this string, german translation was marked as fuzzy
 #. (itstool) path: refsect1/para
 #: newgrp.1.xml.out:62
 #, fuzzy
-#| msgid ""
-#| "<command>newgrp</command> changes the current real group ID to the named "
-#| "group, or to the default group listed in <filename>/etc/passwd</filename> "
-#| "if no group name is given. <command>newgrp</command> also tries to add "
-#| "the group to the user groupset. If not root, the user will be prompted "
-#| "for a password if she does not have a password (in <filename>/etc/shadow</"
-#| "filename> if this user has an entry in the shadowed password file, or in "
-#| "<filename>/etc/passwd</filename> otherwise) and the group does, or if the "
-#| "user is not listed as a member and the group has a password. The user "
-#| "will be denied access if the group password is empty and the user is not "
-#| "listed as a member."
 msgid ""
 "<_:command-1/> changes the current real group ID to the named group, or to "
 "the default group listed in <_:filename-2/> if no group name is given. <_:"
@@ -7013,16 +7568,26 @@ msgid ""
 "listed as a member and the group has a password. The user will be denied "
 "access if the group password is empty and the user is not listed as a member."
 msgstr ""
-"<command>newgrp</command> wechselt von der aktuellen echten Gruppen-ID zu "
-"der angegeben Gruppe oder, falls kein Gruppenname angegeben wird, zu der "
-"Standardgruppe, wie sie in <filename>/etc/passwd</filename> festgelegt ist. "
-"Zudem versucht <command>newgrp</command>, die Gruppe der Gruppensammlung des "
-"Benutzers hinzuzufügen. Wenn der Benutzer nicht Root ist und die Gruppe ein "
-"Passwort hat und der Benutzer nicht Mitglied der Gruppe ist oder kein "
-"Passwort hat (in <filename>/etc/shadow</filename>, falls er einen Eintrag in "
-"der Shadow-Passwort-Datei hat, anderenfalls in <filename>/etc/passwd</"
-"filename>), wird er nach einem Passwort gefragt."
+"<command>newgrp</command> wechselt von der momentanen tatsächlichen (»real«) "
+"Gruppenkennung zu der angegebenen Gruppe. Ohne Gruppennamen wird zu der "
+"Gruppe gewechselt, die in <filename>/etc/passwd</filename> für den Benutzer "
+"hinterlegt ist. Zudem versucht <command>newgrp</command>, die Gruppe den "
+"Gruppenzugehörigkeiten des Benutzers hinzuzufügen. Wenn die Gruppe ein "
+"Passwort hat und <command>newgrp<(command> nicht durch den "
+"Systemadministrator aufgerufen wurde, erwartet der Befehl die Eingabe eines "
+"Passworts: a) Von Benutzern ohne Passwort. b) Von Benutzern mit einem "
+"Passwort in <filename>/etc/passwd</filename> oder <filename>/etc/shadow</"
+"filename>. c) Von Benutzern, die nicht als Mitglied der Gruppe aufgeführt "
+"sind. Der Zugang wird dem Benutzer verweigert, wenn für die Gruppe kein "
+"Passwort hinterlegt ist und der Benutzer nicht als Gruppenmitglied gelistet "
+"ist."
 
+# MH126 False description. I found out that newgrp uses the password entry from /etc/group
+# instead the one from /etc/gshadow
+# Herausgefunden ist, dass newgrp, wenn es
+# Passwörter verlangt, korrekte Passworter nur dann annimmt, wenn sie im 2. Feld
+# der Datei groups sind. Wenn sie in gshadow sind (was für geschützte Systeme normal wäre),
+# werden sie abgelehnt.
 #. (itstool) path: refsect1/para
 #: newgrp.1.xml.out:76
 #, fuzzy
@@ -7036,10 +7601,9 @@ msgid ""
 "members and the password of this group will be taken from this file, "
 "otherwise, the entry in <_:filename-2/> is considered."
 msgstr ""
-"Wenn sich in <filename>/etc/gshadow</filename> ein Eintrag für diese Gruppe "
-"befindet, wird die Mitgliederliste und das Passwort der Gruppe dieser Datei "
-"entnommen. Anderenfalls wird der Eintrag in <filename>/etc/group</filename> "
-"ausgewertet."
+"Wenn die Gruppe in <filename>/etc/gshadow</filename> erscheint, erfolgt die "
+"Prüfung anhand des Passwortes dort und anhand der Mitgliederliste. "
+"Anderenfalls wird der Eintrag in <filename>/etc/group</filename> ausgewertet."
 
 #. (itstool) path: citerefentry/refentrytitle
 #: newgrp.1.xml.out:130 sg.1.xml.out:119
@@ -7047,12 +7611,13 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
-msgstr "erstellt oder aktualisiert mehrere neue Benutzer am Stück"
+msgstr ""
+"erstellt neue oder aktualisiert vorhandene Benutzerkonten in einem Aufruf"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 #, fuzzy
 #| msgid ""
 #| "The <command>newusers</command> command reads a <replaceable>file</"
@@ -7067,33 +7632,38 @@ msgid ""
 "to create new users. Each line is in the same format as the standard "
 "password file (see <_:citerefentry-3/>) with the exceptions explained below:"
 msgstr ""
-"Der Befehl <command>newusers</command> verwendet eine <replaceable>Datei</"
-"replaceable> (oder standardmäßig die Standardeingabe) und aktualisiert damit "
-"eine Gruppe bestehender Benutzer oder erstellt damit neue Benutzer. Jede "
-"Zeile hat dasselbe Format wie die übliche Passwortdatei (vergleiche "
+"Der Befehl <command>newusers</command> liest eine <replaceable>Datei</"
+"replaceable> (oder voreingestellt die Standardeingabe) und aktualisiert "
+"damit einen Satz bestehender Benutzer oder erstellt damit neue Benutzer. Das "
+"Format der einzelnen Zeilen entspricht der Passwortdatei (vergleiche "
 "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></"
-"citerefentry>) mit den unten aufgeführten Ausnahmen:"
+"citerefentry>) mit den nachfolgend aufgeführten Ausnahmen:"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
-msgstr "pw_Name:pw_Passwort:pw_uid:pw_gid:pw_gecos:pw_Verz:pw_shell"
+msgstr ""
+"pw_Name:pw_Passwort:pw_Benutzerkennung:pw_Gruppenkennung:pw_GECOS:"
+"pw_Verzeichnis:pw_Shell"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr "pw_Name"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
-msgstr "Dies ist der Name des Benutzers."
+msgstr "Dies ist der Anmeldename des Benutzers."
 
+# MH Contains the parenthesis about users/grous newly created by newusers
+# implicit information that newusers creates/edits users (and groups) line by line?
+# If this is the case, I'd prefer mentioning this mode of work explicitely.
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 #, fuzzy
 #| msgid ""
-#| "It can be the name of a new user or the name of an existing user (or an "
+#| "It can be the name of a new user or the name of an existing user (or a "
 #| "user created before by <command>newusers</command>). In case of an "
 #| "existing user, the user's information will be changed, otherwise a new "
 #| "user will be created."
@@ -7102,58 +7672,59 @@ msgid ""
 "created before by <_:command-1/>). In case of an existing user, the user's "
 "information will be changed, otherwise a new user will be created."
 msgstr ""
-"Es kann sich dabei um den Namen eines neuen oder eines existierenden "
-"Benutzer (oder eines, der zuvor mit <command>newusers</command> erstellt "
-"wurde) handeln. Für den Fall, dass der Benutzer bereits vorhanden ist, "
-"werden seine Daten verändert, anderenfalls wird ein neuer Benutzer erstellt."
+"Es kann sich dabei um den Namen eines neuen, eines existierenden odereines "
+"zuvor mit <command>newusers</command> erstellten Benutzers handeln. Für den "
+"Fall, dass der Benutzer bereits vorhanden ist, werden die Informationen über "
+"ihn geändert, anderenfalls wird ein neuer Benutzer erstellt."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_Passwort"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
 msgstr ""
-"Dieses Feld wird verschlüsselt und als neuer Wert für das verschlüsselte "
-"Passwort verwendet."
+"Dieses Feld wird verschlüsselt und als neues verschlüsseltes Passwort "
+"benutzt."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
-msgstr "pw_uid"
+msgstr "pw_Benutzerkennung"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
-msgstr "Mit diesem Feld wird die UID des Benutzers bestimmt."
+msgstr "Mit diesem Feld wird die Benutzerkennung festgelegt."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 #, fuzzy
 #| msgid ""
-#| "If the field is empty, an new (unused) UID will be defined automatically "
+#| "If the field is empty, a new (unused) UID will be defined automatically "
 #| "by <command>newusers</command>."
 msgid ""
 "If the field is empty, a new (unused) UID will be defined automatically by "
 "<_:command-1/>."
 msgstr ""
-"Wenn dieses Feld leer ist, wird von <command>newusers</command> automatisch "
-"eine neue (noch freie) UID gewählt."
+"Wenn dieses Feld leer ist, wird <command>newusers</command> selbst eine "
+"neue, ungenutzte Benutzerkennung auswählen."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
-msgstr "Wenn dieses Feld eine Zahl enthält, wird sie als UID verwendet."
+msgstr ""
+"Wenn dieses Feld eine Zahl enthält, wird sie als Benutzerkennung übernommen."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 #, fuzzy
 #| msgid ""
-#| "If this field contains the name of an existing user (or the name of an "
+#| "If this field contains the name of an existing user (or the name of a "
 #| "user created before by <command>newusers</command>), the UID of the "
 #| "specified user will be used."
 msgid ""
@@ -7161,31 +7732,35 @@ msgid ""
 "created before by <_:command-1/>), the UID of the specified user will be "
 "used."
 msgstr ""
-"Wenn dieses Feld den Namen eines existierenden Benutzers enthält (oder eines "
-"Benutzers, der zuvor mit <command>newusers</command> erstellt wurde), wird "
-"die UID des angegebenen Benutzers verwendet."
+"Wenn dieses Feld den Namen eines existierenden oder eines zuvor mit "
+"<command>newusers</command> erstellten Benutzers enthält, wird die Kennung "
+"des angegebenen Benutzers verwendet."
 
+# MH114 why singular "user's file should"?
+# s/the files ownership of the user's file should/the ownership of the users' files must
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
 msgstr ""
-"Falls die UID eines bestehenden Benutzers verändert wird, muss der "
-"Eigentümer der Dateien des Benutzers per Hand angepasst werden."
+"Falls die Kennung eines bestehenden Benutzers verändert wird, muss bei den "
+"Dateien des Benutzers der Eigentümer per Hand angepasst werden."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
-msgstr "pw_gid"
+msgstr "pw_Gruppenkennung"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
-msgstr "Mit diesem Feld wird die ID der Hauptgruppe des Benutzers definiert."
+msgstr ""
+"Mit diesem Feld wird die Kennung der primären Gruppe des Benutzers "
+"festgelegt."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing group (or a group created "
@@ -7196,23 +7771,25 @@ msgid ""
 "before by <_:command-1/>), the GID of this group will be used as the primary "
 "group ID for the user."
 msgstr ""
-"Wenn dieses Feld den Namen einer existierenden Gruppe enthält (oder einer "
-"Gruppe, die zuvor mit <command>newusers</command> erstellt wurde), wird die "
-"GID dieser Gruppe als ID der Hauptgruppe des  Benutzers verwendet."
+"Wenn dieses Feld den Namen einer existierenden Gruppe enthält oder den einer "
+"zuvor mit <command>newusers</command> erstellten Gruppe, gibt die Kennung "
+"dieser Gruppe die primäre Gruppe des Benutzers an."
 
+# MH115:check english s/no groups exist with this GID/no group with this GID exists
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
 "with this GID, and the name of the user."
 msgstr ""
-"Wenn dieses Feld eine Zahl enthält, wird sie als ID der Hauptgruppe des "
-"Benutzers verwendet. Falls eine Gruppe mit dieser GID nicht existiert, wird "
-"eine neue Gruppe mit dieser GID unter dem Namen des Benutzers erstellt."
+"Wenn dieses Feld eine Zahl enthält, wird sie als Kennung der primären Gruppe "
+"des Benutzers verwendet. Falls keine Gruppe mit dieser Kennung existiert, "
+"wird eine neue Gruppe mit dieser Kennung und dem Namen des Benutzers "
+"erstellt."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 #, fuzzy
 #| msgid ""
 #| "If this field is empty, a new group will be created with the name of the "
@@ -7224,13 +7801,12 @@ msgid ""
 "user and a GID will be automatically defined by <_:command-1/> to be used as "
 "the primary group ID for the user and as the GID for the new group."
 msgstr ""
-"Wenn dieses Feld leer ist, wird eine neue Gruppe unter dem Namen des "
-"Benutzers erstellt und von <command>newusers</command> automatisch eine neue "
-"GID gewählt, die als ID der Hauptgruppe des Benutzers und als GID für die "
-"neue Gruppe dient."
+"Wenn dieses Feld leer ist, wird eine neue Gruppe mit dem Namen des Benutzers "
+"und einer von <command>newusers</command> selbsttätig ausgewählten Kennung "
+"erstellt. Diese Gruppe wird zur primären Gruppe des Benutzers."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of a group which does not exist (and was "
@@ -7244,39 +7820,40 @@ msgid ""
 "specified name and a GID will be automatically defined by <_:command-2/> to "
 "be used as the primary group ID for the user and GID for the new group."
 msgstr ""
-"Wenn dieses Feld den Namen einer Gruppe enthält, die nicht vorhanden ist "
-"(und nicht zuvor von <command>newusers</command> erstellt wurde), wird eine "
-"neue Gruppe unter dem angegebenen Namen erstellt und von <command>newusers</"
-"command> automatisch eine neue GID gewählt, die als ID der Hauptgruppe des "
-"Benutzers und als GID für die neue Gruppe dient."
+"Wenn dieses Feld den Namen einer Gruppe enthält, die weder vorhanden ist "
+"noch zuvor durch <command>newusers</command> erstellt wurde, wird eine neue "
+"Gruppe mit diesem Namen und einer von <command>newusers</command> "
+"selbstausgewählten Gruppenkennung erstellt. Diese wird als primäre Gruppe "
+"des des Benutzers genutzt."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
-msgstr "pw_gecos"
+msgstr "pw_GECOS"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr "Dieses Feld wird in das GECOS-Feld des Benutzers kopiert."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
-msgstr "pw_Verz"
+msgstr "pw_Verzeichnis"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
-msgstr "Mit diesem Feld wird das Home-Verzeichnis des Benutzers definiert."
+msgstr ""
+"In diesem Feld wird das persönliche Verzeichnis des Benutzers definiert."
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -7289,7 +7866,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 #, fuzzy
 #| msgid ""
 #| "If the home directory of an existing user is changed, <command>newusers</"
@@ -7300,26 +7877,29 @@ msgid ""
 "not move or copy the content of the old directory to the new location. This "
 "should be done manually."
 msgstr ""
-"Wenn das Home-Verzeichnis eines vorhandenen Benutzers geändert wird, "
+"Wenn das persönliche Verzeichnis eines vorhandenen Benutzers geändert wird, "
 "verschiebt oder kopiert <command>newusers</command> nicht den Inhalt des "
-"alten Verzeichnisses in das neue. Dies muss von Hand erledigt werden."
+"alten Verzeichnisses in das neue. Dies sollte von Hand erledigt werden."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
-msgstr "pw_shell"
+msgstr "pw_Shell"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
 msgstr ""
-"Mit diesem Feld wird die Shell des Benutzers definiert. Diese Eingabe wird "
-"nicht überprüft."
+"Mit diesem Feld wird die Shell des Benutzers festgelegt, wobei diese Eingabe "
+"nicht überprüft wird."
 
+# MH117 check language: s/then write/then writes
+# MH avoid "databases" as the ordinary files for user administration (passwd, group, ...)
+# are meant
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "<command>newusers</command> first tries to create or change all the "
@@ -7334,75 +7914,93 @@ msgid ""
 msgstr ""
 "Zuerst erstellt und ändert <command>newusers</command> die angegebenen "
 "Benutzer und schreibt die Änderungen in die Benutzer- oder Gruppendatenbank. "
-"Falls ein Fehler auftritt (außer beim Schreiben in die Datenbanken), werden "
-"in den Datenbanken keine Änderungen vorgenommen."
+"Falls ein Fehler auftritt (außer beim abschließenden Schreiben in die "
+"Datenbanken), werden in den Datenbanken keine Änderungen vorgenommen."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
 "pass is used to update the passwords using PAM. Failures to update a "
 "password are reported, but will not stop the other password updates."
 msgstr ""
-"Im ersten Durchlauf werden Benutzer mit einem gesperrten Passwort erstellt; "
-"Passwörter von bereits vorhandenen Benutzern werden in diesem Stadium nicht "
-"verändert. Im zweiten Durchlauf werden die Passwörter mit PAM aktualisiert. "
-"Sofern dabei ein Fehler auftritt, wird dieser angezeigt, die Aktualisierung "
-"der übrigen Passwörter aber fortgesetzt."
+"Im ersten Durchlauf werden Benutzer mit einem gesperrten Passwort erstellt "
+"und Passwörter von bereits vorhandenen Benutzern werden nicht verändert. Im "
+"zweiten Durchlauf werden die Passwörter mit PAM aktualisiert. Sofern dabei "
+"ein Fehler auftritt, wird dieser angezeigt, die Aktualisierung der übrigen "
+"Passwörter aber fortgesetzt."
 
+# MH119a english check, suggestion for replacement
+# "This command is intended for large systems when numerous accounts "
+# "need to be created at a single time."
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
 msgstr ""
-"Dieser Befehl ist für den Einsatz in einer Umgebung mit zahlreichen Systemen "
-"vorgesehen, in der viele Konten gleichzeitig aktualisiert werden müssen."
+"Dieser Befehl ist für weitreichende Systeme gedacht, bei denenviele Konten "
+"gleichzeitig angelegt werden müssen."
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
-msgstr ""
+msgstr "--badname"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
+msgstr "erlaube Namen, die nicht den Standards entsprechen."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
 msgstr ""
+"Die verfügbaren Methoden sind, sofern Ihre libc diese bereitstellt, DES, "
+"MD5, NONE und SHA256 oder SHA512."
 
+# Replacement s/a system account/a system user account discussed with Serge,
+# but it would not be ideal as well
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr "erstellt ein Systemkonto"
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "SYS_UID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "UID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 #, fuzzy
 #| msgid ""
 #| "System users will be created with no aging information in <filename>/etc/"
@@ -7417,14 +8015,48 @@ msgid ""
 "range, defined in <_:filename-4/>, instead of <_:option-5/>-<_:option-6/> "
 "(and their <_:option-7/> counterparts for the creation of groups)."
 msgstr ""
-"Systembenutzer werden ohne Hinterlegung des Alters ihres Passworts in "
-"<filename>/etc/shadow</filename> erstellt. Ihre numerische Kennung wird aus "
-"der Spanne <option>SYS_UID_MIN</option> bis <option>SYS_UID_MAX</option> "
-"anstelle von <option>UID_MIN</option> bis <option>UID_MAX</option> gewählt "
-"(gleiches gilt für die GID bei der Erstellung von Gruppen)."
+"Systemkonten werden ohne Gültigkeitsfristen in <filename>/etc/shadow</"
+"filename> erstellt. Ihre Benutzerkennung wird dem in <filename>login.defs</"
+"filename> festgelegten Bereich von <option>SYS_UID_MIN</option> bis "
+"<option>SYS_UID_MAX</option> anstelle von <option>UID_MIN</option> bis "
+"<option>UID_MAX</option> entnommen (gleiches gilt für die Gruppenkennung bei "
+"der Erstellung von Gruppen)."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr "Der Mindestwert ist 1000, der Höchstwert 999.999.999."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr "Der Mindestwert ist 1000, der Höchstwert 999.999.999."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr "Der Mindestwert ist 1000, der Höchstwert 999.999.999."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
@@ -7432,57 +8064,55 @@ msgstr ""
 "enthält."
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr "/etc/pam.d/newusers"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
-#, fuzzy
-#| msgid "/etc/suauth"
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 msgid "/etc/subgid"
-msgstr "/etc/suauth"
+msgstr "/etc/subgid"
 
+# MH full stop at the end of the string is not necessary
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
-msgstr ""
+msgstr "enthält untergeordnete Gruppenkennungen der einzelnen Benutzer."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
-#, fuzzy
-#| msgid "/etc/suauth"
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 msgid "/etc/subuid"
-msgstr "/etc/suauth"
+msgstr "/etc/subuid"
 
+# full stop at the end of the string is not necessary
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
-msgstr ""
+msgstr "enthält untergeordnete Benutzerkennungen der einzelnen Benutzer."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
-#| msgid "/etc/suauth"
+#| msgid "/etc/subgid"
 msgid "subgid"
-msgstr "/etc/suauth"
+msgstr "/etc/subgid"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
-#| msgid "/etc/suauth"
+#| msgid "/etc/subuid"
 msgid "subuid"
-msgstr "/etc/suauth"
+msgstr "/etc/subuid"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -7491,6 +8121,8 @@ msgstr ""
 msgid "politely refuse a login"
 msgstr "lehnt höflich eine Anmeldung ab"
 
+# MH112 meant is / more precisely
+# s / shell field / shell field in /etc/passwd
 #. (itstool) path: refsect1/para
 #: nologin.8.xml.out:41
 #, fuzzy
@@ -7503,9 +8135,10 @@ msgid ""
 "available and exits non-zero. It is intended as a replacement shell field "
 "for accounts that have been disabled."
 msgstr ""
-"Der Befehl <command>nologin</command> zeigt die Meldung an, dass ein Konto "
-"nicht verfügbar ist, und gibt einen Wert von ungleich Null zurück. Dies ist "
-"als Einsatz für das Shell-Feld bei abgeschalteten Konten vorgesehen."
+"Der Befehl <command>nologin</command> meldet, dass ein Benutzerkonto nicht "
+"verfügbar ist und gibt einen Wert von ungleich Null zurück. Er wird bei "
+"stillgelegten Konten ersatzweise im Befehlsinterpreter-Feld als Wert "
+"eingetragen."
 
 #. (itstool) path: refsect1/para
 #: nologin.8.xml.out:46
@@ -7517,10 +8150,17 @@ msgstr ""
 msgid "SSH_ORIGINAL_COMMAND"
 msgstr ""
 
+# MH SSH_ORIGINAL_COMMAND appears nowhere else in this documentation
+# MH SSH_ORIGINAL_COMMAND is no command but a variable, thus it is falsely tagged
 #. (itstool) path: refsect1/para
 #: nologin.8.xml.out:51
+#, fuzzy
+#| msgid ""
+#| "If <command>SSH_ORIGINAL_COMMAND</command> is populated it will be logged."
 msgid "If <_:command-1/> is populated it will be logged."
 msgstr ""
+"Wenn <command>SSH_ORIGINAL_COMMAND</command> ein Wert zugewiesen ist, wird "
+"er protokolliert."
 
 #. (itstool) path: refsect1/title
 #: nologin.8.xml.out:69
@@ -7530,17 +8170,24 @@ msgstr "GESCHICHTE"
 #. (itstool) path: refsect1/para
 #: nologin.8.xml.out:70
 #, fuzzy
-#| msgid "The <command>nologin</command> command appearred in BSD 4.4."
+#| msgid "The <command>nologin</command> command appeared in BSD 4.4."
 msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr "Der Befehl <command>nologin</command> tauchte erstmals in BSD 4.4 auf."
 
+# ENDE Teil 14 weiter mit passwd.1
+# BEGINN Teil 15 setzt passwd.5 fort
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "ändert das Passwort eines Benutzers"
 
+# MH97 s/a normal user/normal users or their wird wieder his/her
+# MH passwd only changes periods for the password, not the account expiration date, thus
+# s
+# /<command>passwd</command> also changes the account or associated password validity period.
+# /<command>passwd</command> also allows a change of usage and replacement periods for a password.
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 #, fuzzy
 #| msgid ""
 #| "The <command>passwd</command> command changes passwords for user "
@@ -7556,17 +8203,21 @@ msgid ""
 msgstr ""
 "Der Befehl <command>passwd</command> ändert die Passwörter von "
 "Benutzerkonten. Ein normaler Benutzer kann nur das Passwort seines Kontos "
-"verändern, der Superuser dagegen kann die Passwörter aller Konten ändern. "
-"Mit <command>passwd</command> können auch die Informationen über das Konto "
-"und die Gültigkeitsdauer des Passworts verändert werden."
+"ändern, der Systemadministrator dagegen kann die Passwörter aller Konten "
+"ändern. <command>passwd</command> ändert auch das Passwort betreffende "
+"Fristen und weitere Merkmale des Kontos."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr "Verändern des Passworts"
 
+# MH98: Correction
+# s
+# /the superuser is permitted to bypass this step so that
+# /for the superuser this step is omitted so that
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -7576,11 +8227,11 @@ msgstr ""
 "Der Benutzer wird zuerst nach seinem alten Passwort gefragt, falls eines "
 "vorhanden ist. Dieses Passwort wird dann verschlüsselt und mit dem "
 "gespeicherten Passwort verglichen. Der Benutzer hat nur eine Gelegenheit, "
-"das richtige Passwort einzugeben. Der Superuser kann diesen Schritt "
-"überspringen, um so vergessene Passwörter zu ändern."
+"das richtige Passwort einzugeben. Der Systemadministrator kann diesen "
+"Schritt überspringen, um so vergessene Passwörter zu ändern."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 #, fuzzy
 #| msgid ""
 #| "After the password has been entered, password aging information is "
@@ -7592,13 +8243,13 @@ msgid ""
 "to see if the user is permitted to change the password at this time. If not, "
 "<_:command-1/> refuses to change the password and exits."
 msgstr ""
-"Nachdem das Passwort eingegeben wurde, werden Informationen über die "
-"Gültigkeitsdauer des Passworts abgefragt, um festzustellen, ob der Benutzer "
-"das Passwort zu dieser Zeit verändern darf. Wenn nicht, lehnt "
-"<command>passwd</command> die Änderung des Passworts ab und beendet sich."
+"Nachdem das Passwort eingegeben wurde, wird anhand der für das Passwort "
+"geltenden Fristen geklärt, ob der Benutzer das Passwort aktuell verändern "
+"darf. Wenn nicht, lehnt <command>passwd</command> die Änderung des Passworts "
+"ab und beendet sich."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -7609,60 +8260,25 @@ msgstr ""
 "damit das Passwort geändert wird."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
-msgstr ""
-"Anschließend wird das Passwort auf seine Komplexität überprüft. Eine "
-"allgemeine Richtlinie besagt, dass Passwörter aus sechs bis acht Zeichen "
-"bestehen sollten und ein oder mehrere Zeichen aus folgenden Mengen enthalten "
-"sollten:"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr "Kleinbuchstaben"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr "Ziffern 0 bis 9"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr "Satzzeichen"
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-#, fuzzy
-#| msgid ""
-#| "Care must be taken not to include the system default erase or kill "
-#| "characters. <command>passwd</command> will reject any password which is "
-#| "not suitably complex."
+#: passwd.1.xml.out:98
 msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
-"Seien Sie vorsichtig, dass Sie nicht die standardmäßigen Lösch- und Kill-"
-"Zeichen des Systems eingeben. <command>passwd</command> weist Passwörter "
-"zurück, die nicht hinreichend komplex sind."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr "Hinweise zu Benutzerpasswörtern"
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 #, fuzzy
 #| msgid ""
 #| "The security of a password depends upon the strength of the encryption "
@@ -7680,13 +8296,14 @@ msgid ""
 msgstr ""
 "Die Sicherheit eines Passworts hängt von der Stärke des "
 "Verschlüsselungsalgorithmus und von der Größe des Schlüsselraums ab. Die "
-"hergebrachte Verschlüsselung auf <emphasis>UNIX</emphasis>-Systemen basiert "
-"auf dem NBS-DES-Algorithmus. Heutzutage sind neuere Verschlüsselungsmethoden "
-"zu empfehlen (vergleiche <option>ENCRYPT_METHOD</option>). Die Größe des "
-"Schlüsselraums hängt von der Zufälligkeit des gewählten Passworts ab."
+"traditionelle Verschlüsselung auf <emphasis>UNIX</emphasis>-Systemen basiert "
+"auf dem NBS-DES-Algorithmus. Heutzutage werden neuere "
+"Verschlüsselungsmethoden empfohlen (vergleiche <option>ENCRYPT_METHOD</"
+"option>). Die Größe des Schlüsselraums hängt von der Zufälligkeit des "
+"gewählten Passworts ab."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -7694,28 +8311,36 @@ msgid ""
 "should also not be a proper name, your license number, birth date, or street "
 "address. Any of these may be used as guesses to violate system security."
 msgstr ""
-"Gefahren für die Sicherheit von Passwörtern kommen gewöhnlich von sorgloser "
-"Wahl oder Handhabung des Passworts. Daher sollten Sie kein Passwort wählen, "
-"das in einem Wörterbuch auftaucht oder das aufgeschrieben werden muss. Das "
-"Passwort sollte somit kein echter Name, Ihr Autokennzeichen, Geburtstag oder "
-"Ihre Adresse sein. All das kann dazu verwendet werden, das Passwort zu "
-"erraten, und stellt daher eine Gefahr für die Sicherheit Ihres Systems dar."
+"Die unbedachte Auswahl von oder der sorglose Umgang mit ihnen macht "
+"Passwörter unsicher. Daher sollten Sie kein Passwort wählen, das in einem "
+"Wörterbuch auftaucht oder das aufgeschrieben werden muss. Das Passwort "
+"sollte zudem weder ein echter Name, noch Ihr Autokennzeichen, Geburtstag "
+"oder Ihre Adresse sein. All dies kann versuchsweise für Angriffe auf das "
+"System benutzt werden."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
-#, fuzzy
-#| msgid ""
-#| "You can find advices on how to choose a strong password on http://en."
-#| "wikipedia.org/wiki/Password_strength"
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 msgid ""
 "You can find advice on how to choose a strong password on http://en."
 "wikipedia.org/wiki/Password_strength"
 msgstr ""
 "Ratschläge, wie Sie ein sicheres Passwort wählen, finden Sie unter http://de."
-"wikipedia.org/wiki/Passwort#Wahl_von_sicheren_Passw.C3.B6rtern."
+"wikipedia.org/wiki/Passwort#Wahl_von_sicheren_Passw%C3%B6rter ."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 #, fuzzy
 #| msgid ""
 #| "This option can be used only with <option>-S</option> and causes show "
@@ -7724,38 +8349,43 @@ msgid ""
 "This option can be used only with <_:option-1/> and causes show status for "
 "all users."
 msgstr ""
-"Diese Option kann nur in Verbindung mit <option>-S</option> verwendet werden "
-"und führt dazu, dass der Status aller Benutzer angezeigt wird."
+"kann nur in Verbindung mit <option>-S</option> verwendet werden und bewirkt "
+"die Anzeige des Status aller Benutzer."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
 msgstr ""
-"Löscht das Passwort eines Benutzers (macht es leer). Dies ist ein schneller "
+"löscht das Passwort eines Benutzers (macht es leer). Dies ist ein schneller "
 "Weg, um das Passwort eines Kontos zu deaktivieren. Dem Konto ist dann kein "
 "Passwort zugeordnet."
 
+# ENDE Teil 33 weiter mit expiry.1
+# BEGINN Teil 34 setzt faillog.5 fort
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 #, fuzzy
 #| msgid "expiry"
 msgid "--expire"
 msgstr "expiry"
 
+# MH100 inconsistency on singular / plural
+# s/force a user to/force users to
+# or, as befor
+# s/their/his or her
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
 msgstr ""
-"Lässt das Passwort eines Kontos sofort verfallen. Im Ergebnis kann damit "
-"erreicht werden, dass ein Benutzer beim nächsten Login das Passwort ändern "
-"muss."
+"macht dem Passwort sofort ungültig. Damit ist der Benutzer gezwungen, das "
+"Passwort bei der nächsten Anmeldung zu ändern."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 #, fuzzy
 #| msgid ""
 #| "This option is used to disable an account after the password has been "
@@ -7768,59 +8398,68 @@ msgid ""
 "password for <_:replaceable-1/> days, the user may no longer sign on to the "
 "account."
 msgstr ""
-"Mit dieser Option wird ein Konto deaktiviert, nachdem das Passwort für eine "
-"bestimmte Anzahl von Tagen abgelaufen ist. Wenn ein Benutzerkonto ein "
-"abgelaufenes Passwort für länger als <replaceable>INAKTIV</replaceable> Tage "
-"hatte, kann sich der Benutzer nicht mehr auf diesem Konto anmelden."
+"deaktiviert ein Konto, wenn das Passwort über eine gewisse Karenzzeit hinaus "
+"abgelaufen ist. Wenn es länger als diese mit <replaceable>INAKTIV</"
+"replaceable> angegebene Anzahl von Tagen abgelaufen ist, kann sich der "
+"Benutzer nicht mehr anmelden."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 #, fuzzy
 #| msgid "-"
 msgid "-k"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
-# FIXME: Übersetzung, die näher am Original ist (tokens). SB
+# FIXME3: Übersetzung, die näher am Original ist (tokens).
+# MH101: s
+# /Indicate password change should be performed only for expired authentication tokens (passwords)
+# /only expired authentication tokens (passwords) are to be changed.
+# MH102: Why is the word "token" used here?
+# Why is it used in the plural form "tokens"?
+# Was ist ein Token in https://stackoverflow.com/questions/1592534/what-is-token-based-authentication
+# MH103: Why the user ... their (instead of his)
+# MH104: Why "indicate" ?
+# I did not see any effect of this option, I was always asked to authenticate myself
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
 "before."
 msgstr ""
-"Zeigt an, dass nur abgelaufene Passwörter geändert werden sollen. Der "
-"Benutzer möchte seine gültigen Passwörter unverändert lassen."
+"gibt an, dass nur abgelaufene Passwörter geändert werden sollen und der "
+"Benutzer ein gültiges behalten will."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
 "´!´ at the beginning of the password)."
 msgstr ""
-"Sperrt das Passwort des  bezeichneten Kontos. Die Option schaltet ein "
+"sperrt das Passwort des bezeichneten Kontos. Die Option schaltet ein "
 "Passwort ab, indem es ihm einen Wert zuweist, der mit keinem möglichen "
 "verschlüsselten Wert übereinstimmen kann. Dies geschieht, indem ein »!« dem "
 "Passwort vorangestellt wird."
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 #, fuzzy
 #| msgid ""
 #| "Note that this does not disable the account. The user may still be able "
@@ -7833,59 +8472,60 @@ msgid ""
 "account, administrators should use <_:command-1/> (this set the account's "
 "expire date to Jan 2, 1970)."
 msgstr ""
-"Beachten Sie, dass damit nicht das Konto deaktiviert wird. Der Benutzer kann "
+"Beachten Sie, dass das Konto damit nicht stillgelegt ist. Der Benutzer kann "
 "sich immer noch mit einer anderen Authentifizierungsmethode (etwa einem SSH-"
-"Schlüssel) anmelden. Um ein Konto abzuschalten, sollte der Administrator "
-"<command>usermod --expiredate 1</command> verwenden; dies setzt das "
-"Verfallsdatum des Kontos auf den 2. Januar 1970."
+"Schlüssel) anmelden. Um ein Konto stillzulegen, sollte der Administrator "
+"<command>usermod --expiredate 1</command> verwenden; womit das Konto als "
+"seit dem 2. Januar 1970 erloschen gilt."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr "Benutzer mit einem gesperrten Passwort können dieses nicht ändern."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "-q"
 msgstr "-q"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "stiller Modus"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 #, fuzzy
 #| msgid "EDITOR"
 msgid "REPOSITORY"
 msgstr "EDITOR"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 #, fuzzy
 #| msgid "change password in <replaceable>REPOSITORY</replaceable> repository"
 msgid "change password in <_:replaceable-1/> repository"
 msgstr "ändert das Passwort im Depot <replaceable>DEPOT</replaceable>"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
+# MH106: "minimum age" meint "minimun age for changes to be accepted", "minimal number of days in use"
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -7895,21 +8535,22 @@ msgid ""
 "period, and inactivity period for the password. These ages are expressed in "
 "days."
 msgstr ""
-"Zeigt Informationen über den Kontostatus an. Die Statusinformation besteht "
-"aus sieben Feldern. Das erste Feld ist der Anmeldename des Benutzers. Das "
+"zeigt den Status des Kontos an. Er setzt sich aus Informationen in sieben "
+"Feldern zusammen. Das erste Feld ist der Anmeldename des Benutzers. Das "
 "zweite Feld zeigt an, ob das Benutzerkonto ein gesperrtes Passwort (L), kein "
 "Passwort (NP) oder ein verwendbares Passwort hat (P). Das dritte Feld zeigt "
 "das Datum der letzten Änderung des Passworts an. Die nächsten vier Felder "
-"sind das Mindestalter, das Höchstalter, die Dauer der Warnung und die Dauer "
-"der Untätigkeit für das Passwort. Die Zeiträume werden in Tagen ausgedrückt."
+"sind die Mindest- und Höchstzeit für seine Verwendung, die Vorwarnzeit und "
+"die Karenzzeit in Zusammenhang mit seinem Ablauf. Diese Zeiten werden in "
+"Tagen ausgedrückt."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 #, fuzzy
 #| msgid ""
 #| "Unlock the password of the named account. This option re-enables a "
@@ -7920,12 +8561,13 @@ msgid ""
 "by changing the password back to its previous value (to the value before "
 "using the <_:option-1/> option)."
 msgstr ""
-"Entsperrt das bezeichnete Konto. Diese Option reaktiviert ein Konto wieder, "
-"indem das Passwort auf seinen alten Wert zurückgesetzt wird, den es hatte, "
-"bevor die Option <option>-l</option> verwendet wurde."
+"entsperrt das angegebene Konto. Diese Option reaktiviert ein Passwort, indem "
+"es auf seinen alten Wert zurückgesetzt wird, den es hatte, bevor die Option "
+"<option>-l</option> verwendet wurde."
 
+# MH107 users statt user wegen their?
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -7937,20 +8579,19 @@ msgid ""
 "<_:replaceable-1/> option is the number of days prior to the password "
 "expiring that a user will be warned that their password is about to expire."
 msgstr ""
-"Legt die Anzahl der Tage fest, an denen der Benutzer eine Warnung erhält, "
-"bevor sein Passwort ungültig wird. Die Option <replaceable>WARN_TAGE</"
-"replaceable> bezeichnet die Anzahl der Tage, für die ein Benutzer vor "
-"Verfall seines Passworts gewarnt wird."
+"legt fest, ab wann der Benutzer vor dem Ablaufen seines Passwort gewarnt "
+"wird. Das Argument <replaceable>WARN_TAGE</replaceable> bezeichnet die "
+"Zeitspanne, über die der Benutzer eine Warnung erhalten soll, in Tagen."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 #, fuzzy
 #| msgid "-"
 msgid "-x"
 msgstr "-"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 #, fuzzy
 #| msgid ""
 #| "Set the maximum number of days a password remains valid. After "
@@ -7960,21 +8601,33 @@ msgid ""
 "Set the maximum number of days a password remains valid. After <_:"
 "replaceable-1/>, the password is required to be changed."
 msgstr ""
-"Bestimmt die maximale Anzahl von Tagen, die das Passwort gültig bleibt. Nach "
+"bestimmt die maximale Anzahl von Tagen, die das Passwort gültig bleibt. Nach "
 "<replaceable>MAX_TAGE</replaceable> Tagen muss das Passwort geändert werden."
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
 msgstr ""
-"Die Komplexität der Passwortprüfung kann sich auf verschiedenen Systemen "
-"unterscheiden. Der Benutzer wird angehalten, ein möglichst komplexes, von "
-"ihm aber gut zu verwendendes Passwort zu wählen."
+"Die Prüfung des Passwortes auf Komplexität kann je nach System verschieden "
+"sein. Benutzer und Benutzerinnen werden angehalten, ein komplexes aber noch "
+"angenehmes Passwort zu wählen."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
@@ -7983,7 +8636,7 @@ msgstr ""
 "System NIS aktiviert ist, sie aber nicht am NIS-Server angemeldet sind."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 #, fuzzy
 #| msgid ""
 #| "<command>passwd</command> uses PAM to authenticate users and to change "
@@ -7995,42 +8648,61 @@ msgstr ""
 "authentifizieren und sein Passwort zu ändern."
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/pam.d/passwd"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "ungültige Kombination von Optionen"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "unerwarteter Fehler, nichts wurde verändert"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 #, fuzzy
 #| msgid "unexpected failure, <filename>passwd</filename> file missing"
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr "unerwarteter Fehler, die Datei <filename>passwd</filename> fehlt"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 #, fuzzy
 #| msgid "<filename>passwd</filename> file busy, try again"
 msgid "<_:filename-1/> file busy, try again"
 msgstr ""
-"Datei <filename>passwd</filename> wird benutzt, bitte nochmal versuchen"
+"Datei <filename>passwd</filename> in Benutzung, bitte nochmal versuchen"
+
+# MH this string is the argument for pwck. Elsewhere, capital letters are used in this context
+# s/passwd/PASSWD
+# The same refers to the argument shadow s/shadow/SHADOW
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:494
+msgid ""
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:517
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
+# ENDE Teil 13 weiter mit passwd.5
+# BEGINN Teil 14 setzt porttime.5 fort
 #. (itstool) path: refnamediv/refpurpose
 #: passwd.5.xml.out:41
 msgid "the password file"
@@ -8052,9 +8724,9 @@ msgid ""
 "<_:filename-1/> contains one line for each user account, with seven fields "
 "delimited by colons (<_:quote-2/>). These fields are:"
 msgstr ""
-"<filename>/etc/passwd</filename> enthält einen Eintrag pro Benutzerkonto, "
-"wobei jeder Eintrag sieben Felder besitzt, die durch Doppelpunkt (<quote>:</"
-"quote>) getrennt sind. Diese Felder sind:"
+"<filename>/etc/passwd</filename> enthält eine Zeile pro Benutzerkonto, wobei "
+"jede Zeile sieben Felder besitzt, die durch Doppelpunkt (<quote>:</quote>) "
+"getrennt sind. Diese Felder sind:"
 
 #. (itstool) path: listitem/para
 #. (itstool) path: term/emphasis
@@ -8062,36 +8734,41 @@ msgstr ""
 msgid "login name"
 msgstr "Anmeldename"
 
+# MH92 not encryption is optional but using this field
+# s/optional encrypted password /encrypted password (optional)
 #. (itstool) path: listitem/para
 #: passwd.5.xml.out:57
 msgid "optional encrypted password"
-msgstr "optional verschlüsseltes Passwort"
+msgstr "verschlüsseltes Passwort (optional)"
 
 #. (itstool) path: listitem/para
 #: passwd.5.xml.out:60
 msgid "numerical user ID"
-msgstr "numerische Benutzer-ID"
+msgstr "Benutzerkennung (numerisch)"
 
 #. (itstool) path: listitem/para
 #: passwd.5.xml.out:63
 msgid "numerical group ID"
-msgstr "numerische Gruppen-ID"
+msgstr "Gruppenkennung (numerisch)"
 
+# MH s/user name/complete user names and additional information (GECOS-Field)
 #. (itstool) path: listitem/para
 #: passwd.5.xml.out:66
 msgid "user name or comment field"
-msgstr "Benutzername oder Kommentarfeld"
+msgstr ""
+"Feld für den kompletten Namen des Benutzer und ergänzende Informationen zu "
+"ihm (GECOS-Feld)"
 
 #. (itstool) path: listitem/para
 #: passwd.5.xml.out:69
 msgid "user home directory"
-msgstr "Home-Verzeichnis des Benutzers"
+msgstr "persönliches Verzeichnis des Benutzers"
 
-# SB: Ãœbersetzung von "command interpreter"?
+# MH94 :optional user command interpreter /user command interpreter (optional)
 #. (itstool) path: listitem/para
 #: passwd.5.xml.out:72
 msgid "optional user command interpreter"
-msgstr "optional Befehlsinterpreter des Benutzers"
+msgstr "Befehlsinterpreter des Benutzers (optional)"
 
 #. (itstool) path: para/quote
 #: passwd.5.xml.out:78
@@ -8105,42 +8782,58 @@ msgstr ""
 
 #. (itstool) path: refsect1/para
 #: passwd.5.xml.out:76
+#, fuzzy
+#| msgid ""
+#| "If the <emphasis>password</emphasis> field is a lower-case <quote>x</"
+#| "quote>, then the encrypted password is actually stored in the "
+#| "<citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</"
+#| "manvolnum></citerefentry> file instead; there <emphasis>must</emphasis> "
+#| "be a corresponding line in the <filename>/etc/shadow</filename> file, or "
+#| "else the user account is invalid."
 msgid ""
 "If the <_:emphasis-1/> field is a lower-case <_:quote-2/>, then the "
 "encrypted password is actually stored in the <_:citerefentry-3/> file "
 "instead; there <_:emphasis-4/> be a corresponding line in the <_:filename-5/"
 "> file, or else the user account is invalid."
 msgstr ""
+"Wenn das <emphasis>Passwort-</emphasis>Feld den Kleinbuchstaben x enthält, "
+"ist es stattdessen die geschützte Datei <filename>shadow</filename> (siehe "
+"<citerefentry><refentrytitle>shadow </refentrytitle><manvolnum>5</"
+"manvolnum></citerefentry>), die das verschlüsselte Passwort enthält. Dort "
+"muss es eine entsprechende Zeile geben, sonst ist das Nutzerkonto ungültig."
 
 #. (itstool) path: para/emphasis
 #: passwd.5.xml.out:90
 msgid "any"
 msgstr ""
 
+# MH95 similar string elsewhere. Thus consolidate?
+# MH96 applications do not permit access but are useable or not
 #. (itstool) path: refsect1/para
 #: passwd.5.xml.out:85
 #, fuzzy
 #| msgid ""
-#| "This field may be empty, in which case no passwords are required to "
-#| "authenticate as the specified login name. However, some applications "
-#| "which read the <filename>/etc/shadow</filename> file may decide not to "
-#| "permit any access at all if the password field is empty."
+#| "The encrypted <emphasis>password</emphasis> field may be empty, in which "
+#| "case no password is required to authenticate as the specified login name. "
+#| "However, some applications which read the <filename>/etc/passwd</"
+#| "filename> file may decide not to permit <emphasis>any</emphasis> access "
+#| "at all if the <emphasis>password</emphasis> field is blank."
 msgid ""
 "The encrypted <_:emphasis-1/> field may be empty, in which case no password "
 "is required to authenticate as the specified login name. However, some "
 "applications which read the <_:filename-2/> file may decide not to permit <_:"
 "emphasis-3/> access at all if the <_:emphasis-4/> field is blank."
 msgstr ""
-"Dieses Feld kann leer bleiben. In diesem Fall kann sich der angegebene "
-"Benutzer ohne Passwort anmelden. Möglicherweise verweigern Anwendungen, "
-"welche die Datei <filename>/etc/shadow</filename> auswerten, dennoch den "
-"Zugang, wenn das Passwortfeld leer ist."
+"Das Feld für das verschlüsselte Passwort kann leer sein. In diesem Fall wird "
+"kein Passwort benötigt, um sich anzumelden. Allerdings könnten einige "
+"Anwendungen, die <filename>/etc/passwd</filename> auswerten und das Feld als "
+"leer identifizieren, <emphasis>keinen</emphasis> Zugang gewähren."
 
 #. (itstool) path: refsect1/para
 #: passwd.5.xml.out:94
 #, fuzzy
 #| msgid ""
-#| "A password field which starts with a exclamation mark means that the "
+#| "A password field which starts with an exclamation mark means that the "
 #| "password is locked. The remaining characters on the line represent the "
 #| "password field before the password was locked."
 msgid ""
@@ -8149,7 +8842,7 @@ msgid ""
 "emphasis-2/> field before the password was locked."
 msgstr ""
 "Ein Passwortfeld, das mit einem Ausrufezeichen beginnt, führt dazu, dass das "
-"Passwort gesperrt ist. Die übrigen Zeichen sind das Passwort vor der "
+"Passwort gesperrt ist. Die übrigen Zeichen entsprechen dem Passwort vor der "
 "Sperrung."
 
 #. (itstool) path: refsect1/para
@@ -8170,8 +8863,7 @@ msgstr ""
 "Wenn das Passwortfeld eine Zeichenkette enthält, die kein zulässiges "
 "Ergebnis von <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
 "manvolnum></citerefentry> ist, z.B. ! oder *, kann sich der Benutzer nicht "
-"mit einem Unix-Passwort anmelden; eine Anmeldung auf anderem Wege wird "
-"dadurch nicht verhindert."
+"mit einem Unix-Passwort anmelden; wobei andere Wege der Anmeldung verbleiben."
 
 #. (itstool) path: refsect1/para
 #: passwd.5.xml.out:114
@@ -8194,17 +8886,17 @@ msgid ""
 "The <_:command-1/> program uses this information to set the value of the <_:"
 "envar-2/> environmental variable."
 msgstr ""
-"Das Feld für das Home-Verzeichnis gibt den Namen für das anfängliche "
-"Arbeitsverzeichnis an. Das Programm <command>login</command> benutzt diese "
-"Information, um den Wert der Umgebungsvariable <envar>$HOME</envar> zu "
-"setzen."
+"Das Feld für das persönliche Verzeichnis gibt den Namen für das anfängliche "
+"Arbeitsverzeichnis an. Das Programm <command>login</command> übernimmt den "
+"Eintrag in die Umgebungsvariable <envar>$HOME</envar>."
 
 #. (itstool) path: para/filename
 #: passwd.5.xml.out:134 sg.1.xml.out:61 su.1.xml.out:190
 msgid "/bin/sh"
 msgstr ""
 
-# SB: Ãœbersetzung von "command language interpreter"?
+# SB2: Ãœbersetzung von "command language interpreter"?
+# /command language interpreter/command interpreter (shell)
 #. (itstool) path: refsect1/para
 #: passwd.5.xml.out:129
 #, fuzzy
@@ -8221,17 +8913,17 @@ msgid ""
 "> environmental variable. If this field is empty, it defaults to the value "
 "<_:filename-3/>."
 msgstr ""
-"Das Feld für den Befehlsinterpreter enthält den Namen des Befehlssprachen-"
-"Interpreters des Benutzers oder den Namen des Programms, das zuerst "
-"ausgeführt werden soll. Das Programm <command>login</command> benutzt diese "
-"Information, um den Wert der Umgebungsvariable <envar>$SHELL</envar> zu "
-"setzen. Falls dieses Feld leer ist, wird ihm standardmäßig der Wert "
-"<filename>/bin/sh</filename> zugewiesen."
+"Das Feld für den Befehlsinterpreter enthält den Namen des für den Benutzer "
+"zu startenden Befehlssprachen-Interpreters (»Shell«)oder den Namen des "
+"Programms, das zuerst ausgeführt werden soll. Das Programm <command>login</"
+"command> benutzt diese Information, um den Wert der Umgebungsvariable "
+"<envar>$SHELL</envar> zu setzen. Falls dieses Feld leer ist, wird "
+"standardmäßig <filename>/bin/sh</filename> verwendet."
 
 #. (itstool) path: listitem/para
 #: passwd.5.xml.out:150
 msgid "optional encrypted password file"
-msgstr "optionale Datei für verschlüsseltes Passwort"
+msgstr "optionale Datei für verschlüsselte Passwörter"
 
 #. (itstool) path: term/filename
 #: passwd.5.xml.out:154
@@ -8249,9 +8941,9 @@ msgid ""
 "Note that this file is used by the tools of the shadow toolsuite, but not by "
 "all user and password management tools."
 msgstr ""
-"Beachten Sie, dass diese Datei von Werkzeugen der Shadow-Werkzeugsammlung "
-"verwendet wird, aber nicht von allen sonstigen Programmen zur Benutzer- und "
-"Passwortverwaltung."
+"Beachten Sie, dass diese Datei von den Hilfsprogrammen des Shadow-Projektes "
+"verwendet wird; von anderen Programmen zur Benutzer- und Passwortverwaltung "
+"jedoch nicht unbedingt."
 
 #. (itstool) path: citerefentry/refentrytitle
 #: passwd.5.xml.out:173
@@ -8272,6 +8964,9 @@ msgid ""
 "citerefentry-10/>, <_:citerefentry-11/>."
 msgstr ""
 
+# ENDE Teil 12 weiter mit porttime.5
+# BEGINN Teil 13 setzt pwck.8 fort
+# MH87 Is man 5 porttime published or distributed somewhere?
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
@@ -8282,7 +8977,7 @@ msgstr "porttime"
 #. (itstool) path: refnamediv/refpurpose
 #: porttime.5.xml.out:41
 msgid "port access time file"
-msgstr "Datei für zeitlich begrenzten Zugang zu Ports"
+msgstr "Datei mit zeitlichen Zugangsbegrenzungen für Ports"
 
 #. (itstool) path: refsect1/para
 #: porttime.5.xml.out:46
@@ -8294,9 +8989,10 @@ msgid ""
 "<_:emphasis-1/> contains a list of tty devices, user names, and permitted "
 "login times."
 msgstr ""
-"<emphasis remap=\"I\">porttime</emphasis> enthält eine Liste von tty-"
+"<emphasis remap=\"I\">porttime</emphasis> enthält eine Liste von TTY-"
 "Geräten, Benutzernamen und zulässigen Anmeldezeiten."
 
+# MH88: s/to indicated / to indicate
 #. (itstool) path: refsect1/para
 #: porttime.5.xml.out:51
 msgid ""
@@ -8308,12 +9004,12 @@ msgid ""
 "permitted access times."
 msgstr ""
 "Jeder Eintrag besteht aus drei Feldern, die durch Doppelpunkte getrennt "
-"sind. Das erste Feld enthält eine Liste von tty-Geräten, die durch Kommata "
+"sind. Das erste Feld enthält eine Liste von TTY-Geräten, die durch Kommas "
 "getrennt sind, oder einen Stern, was bedeutet, dass dieser Eintrag auf alle "
-"tty-Geräte zutrifft. Das zweite Feld enthält eine Liste von Benutzernamen, "
-"die durch Kommata getrennt sind, oder einen Stern, was bedeutet, dass dieser "
-"Eintrag auf alle Benutzernamen zutrifft. Das dritte Feld ist eine Liste von "
-"Anmeldezeiten, die durch Kommata getrennt sind."
+"TTY-Geräte zutrifft. Das zweite Feld enthält eine durch Kommas getrennte "
+"Liste von Benutzernamen oder einen Stern, was bedeutet, dass dieser Eintrag "
+"auf alle Benutzernamen zutrifft. Das dritte Feld ist eine Liste zulässiger "
+"Zugangszeiten, die durch Kommas getrennt sind."
 
 #. (itstool) path: para/emphasis
 #: porttime.5.xml.out:62
@@ -8360,6 +9056,7 @@ msgstr ""
 msgid "Al"
 msgstr ""
 
+# MH89: s/thru/through
 #. (itstool) path: refsect1/para
 #: porttime.5.xml.out:60
 #, fuzzy
@@ -8384,10 +9081,10 @@ msgstr ""
 "<emphasis>Su</emphasis>, <emphasis>Mo</emphasis>, <emphasis>Tu</emphasis>, "
 "<emphasis>We</emphasis>, <emphasis>Th</emphasis>, <emphasis>Fr</emphasis> "
 "und <emphasis>Sa</emphasis> abgekürzt werden. Danach folgt die Angabe von "
-"zwei Uhrzeiten, die durch einen Bindestrich getrennt sind. Mit der Abkürzung "
-"<emphasis>Wk</emphasis> wird Montag bis Freitag bezeichnet. Mit "
-"<emphasis>Al</emphasis> wird jeder Tag gewählt. Falls keine Tage angegeben "
-"werden, wird <emphasis>Al</emphasis> angenommen."
+"zwei Uhrzeiten, die durch einen Bindestrich getrennt sind. Die Abkürzung "
+"<emphasis>Wk</emphasis> steht für Montag bis Freitag. Mit <emphasis>Al</"
+"emphasis> wird jeder Tag gewählt. Falls keine Tage angegeben werden, wird "
+"<emphasis>Al</emphasis> angenommen."
 
 #. (itstool) path: refsect1/title
 #: porttime.5.xml.out:74
@@ -8427,6 +9124,8 @@ msgstr ""
 msgid "/dev/console"
 msgstr ""
 
+# MH90 Is the seconds phrase "This illustrates ... of access times." necessary
+# does it make sense here?
 #. (itstool) path: refsect1/para
 #: porttime.5.xml.out:83
 #, fuzzy
@@ -8444,9 +9143,9 @@ msgid ""
 msgstr ""
 "Die folgenden Einträge erlauben nur den Benutzern <emphasis>root</emphasis> "
 "und <emphasis>oper</emphasis> jederzeit Zugriff auf <filename>/dev/console</"
-"filename>. Hier ist auch ersichtlich, dass <filename>/etc/porttime</"
-"filename> eine geordnete Liste der Zugriffszeiten ist. Jeder andere Benutzer "
-"fällt unter den zweiten Eintrag, welcher Zugriff zu keiner Zeit erlaubt."
+"filename>. Das Beispiel zeigt auch, dass <filename>/etc/porttime</filename> "
+"eine geordnete Liste der Zugriffszeiten enthält. Auf jeden anderen Benutzer "
+"würde der zweite Eintrag zutreffen, der zu keiner Zeit den Zugriff erlaubt."
 
 #. (itstool) path: refsect1/programlisting
 #: porttime.5.xml.out:92
@@ -8486,12 +9185,13 @@ msgstr ""
 msgid "*:games:Wk1700-0900,SaSu0000-2400"
 msgstr "*:games:Wk1700-0900,SaSu0000-2400"
 
+# MH s/verify/verify the
 #. (itstool) path: refnamediv/refpurpose
 #: pwck.8.xml.out:48
 #, fuzzy
 #| msgid "verify integrity of password files"
 msgid "verify the integrity of password files"
-msgstr "überprüft die Stimmigkeit der Passwortdateien"
+msgstr "überprüft die Stimmigkeit von Passwortdateien"
 
 #. (itstool) path: arg/replaceable
 #: pwck.8.xml.out:57
@@ -8535,7 +9235,7 @@ msgid ""
 msgstr ""
 "Der Befehl <command>grpwck</command> überprüft die Stimmigkeit der "
 "Informationen über die Gruppen. Alle Einträge in <filename>/etc/group</"
-"filename><phrase condition=\"gshadow\">und <filename>/etc/gshadow</"
+"filename> <phrase condition=\"gshadow\">und <filename>/etc/gshadow</"
 "filename></phrase> werden darauf überprüft, ob sie das richtige Format haben "
 "und gültige Daten enthalten. Bei einem Eintrag, der falsch formatiert ist "
 "oder andere unbehebbare Fehler enthält, wird der Benutzer aufgefordert, ihn "
@@ -8554,18 +9254,20 @@ msgstr "eine gültige Benutzer- und Gruppenkennung"
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:94
 msgid "a valid primary group"
-msgstr "eine gültige Hauptgruppe"
+msgstr "eine gültige primäre Gruppe"
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:97
 msgid "a valid home directory"
-msgstr "ein gültiges Home-Verzeichnis"
+msgstr "ein gültiges persönliches Verzeichnis"
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:100
 msgid "a valid login shell"
 msgstr "eine gültige Anmelde-Shell"
 
+# MH markup for argument would be adequate
+# s/<filename>shadow</filename>/<replaceable>shadow</replaceable>
 #. (itstool) path: refsect1/para
 #: pwck.8.xml.out:104
 #, fuzzy
@@ -8578,9 +9280,9 @@ msgid ""
 "parameter <_:replaceable-1/> is specified or when <_:filename-2/> exists on "
 "the system."
 msgstr ""
-"Eine Überprüfung von <filename>shadow</filename> findet statt, wenn ein "
-"zweiter Parameter angegeben wird oder auf dem System <filename>/etc/shadow</"
-"filename>  existiert."
+"<replaceable>shadow</replaceable> wird überprüft, wenn die Datei als zweiter "
+"Parameter angegeben ist oder <filename>/etc/shadow</filename> auf dem System "
+"existiert."
 
 #. (itstool) path: refsect1/para
 #: pwck.8.xml.out:109
@@ -8593,28 +9295,31 @@ msgid ""
 "every passwd entry has a matching shadow entry, and every shadow entry has a "
 "matching passwd entry"
 msgstr ""
-"ob jedem Eintrag in passwd ein Eintrag in shadow entspricht und umgekehrt"
+"ob es zu jedem Eintrag in <filename>passwd</filename> einen passenden "
+"Eintrag in <filename>shadow</filename> und umgekehrt gibt"
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:120
 msgid "passwords are specified in the shadowed file"
-msgstr "ob die Passwörter in der Shadow-Datei niedergelegt sind"
+msgstr "ob die Passwörter in der geschützten Datei abgelegt sind"
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:123
 msgid "shadow entries have the correct number of fields"
-msgstr "ob die shadow-Einträge die richtige Anzahl von Feldern haben"
+msgstr ""
+"ob die Einträge der geschützten Datei die richtige Anzahl von Feldern haben"
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:126
 msgid "shadow entries are unique in shadow"
-msgstr "ob die Shadow-Einträge in shadow eindeutig sind"
+msgstr "ob die Einträge in der geschützten Datei nicht mehrfach vorkommen"
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:129
 msgid "the last password changes are not in the future"
 msgstr "dass das Datum der letzten Passwortänderung nicht in der Zukunft liegt"
 
+# MH86: s/are warning/cause warnings/
 #. (itstool) path: refsect1/para
 #: pwck.8.xml.out:133
 #, fuzzy
@@ -8635,15 +9340,15 @@ msgid ""
 "other errors are warnings and the user is encouraged to run the <_:command-1/"
 "> command to correct the error."
 msgstr ""
-"Fehler bei der Überprüfung der richtigen Anzahl der Felder und des "
-"eindeutigen Benutzernames sind schwerwiegend. Wenn ein Eintrag die falsche "
-"Anzahl von Feldern ausweist, wird der Benutzer aufgefordert, die gesamte "
-"Zeile zu löschen. Wenn dies der Benutzer ablehnt, werden alle weiteren Tests "
-"ausgelassen. Bei einem Eintrag mit einem mehrfach verwendeten Benutzernamen "
+"Fehler hinsichtlich der richtigen Anzahl der Felder und der Eindeutigkeitdes "
+"Anmeldenamens sind schwerwiegend. Wenn ein Eintrag die falsche Anzahl von "
+"Feldern aufweist, wird der Benutzer zur Löschung der gesamten Zeile "
+"aufgefordert. Wenn der Benutzer dies ablehnt, wird auf alle weiteren Tests "
+"verzichtet. Bei einem Eintrag mit einem mehrfach verwendeten Benutzernamen "
 "wird der Benutzer aufgefordert, diesen Eintrag zu löschen. Sollte er dies "
-"ablehnen, werden dennoch die übrigen Test ausgeführt. Bei allen anderen "
-"Fehlern wird eine Warnung abgegeben und der Benutzer aufgefordert, den "
-"Fehler mittels des Befehls <command>usermod</command> zu beheben."
+"ablehnen, werden die übrigen Test dennoch ausgeführt. Bei allen anderen "
+"Fehlern wird der Benutzer gewarnt und aufgefordert, den Fehler mittels des "
+"Befehls <command>usermod</command> zu beheben."
 
 #. (itstool) path: refsect1/para
 #: pwck.8.xml.out:144
@@ -8658,10 +9363,10 @@ msgid ""
 "corrupted or duplicated entries. <_:command-2/> should be used in those "
 "circumstances to remove the offending entry."
 msgstr ""
-"Die Befehle, welche die Datei <filename>/etc/passwd</filename> bearbeiten, "
-"können falsche oder doppelte Einträge nicht verändern. In solchen Fällen "
-"sollte <command>pwck</command> verwendet werden, um den betreffenden Eintrag "
-"zu entfernen."
+"Befehle, die die Datei <filename>/etc/passwd</filename> bearbeiten, können "
+"falsche oder doppelte Einträge nicht verändern. In solchen Fällen sollte "
+"<command>pwck</command> verwendet werden, um den betreffenden Eintrag zu "
+"entfernen."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:181
@@ -8670,14 +9375,14 @@ msgid ""
 "user won't be displayed."
 msgstr ""
 "meldet nur Fehler. Warnungen, die keine Handlung des Benutzers erfordern, "
-"werden nicht angezeigt"
+"werden nicht angezeigt."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:190
 #, fuzzy
 #| msgid "Execute the <command>pwck</command> command in read-only mode."
 msgid "Execute the <_:command-1/> command in read-only mode."
-msgstr "führt den Befehl <command>pwck</command> im Modus Nur-Lesen aus"
+msgstr "führt den Befehl <command>pwck</command> im Nur-Lesen-Modus aus."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:211
@@ -8687,8 +9392,8 @@ msgstr "führt den Befehl <command>pwck</command> im Modus Nur-Lesen aus"
 #| "shadow</filename> by UID."
 msgid "Sort entries in <_:filename-1/> and <_:filename-2/> by UID."
 msgstr ""
-"ordnet die Einträge in <filename>/etc/passwd</filename> und <filename>/etc/"
-"shadow</filename> nach der UID"
+"sortiert die Einträge in <filename>/etc/passwd</filename> und <filename>/etc/"
+"shadow</filename> nach der Benutzerkennung."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:215
@@ -8731,48 +9436,57 @@ msgstr ""
 #| msgid ""
 #| "Note that when <option>USE_TCB</option> is enabled, you cannot specify an "
 #| "alternative <replaceable>shadow</replaceable> file. In future releases, "
-#| "this paramater could be replaced by an alternate TCB directory."
+#| "this parameter could be replaced by an alternate TCB directory."
 msgid ""
 "Note that when <_:option-1/> is enabled, you cannot specify an alternative "
 "<_:replaceable-2/> file. In future releases, this parameter could be "
 "replaced by an alternate TCB directory."
 msgstr ""
-"Hinweis: Wenn <option>USE_TCB</option> aktiviert ist, können Sie keine "
-"andere <replaceable>shadow</replaceable>-Datei angeben. In zukünftigen  "
-"Versionen kann dieser Parameter durch ein anderes TCB-Verzeichnis ersetzt "
-"werden."
+"Beachten Sie, dass die Option <option>USE_TCB</option> dazu führt, dass Sie "
+"keine andere Datei <replaceable>shadow</replaceable> angeben können. In "
+"künftigen Versionen kann dieser Parameter durch ein alternatives TCB-"
+"Verzeichnis ersetzt werden."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:301
 msgid "one or more bad password entries"
-msgstr "ein oder mehrere fehlerhafte Passworteinträge"
+msgstr "Einer oder mehrere Passworteinträge enthält Fehler."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:307
 msgid "can't open password files"
-msgstr "Die Passwortdatei kann nicht geöffnet werden."
+msgstr "Die Passwortdateien können nicht geöffnet werden."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:313
 msgid "can't lock password files"
-msgstr "Die Passwortdatei kann nicht gesperret werden."
+msgstr "Die Passwortdateien können nicht gesperrt werden."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:319
 msgid "can't update password files"
-msgstr "Die Passwortdatei kann nicht aktualisieren werden."
+msgstr "Die Passwortdateien können nicht aktualisiert werden."
 
 #. (itstool) path: listitem/para
 #: pwck.8.xml.out:325
 msgid "can't sort password files"
-msgstr "Die Passwortdatei kann nicht sortieren werden."
-
+msgstr "Die Passwortdateien können nicht sortiert werden."
+
+# MH throughout this manual page
+# Not the passwords for users and groups are shadowed (or tcb-like) but the
+# respective files shadow and gshadow are shadowed (or the system applies
+# tcb concept for password data)
+# s
+# /convert to and from shadow passwords and groups
+# /transfer user or group password information into shadowed files or back
 #. (itstool) path: refnamediv/refpurpose
 #: pwconv.8.xml.out:50
 msgid "convert to and from shadow passwords and groups"
-msgstr "konvertiert zu oder von Shadow-Passwörtern und -gruppen"
+msgstr ""
+"transferieren Passwortdaten über Benutzer oder Gruppen in geschützte Dateien "
+"oder zurück "
 
-# SB: Translation ok?
+# MH preferentially apply xml element <filename> instead of <emphasis remap=I>
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:82 pwconv.8.xml.out:112
 #, fuzzy
@@ -8787,7 +9501,7 @@ msgid ""
 msgstr ""
 "Der Befehl <command>pwconv</command> erstellt eine <emphasis "
 "remap=\"I\">shadow</emphasis>-Datei aus einer <emphasis remap=\"I\">passwd</"
-"emphasis>-Datei und gegebenenfalls aus einer bereits vorhandenen <emphasis "
+"emphasis>-Datei und einer gegebenenfalls vorhandenen <emphasis "
 "remap=\"I\">shadow</emphasis>-Datei."
 
 #. (itstool) path: para/command
@@ -8814,12 +9528,12 @@ msgid ""
 "filename-8/>.)"
 msgstr ""
 "<command>pwconv</command> funktioniert nicht, wenn <option>USE_TCB</option> "
-"aktiviert ist. Um zu Tcb-Passwörtern zu konvertieren, sollten Sie zuerst mit "
-"<command>pwconv</command> zu Shadowed-Passwörtern konvertieren, wobei Sie in "
+"aktiviert ist. Um zu tcb-Passwörtern zu konvertieren, sollten Sie zuerst mit "
+"<command>pwconv</command> zu Shadowed-Passwörtern konvertieren, indem Sie in "
 "<filename>login.defs</filename> <option>USE_TCB</option> deaktivieren, und "
-"anschließend mit <command>tcb_convert</command> zu Tcb-Passwörtern "
-"konvertieren. Schließlich können Sie <option>USE_TCB</option> in "
-"<filename>login.defs</filename> reaktivieren."
+"anschließend mit <command>tcb_convert</command> zu tcb-Passwörtern "
+"konvertieren und <option>USE_TCB</option> in <filename>login.defs</filename> "
+"reaktivieren."
 
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:97 pwconv.8.xml.out:118
@@ -8850,9 +9564,9 @@ msgid ""
 msgstr ""
 "<command>pwunconv</command> funktioniert nicht, wenn <option>USE_TCB</"
 "option> aktiviert ist. Sie sollten zuerst mit <command>tcb_unconvert</"
-"command> von tcb- zu shadowed-Passwörtern wechseln und anschließend vor der "
-"Verwendung von  <command>pwunconv</command> <option>USE_TCB</option> in "
-"<filename>login.defs</filename> deaktivieren."
+"command> von tcb- zu shadowed-Passwörtern wechseln, dann <option>USE_TCB</"
+"option> in <filename>login.defs</filename> deaktivieren und schließlich "
+"<command>pwunconv</command> aufrufen."
 
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:125
@@ -8867,11 +9581,16 @@ msgid ""
 "files: <_:filename-1/>, <_:filename-2/>, <_:filename-3/>, and <_:filename-4/"
 ">."
 msgstr ""
-"Diese vier Programme funktionieren mit der normalen und der Shadow-"
-"Passwortdatei und den Gruppendateien: <filename>/etc/passwd</filename>, "
-"<filename>/etc/group</filename>, <filename>/etc/shadow</filename> und "
-"<filename>/etc/gshadow</filename>."
+"Für alle vier Programme gilt, dass sie mit den normalen und den geschützten "
+"Versionen (»shadowed«) der Passwortdatei und der Gruppendatei arbeiten: "
+"<filename>/etc/passwd</filename>, <filename>/etc/group</filename>, "
+"<filename>/etc/shadow</filename> und <filename>/etc/gshadow</filename>."
 
+# MH The second phrase deals with "shadowed" entries in the main file (e.g. passwd
+# or group). Maybe this is a source of confusion as these files my contain these
+# passwords in encrypted form but shadowed in the sense of shadow-utils means
+# in file with restricted reading access, thus
+# s/Then, shadowed entries which/Then, entries which/
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:132
 #, fuzzy
@@ -8893,15 +9612,16 @@ msgid ""
 "`x'. These programs can be used for initial conversion as well to update the "
 "shadowed file if the main file is edited by hand."
 msgstr ""
-"Jedes dieser Programme erzeugt vor der Konvertierung die notwendigen "
-"Sperren. <command>pwconv</command> und <command>grpconv</command> sind "
-"vergleichbar. Zuerst werden die Einträge aus der Shadow-Datei entfernt, die "
-"nicht in der Hauptdatei enthalten sind. Anschließend werden die Einträge in "
-"der Shadow-Datei aktualisiert, die kein »x« als Passwort haben. Zuletzt "
-"werden die Passwörter in der Hauptdatei durch »x« ersetzt. Diese Programme "
-"können für eine erstmalige Konvertierung genutzt werden als auch, um die "
-"Shadow-Datei zu aktualisieren, falls die Hauptdatei von Hand bearbeitet "
-"wurde."
+"Jedes dieser Programme nimmt vor der Konvertierung die notwendigen "
+"Sperrungen vor. <command>pwconv</command> und <command>grpconv</command> "
+"sind vergleichbar. Zuerst werden jene Einträge aus der geschützten Datei "
+"entfernt, die nicht in der Hauptdatei enthalten sind. Anschließend werden "
+"jene Einträge in der geschützten Datei aktualisiert, die im Passwort-Feld "
+"der Hauptdatei kein »x« enthalten. In der geschützten Datei fehlende "
+"Einträge werden hinzugefügt. Zuletzt werden die Passwörter in der Hauptdatei "
+"durch »x« ersetzt. Diese Programme können sowohl zur erstmaligen "
+"Konvertierung genutzt werden als auch, um die geschützte Datei zu "
+"aktualisieren, falls die Hauptdatei von Hand bearbeitet wurde."
 
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:143
@@ -8911,6 +9631,12 @@ msgid ""
 "filename-6/>."
 msgstr ""
 
+# MH Phrase mentioning the loss of aging information is true for pwunconv and grpunconv.
+# thus
+# s
+# /Some password aging information is lost by <command>pwunconv</command>
+# /With both commands, aging information on accounts and passwords get lost.
+# MH Is the last phrase really necesssary?
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:152
 #, fuzzy
@@ -8930,11 +9656,11 @@ msgid ""
 msgstr ""
 "Ebenfalls sind die Befehle <command>pwunconv</command> und "
 "<command>grpunconv</command> ähnlich. Passwörter in der Hauptdatei werden "
-"durch die Shadow-Datei aktualisiert. Einträge, welche in der Hauptdatei, "
-"aber nicht in der Shadow-Datei vorhanden sind, bleiben unberührt. Zuletzt "
-"wird die Shadow-Datei gelöscht. Eine Information für den Verfall von "
-"Passwörtern geht durch <command>pwunconv</command> verloren. Es wird aber so "
-"viel wie möglich umgewandelt."
+"anhand der geschützten Datei aktualisiert. Einträge, welche in der "
+"Hauptdatei, aber nicht in der geschützen Datei vorhanden sind, bleiben "
+"unberührt. Zuletzt wird die geschützte Datei gelöscht. Informationen über "
+"Passwörter betreffende Fristen gehen durch <command>pwunconv</command> "
+"verloren. Es wird aber so viel wie möglich umgewandelt."
 
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:164
@@ -8946,9 +9672,13 @@ msgid ""
 "The options which apply to the <_:command-1/>, <_:command-2/>, <_:command-3/"
 ">, and <_:command-4/> commands are:"
 msgstr ""
-"Die Optionen, die von den Befehlen <command>vipw</command> und "
-"<command>vigr</command> unterstützt werden, sind:"
+"Die Befehle <command>vipw</command> und <command>vigr</command> können mit "
+"folgenden Optionen verwendet werden:"
 
+# MH
+# s
+# /before converting to or from shadow passwords or groups
+# /before transferring passwords to or from the main files and shadowed files
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:194
 #, fuzzy
@@ -8965,10 +9695,10 @@ msgid ""
 "before converting to or from shadow passwords or groups."
 msgstr ""
 "Fehler in der Passwort- oder Gruppendatei (wie z.B. ungültige oder doppelte "
-"Einträge) können zu Endlosschleifen oder anderen seltsamen Fehlern führen. "
-"Sie sollten daher <command>pwck</command> und <command>grpck</command> "
-"ausführen, um solche Fehler zu entfernen, bevor Sie von oder zu Shadow-"
-"Passwörtern oder -gruppen umwandeln."
+"Einträge) können Endlosschleifen oder sonstiges unerwartetes "
+"Programmverhalten nach sich ziehen. Sie sollten solche Fehler daher mit "
+"<command>pwck</command> und <command>grpck</command> abstellen, bevor Sie "
+"von oder zu Shadow-Passwörtern oder -gruppen umwandeln."
 
 #. (itstool) path: refsect1/para
 #: pwconv.8.xml.out:205
@@ -9007,6 +9737,8 @@ msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/><_:phrase-4/>."
 msgstr ""
 
+# ENDE Teil 09 weiter mit shadow.3
+# BEGINN Teil 10 setzt shadowa5 fort
 #. (itstool) path: refmeta/refmiscinfo
 #: shadow.3.xml.out:35
 msgid "Library Calls"
@@ -9018,11 +9750,10 @@ msgstr "Bibliotheksaufrufe"
 msgid "getspnam"
 msgstr "getspnam"
 
-# SB: Ãœbersetzung iO?
 #. (itstool) path: refnamediv/refpurpose
 #: shadow.3.xml.out:42
 msgid "encrypted password file routines"
-msgstr "Routinen für die Datei, die die verschlüsselten Passwörter enthält"
+msgstr "Routinen für die Dateien mit verschlüsselten Passwörtern"
 
 #. (itstool) path: refsect1/title
 #: shadow.3.xml.out:46
@@ -9039,16 +9770,19 @@ msgstr "#include &lt;shadow.h&gt;"
 msgid "struct spwd *getspent();"
 msgstr "struct spwd *getspent();"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:56
 msgid "struct spwd *getspnam(char"
-msgstr "truct spwd *getspnam(char"
+msgstr "struct spwd *getspnam(char"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:57
 msgid "*name"
 msgstr "*name"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:57 shadow.3.xml.out:70 shadow.3.xml.out:75
 #: shadow.3.xml.out:81
@@ -9065,16 +9799,19 @@ msgstr "void setspent();"
 msgid "void endspent();"
 msgstr "void endspent();"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:69
 msgid "struct spwd *fgetspent(FILE"
 msgstr "struct spwd *fgetspent(FILE"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:70 shadow.3.xml.out:81
 msgid "*fp"
 msgstr "*fp"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:74
 msgid "struct spwd *sgetspent(char"
@@ -9085,11 +9822,13 @@ msgstr "struct spwd *sgetspent(char"
 msgid "*cp"
 msgstr "*cp"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:79
 msgid "int putspent(struct spwd"
 msgstr "int putspent(struct spwd"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:80
 msgid "*p,"
@@ -9098,7 +9837,7 @@ msgstr "*p,"
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:80
 msgid "FILE"
-msgstr "DATEIEN"
+msgstr "DATEI"
 
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:85
@@ -9159,11 +9898,11 @@ msgstr ""
 "      char  *sp_namp; /* Anmeldename des Benutzers */\n"
 "      char  *sp_pwdp; /* verschlüsseltes Passwort */\n"
 "      long int  sp_lstchg; /* letzte Änderung des Passworts */\n"
-"      long int  sp_min; /* Tage, ehe Änderung erlaubt ist */\n"
-"      long int  sp_max; /* Tage, bis Änderung erfolgen muss */\n"
-"      long int  sp_warn; /* Tage für Warnung vor Verfall */\n"
-"      long int  sp_inact; /* Tage, ehe Konto inaktiv wird */\n"
-"      long int  sp_expire; /* Datum, an dem Konto abgeschaltet wird */\n"
+"      long int  sp_min; /* Tage, bis es geändert werden kann */\n"
+"      long int  sp_max; /* Tage, nach welchen es geändert werden muss */\n"
+"      long int  sp_warn; /* Tage mit Warnung vor Ablauf */\n"
+"      long int  sp_inact; /* Tage, nach welchen Konto inaktiv wird */\n"
+"      long int  sp_expire; /* Datum, an dem das Konto erlischt */\n"
 "      unsigned long int  sp_flag; /* reserviert für zukünftigen Gebrauch*/\n"
 "}\n"
 "    "
@@ -9173,28 +9912,33 @@ msgstr ""
 msgid "The meanings of each field are:"
 msgstr "Die Bedeutung dieser Felder ist:"
 
-# SB: Ãœbersetzung von 'null-terminated'?
+# MH according to line above
+# s/user name/login name
+# SB1: Ãœbersetzung von 'null-terminated'?
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:115
 msgid "sp_namp - pointer to null-terminated user name"
-msgstr "sp_namp - Verweis auf Benutzername, der mit einer Null endet"
+msgstr "sp_namp - Verweis auf den Anmeldenamen, mit NULL als Schlusszeichen"
 
+# MH according to line above
+# s/null-terminated password/null-terminated encrypted password
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:118
 msgid "sp_pwdp - pointer to null-terminated password"
-msgstr "sp_pwdp - Verweis auf Passwort, das mit einer Null endet"
+msgstr ""
+"sp_pwdp - Verweis auf verschlüsseltes Passwort, mit NULL als Schlusszeichen"
 
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:121
 msgid "sp_lstchg - days since Jan 1, 1970 password was last changed"
 msgstr ""
-"sp_lstchg - Anzahl der Tage gerechnet ab dem 1. Januar 1970, seitdem das "
-"Passwort das letzte Mal geändert wurde"
+"sp_lstchg - Tag, gezählt ab dem 1. Januar 1970, an dem das Passwort das "
+"letzte Mal geändert wurde"
 
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:124
 msgid "sp_min - days before which password may not be changed"
-msgstr "sp_min - Anzahl der Tage, ehe das Passwort nicht geändert werden darf"
+msgstr "sp_min - Anzahl der Tage, die das Passwort nicht geändert werden darf"
 
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:127
@@ -9207,8 +9951,8 @@ msgid ""
 "sp_warn - days before password is to expire that user is warned of pending "
 "password expiration"
 msgstr ""
-"sp_warn - Anzahl der Tage ehe das Passwort verfällt, an denen der Benutzer "
-"vor dem Verfall gewarnt wird"
+"sp_warn - Anzahl der Tage vor dem Ablaufen des Passworts, an welchen der "
+"Benutzer eine entsprechende Warnung erhält"
 
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:135
@@ -9216,15 +9960,15 @@ msgid ""
 "sp_inact - days after password expires that account is considered inactive "
 "and disabled"
 msgstr ""
-"sp_inact - Anzahl der Tage nach dem Verfall des Passworts, nach denen das "
-"Konto als inaktiv angesehen und abgeschaltet wird"
+"sp_inact - Anzahl der Tage nach Ablauf des Passworts, nach denen der "
+"Benutzer als inaktiv angesehen wird und den Zugriff auf das Konto verliert"
 
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:140
 msgid "sp_expire - days since Jan 1, 1970 when account will be disabled"
 msgstr ""
-"sp_expire - Anzahl Tage gerechnet ab dem 1. Januar 1970, für die das Konto "
-"abgeschaltet ist"
+"sp_expire - Tage, gezählt ab dem 1. Januar 1970, an dem das Konto erlöschen "
+"soll"
 
 #. (itstool) path: listitem/para
 #: shadow.3.xml.out:143
@@ -9266,6 +10010,7 @@ msgstr "getspnam"
 msgid "struct spwd"
 msgstr "struct spwd *getspent();"
 
+# MH use &nbsp; to join with the next string?
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:161
 #, fuzzy
@@ -9298,15 +10043,15 @@ msgid ""
 msgstr ""
 "<emphasis>getspent</emphasis>, <emphasis>getspname</emphasis>, "
 "<emphasis>fgetspent</emphasis> und <emphasis>sgetspent</emphasis> geben "
-"einen Verweis auf <emphasis>struct spwd</emphasis> zurück. "
+"einen Zeiger auf <emphasis>struct spwd</emphasis> zurück. "
 "<emphasis>getspent</emphasis> gibt den nächsten Eintrag der Datei zurück. "
 "<emphasis>fgetspent</emphasis> gibt den nächsten Eintrag im angegebenen "
 "Datenstrom zurück, für den angenommen wird, dass es sich dabei um eine Datei "
-"im zulässigen Format handelt. <emphasis>sgetspent</emphasis> gibt einen "
-"Verweis auf einen <emphasis>struct spwd</emphasis> zurück, wobei die "
-"angegebene Zeichenkette als Eingabe verwendet wird. <emphasis>getspnam</"
-"emphasis> sucht ab der aktuellen Position in der Datei nach einem Eintrag, "
-"der mit <emphasis>name</emphasis> übereinstimmt."
+"im zulässigen Format handelt. Mit der angegebenen Zeichenkette als Eingabe "
+"liefert <emphasis>sgetspent</emphasis> einen Zeiger auf ein Objekt vom Typ "
+"<emphasis>struct spwd</emphasis>. <emphasis>getspnam</emphasis> sucht ab der "
+"aktuellen Position in der Datei nach einem Eintrag, der mit <emphasis>name</"
+"emphasis> übereinstimmt."
 
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:165
@@ -9332,9 +10077,8 @@ msgid ""
 "<_:emphasis-1/> and <_:emphasis-2/> may be used to begin and end, "
 "respectively, access to the shadow password file."
 msgstr ""
-"<emphasis>setspent</emphasis> und <emphasis>endspent</emphasis> können "
-"verwendet werden, um den Zugriff auf die Shadow-Passwort-Datei zu beginnen "
-"oder zu beenden."
+"Der Zugriff auf die geschützte Passwortdatei kann mit <emphasis>setspent</"
+"emphasis> begonnen und mit <emphasis>endspent</emphasis> beendet werden."
 
 #. (itstool) path: para/emphasis
 #: shadow.3.xml.out:171 shadow.3.xml.out:173 shadow.3.xml.out:178
@@ -9383,14 +10127,14 @@ msgid ""
 "returned."
 msgstr ""
 "Die Routinen <emphasis>lckpwdf</emphasis> und <emphasis>ulckpwdf</emphasis> "
-"sollten eingesetzt werden, da so sichergestellt werden kann, dass exlusiv "
-"auf die Datei <filename>/etc/shadow</filename> zugegriffen wird. "
-"<emphasis>lckpwdf</emphasis> versucht, eine Sperre durch <emphasis>pw_lock</"
-"emphasis> für bis zu 15 Sekunden zu erhalten. Dann versucht es, eine zweite "
-"Sperre durch <emphasis>spw_lock</emphasis> für den Rest der 15 Sekunden zu "
-"erhalten. Sollte einer der beiden Versuche nach insgesamt 15 Sekunden "
-"scheitern, gibt <emphasis>lckpwdf</emphasis> -1 zurück. Wurden beide Sperren "
-"erhalten, wird 0 zurückgegeben."
+"sollten eingesetzt werden, um sicherzustellen, dass exklusiv auf die Datei "
+"<filename>/etc/shadow</filename> zugegriffen wird. <emphasis>lckpwdf</"
+"emphasis> versucht, eine Sperre durch <emphasis>pw_lock</emphasis> für bis "
+"zu 15 Sekunden zu erhalten. Dann versucht es, eine zweite Sperre durch "
+"<emphasis>spw_lock</emphasis> für den Rest der 15 Sekunden zu erhalten. "
+"Sollte einer der beiden Versuche nach Verstreichen der 15 Sekunden "
+"scheitern, gibt <emphasis>lckpwdf</emphasis> -1 zurück. Sind beide Sperren "
+"erlangt worden, wird 0 zurückgegeben."
 
 #. (itstool) path: refsect1/title
 #: shadow.3.xml.out:184 suauth.5.xml.out:189
@@ -9425,8 +10169,8 @@ msgid ""
 "These routines may only be used by the superuser as access to the shadow "
 "password file is restricted."
 msgstr ""
-"Diese Routinen können nur von Root verwendet werden, da der Zugriff auf die "
-"Shadow-Passwort-Datei beschränkt ist."
+"Nur der Systemadministrator kann diese Routinen verwenden, da der Zugriff "
+"auf die geschützte Passwortdatei beschränkt ist."
 
 #. (itstool) path: citerefentry/refentrytitle
 #: shadow.3.xml.out:217
@@ -9436,7 +10180,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refpurpose
 #: shadow.5.xml.out:41
 msgid "shadowed password file"
-msgstr "Shadow-Passwortdatei"
+msgstr "geschützte Passwortdatei"
 
 #. (itstool) path: refsect1/para
 #: shadow.5.xml.out:46
@@ -9448,9 +10192,9 @@ msgid ""
 "<_:filename-1/> is a file which contains the password information for the "
 "system's accounts and optional aging information."
 msgstr ""
-"<filename>shadow</filename> ist eine Datei, welche die  "
-"Passwortinformationen für die Konten des Systems und fakultativ "
-"Informationen zum Verfall der Passwörter enthält."
+"Die Datei <filename>shadow</filename> enthält Passwortinformationen für die "
+"Konten auf dem System und optional zeitliche Vorgaben zur Verwendung "
+"beziehungsweise Aktualisierung von Passwörtern und Benutzerkonten."
 
 #. (itstool) path: refsect1/para
 #: shadow.5.xml.out:57
@@ -9465,13 +10209,16 @@ msgstr ""
 "Jede Zeile dieser Datei enthält folgende neun Felder, die durch Doppelpunkt "
 "(<quote>:</quote>) getrennt werden:"
 
+# MH75: bad english "which exists on the system"
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:66
 msgid "It must be a valid account name, which exist on the system."
 msgstr ""
-"Dabei muss es sich um eine gültigen Kontonamen handeln, der auf dem System "
+"Dabei muss es sich um einen gültigen Kontonamen handeln, der auf dem System "
 "existiert."
 
+# MH76 these application do not work presumbly. Or is it really their job to provide access?
+# MH77 s/as the specified login name/as the specified user
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:74
 #, fuzzy
@@ -9487,9 +10234,9 @@ msgid ""
 "the password field is empty."
 msgstr ""
 "Dieses Feld kann leer bleiben. In diesem Fall kann sich der angegebene "
-"Benutzer ohne Passwort anmelden. Möglicherweise verweigern Anwendungen, "
-"welche die Datei <filename>/etc/shadow</filename> auswerten, dennoch den "
-"Zugang, wenn das Passwortfeld leer ist."
+"Benutzer ohne Passwort anmelden. Allerdings können dann gewisse Anwendungen, "
+"welche die Datei <filename>/etc/shadow</filename> auswerten, nicht "
+"verwendbar sein."
 
 #. (itstool) path: term/emphasis
 #: shadow.5.xml.out:103
@@ -9506,15 +10253,11 @@ msgid ""
 "The date of the last password change, expressed as the number of days since "
 "Jan 1, 1970 00:00 UTC."
 msgstr ""
-"Das Datum, als das Passwort das letzte Mal geändert wurde, wird als Anzahl "
-"der Tage seit dem 1. Januar 1970 ausgedrückt."
+"Das Datum der letzten Passwortänderung; ausgedrückt als Anzahl von Tagen "
+"seit dem 1. Januar 1970."
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:110
-#, fuzzy
-#| msgid ""
-#| "The value 0 has a special meaning, which is that the user should change "
-#| "her pasword the next time she will log in the system."
 msgid ""
 "The value 0 has a special meaning, which is that the user should change her "
 "password the next time she will log in the system."
@@ -9525,13 +10268,14 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:115
 msgid "An empty field means that password aging features are disabled."
-msgstr ""
-"Ein leeres Feld bedeutet, dass das Altern des Passworts abgeschaltet ist."
+msgstr "Ein leeres Feld bedeutet, dass das Passwort nicht ablaufen soll."
 
+# MH78 this is no minimum age but a number of days to stick to a password
+# s/minimum password age/minimal password usage
 #. (itstool) path: term/emphasis
 #: shadow.5.xml.out:122
 msgid "minimum password age"
-msgstr "Mindestalter des Passworts"
+msgstr "Mindestverwendungsdauer des Passworts"
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:124
@@ -9539,9 +10283,11 @@ msgid ""
 "The minimum password age is the number of days the user will have to wait "
 "before she will be allowed to change her password again."
 msgstr ""
-"Das Mindestalter des Passworts ist die Anzahl von Tagen, die ein Benutzer "
-"warten muss, bevor er sein Passwort wieder ändern darf."
+"Diese Mindestdauer ist die Anzahl von Tagen, die ein Benutzer oder eine "
+"Benutzerin warten muss, bis eine Passwortänderung erlaubt ist."
 
+# MH79 Bad english: we deal with a minimal usage time for a password, not with
+# a lower limit for the age of a password
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:129
 #, fuzzy
@@ -9549,13 +10295,13 @@ msgstr ""
 #| "An empty field and value 0 mean that there are no minimum password age."
 msgid "An empty field and value 0 mean that there is no minimum password age."
 msgstr ""
-"Eine leeres Feld oder der Wert 0 bedeuten, dass es kein Mindestalter eines "
-"Passworts gibt."
+"Eine leeres Feld oder der Wert 0 bedeuten, dass es keine "
+"Mindestverwendungsdauer für das Passwort gibt."
 
 #. (itstool) path: term/emphasis
 #: shadow.5.xml.out:136
 msgid "maximum password age"
-msgstr "Höchstalter des Passworts"
+msgstr "Höchstverwendungsdauer des Passworts"
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:138
@@ -9563,8 +10309,8 @@ msgid ""
 "The maximum password age is the number of days after which the user will "
 "have to change her password."
 msgstr ""
-"Das Höchstalter des Passworts ist die Anzahl von Tagen, nach welcher der "
-"Benutzer sein Passwort ändern muss."
+"Diese Höchstdauer ist die Anzahl von Tagen, nach welcher der Benutzer sein "
+"Passwort ändern muss."
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:142
@@ -9572,18 +10318,21 @@ msgid ""
 "After this number of days is elapsed, the password may still be valid. The "
 "user should be asked to change her password the next time she will log in."
 msgstr ""
-"Auch nach Ablauf dieser Anzahl von Tagen bleibt das Passwort gültig. Der "
-"Benutzer wird bei der nächsten Anmeldung aufgefordert, sein Passwort zu "
-"ändern."
+"Auch nach Ablauf dieser Anzahl von Tagen gilt das Passwort. Der Benutzer "
+"wird jedoch bei der nächsten Anmeldung aufgefordert, sein Passwort zu ändern."
 
+# MH80: Wenn das Passwort unbegrenzt gilt, sind Vorwarnung und Inaktivität obsolet.
+# Soll deren Erwähnung zum Ausdruck bringen, dass Werte in diesen Feldern
+# nicht zum Tragen kommen, selbst wenn entsprechende Werte vorhanden sind?
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:147
 msgid ""
 "An empty field means that there are no maximum password age, no password "
 "warning period, and no password inactivity period (see below)."
 msgstr ""
-"Ein leeres Feld bedeutet, dass es kein Höchstalter für das Passwort, keine "
-"Vorwarnung und keine Dauer der Untätigkeit (siehe unten) gibt."
+"Ein leeres Feld bedeutet, dass das Passwort unbefristet gilt und weder eine "
+"Vorwarnzeit noch eine Karenzzeit für eine verspätete Änderung (siehe unten) "
+"gilt."
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:152
@@ -9591,13 +10340,14 @@ msgid ""
 "If the maximum password age is lower than the minimum password age, the user "
 "cannot change her password."
 msgstr ""
-"Wenn das Höchstalter niedriger als das Mindestalter eines Passworts ist, "
-"kann ein Benutzer sein Passwort nicht ändern."
+"Wenn für die Gültigkeit des Passwortes eine Zahl von Tagen eingetragen ist, "
+"die niedriger ist als die Zahl der Tage bis zur frühestmöglichen Änderung, "
+"kann die Benutzerin oder der Benutzer das Passwort nicht ändern."
 
 #. (itstool) path: term/emphasis
 #: shadow.5.xml.out:160
 msgid "password warning period"
-msgstr "Passwortvorwarndauer"
+msgstr "Vorwarndauer zum Passwortablauf"
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:163
@@ -9605,8 +10355,8 @@ msgid ""
 "The number of days before a password is going to expire (see the maximum "
 "password age above) during which the user should be warned."
 msgstr ""
-"Die Anzahl von Tagen, während welcher der Benutzer vorgewarnt wird, bevor "
-"sein Passwort abläuft (siehe das Höchstalter des Passworts)."
+"Die Zeitspanne in Tagen, in der der Benutzer gewarnt wird, dass sein "
+"Passwort demnächst ungültig wird (siehe Höchstdauer der Passwortverwendung)."
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:168
@@ -9618,8 +10368,13 @@ msgstr ""
 #. (itstool) path: term/emphasis
 #: shadow.5.xml.out:176
 msgid "password inactivity period"
-msgstr "Dauer der fehlenden Verwendung des Passworts"
+msgstr "Karenzzeit nach Passwortablauf"
 
+# MH81 s/"should update her password during the next login"
+# "must update her password during the next login"
+# "is asked to update her password when logging in"
+# MH82: Isn't the password restricted to authenticate the user for
+# a password change, i.e. a regular login is not possible anymore.?
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:179
 msgid ""
@@ -9627,10 +10382,13 @@ msgid ""
 "age above) during which the password should still be accepted (and the user "
 "should update her password during the next login)."
 msgstr ""
-"Die Anzahl von Tagen, für die ein Benutzer sein Passwort, nachdem es "
-"abgelaufen ist (vergleiche oben das Höchstalter des Passworts), noch "
-"verwenden kann (und während des nächsten Logins ändern muss)."
+"Die Zeitspanne in Tagen, in der ein abgelaufenes Passwort (vergleiche oben "
+"Höchstdauer der Passwortverwendung) noch akzeptiert wird, aber im Zuge der "
+"Anmeldung eine Änderung erwartet wird."
 
+# MH83 bad English Alternative and mungling between EXPIRATION and INACTIVE
+# s/After expiration of the password and this expiration period is elapsed,"
+# /After expiration of the password and this expiration period, "
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:185
 #, fuzzy
@@ -9642,22 +10400,25 @@ msgid ""
 "After expiration of the password and this expiration period is elapsed, no "
 "login is possible for the user. The user should contact her administrator."
 msgstr ""
-"Nachdem das Passwort abgelaufen ist und auch die Dauer der Untätigkeit "
-"verstrichen ist, kann sich der Benutzer mit seinem Passwort nicht mehr "
-"anmelden. Er muss sich dann an den Administrator wenden."
+"Nachdem das Passwort abgelaufen ist und auch die Karenzzeit verstrichen ist, "
+"kann sich der Benutzer mit seinem Passwort nicht mehr anmelden. Er muss sich "
+"dann an den Administrator wenden."
 
+# MH84: Bad english: "No enforcement of an "
+# MH85: The point is that a replacement of the passwort is expected for the given number of days
+# instead of disabling of the account
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:190
 msgid ""
 "An empty field means that there are no enforcement of an inactivity period."
 msgstr ""
-"Ein leeres Feld bedeutet, dass es keine Höchstdauer zwischen Ablauf des "
-"Passworts und erneuter Anmeldung des Benutzers gibt."
+"Ein leeres Feld bedeutet, dass keine Karenzzeit gewährt wird, innerhalb der "
+"ein abgelaufenes Passworts noch ersetzt werden kann."
 
 #. (itstool) path: term/emphasis
 #: shadow.5.xml.out:198
 msgid "account expiration date"
-msgstr "Datum des Verfalls des Kontos"
+msgstr "Verfallstag des Kontos"
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:201
@@ -9669,31 +10430,24 @@ msgid ""
 "The date of expiration of the account, expressed as the number of days since "
 "Jan 1, 1970 00:00 UTC."
 msgstr ""
-"Das Datum, an dem das Konto verfällt, wird als Anzahl der Tage seit dem 1. "
-"Januar 1970 ausgedrückt."
+"Das Datum, an dem das Konto verfällt, angegeben als Anzahl von Tagen seit "
+"dem 1. Januar 1970."
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:205
-#, fuzzy
-#| msgid ""
-#| "Note that an account expiration differs from a password expiration. In "
-#| "case of an acount expiration, the user shall not be allowed to login. In "
-#| "case of a password expiration, the user is not allowed to login using her "
-#| "password."
 msgid ""
 "Note that an account expiration differs from a password expiration. In case "
 "of an account expiration, the user shall not be allowed to login. In case of "
 "a password expiration, the user is not allowed to login using her password."
 msgstr ""
-"Beachten Sie, dass der Verfall eines Kontos sich von dem Ablaufen eines "
-"Passworts unterscheidet. Im ersteren Fall kann sich der Benutzer nicht mehr "
-"anmelden. Im letzteren Fall kann sich der Benutzer nur nicht mehr mit seinem "
-"(alten) Passwort anmelden."
+"Beachten Sie, dass der Verfall des Kontos und der Ablauf eines Passworts "
+"zweierlei sind. Im ersteren Fall kann sich die Benutzerin bzw. der Benutzer "
+"nicht mehr anmelden. Im letzteren Fall wird das Passwort abgelehnt."
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:211
 msgid "An empty field means that the account will never expire."
-msgstr "Ein leeres Feld bedeutet, dass das Konto nicht verfallen wird."
+msgstr "Ein leeres Feld bedeutet, dass das Konto unbefristet verwendbar ist."
 
 #. (itstool) path: listitem/para
 #: shadow.5.xml.out:214
@@ -9702,8 +10456,8 @@ msgid ""
 "with no expiration, or as an expiration on Jan 1, 1970."
 msgstr ""
 "Der Wert 0 sollte nicht verwendet werden, weil er sowohl bedeuten kann, dass "
-"das Konto nicht verfällt als auch, dass das Konto bereits am 1. Januar 1970 "
-"verfallen ist."
+"das Konto nicht erlischt, als auch, dass das Konto bereits am 1. Januar 1970 "
+"erloschen ist."
 
 #. (itstool) path: term/emphasis
 #: shadow.5.xml.out:222
@@ -9725,10 +10479,11 @@ msgstr "/etc/shadow-"
 msgid "Backup file for /etc/shadow."
 msgstr "Sicherungskopie von /etc/shadow"
 
+# MH74: bad english: "as different group ID"
 #. (itstool) path: refnamediv/refpurpose
 #: sg.1.xml.out:42
 msgid "execute command as different group ID"
-msgstr "führt einen Befehl unter einer anderen Gruppen-ID aus"
+msgstr "führt einen Befehl unter einer anderen Gruppenkennung aus"
 
 #. (itstool) path: cmdsynopsis/arg
 #: sg.1.xml.out:49
@@ -9761,9 +10516,9 @@ msgid ""
 "doesn't happen with <_:command-9/>, so upon exit from a <_:command-10/> "
 "command you are returned to your previous group ID."
 msgstr ""
-"Der Befehl <command>sg</command> funktioniert so ähnlich wie der Befehl "
-"<command>newgrp</command>, übernimmt aber auch einen Befehl. Dieser Befehl "
-"wird in der Shell <filename>/bin/sh</filename> ausgeführt. Bei den meisten "
+"Der Befehl <command>sg</command> arbeitet so ähnlich wie <command>newgrp</"
+"command> und nimmt darüber hinaus auch einen Befehl an. Dieser Befehl wird "
+"in der Shell <filename>/bin/sh</filename> ausgeführt. Bei den meisten "
 "Shells, in denen Sie <command>sg</command> ausführen, müssen Sie die "
 "Befehle, die aus mehrere Wörtern bestehen, in Anführungszeichen einfassen. "
 "Ein weiterer Unterschied zwischen <command>newgrp</command> und <command>sg</"
@@ -9771,27 +10526,32 @@ msgstr ""
 "behandeln: sie ersetzen sich mit einer neuen Instanz der Shell, die von "
 "<command>newgrp</command> erzeugt wurde. Dies geschieht nicht mit "
 "<command>sg</command>, daher werden Sie nach Beenden des Befehls "
-"<command>sg</command> zu Ihrer vorherigen Gruppen-ID zurückkehren."
+"<command>sg</command> zu Ihrer vorherigen Gruppenkennung zurückkehren."
 
 #. (itstool) path: refnamediv/refpurpose
 #: su.1.xml.out:58
 msgid "change user ID or become superuser"
-msgstr "ändert die Benutzer-ID oder wechselt zu Root"
+msgstr ""
+"wechseln in die Identität des Systemadministrators oder die eines anderen "
+"Benutzers"
 
 #. (itstool) path: arg/replaceable
 #: su.1.xml.out:72
 msgid "args"
-msgstr ""
+msgstr "Argumente"
 
+# MH username presumably shall not appear as option but as replaceable,
+# thus change xml-markup
 #. (itstool) path: refsect1/para
 #: su.1.xml.out:80
 #, fuzzy
 #| msgid ""
 #| "The <command>su</command> command is used to become another user during a "
 #| "login session. Invoked without a <option>username</option>, <command>su</"
-#| "command> defaults to becoming the superuser. The optional argument "
-#| "<option>-</option> may be used to provide an environment similar to what "
-#| "the user would expect had the user logged in directly."
+#| "command> defaults to becoming the superuser. The <option>-</option> "
+#| "option may be used to provide an environment similar to what the user "
+#| "would expect had the user logged in directly. The <option>-c</option> "
+#| "option may be used to treat the next argument as a command by most shells."
 msgid ""
 "The <_:command-1/> command is used to become another user during a login "
 "session. Invoked without a <_:option-2/>, <_:command-3/> defaults to "
@@ -9802,10 +10562,12 @@ msgid ""
 msgstr ""
 "Der Befehl <command>su</command> dient dazu, während einer Sitzung ein "
 "anderer Benutzer zu werden. Wenn <command>su</command> ohne "
-"<option>username</option> aufgerufen wird, wechselt es standardmäßig zu "
-"Root. Zusätzlich kann das Argument <option>-</option> angegeben werden. "
-"Damit wird eine Umgebung zur Verfügung gestellt, die der entspricht, die der "
-"Benutzer nach einer direkten Anmeldung erwartet."
+"<replaceable>Anmeldename</replaceable> aufgerufen wird, wird standardmäßig "
+"die Rolle des Systemadministrators übertragen. Zusätzlich kann das Argument "
+"<option>-</option> angegeben werden. Damit wird eine Umgebung "
+"bereitgestellt, die der entspricht, die der Benutzer nach einer direkten "
+"Anmeldung erwarten würde. Mit der Option <option>-c</option> behandeln die "
+"meisten Shells das nächste Argument als Befehl."
 
 #. (itstool) path: para/option
 #: su.1.xml.out:92 su.1.xml.out:94
@@ -9814,15 +10576,36 @@ msgstr ""
 msgid "--"
 msgstr "-"
 
+# MH64 perphaps mention, that after »--« options are regarded a options for
+# the shell command. The first phrase says almost nothing and should
+# be replaced by one that remarks the problem of distinguish between
+# options for su and options for a the subordinate user shell
+# "Sie können das Argument <option>--</option> verwenden, um Optionen für "
+# "<command>su</command> von Argumenten für die Shell zu trennen."
+# MH username presumably shall not appear as option but as replaceable,
+# thus change xml-markup
 #. (itstool) path: refsect1/para
 #: su.1.xml.out:90
+#, fuzzy
+#| msgid ""
+#| "Options are recognized everywhere in the argument list. You can use the "
+#| "<option>--</option> argument to stop option parsing. The <option>-</"
+#| "option> option is special: it is also recognized after <option>--</"
+#| "option>, but has to be placed before <option>username</option>."
 msgid ""
 "Options are recognized everywhere in the argument list. You can use the <_:"
 "option-1/> argument to stop option parsing. The <_:option-2/> option is "
 "special: it is also recognized after <_:option-3/>, but has to be placed "
 "before <_:option-4/>."
 msgstr ""
+"Optionen werden überall in der Reihe von Argumenten erkannt. Mit dem "
+"Argument <option>--</option> signalisieren Sie, dass die Optionen nun "
+"vollständig sind. Die Option <option>-</option> ist insofern speziell, als "
+"sie der Option <option>--</option> folgen kann, aber vor "
+"<replaceable>Anmeldename</replaceable> platziert werden muss."
 
+# FIXME2 The user won't be always prompted for a password, see NOPASS in suauth.
+# s/The user will be prompted for /In general, the user will be prompted for a password
 #. (itstool) path: refsect1/para
 #: su.1.xml.out:98
 msgid ""
@@ -9831,9 +10614,9 @@ msgid ""
 "logged to detect abuse of the system."
 msgstr ""
 "Der Benutzer wird gegebenenfalls nach einem Passwort gefragt. Ungültige "
-"Passworteingaben werden eine Fehlermeldung erzeugen. Sowohl erfolgreiche als "
-"auch misslungene Versuche werden protokolliert, um Missbrauch des Systems zu "
-"entdecken."
+"Passwörter lösen eine Fehlermeldung aus. Als Schutz gegen einen Missbrauch "
+"des Systems werden sowohl erfolgreiche als auch misslungene Versuche "
+"protokolliert."
 
 #. (itstool) path: para/filename
 #: su.1.xml.out:105
@@ -9875,10 +10658,10 @@ msgid ""
 msgstr ""
 "Die aktuelle Umgebung wird an die neue Shell übergeben. Der Wert von "
 "<envar>$PATH</envar> wird für normale Benutzer auf <filename>/bin:/usr/bin</"
-"filename> gesetzt, für Root auf <filename>/sbin:/bin:/usr/sbin:/usr/bin</"
-"filename>. Dieses Verhalten kann durch die Definition von <option>ENV_PATH</"
-"option> und <option>ENV_SUPATH</option> in <filename>/etc/login.defs</"
-"filename> geändert werden."
+"filename> gesetzt, für den Systemdministrator auf <filename>/sbin:/bin:/usr/"
+"sbin:/usr/bin</filename>. Dieses Verhalten kann durch die Definition von "
+"<envar>ENV_PATH</envar> und <envar>ENV_SUPATH</envar> in <filename>/etc/"
+"login.defs</filename> geändert werden."
 
 #. (itstool) path: term/option
 #: su.1.xml.out:126
@@ -9890,6 +10673,8 @@ msgstr ""
 msgid "COMMAND"
 msgstr ""
 
+# MH66: besser: asks the shell to invoke <replaceable>COMMAND</replaceable>
+# for the new user
 #. (itstool) path: listitem/para
 #: su.1.xml.out:129
 #, fuzzy
@@ -9899,23 +10684,18 @@ msgstr ""
 msgid ""
 "Specify a command that will be invoked by the shell using its <_:option-1/>."
 msgstr ""
-"gibt einen Befehl an, der von der Shell mittels ihrer Option <option>-c</"
-"option> ausgeführt wird"
+"übergibt der Shell den <replaceable>BEFEHL</replaceable>, welchen sie "
+"mittels ihrer Option <option>-c</option> ausführt."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:133
-#, fuzzy
-#| msgid ""
-#| "The executed command will have no controlling terminal. This option "
-#| "cannot be used to execute interractive programs which need a controlling "
-#| "TTY."
 msgid ""
 "The executed command will have no controlling terminal. This option cannot "
 "be used to execute interactive programs which need a controlling TTY."
 msgstr ""
-"Der ausgeführte Befehl hat kein ihn steuerndes Terminal. Mit dieser Option "
-"können keine interaktiven Programme, die ein sie steuerndes TTY benötigen, "
-"ausgeführt werden."
+"Der Befehl wird ohne ein ihm zugeordnetes Terminal ausgeführt. Daher eignet "
+"sich diese Option nicht für interaktive Programme, deren Bedienung über ein "
+"Terminalfenster (TTY) erfolgt."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
@@ -9939,35 +10719,41 @@ msgid ""
 "Provide an environment similar to what the user would expect had the user "
 "logged in directly."
 msgstr ""
-"Eine Umgebung wird zur Verfügung gestellt, die der entspricht, die der "
-"Benutzer nach einer direkten Anmeldung erwartet."
+"stellt eine Umgebung zur Verfügung, die jener entspricht, die der Benutzer "
+"erwarten würde, wenn er sich direkt anmeldete."
 
+# MH username is not an option but a replaceable here; fix xml-tagging here
 #. (itstool) path: listitem/para
 #: su.1.xml.out:151
 #, fuzzy
 #| msgid ""
-#| "When <option>-</option> is used, it must be specified as the last "
-#| "<command>su</command> option. The other forms (<option>-l</option> and "
-#| "<option>--login</option>) do not have this restriction."
+#| "When <option>-</option> is used, it must be specified before any "
+#| "<option>username</option>. For portability it is recommended to use it as "
+#| "last option, before any <option>username</option>. The other forms "
+#| "(<option>-l</option> and <option>--login</option>) do not have this "
+#| "restriction."
 msgid ""
 "When <_:option-1/> is used, it must be specified before any <_:option-2/>. "
 "For portability it is recommended to use it as last option, before any <_:"
 "option-3/>. The other forms (<_:option-4/> and <_:option-5/>) do not have "
 "this restriction."
 msgstr ""
-"Wenn <option>-</option> verwendet wird, muss es als die letzte Option von "
-"<command>su</command> angegeben werden. Die übrigen Formen ((<option>-l</"
-"option> und <option>--login</option>) unterliegen nicht dieser Beschränkung."
+"Wenn <option>-</option> verwendet wird, muss sie immer zuletzt vor "
+"<replaceable>Anmeldename</replaceable> angegeben werden. Wegen Unterschieden "
+"bei den Betriebssystem wird empfohlen, diese Option als letzte vor "
+"<replaceable>Anmeldename</replaceable> einzugeben. Die anderen Formen "
+"((<option>-l</option> und <option>--login</option>) unterliegen dieser "
+"Beschränkung nicht."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:166
 msgid "The shell that will be invoked."
-msgstr "die Shell, die gestartet wird"
+msgstr "gibt die zu startende Shell an."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:174
 msgid "The shell specified with --shell."
-msgstr "die Shell, die mit --shell angegeben wurde"
+msgstr "die Shell, die mit --shell angegeben wurde."
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
@@ -9975,7 +10761,7 @@ msgstr "die Shell, die mit --shell angegeben wurde"
 #, fuzzy
 #| msgid "Preserve environment."
 msgid "--preserve-environment"
-msgstr "behält die Umgebungseinstellungen bei"
+msgstr "behält die Umgebung bei."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:177
@@ -9990,7 +10776,6 @@ msgstr ""
 "Falls <option>--preserve-environment</option> verwendet wird, die Shell, die "
 "durch die Umgebungsvariable <envar>$SHELL</envar> festgelegt wird."
 
-# SB: Bessere Ãœbersetzung als 'Zielbenutzer'?
 #. (itstool) path: listitem/para
 #: su.1.xml.out:184
 #, fuzzy
@@ -9999,8 +10784,8 @@ msgstr ""
 #| "target user."
 msgid "The shell indicated in the <_:filename-1/> entry for the target user."
 msgstr ""
-"die Shell, die in <filename>/etc/passwd</filename> für den Zielbenutzer "
-"angegeben ist"
+"Die Shell, die in <filename>/etc/passwd</filename> der Zielidentität "
+"zugeordnet ist."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:190
@@ -10010,8 +10795,8 @@ msgstr ""
 #| "method."
 msgid "<_:filename-1/> if a shell could not be found by any above method."
 msgstr ""
-"<filename>/bin/sh</filename>, falls durch die obigen Methoden keine Shell "
-"gefunden werden kann"
+"<filename>/bin/sh</filename>, falls keines obiger Kriterien anwendbar ist "
+"und eine Shell spezifiziert."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:167
@@ -10023,10 +10808,9 @@ msgid ""
 "The invoked shell is chosen from (highest priority first): <_:variablelist-1/"
 ">"
 msgstr ""
-"Die aufgerufene Shell wird bestimmt durch (höchste Priorität zuerst): "
+"Die aufzurufende Shell wird bestimmt durch (höchste Priorität zuerst): "
 "<placeholder-1/>"
 
-# SB: Bessere Ãœbersetzung als 'Zielbenutzer'?
 #. (itstool) path: listitem/para
 #: su.1.xml.out:195
 #, fuzzy
@@ -10042,11 +10826,12 @@ msgid ""
 "<_:option-3/> option or the <_:envar-4/> environment variable won't be taken "
 "into account, unless <_:command-5/> is called by root."
 msgstr ""
-"Falls der Zielbenutzer eine beschränkte Shell hat (d.h. das Feld für die "
-"Shell im Eintrag des Benutzers in <filename>/etc/passwd</filename> ist nicht "
-"in <filename>/etc/shells</filename>) aufgeführt), werden die Option "
+"Falls für die Zielidentität eine beschränkte Shell vorgesehen ist (d.h. "
+"<filename>/etc/shells</filename> enthält die in <filename>/etc/passwd</"
+"filename> für den Benutzer angegebene Shell nicht), werden die Option "
 "<option>--shell</option> und die Umgebungsvariable <envar>$SHELL</envar> "
-"nicht beachtet, sofern <command>su</command> nicht von Root aufgerufen wird."
+"nicht beachtet. Dies gilt nicht, wenn <command>su</command> vom "
+"Systemadministrator aufgerufen wird."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:217
@@ -10058,9 +10843,9 @@ msgid ""
 "reset according to the <_:filename-1/> options <_:option-2/> or <_:option-3/"
 "> (see below);"
 msgstr ""
-"auf den Ausgangswert entsprechend der Optionen <option>ENV_PATH</option> "
-"oder <option>ENV_SUPATH</option> in <filename>/etc/login.defs</filename> "
-"zurücksetzen (siehe unten);"
+"auf den durch <envar>ENV_PATH</envar> oder <envar>ENV_SUPATH</envar> in "
+"<filename>/etc/login.defs</filename> festgelegten Wert zurücksetzen (siehe "
+"unten)"
 
 #. (itstool) path: term/envar
 #. (itstool) path: para/envar
@@ -10077,7 +10862,7 @@ msgstr "$IFS"
 msgid "&lt;space&gt;&lt;tab&gt;&lt;newline&gt;"
 msgstr ""
 "auf <quote>&lt;space&gt;&lt;tab&gt;&lt;newline&gt;</quote> zurücksetzen, "
-"falls es verändert wurde"
+"falls sie gesetzt war."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:228
@@ -10101,8 +10886,9 @@ msgid ""
 "If the target user has a restricted shell, this option has no effect (unless "
 "<_:command-1/> is called by root)."
 msgstr ""
-"Falls der Zielbenutzer eine beschränkte Shell besitzt, hat diese Option "
-"keinen Effekt (sofern <command>su</command> nicht von Root aufgerufen wird)."
+"Falls für die Zielidentität eine beschränkte Shell vorgesehen ist, ist diese "
+"Option wirkungslos. Dies gilt nicht, wenn <command>su</command> vom "
+"Systemadministrator aufgerufen wird."
 
 #. (itstool) path: para/envar
 #: su.1.xml.out:248
@@ -10135,7 +10921,7 @@ msgid ""
 "variables above."
 msgstr ""
 "Falls nicht <option>--login</option> verwendet wurde, wird die Umgebung mit "
-"der Ausnahme der genannten Variablen kopiert."
+"der Ausnahme der genannten Variablen übernommen."
 
 #. (itstool) path: para/envar
 #: su.1.xml.out:264
@@ -10164,9 +10950,9 @@ msgid ""
 "If <_:option-1/> is used, the <_:envar-2/>, <_:envar-3/>, <_:envar-4/>, and "
 "<_:envar-5/> environment variables are copied if they were set."
 msgstr ""
-"Falls <option>--login</option> verwendet wurde, werden die Variablen "
+"Falls <option>--login</option> verwendet wird, werden die Variablen "
 "<envar>$TERM</envar>, <envar>$COLORTERM</envar>, <envar>$DISPLAY</envar> und "
-"<envar>$XAUTHORITY</envar> übernommen, wenn ihnen ein Wert zugewiesen wurde."
+"<envar>$XAUTHORITY</envar> übernommen, wenn ihnen ein Wert zugewiesen ist."
 
 #. (itstool) path: para/envar
 #: su.1.xml.out:274
@@ -10179,6 +10965,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -10193,7 +10984,7 @@ msgstr ""
 #, fuzzy
 #| msgid "FILE"
 msgid "MAIL_FILE"
-msgstr "DATEIEN"
+msgstr "DATEI"
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:272
@@ -10209,11 +11000,11 @@ msgid ""
 "environment variables are set according to the <_:filename-5/> options <_:"
 "option-6/>, <_:option-7/>, <_:option-8/>, and <_:option-9/> (see below)."
 msgstr ""
-"Falls <option>--login</option> verwendet wurde, werden die "
-"Umgebungsvariablen <envar>$TZ</envar>, <envar>$HZ</envar> und <envar>$MAIL</"
-"envar> auf die in <filename>/etc/login.defs</filename> definierten Optionen "
-"<option>ENV_TZ</option>, <option>ENV_HZ</option>, <option>MAIL_DIR</option> "
-"und <option>MAIL_FILE</option> (siehe unten) gesetzt."
+"Falls <option>--login</option> verwendet wird, werden die Umgebungsvariablen "
+"<envar>$TZ</envar>, <envar>$HZ</envar> und <envar>$MAIL</envar> entsprechend "
+"der Belegungen von <envar>ENV_TZ</envar>, <envar>ENV_HZ</envar>, "
+"<envar>MAIL_DIR</envar> und <envar>MAIL_FILE</envar> in <filename>/etc/login."
+"defs</filename> (siehe unten) gesetzt."
 
 #. (itstool) path: para/option
 #: su.1.xml.out:288
@@ -10233,13 +11024,13 @@ msgid ""
 "option-2/> file (see below)."
 msgstr ""
 "Wenn <option>--login</option> verwendet wird, können andere "
-"Umgebungsvariablen mit der Datei <option>ENVIRON_FILE</option> vergeben "
+"Umgebungsvariablen mit der Datei <envar>ENVIRON_FILE</envar> festgelegt "
 "werden (siehe unten)."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:293
 msgid "Other environments might be set by PAM modules."
-msgstr "Andere Umgebungen können auch durch PAM-Module eingerichtet werden."
+msgstr "Andere Umgebungen können auch durch PAM-Module festgelegt werden."
 
 #. (itstool) path: listitem/para
 #: su.1.xml.out:241
@@ -10251,7 +11042,7 @@ msgid ""
 "Note that the default behavior for the environment is the following: <_:"
 "variablelist-1/>"
 msgstr ""
-"Beachten Sie, dass Folgendes das Standardverhalten für die Umgebung ist: "
+"Beachten Sie folgendes Standardverhalten bezüglich der Umgebung: "
 "<placeholder-1/>"
 
 #. (itstool) path: refsect1/para
@@ -10264,7 +11055,7 @@ msgid ""
 "On success, <_:command-1/> returns the exit value of the command it executed."
 msgstr ""
 "Wenn <command>su</command> erfolgreich ausgeführt wird, gibt es den "
-"Rückgabewert des mit ihm ausgeführten Befehls zurück."
+"Rückgabewert des von ihm ausgeführten Befehls zurück."
 
 #. (itstool) path: refsect1/para
 #: su.1.xml.out:371
@@ -10310,6 +11101,7 @@ msgstr "System- oder Anmeldefehler"
 msgid "126"
 msgstr "126"
 
+# MH Close with full stop
 #. (itstool) path: listitem/para
 #: su.1.xml.out:399
 msgid "The requested command was not found"
@@ -10320,6 +11112,7 @@ msgstr "Der angegebene Befehl konnte nicht gefunden werden."
 msgid "127"
 msgstr "127"
 
+# MH Close with full stop.
 #. (itstool) path: listitem/para
 #: su.1.xml.out:405
 msgid "The requested command could not be executed"
@@ -10351,6 +11144,8 @@ msgstr ""
 "<citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></"
 "citerefentry>."
 
+# ENDE Teil 05 weiter mit suauth
+# BEGINN Teil 06 setzt useradd fort
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #: suauth.5.xml.out:33 suauth.5.xml.out:40
@@ -10360,7 +11155,7 @@ msgstr "suauth"
 #. (itstool) path: refnamediv/refpurpose
 #: suauth.5.xml.out:41
 msgid "detailed su control file"
-msgstr "ausführliche Kontrolldatei für su"
+msgstr "Datei zur detaillierten Steuerung von <command>su</command>"
 
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/filename
@@ -10380,31 +11175,33 @@ msgid ""
 "The file <_:filename-1/> is referenced whenever the su command is called. It "
 "can change the behaviour of the su command, based upon:"
 msgstr ""
-"Wenn der Befehl su aufgerufen wird, wird die Datei <filename>/etc/suauth</"
-"filename> ausgewertet. Dadurch kann das Verhalten des Befehls su verändert "
-"werden. Dies hängt von Folgendem ab:"
+"Wenn der Befehl <command>su</command> aufgerufen wird, wird die Datei "
+"<filename>/etc/suauth</filename> ausgewertet. Dadurch kann das Verhalten des "
+"Befehls <command>su</command> verändert werden. Dies hängt von Folgendem ab:"
 
 #. (itstool) path: refsect1/literallayout
 #: suauth.5.xml.out:59
 #, fuzzy
 #| msgid ""
 #| "\n"
-#| "      1) the user su is targetting\n"
+#| "      1) the user su is targeting\n"
 #| "    "
 msgid "1) the user su is targeting"
 msgstr ""
 "\n"
-"      1) auf welchen Benutzer su gerichtet ist\n"
-"    "
+"      1) die Zielidentität;\n"
+"         welche Identität angenommen werden soll"
 
+# MH56: Second list item need to be formatted properly as the first item
 #. (itstool) path: refsect1/para
 #: suauth.5.xml.out:63
 msgid ""
 "2) the user executing the su command (or any groups he might be a member of)"
 msgstr ""
-"2) dem Benutzer, der su ausführt (oder einer Gruppe, deren Mitglied er ist)"
+"      2) die Herkunftsidentität;\n"
+";         der Benutzer, der su ausführt (oder eine Gruppe, deren Mitglied er "
+"ist)"
 
-# SB: Shouldn't it be ":" at the end?
 #. (itstool) path: refsect1/para
 #: suauth.5.xml.out:68
 msgid ""
@@ -10424,7 +11221,7 @@ msgstr ""
 msgid "to-id:from-id:ACTION"
 msgstr ""
 "\n"
-"      Herkunfts-ID:Ziel-ID:AKTION\n"
+"      Zielidentität:Herkunftsidentität:AKTION\n"
 "    "
 
 #. (itstool) path: para/emphasis
@@ -10444,28 +11241,27 @@ msgid ""
 "delimited by \",\" or the words <_:emphasis-2/> followed by a list of "
 "usernames delimited by \",\"."
 msgstr ""
-"Hierbei kann to-id <emphasis>ALL</emphasis>, eine Aufzählung von "
+"Hierbei kann die Zielidentität <emphasis>ALL</emphasis>, eine Aufzählung von "
 "Benutzernamen, die durch ein »,« getrennt werden, oder <emphasis>ALL EXCEPT</"
-"emphasis>, die von einer Aufzählung von Benutzernamen gefolgt werden, die "
-"durch ein »,« getrennt werden, sein."
+"emphasis>, gefolgt durch eine mit »,« getrennte Aufzählung von Benutzernamen "
+"sein."
 
 #. (itstool) path: para/emphasis
 #: suauth.5.xml.out:85
 msgid "ALL EXCEPT GROUP"
 msgstr ""
 
-# SB: What is the meaning of the last sentence?
 #. (itstool) path: refsect1/para
 #: suauth.5.xml.out:83
 #, fuzzy
 #| msgid ""
 #| "from-id is formatted the same as to-id except the extra word "
-#| "<emphasis>GROUP</emphasis> is recognised. <emphasis>ALL EXCEPT GROUP</"
+#| "<emphasis>GROUP</emphasis> is recognized. <emphasis>ALL EXCEPT GROUP</"
 #| "emphasis> is perfectly valid too. Following <emphasis>GROUP</emphasis> "
 #| "appears one or more group names, delimited by \",\". It is not sufficient "
 #| "to have primary group id of the relevant group, an entry in "
 #| "<citerefentry><refentrytitle>/etc/group</refentrytitle><manvolnum>5</"
-#| "manvolnum></citerefentry> is neccessary."
+#| "manvolnum></citerefentry> is necessary."
 msgid ""
 "from-id is formatted the same as to-id except the extra word <_:emphasis-1/> "
 "is recognized. <_:emphasis-2/> is perfectly valid too. Following <_:"
@@ -10473,18 +11269,19 @@ msgid ""
 "sufficient to have primary group id of the relevant group, an entry in <_:"
 "citerefentry-4/> is necessary."
 msgstr ""
-"from-id hat das gleiche Format wie to-id mit der Ausnahme, dass zusätzlich "
-"<emphasis>GROUP</emphasis> zulässig ist. Auch <emphasis>ALL EXCEPT GROUP</"
-"emphasis> ist zulässig. Nach <emphasis>GROUP</emphasis> werden ein oder "
-"mehrere Gruppennamen aufgeführt, die durch »,« getrennt sind. Die Haupt-ID "
-"einer Gruppe reicht nicht aus, sondern ein Eintrag in "
+"Die Herkunftsidentität wird in der gleichen Form erwartet wie die "
+"Zielidentität; zusätzlich werden die Schlüsselworte <emphasis>GROUP</"
+"emphasis> und <emphasis>ALL EXCEPT GROUP</emphasis> erkannt. Nach "
+"<emphasis>GROUP</emphasis> werden einer oder mehrere, durch »,« getrennte "
+"Gruppennamen aufgeführt. Für <command>su</command> entscheidend ist nicht "
+"die primäre Gruppe des Benutzers, sondern er muss entsprechend "
 "<citerefentry><refentrytitle>/etc/group</refentrytitle><manvolnum>5</"
-"manvolnum></citerefentry> ist notwendig."
+"manvolnum></citerefentry> der Gruppe angehören."
 
 #. (itstool) path: refsect1/para
 #: suauth.5.xml.out:94
 msgid "Action can be one only of the following currently supported options."
-msgstr "Als Aktion können nur die folgenden Optionen angegeben werden."
+msgstr "Nur eine der folgenden Aktionen kann angegeben werden:"
 
 #. (itstool) path: term/emphasis
 #: suauth.5.xml.out:100
@@ -10495,8 +11292,8 @@ msgstr "DENY"
 #: suauth.5.xml.out:103
 msgid "The attempt to su is stopped before a password is even asked for."
 msgstr ""
-"Der Versuch, su auszuführen, wird abgebrochen, ehe nach einem Passwort "
-"gefragt wird."
+"Der Versuch, <command>su</command> auszuführen, wird abgebrochen, ehe nach "
+"einem Passwort gefragt wird."
 
 #. (itstool) path: term/emphasis
 #: suauth.5.xml.out:110
@@ -10508,23 +11305,27 @@ msgstr "NOPASS"
 msgid ""
 "The attempt to su is automatically successful; no password is asked for."
 msgstr ""
-"Der Versuch, su auszuführen, hat automatisch Erfolg. Ein Passwort wird nicht "
-"abgefragt."
+"Der Versuch, <command>su</command> auszuführen, hat automatisch Erfolg. Ein "
+"Passwort wird nicht abgefragt."
 
 #. (itstool) path: term/emphasis
 #: suauth.5.xml.out:121
 msgid "OWNPASS"
 msgstr "OWNPASS"
 
+# MH57: "They" is not correct, needs to be replaced with He. Or, alternative
+# For the su command to be successful, the user is prompted for his own password.
 #. (itstool) path: listitem/para
 #: suauth.5.xml.out:124
 msgid ""
 "For the su command to be successful, the user must enter his or her own "
 "password. They are told this."
 msgstr ""
-"Damit der Befehl su Erfolg hat, muss der Benutzer sein eigenes Passwort "
-"eingeben. Darauf wird er hingewiesen."
+"Damit der Befehl <command>su</command> Erfolg hat, muss der Benutzer sein "
+"eigenes Passwort eingeben. Darauf wird hingewiesen."
 
+# MH58: I do not see the meaning of the attribute "separate", which is
+# implicite to the statement of having a certain number of fields, i.e. three
 #. (itstool) path: refsect1/para
 #: suauth.5.xml.out:132
 msgid ""
@@ -10536,10 +11337,10 @@ msgid ""
 msgstr ""
 "Beachten Sie, dass es sich um drei selbständige Felder handelt, die durch "
 "einen Doppelpunkt getrennt sind. Neben den Doppelpunkten darf sich kein "
-"Leerzeichen befinden. Beachten Sie zudem, dass die Datei von oben nach unten "
-"Zeile für Zeile durchgegangen wird. Die erste Regel, die zutreffend ist, "
-"wird angewendet, ohne dass die Datei weiter ausgewertet wird. Damit kann ein "
-"Systemadministrator eine strenge Kontrolle ausüben."
+"Leerraumzeichen befinden. Beachten Sie zudem, dass die Datei von oben nach "
+"unten Zeile für Zeile durchgegangen wird. Die erste zutreffende Regel wird "
+"angewendet, ohne dass die Datei weiter ausgewertet wird. Dies erlaubt dem "
+"Systemadmistrator oder der Systemadministratorin eine feine Steuerung."
 
 #. (itstool) path: refsect1/title
 #: suauth.5.xml.out:142
@@ -10583,14 +11384,16 @@ msgstr ""
 "\n"
 "      # /etc/suauth-Beispielsdatei\n"
 "      #\n"
-"      # Einige besondere Benutzer dürfen su\n"
-"      # auf Root mit ihrem eigenen Passwort ausführen.\n"
+"      # Einige besondere Benutzer dürfen mit su die\n"
+"      # Rolle des Systemadministrators annehmen und\n"
+"      # müssen dazu ihr eigenes Passwort eingegben.\n"
 "      #\n"
 "      root:chris,birddog:OWNPASS\n"
 "      #\n"
-"      # Alle anderen Benutzer dürfen nicht su auf Root\n"
-"      # ausführen, falls sie nicht in der Gruppe wheel\n"
-"      # sind. Dies wird bei BSD so gehandhabt.\n"
+"      # Keinem Benutzer ist es mit su möglich, \n"
+"      # Systemadministrator zu werden, davon \n"
+"      # ausgenommen sind Mitglieder der Gruppe \n"
+"      # wheel. Dies wird bei BSD so gehandhabt.\n"
 "      #\n"
 "      root:ALL EXCEPT GROUP wheel:DENY\n"
 "      #\n"
@@ -10603,6 +11406,12 @@ msgstr ""
 "      #\n"
 "    "
 
+# MH59: This text does not deal with BUGS. The behavior of the file parser fits to
+# the paragraph "Note that there are.." Without additional information about
+# the meaning of token, the last part "... and a specific token ..." just confuses
+# readers, thus, is to be cancelled.
+# MH60: what does "a specific token delimiting different things" precisely mean?
+# we have three tokens: colon, commas and a space within keywords with EXCEPT.
 #. (itstool) path: refsect1/para
 #: suauth.5.xml.out:180
 msgid ""
@@ -10611,15 +11420,16 @@ msgid ""
 "and end of lines), and a specific token delimiting different things."
 msgstr ""
 "Es gibt zahlreiche Fehlerquellen. Die Auswertung der Datei ist sehr "
-"empfindlich bei Syntaxfehlern, zusätzlichen Leerzeichen (außer am Anfang und "
-"Schluss einer Zeile) und dem besonderen Zeichen, das die verschiedenen "
-"Felder von einander trennt."
+"empfindlich bei Syntaxfehlern, zusätzlichen Leerraumzeichen (außer am Anfang "
+"und am Schluss einer Zeile) und dem speziellen Zeichen, das die "
+"verschiedenen Einheiten voneinander trennt."
 
 #. (itstool) path: citerefentry/refentrytitle
 #: suauth.5.xml.out:192
 msgid "syslogd"
 msgstr ""
 
+# MH61: is man 8 syslogd up to date or has it been replaced by man 8 rsyslogd?
 #. (itstool) path: refsect1/para
 #: suauth.5.xml.out:190
 #, fuzzy
@@ -10633,7 +11443,8 @@ msgid ""
 msgstr ""
 "Fehler beim Auswerten der Datei werden an "
 "<citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</"
-"manvolnum></citerefentry> mit der Stufe ERR an das Gerät AUTH gemeldet."
+"manvolnum></citerefentry> mit der Stufe ERR und AUTH als Ursprung "
+"(»facility«) gemeldet."
 
 #. (itstool) path: refnamediv/refpurpose
 #: useradd.8.xml.out:60
@@ -10646,7 +11457,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -10668,11 +11479,12 @@ msgid ""
 "new user's home directory and copy initial files."
 msgstr ""
 "Wenn der Befehl <command>useradd</command> ohne die Option <option>-D</"
-"option> aufgerufen wird, wird ein neues Benutzerkonto mit den Werten "
-"erstellt, die auf der Befehlszeile angegeben wurden, und den Standardwerten "
-"des Systems. Je nach den Optionen auf der Befehlszeile aktualisiert der "
-"Befehl <command>useradd</command> Systemdateien, erstellt ein Home-"
-"Verzeichnis für den neuen Benutzer und kopiert Dateien."
+"option> aufgerufen wird, wird mit den Standardwerten des Systems "
+"beziehungsweise den auf der Befehlszeile angegeben Werten ein neues "
+"Benutzerkonto erstellt. Den Optionen entsprechend aktualisiert der Befehl "
+"<command>useradd</command> Systemdateien und kann für den neuen Benutzer ein "
+"persönliches Verzeichnis (Home-Verzeichnis) mit einigen Initialisierungs-"
+"Dateien darin erstellen."
 
 #. (itstool) path: refsect1/para
 #: useradd.8.xml.out:94
@@ -10685,19 +11497,19 @@ msgid ""
 "By default, a group will also be created for the new user (see <_:option-1/"
 ">, <_:option-2/>, <_:option-3/>, and <_:option-4/>)."
 msgstr ""
-"Standardmäßig wird auch eine Gruppe für den neuen Benutzer erstellt "
-"(vergleiche <option>-g</option>, <option>-N</option>, <option>-U</option> "
-"und <option>USERGROUPS_ENAB</option>)."
+"Standardmäßig wird auch eine Gruppe für den neuen Benutzer erstellt (siehe "
+"<option>-g</option>, <option>-N</option>, <option>-U</option> und "
+"<option>USERGROUPS_ENAB</option>)."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 msgid "BASE_DIR"
 msgstr ""
 
@@ -10708,6 +11520,8 @@ msgstr ""
 msgid "HOME_DIR"
 msgstr ""
 
+# According to maintainer, the phrase "If the -m option is not ..."
+# is dubious and will be deleted in the next version. SH 2022-01-29
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:121
 #, fuzzy
@@ -10722,26 +11536,25 @@ msgid ""
 "> is not specified. <_:replaceable-3/> is concatenated with the account name "
 "to define the home directory."
 msgstr ""
-"Das standardmäßige Wurzelverzeichnis des Systems, wenn nicht eines mit "
-"<option>-d</option>&nbsp;<replaceable>HOME_VERZ</replaceable> festgelegt "
-"wurde. Der Name des Home-Verzeichnisses besteht aus der Verbindung von "
-"<replaceable>WURZEL_VERZ</replaceable> und dem Kontonamen. Wenn die Option "
-"<option>-m</option> nicht verwendet wird, muss <replaceable>WURZEL_VERZ</"
-"replaceable> existieren."
+"bestimmt das standardmäßige Basisverzeichnis des Systems, wenn nicht mit "
+"<option>-d</option>&nbsp;<replaceable>PERS_VERZ</replaceable> ein "
+"persönliches Verzeichnis angegeben wurde. Der Name des persönlichen "
+"Verzeichnisses besteht aus der Verbindung von <replaceable>BASIS_VERZ</"
+"replaceable> und dem Kontonamen."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -10766,8 +11579,8 @@ msgid ""
 "> by default."
 msgstr ""
 "Falls diese Option nicht angegeben wird, verwendet <command>useradd</"
-"command> das Wurzelverzeichnis, das mit der Variable <option>HOME</option> "
-"in <filename>/etc/default/useradd</filename> festgelegt wurde, anderenfalls "
+"command> das Basisverzeichnis, das mit der Variable <option>HOME</option> in "
+"<filename>/etc/default/useradd</filename> festgelegt wurde, anderenfalls "
 "<filename>/home</filename>."
 
 #. (itstool) path: term/option
@@ -10780,6 +11593,7 @@ msgstr ""
 msgid "COMMENT"
 msgstr ""
 
+# Is to be edited in the next version s/of the login/of the account. SH 2022-01-29
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:142
 #, fuzzy
@@ -10790,15 +11604,17 @@ msgid ""
 "Any text string. It is generally a short description of the account, and is "
 "currently used as the field for the user's full name."
 msgstr ""
-"Eine beliebige Zeichenkette. Dies ist für gewöhnlich eine kurze Beschreibung "
-"des Logins und wird im Moment im Feld für den vollständigen Namen des "
-"Benutzers gespeichert."
+"akzeptiert eine beliebige Zeichenkette, die das Benutzerkonto kurz "
+"beschreibt. Derzeit wird als Feld für den vollständigen Namen des Benutzers "
+"verwendet."
 
 #. (itstool) path: term/option
 #: useradd.8.xml.out:151
 msgid "--home-dir"
 msgstr ""
 
+# s/will not/will
+# An error that has already been removed SH 2022-01-29
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:154
 #, fuzzy
@@ -10816,11 +11632,10 @@ msgid ""
 "directory <_:replaceable-4/> does not exist, then it will be created unless "
 "the <_:option-5/> option is specified."
 msgstr ""
-"Beim Anlegen des neuen Benutzers wird <replaceable>HOME_VERZ</replaceable> "
-"als das Anmeldeverzeichnis des Benutzers verwendet. Um den Namen des "
-"Anmeldeverzeichnisses zu erhalten, wird standardmäßig der "
-"<replaceable>ANMELDE</replaceable>-Name an <replaceable>WURZEL_VERZ</"
-"replaceable> angehängt. Das Verzeichnis <replaceable>HOME_VERZ</replaceable> "
+"definiert <replaceable>PERS_VERZ</replaceable> als persönliches Verzeichnis "
+"für den neuen Benutzer. Standardmäßig wird dafür der "
+"<replaceable>ANMELDENAME</replaceable> an <replaceable>BASIS_VERZ</"
+"replaceable> angehängt. Das Verzeichnis <replaceable>PERS_VERZ</replaceable> "
 "muss nicht vorhanden sein, sondern wird gegebenenfalls angelegt."
 
 #. (itstool) path: term/option
@@ -10838,6 +11653,12 @@ msgstr "Lesen Sie dazu unten den Abschnitt »Die Standardwerte verändern«."
 msgid "YYYY-MM-DD"
 msgstr ""
 
+# MH Integers are directly transferred to the respective field in the shadow password file
+# MH eine Eingabe von 1 wird als ein Tag nach dem 1.1.1970, also 2.1.1970 interpretiert
+#  original string will be changed to SH 2022-02-11. Original mittlerweile 2022-12-28
+# verbessert.
+# MH to be s/will be disabled/will expire
+# Original diesbezueglich noch nicht geändert 2022-12-28
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:182
 #, fuzzy
@@ -10848,11 +11669,11 @@ msgid ""
 "The date on which the user account will be disabled. The date is specified "
 "in the format <_:emphasis-1/>."
 msgstr ""
-"Das Datum, an welchem das Benutzerkonto deaktiviert wird. Das Datum muss im "
-"Format <emphasis remap=\"I\">JJJJ-MM-TT</emphasis> angegeben werden."
+"das Datum, an welchem das Benutzerkonto erlischt. Das Datum muss im Format "
+"<emphasis remap=\"I\">JJJJ-MM-TT</emphasis> angegeben werden."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -10868,10 +11689,10 @@ msgid ""
 "by the <_:option-2/> variable in <_:filename-3/>, or an empty string (no "
 "expiry) by default."
 msgstr ""
-"Falls nicht definiert, verwendet <command>useradd</command> das "
-"Standardverfallsdatum, das mit der Variable <option>EXPIRE</option> in "
-"<filename>/etc/default/useradd</filename> bestimmt wurde, anderenfalls eine "
-"leere Zeichenkette (kein Verfall)."
+"Falls nicht angegeben, verwendet <command>useradd</command> für das  "
+"Erlöschen standardmäßig das Datum, das mit der Variable <option>EXPIRE</"
+"option> in <filename>/etc/default/useradd</filename> hinterlegt ist; "
+"anderenfalls eine leere Zeichenkette (kein Erlöschen)."
 
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:199
@@ -10894,14 +11715,13 @@ msgid ""
 "If not specified, <_:command-1/> will use the default inactivity period "
 "specified by the <_:option-2/> variable in <_:filename-3/>, or -1 by default."
 msgstr ""
-"Falls nicht definiert, verwendet <command>useradd</command> die "
-"Standarddauer der Inaktivität, die mit der Variable <option>INACTIVE</"
-"option> in <filename>/etc/default/useradd</filename> bestimmt wurde, "
-"anderenfalls -1."
+"Falls nicht angegeben, verwendet <command>useradd</command> die mit der "
+"Variable <option>INACTIVE</option> in <filename>/etc/default/useradd</"
+"filename> hinterlegte Standarddauer, anderenfalls -1."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -10929,9 +11749,10 @@ msgid ""
 "The name or the number of the user's primary group. The group name must "
 "exist. A group number must refer to an already existing group."
 msgstr ""
-"Der Name oder die Nummer der anfänglichen Anmeldegruppe des Benutzers. Der "
-"Gruppenname muss existieren. Die Gruppenzahl muss auf eine bereits "
-"vorhandene Gruppe verweisen."
+"definiert den Namen oder die Kennung der primären Gruppe des Benutzers. Der "
+"Gruppenname muss existieren. Falls eine Kennung angegeben wird, muss sie auf "
+"eine bereits vorhandene Gruppe verweisen. Es muss sich um die Kennung einer "
+"bereits vorhandenen Gruppe handeln."
 
 #. (itstool) path: para/option
 #: useradd.8.xml.out:243
@@ -10943,6 +11764,8 @@ msgstr ""
 msgid "-N/--no-user-group"
 msgstr ""
 
+# Is to be edited in the next version
+# s/as her loginname/as her loginname SH 2022-01-30
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:238
 #, fuzzy
@@ -10967,16 +11790,16 @@ msgid ""
 "value specified by the <_:option-8/> variable in <_:filename-9/>, or 1000 by "
 "default."
 msgstr ""
-"Falls nicht definiert, hängt das Verhalten von <command>useradd</command> "
-"von der Variable <option>USERGROUPS_ENAB</option> in <filename>/etc/login."
-"defs</filename> ab. Wenn diese Variable auf <replaceable>yes</replaceable> "
-"gesetzt ist (oder auf der Befehlszeile <option>-U/--user-group</option> "
-"angegeben wurde), wird für den Benutzer eine Gruppe, die auf seinen Namen "
-"lautet, erstellt. Wenn die Variable auf <replaceable>no</replaceable> "
-"gesetzt ist (oder auf der Befehlszeile <option>-N/--no-user-group</option> "
-"angegeben wurde), legt useradd als Hauptgruppe des neuen Benutzers diejenige "
-"fest, die mit der Variable <option>GROUP</option> in <filename>/etc/default/"
-"useradd</filename> definiert wurde, anderenfalls 100."
+"Falls nicht angegeben, hängt das Verhalten von <command>useradd</command> "
+"von <option>USERGROUPS_ENAB</option> in <filename>/etc/login.defs</filename> "
+"ab. Wenn diese Variable auf <replaceable>yes</replaceable> gesetzt ist (oder "
+"auf der Befehlszeile <option>-U/--user-group</option> angegeben wurde), wird "
+"für den Benutzer eine Gruppe mit seinen Namen erstellt. Wenn die Variable "
+"auf <replaceable>no</replaceable> gesetzt ist (oder auf der Befehlszeile "
+"<option>-N/--no-user-group</option> angegeben wurde), legt useradd als "
+"primäre Gruppe des neuen Benutzers diejenige fest, die mit der Variable "
+"<option>GROUP</option> in <filename>/etc/default/useradd</filename> "
+"definiert wurde, anderenfalls den Standardwert 100."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
@@ -10987,6 +11810,8 @@ msgstr ""
 msgid "-G"
 msgstr "-"
 
+# ENDE Teil 26 weiter mit groups.1
+# BEGINN Teil 27 setzt grpck.8 fort
 #. (itstool) path: term/option
 #: useradd.8.xml.out:257 usermod.8.xml.out:199
 #, fuzzy
@@ -11022,6 +11847,13 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GRUPPE"
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
 #, fuzzy
@@ -11036,26 +11868,28 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
-"Eine Liste der zusätzlichen Gruppen, denen der Benutzer ebenfalls angehört. "
-"Die Gruppen sind durch Kommata ohne Leerzeichen voneinander zu trennen. Die "
-"Gruppen unterliegen denselben Beschränkungen wie die Gruppe, die mit der "
-"Option <option>-g</option> bestimmt wurde. Standardmäßig ist der Benutzer "
-"nur Mitglied der Ausgangsgruppe."
+"übergibt eine Liste zusätzlicher Gruppen, denen der Benutzer ebenfalls "
+"angehört. Die Gruppen werden durch Kommas, ohne Leerräume dazwischen, "
+"getrennt. Für die Gruppen gelten die schon bei der Option <option>-g</"
+"option> genannten Anforderungen. Standardmäßig gehört der Benutzer nur der "
+"primären Gruppe an."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "SKEL_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 #, fuzzy
 #| msgid ""
 #| "The skeleton directory, which contains files and directories to be copied "
@@ -11066,18 +11900,18 @@ msgid ""
 "the user's home directory, when the home directory is created by <_:"
 "command-1/>."
 msgstr ""
-"Das Gerüstverzeichnis, das die Dateien und Verzeichnisse enthält, die in das "
-"Home-Verzeichnis des Benutzers kopiert werden, wenn es von <command>useradd</"
-"command> erstellt wird."
+"nennt das Gerüstverzeichnis. Dieses enthält die Dateien und Verzeichnisse, "
+"die in das persönliche Verzeichnis des Benutzers kopiert werden, wenn es von "
+"<command>useradd</command> erstellt wurde."
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 #, fuzzy
 #| msgid ""
 #| "This option is only valid if the <option>-m</option> (or <option>--create-"
@@ -11086,23 +11920,23 @@ msgid ""
 "This option is only valid if the <_:option-1/> (or <_:option-2/>) option is "
 "specified."
 msgstr ""
-"Diese Option ist nur zulässig, wenn auch die Option <option>-m</option> "
-"(oder <option>--create-home</option>) angegeben wird."
+"Diese Option ist nur zusammen mit der Option <option>-m</option> (oder "
+"<option>--create-home</option>) zulässig."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "If this option is not set, the skeleton directory is defined by the "
@@ -11114,27 +11948,27 @@ msgid ""
 msgstr ""
 "Wenn diese Option nicht angegeben wird, wird das Gerüstverzeichnis durch die "
 "Variable <option>SKEL</option> in <filename>/etc/default/useradd</filename> "
-"festgelegt, anderenfalls ist dieses <filename>/etc/skel</filename>."
+"festgelegt. Anderenfalls ist es <filename>/etc/skel</filename>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
-msgstr "Soweit möglich, werden die ACLs und erweiterten Attribute kopiert."
+msgstr "Soweit möglich, werden die ACLs und erweiterte Attribute kopiert."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -11143,36 +11977,36 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
-msgstr "Fügt den Benutzer nicht zu den Datenbanken lastlog und faillog hinzu."
+msgstr ""
+"lässt den Benutzer bei den Aufzeichnungen von "
+"<citerefentry><refentrytitle>lastlog</refentrytitle><manvolnum>8</"
+"manvolnum></citerefentry> und <citerefentry><refentrytitle>faillog</"
+"refentrytitle><manvolnum>8</manvolnum></citerefentry> außen vor."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
-#, fuzzy
-#| msgid ""
-#| "By default, the user's entries in the lastlog and faillog databases are "
-#| "resetted to avoid reusing the entry from a previously deleted user."
+#: useradd.8.xml.out:337
 msgid ""
 "By default, the user's entries in the lastlog and faillog databases are "
 "reset to avoid reusing the entry from a previously deleted user."
 msgstr ""
-"Standardmäßig werden die Benutzereinträge in den Datenbanken lastlog und "
+"Standardmäßig werden die Benutzereinträge in den Datenbanken für lastlog und "
 "faillog zurückgesetzt, um zu vermeiden, dass der Eintrag eines früher "
-"gelöschten Benutzers verwendet wird."
+"gelöschten Benutzers erneut verwendet wird."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -11180,7 +12014,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "Create the user's home directory if it does not exist. The files and "
@@ -11191,18 +12025,17 @@ msgid ""
 "directories contained in the skeleton directory (which can be defined with "
 "the <_:option-1/> option) will be copied to the home directory."
 msgstr ""
-"Erstellt das Home-Verzeichnis des Benutzers, wenn es nicht vorhanden ist. "
-"Die Dateien und Verzeichnisse im Gerüstverzeichnis, das mit der Option "
-"<option>-k</option> festgelegt werden kann, werden in das Home-Verzeichnis "
-"kopiert."
+"erstellt das persönliche Verzeichnis des Benutzers, wenn es nicht vorhanden "
+"ist. Die Dateien und Verzeichnisse im Gerüstverzeichnis, das mit der Option "
+"<option>-k</option> festgelegt werden kann, werden dorthin kopiert."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 #, fuzzy
 #| msgid ""
 #| "By default, if this option is not specified and <option>CREATE_HOME</"
@@ -11212,10 +12045,11 @@ msgid ""
 "enabled, no home directories are created."
 msgstr ""
 "Wenn diese Option nicht angegeben wird und <option>CREATE_HOME</option> "
-"nicht aktiviert wurde, wird standardmäßig kein Home-Verzeichnis erstellt."
+"nicht aktiviert wurde, wird standardmäßig kein persönliches Verzeichnis "
+"erstellt."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -11223,12 +12057,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 #, fuzzy
 #| msgid ""
 #| "Do no create the user's home directory, even if the system wide setting "
@@ -11238,17 +12072,17 @@ msgid ""
 "Do not create the user's home directory, even if the system wide setting "
 "from <_:filename-1/> (<_:option-2/>) is set to <_:replaceable-3/>."
 msgstr ""
-"Erstellt nicht das Home-Verzeichnis des Benutzers, selbst wenn die "
+"verhindert die Erstellung des persönliches Verzeichnisses, selbst wenn die "
 "systemweite Option <option>CREATE_HOME</option> in <filename>/etc/login."
 "defs</filename> auf <replaceable>yes</replaceable> gesetzt ist."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 #, fuzzy
 #| msgid ""
 #| "Do not create a group with the same name as the user, but add the user to "
@@ -11260,23 +12094,27 @@ msgid ""
 "the group specified by the <_:option-1/> option or by the <_:option-2/> "
 "variable in <_:filename-3/>."
 msgstr ""
-"Erstellt keine Gruppe mit dem gleichen Namen wie der Benutzer, aber fügt ihn "
-"der Gruppe hinzu, die mit der Option <option>-g</option> oder mit der "
+"verhindert die Erstellung einer Gruppe mit dem Namen des Benutzers, fügt ihn "
+"aber der Gruppe hinzu, die mit der Option <option>-g</option> oder mit der "
 "Variable <option>GROUP</option> in <filename>/etc/default/useradd</filename> "
 "angegeben wurde."
 
+# Original explanation is not clear. There is still one UID, but the mapping
+# towards a login names is not unique anymore. In this way, this option makes
+# sense as the second and more login names become kind of aliases.
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 #, fuzzy
 #| msgid ""
 #| "Allow the creation of a user account with a duplicate (non-unique) UID."
 msgid "allows the creation of an account with an already existing UID."
 msgstr ""
-"Erlaubt das Erstellen eines Benutzerkontos mit einer schon vergebenen (nicht "
-"eindeutigen) UID."
+"erlaubt das Erstellen eines Benutzerkontos mit einer schon vergebenen "
+"Benutzerkennung. Die Eindeutigkeit der Zuordnung von Benutzerkonto zu einem "
+"Anmeldenamen geht verloren."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -11286,7 +12124,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -11294,7 +12132,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -11303,7 +12141,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 #, fuzzy
 #| msgid ""
 #| "<emphasis role=\"bold\">Note:</emphasis> This option is not recommended "
@@ -11313,16 +12151,16 @@ msgid ""
 "<_:emphasis-1/>Avoid this option on the command line because the password "
 "(or encrypted password) will be visible by users listing the processes."
 msgstr ""
-"<emphasis role=\"bold\">Hinweis:</emphasis> Diese Option ist nicht "
-"empfehlenswert, weil das Passwort (auch wenn es verschlüsselt ist) für "
-"Benutzer sichtbar ist, die sich den Prozess anzeigen lassen."
+"<emphasis role=\"bold\">Hinweis:</emphasis> Von dieser Option wird "
+"abgeraten, weil das Passwort (auch wenn es verschlüsselt ist) für Benutzer "
+"sichtbar ist, die sich den Prozess anzeigen lassen."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
-#| "such an user, regardless of the default setting in <filename>/etc/login."
+#| "such a user, regardless of the default setting in <filename>/etc/login."
 #| "defs</filename> (<option>CREATE_HOME</option>). You have to specify the "
 #| "<option>-m</option> options if you want a home directory for a system "
 #| "account to be created."
@@ -11334,14 +12172,16 @@ msgid ""
 msgstr ""
 "Beachten Sie, dass <command>useradd</command> für einen solchen Benutzer "
 "unabhängig von der Einstellung in <filename>/etc/login.defs</filename> "
-"(<option>CREATE_HOME</option>) kein Home-Verzeichnis erzeugen wird."
+"(<option>CREATE_HOME</option>) kein persönliches Verzeichnis erzeugen wird. "
+"Nur mit der Option <option>-m</option> wird für Systemkonten ein "
+"entsprechendes Verzeichnis angelegt."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
-#| "such an user, regardless of the default setting in <filename>/etc/login."
+#| "such a user, regardless of the default setting in <filename>/etc/login."
 #| "defs</filename> (<option>CREATE_HOME</option>). You have to specify the "
 #| "<option>-m</option> options if you want a home directory for a system "
 #| "account to be created."
@@ -11352,10 +12192,12 @@ msgid ""
 msgstr ""
 "Beachten Sie, dass <command>useradd</command> für einen solchen Benutzer "
 "unabhängig von der Einstellung in <filename>/etc/login.defs</filename> "
-"(<option>CREATE_HOME</option>) kein Home-Verzeichnis erzeugen wird."
+"(<option>CREATE_HOME</option>) kein persönliches Verzeichnis erzeugen wird. "
+"Nur mit der Option <option>-m</option> wird für Systemkonten ein "
+"entsprechendes Verzeichnis angelegt."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -11364,17 +12206,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "UID"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 #, fuzzy
 #| msgid ""
 #| "The numerical value of the user's ID. This value must be unique, unless "
@@ -11387,63 +12229,85 @@ msgid ""
 "to use the smallest ID value greater than or equal to <_:option-2/> and "
 "greater than every other user."
 msgstr ""
-"Der zahlenmäßige Wert der Benutzer-ID. Dieser Wert muss eindeutig sein, "
-"sofern nicht die Option <option>-o</option> verwendet wird. Der Wert darf "
-"nicht negativ sein. Standardmäßig wird der kleinste Wert größer als oder "
-"gleich <option>UID_MIN</option> und größer als jeder andere Wert eines "
-"Benutzers verwendet."
+"gibt die Benutzerkennung (UID) explizit vor. Diese darf, sofern nicht die "
+"Option <option>-o</option> mitverwendet wird, nicht schon vergeben sein. Der "
+"Wert darf nicht negativ sein. Standardmäßig wird der kleinste Wert größer "
+"als oder gleich <option>UID_MIN</option> und größer als jeder andere Wert "
+"eines Benutzers verwendet."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
 msgstr ""
-"erstellt eine Gruppe mit dem gleichen Name wie der Benutzer und fügt diesen "
-"der Gruppe hinzu"
+"erstellt eine Gruppe mit dem gleichen Namen wie der Benutzer und fügt diesen "
+"der Gruppe hinzu."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 #, fuzzy
 #| msgid "-"
 msgid "-Z"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr "Die Standardwerte verändern"
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 #, fuzzy
 #| msgid ""
 #| "When invoked with only the <option>-D</option> option, <command>useradd</"
@@ -11458,13 +12322,15 @@ msgid ""
 "options. Valid default-changing options are:"
 msgstr ""
 "Wenn <command>useradd</command> nur mit der Option <option>-D</option> "
-"aufgerufen wird, werden die aktuellen Standardwerte angezeigt.  Wenn "
+"aufgerufen wird, werden die aktuellen Standardwerte angezeigt. Wenn "
 "<command>useradd</command> neben der Option <option>-D</option> mit weiteren "
 "Optionen aufgerufen wird, werden deren Standardwerte entsprechend angepasst. "
 "Die gültigen Optionen, um Standardwerte zu ändern, sind:"
 
+# Usage of plural form of "home directory" discussed, but Serge thinks
+# this is no improvement mh 2022-02-01
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 #, fuzzy
 #| msgid ""
 #| "The path prefix for a new user's home directory. The user's name will be "
@@ -11477,14 +12343,15 @@ msgid ""
 "directory name, if the <_:option-2/> option is not used when creating a new "
 "account."
 msgstr ""
-"Das Wurzelverzeichnis des Home-Verzeichnisses eines neuen Benutzers. Der "
-"Benutzername wird an <replaceable>WURZEL_VERZ</replaceable> angehängt, um "
-"den Namen des Home-Verzeichnisses zu erhalten, falls nicht die Option "
-"<option>-d</option> bei der Erstellung eines neuen Kontos verwendet wird."
+"bezeichnet das Verzeichnis, in dem die persönlichen Verzeichnisse neuer "
+"Benutzer angelegt werden. Falls nicht die Option <option>-d</option> bei der "
+"Erstellung des neuen Kontos verwendet wird, wird der Benutzername an "
+"<replaceable>BASIS_VERZ</replaceable> angehängt und ergibt den Namen des "
+"persönlichen Verzeichnisses."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 #, fuzzy
 #| msgid ""
 #| "This option sets the <option>HOME</option> variable in <filename>/etc/"
@@ -11494,15 +12361,17 @@ msgstr ""
 "Diese Option verändert die Variable <option>HOME</option> in <filename>/etc/"
 "default/useradd</filename>."
 
+# Usage of plural form of "user account" discussed, but Serge thinks
+# this is no improvement mh 2022-02-01
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 #, fuzzy
 #| msgid "The date on which the user account is disabled."
 msgid "sets the date on which newly created user accounts are disabled."
-msgstr "das Datum, an dem das Benutzerkonto abgeschaltet wird"
+msgstr "das Datum, zu dem die Benutzerkonten stillzulegen sind."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -11510,7 +12379,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -11518,23 +12387,23 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "ANMERKUNGEN"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 #, fuzzy
 #| msgid ""
 #| "The system administrator is responsible for placing the default user "
@@ -11546,22 +12415,22 @@ msgid ""
 "in the <_:filename-1/> directory (or any other skeleton directory specified "
 "in <_:filename-2/> or on the command line)."
 msgstr ""
-"Der Systemadministrator ist dafür verantwortlich, die standardmäßigen "
+"Der Systemadministrator ist dafür verantwortlich, die Standard-"
 "Benutzerdateien im Verzeichnis <filename>/etc/skel/</filename> (oder in "
-"einem anderen Gerüstverzeichnis, das in <filename>/etc/default/useradd</"
-"filename> oder über die Befehlszeile definiert wurde), anzulegen."
+"einem anderen Verzeichnis, das in <filename>/etc/default/useradd</filename> "
+"oder über die Befehlszeile definiert wurde), anzulegen."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
 msgstr ""
-"Sie dürfen einen Benutzer nicht einer NIS- oder LDAP-Gruppe hinzufügen. Dies "
-"muss auf dem entsprechenden Server durchgeführt werden."
+"Sie dürfen einer NIS- oder LDAP-Gruppe keine Benutzer hinzufügen. Dies muss "
+"auf dem entsprechenden Server durchgeführt werden."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 #, fuzzy
 #| msgid ""
 #| "Similarly, if the username already exists in an external user database "
@@ -11571,17 +12440,17 @@ msgid ""
 "Similarly, if the username already exists in an external user database such "
 "as NIS or LDAP, <_:command-1/> will deny the user account creation request."
 msgstr ""
-"Ebenso wird <command>useradd</command> ablehnen, ein neues Benutzerkonto zu "
-"erstellen, wenn der Benutzername schon in einer externen Benutzerdatenbank "
-"wie z.B. NIS oder LDAP vorhanden ist."
+"Ebenso wird <command>useradd</command> es ablehnen, ein neues Benutzerkonto "
+"zu erstellen, wenn der Benutzername schon in einer externen "
+"Benutzerdatenbank wie z.B. NIS oder LDAP vorhanden ist."
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -11592,61 +12461,65 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
-msgstr "Benutzernamen dürfen nur bis zu 32 Zeichen lang sein."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
+msgstr "Benutzernamen dürfen nur bis zu 256 Zeichen lang sein."
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "Standardwerte für die Erstellung eines Kontos"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "OPTIONEN"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
+# ENDE Teil 04 weiter mit useradd
+# BEGINN Teil 05 setzt userdel fort
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-pre.d"
 msgstr "useradd"
 
+# ENDE Teil 04 weiter mit useradd
+# BEGINN Teil 05 setzt userdel fort
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-post.d"
 msgstr "useradd"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -11656,46 +12529,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
-msgstr "Verzeichnis, das die Standarddateien enthält"
+msgstr "Verzeichnis, das die Dateien mit Standardwerten enthält"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
-msgstr "Die Passwortdatei kann nicht aktualisieren werden."
+msgstr "Die Passwortdatei kann nicht aktualisiert werden."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
-msgstr "UID ist schon vergeben (und kein <option>-o</option>)"
+msgstr ""
+"Benutzerkennung ist schon in Gebrauch (und <option>-o</option> wurde nicht "
+"angegeben)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
-#| msgid "group name already in use"
+#| msgid "username already in use"
 msgid "username or group name already in use"
-msgstr "Gruppenname wird schon verwendet"
+msgstr "Benutzername ist schon vergeben"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
-msgstr "Home-Verzeichnis kann nicht erstellt werden."
+msgstr "persönliches Verzeichnis kann nicht erstellt werden"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 msgid "14"
 msgstr "14"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
-msgstr "Die Zuordnung von SELinux-Benutzern kann nicht aktualisiert werden."
+msgstr "die Zuordnung von SELinux-Benutzern kann nicht aktualisiert werden"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -11708,6 +12583,8 @@ msgstr ""
 msgid "delete a user account and related files"
 msgstr "löscht ein Benutzerkonto und die dazugehörigen Dateien"
 
+# MH27: Why system account files? Either "the system's account files" or "the account
+# files of the system" to avoid confusion with "system user accounts".
 #. (itstool) path: refsect1/para
 #: userdel.8.xml.out:61
 #, fuzzy
@@ -11720,10 +12597,10 @@ msgid ""
 "entries that refer to the user name <_:emphasis-2/>. The named user must "
 "exist."
 msgstr ""
-"Der Befehl <command>userdel</command> bearbeitet die Kontodateien des "
-"Systems und löscht darin alle Einträge, die auf den <emphasis "
-"remap=\"I\">ANMELDENAMEN</emphasis> verweisen. Der bezeichnete Benutzer muss "
-"existieren."
+"Der Befehl <command>userdel</command> bearbeitet die Benutzerkontendateien "
+"des Systems und löscht darin alle Einträge, die auf den "
+"<replaceable>ANMELDENAMEN</replaceable> verweisen. Der bezeichnete Benutzer "
+"muss existieren."
 
 #. (itstool) path: listitem/para
 #: userdel.8.xml.out:79
@@ -11746,14 +12623,15 @@ msgid ""
 "same name as the deleted user, then this group will be removed, even if it "
 "is still the primary group of another user."
 msgstr ""
-"Diese Option erzwingt, dass der Benutzer entfernt wird, selbst wenn er noch "
-"angemeldet ist. Sie führt auch dazu, dass <command>userdel</command> das "
-"Home-Verzeichnis und den Mailspool des Benutzers entfernt, sogar wenn ein "
-"anderer Benutzer dasselbe Home-Verzeichnis hat oder der Mailspool nicht dem "
-"angegebenen Benutzer gehört. Falls in <filename>/etc/login.defs</filename> "
+"erzwingt, dass das Benutzerkonto entfernt wird, selbst wenn der Benutzer "
+"noch angemeldet ist. Die Option führt auch dazu, dass <command>userdel</"
+"command> das persönliche Verzeichnis und die Mail-Warteschlange des "
+"Benutzers entfernt, sogar wenn ein anderer Benutzer dieses persönliche "
+"Verzeichnis mitverwendet oder die Mail-Warteschlange nicht dem angegebenen "
+"Benutzer gehört. Falls in <filename>/etc/login.defs</filename> "
 "<option>USERGROUPS_ENAB</option> auf <emphasis remap=\"I\">yes</emphasis> "
-"gesetzt ist und eine Gruppe mit dem gleichen Namen wie der gelöschte "
-"Benutzer vorhanden ist, wird auch diese Gruppe entfernt, selbst wenn sie die "
+"gesetzt ist und eine Gruppe mit demselben Namen wie der gelöschte Benutzer "
+"vorhanden ist, wird auch diese Gruppe entfernt, selbst wenn sie die "
 "Hauptgruppe anderer Benutzer ist."
 
 #. (itstool) path: listitem/para
@@ -11774,6 +12652,9 @@ msgstr ""
 msgid "--remove"
 msgstr ""
 
+# MH28: Has the word "file system" been used correctly? It is no
+# counterpart to a user's home directory but refers to where data
+# are stored physically. In case of wrong usage, write "elsewhere" or "in/at other locations"
 #. (itstool) path: listitem/para
 #: userdel.8.xml.out:109
 msgid ""
@@ -11781,10 +12662,9 @@ msgid ""
 "directory itself and the user's mail spool. Files located in other file "
 "systems will have to be searched for and deleted manually."
 msgstr ""
-"Die Dateien im Home-Verzeichnis des Benutzers werden zusammen mit dem Home-"
-"Verzeichnis und dem Mailspool entfernt. Dateien, die sich nicht unterhalb "
-"des Home-Verzeichnisses befinden, müssen per Hand gesucht und gelöscht "
-"werden."
+"entfernt das persönliche Verzeichnis des Benutzers mit den darin enthaltenen "
+"Dateiein und die Mail-Warteschlange. Dateien in anderen Dateisystemen müssen "
+"per Hand gesucht und gelöscht werden."
 
 #. (itstool) path: listitem/para
 #: userdel.8.xml.out:115
@@ -11796,15 +12676,20 @@ msgid ""
 "The mail spool is defined by the <_:option-1/> variable in the <_:filename-2/"
 "> file."
 msgstr ""
-"Der Mailspool wird durch die Variable <option>MAIL_DIR</option> in der Datei "
-"<filename>login.defs</filename> definiert."
+"Die Mail-Warteschlange wird durch die Variable <option>MAIL_DIR</option> in "
+"der Datei <filename>login.defs</filename> definiert."
 
+# MH29: Information on SELinux
+# https://debian-handbook.info/browse/de-DE/stable/sect.selinux.html
+# says, the mapping user<->selinuxuser is one-to-one. "Any" would therefore be obsolete
+# s/for the user's login/for the user's account
+# s/for the user's login/for the user
+# s/Remove/remove
 #. (itstool) path: listitem/para
 #: userdel.8.xml.out:156
 msgid "Remove any SELinux user mapping for the user's login."
 msgstr ""
-"entfernt die Zuordnung von SELinux-Benutzern aus den Anmeldeinformationen "
-"des Benutzers"
+"entfernt jegliche Zuordnung zu SELinux-Benutzern für das Benutzerkonto."
 
 #. (itstool) path: term/filename
 #: userdel.8.xml.out:209
@@ -11816,6 +12701,8 @@ msgstr ""
 msgid "/etc/shadow-maint/userdel-post.d/*"
 msgstr ""
 
+# ENDE Teil 03 weiter mit userdel
+# BEGINN Teil 04 setzt usermod fort
 #. (itstool) path: para/filename
 #: userdel.8.xml.out:211
 #, fuzzy
@@ -11823,6 +12710,8 @@ msgstr ""
 msgid "userdel-pre.d"
 msgstr "userdel"
 
+# ENDE Teil 03 weiter mit userdel
+# BEGINN Teil 04 setzt usermod fort
 #. (itstool) path: para/filename
 #: userdel.8.xml.out:211
 #, fuzzy
@@ -11848,12 +12737,12 @@ msgstr "Der angegebene Benutzer ist nicht vorhanden."
 #. (itstool) path: listitem/para
 #: userdel.8.xml.out:261
 msgid "user currently logged in"
-msgstr "Benutzer ist im Moment angemeldet."
+msgstr "Benutzer ist momentan angemeldet."
 
 #. (itstool) path: listitem/para
 #: userdel.8.xml.out:273
 msgid "can't remove home directory"
-msgstr "Das Home-Verzeichnis kann nicht gelöscht werden."
+msgstr "Das persönliche Verzeichnis kann nicht entfernt werden."
 
 #. (itstool) path: refsect1/para
 #: userdel.8.xml.out:282
@@ -11874,8 +12763,8 @@ msgstr ""
 "<command>userdel</command> löscht ein Benutzerkonto nicht, wenn Prozesse "
 "laufen, die diesem Konto gehören. In diesem Fall müssen Sie entweder diese "
 "Prozesse beenden oder das Passwort oder Konto des Benutzers sperren und das "
-"Konto später entfernen. Die Option <option>-f</option> erzwingt das Löschen "
-"eines Kontos."
+"Konto später entfernen. Mit der Option <option>-f</option> kann die Löschung "
+"eines Kontos erzwungen werden."
 
 #. (itstool) path: refsect1/para
 #: userdel.8.xml.out:289
@@ -11883,8 +12772,8 @@ msgid ""
 "You should manually check all file systems to ensure that no files remain "
 "owned by this user."
 msgstr ""
-"Sie sollten von Hand alle Systemdateien überprüfen, um sicherzustellen, dass "
-"keine Dateien vorhanden sind, die dem gelöschten Benutzer gehören."
+"Sie sollten von Hand alle Dateisysteme in Hinblick auf Dateien dieses "
+"Benutzers prüfen und sie gegebenenfalls löschen."
 
 #. (itstool) path: refsect1/para
 #: userdel.8.xml.out:293
@@ -11892,9 +12781,11 @@ msgid ""
 "You may not remove any NIS attributes on a NIS client. This must be "
 "performed on the NIS server."
 msgstr ""
-"Sie sollten keine NIS-Attribute auf einem NIS-Client löschen. Dies muss auf "
+"Sie dürfen keine NIS-Attribute auf einem NIS-Client löschen. Dies muss auf "
 "dem NIS-Server durchgeführt werden."
 
+# MH Usage of the words database/Datenbank for the account files /etc/passwd
+# etc. is confusing
 #. (itstool) path: refsect1/para
 #: userdel.8.xml.out:296
 #, fuzzy
@@ -11918,11 +12809,11 @@ msgstr ""
 "Falls in <filename>/etc/login.defs</filename> <option>USERGROUPS_ENAB</"
 "option> auf <emphasis remap=\"I\">yes</emphasis> gesetzt ist, wird "
 "<command>userdel</command> die Gruppe mit dem gleichen Namen wie der "
-"Benutzer entfernen. Um Unstimmigkeiten in der Passwort- und Gruppendatenbank "
-"zu vermeiden, überprüft <command>userdel</command>, ob diese Gruppe die "
-"Hauptgruppe für andere Benutzer ist. Gegebenenfalls wird eine Warnung "
-"angezeigt und die betreffende Gruppe nicht entfernt. Mit der Option <option>-"
-"f</option> kann das Löschen dieser Gruppe erzwungen werden."
+"Benutzer entfernen. Um Unstimmigkeiten innerhalb der Passwort- und "
+"Gruppendaten zu vermeiden, überprüft <command>userdel</command>, ob diese "
+"Gruppe die primäre Gruppe eines anderen Benutzers ist. Wenn ja,folgt eine "
+"Warnung und die betreffende Gruppe wird nicht entfernt. Mit der Option "
+"<option>-f</option> kann das Löschen dieser Gruppe erzwungen werden."
 
 #. (itstool) path: refsect1/para
 #: userdel.8.xml.out:309
@@ -11953,8 +12844,8 @@ msgid ""
 "Add the user to the supplementary group(s). Use only with the <_:option-1/> "
 "option."
 msgstr ""
-"Fügt den Benutzer weiteren Gruppen hinzu. Kann nur zusammen mit der Option "
-"<option>-G</option> verwendet werden."
+"verleiht dem Benutzer zusätzliche, ergänzende Gruppenzugehörigkeiten. Kann "
+"nur zusammen mit der Option <option>-G</option> verwendet werden."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:102
@@ -11974,7 +12865,7 @@ msgstr "Tel_Privat"
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:115
 msgid "The user's new login directory."
-msgstr "das neue Home-Verzeichnis des Benutzers"
+msgstr "ändert das persönliche Verzeichnis des Benutzers"
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:118
@@ -11989,10 +12880,16 @@ msgid ""
 "does not already exist. If the current home directory does not exist the new "
 "home directory will not be created."
 msgstr ""
-"Wenn die Option <option>-m</option> verwendet wurde, wird der Inhalt des "
-"aktuellen Home-Verzeichnisses in das neue Home-Verzeichnis verschoben. Falls "
+"Wenn zugleich die Option <option>-m</option> benutzt wird, wird der Inhalt "
+"des aktuellen persönlichen Verzeichnisses in das neue verschoben. Falls "
 "dieses nicht existiert, wird es angelegt."
 
+# MH Integers are directly transferred to the respective field in the shadow password file
+# MH eine Eingabe von 1 wird als ein Tag nach dem 1.1.1970, also 2.1.1970 interpretiert
+#  original string will be changed to SH 2022-02-11. Original mittlerweile 2022-12-28
+# verbessert.
+# MH to be s/will be disabled/will expire
+# Original diesbezueglich noch nicht geändert 2022-12-28
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:132
 #, fuzzy
@@ -12004,8 +12901,8 @@ msgid ""
 "in the format <_:emphasis-1/>. Integers as input are interpreted as days "
 "after 1970-01-01."
 msgstr ""
-"Das Datum, an welchem das Benutzerkonto deaktiviert wird. Das Datum muss im "
-"Format <emphasis remap=\"I\">JJJJ-MM-TT</emphasis> angegeben werden."
+"das Datum, an welchem das Benutzerkonto erlischt. Das Datum muss im Format "
+"<emphasis remap=\"I\">JJJJ-MM-TT</emphasis> angegeben werden."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:138
@@ -12015,6 +12912,10 @@ msgid ""
 "limit."
 msgstr ""
 
+# MH: What is the essential point: The file existence of /etc/shadow which is
+# stated first. Or an entry for the user that usermod currently deals with?
+# SH: The first phrase refers to non-shadow systems, where this option
+# won't work SH 2022-02-11
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:143 usermod.8.xml.out:165
 #, fuzzy
@@ -12025,9 +12926,9 @@ msgid ""
 "This option requires a <_:filename-1/> file. A <_:filename-2/> entry will be "
 "created if there were none."
 msgstr ""
-"Diese Option benötigt die Datei <filename>/etc/shadow</filename>. Falls die "
-"Datei <filename>/etc/shadow</filename> leer sein sollte, wird ein Eintrag "
-"erstellt."
+"Diese Option benötigt die Datei <filename>/etc/shadow</filename>. Falls es "
+"in der Datei <filename>/etc/shadow</filename> keinen Eintrag gibt, wird "
+"dieser erstellt."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:155
@@ -12040,6 +12941,9 @@ msgid ""
 "file. See <_:citerefentry-1/> for more information."
 msgstr ""
 
+# "initial login group" and "primary group" are the same thing. SH and
+# me agree that the second expression should be used throughout the
+# shadow-utils documentation.
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:177
 #, fuzzy
@@ -12050,8 +12954,9 @@ msgid ""
 "The name or numerical ID of the user's new primary group. The group must "
 "exist."
 msgstr ""
-"Der Name oder die Zahl der anfänglichen Anmeldegruppe eines neuen Benutzers. "
-"Der Gruppenname muss existieren."
+"ändert die primäre Gruppe des Benutzers. Als Argument <replaceable>GRUPPE</"
+"replaceable> kann der Name oder die Kennung angegeben werden. Die Gruppe "
+"muss existieren."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:181
@@ -12059,8 +12964,8 @@ msgid ""
 "Any file from the user's home directory owned by the previous primary group "
 "of the user will be owned by this new group."
 msgstr ""
-"Jede Datei im Home-Verzeichnis des Benutzers, die der alten Hauptgruppe des "
-"Benutzers gehörte, wird dieser neuen Gruppe gehören."
+"Im persönlichen Verzeichnis des Benutzers werden alle Dateien, die der alten "
+"primären Gruppe zugeordnet waren, auf diese Gruppe übertragen."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:185
@@ -12068,8 +12973,8 @@ msgid ""
 "The group ownership of files outside of the user's home directory must be "
 "fixed manually."
 msgstr ""
-"Die Gruppenzugehörigkeit von Dateien außerhalb des Home-Verzeichnisses des "
-"Benutzers muss per Hand angepasst werden."
+"Die Gruppenzugehörigkeit von Dateien außerhalb des persönlichen "
+"Verzeichnisses des Benutzers muss per Hand angepasst werden."
 
 #. (itstool) path: para/filename
 #: usermod.8.xml.out:193 usermod.8.xml.out:393
@@ -12085,6 +12990,8 @@ msgid ""
 "directories such as <_:filename-1/>."
 msgstr ""
 
+# The only restriction mentioned with option -g, i.e. is that the group must exist.
+# Thus we better repeat this restriction instead of referring inprecisely SH 2022-02-11
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:202
 #, fuzzy
@@ -12098,10 +13005,9 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups must exist."
 msgstr ""
-"Eine Liste zusätzlicher Gruppen, denen der Benutzer ebenfalls angehört. Die "
-"Gruppen sind durch Kommata ohne Leerzeichen von einander zu trennen. Die "
-"Gruppen unterliegen denselben Beschränkungen wie die Gruppe, die mit der "
-"Option <option>-g</option> bestimmt wurde."
+"übergibt eine Liste ergänzender Gruppenzugehörigkeiten des Benutzers. Die "
+"Gruppen sind durch Kommata ohne Leerraum voneinander zu trennen und müssen "
+"existieren."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:207
@@ -12119,8 +13025,9 @@ msgid ""
 msgstr ""
 "Wenn der Benutzer aktuell Mitglied einer Gruppe ist, die nicht angegeben "
 "ist, wird er aus dieser Gruppe entfernt. Dieses Verhalten kann mit der "
-"Option <option>-a</option> abgeschaltet werden. Damit wird der Benutzer nur "
-"den angegebenen Gruppen hinzugefügt, ohne aus den übrigen gelöscht zu werden."
+"Option <option>-a</option> dahingehend geändert werden, dass der Benutzer "
+"nur den angegebenen Gruppen hinzugefügt, aus anderen aber nicht entfernt "
+"wird."
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
@@ -12144,11 +13051,10 @@ msgid ""
 "directory or mail spool should probably be renamed manually to reflect the "
 "new login name."
 msgstr ""
-"Der Benutzername wird von <replaceable>ANMELDENAME</replaceable> zu "
-"<replaceable>NEUER_ANMELDENAME</replaceable> verändert. Andere Veränderungen "
-"werden nicht vorgenommen. Daher sollte wahrscheinlich der Name des Home-"
-"Verzeichnisses des Benutzers per Hand geändert werden, um dem neuen "
-"Anmeldenamen Rechnung zu tragen."
+"ändert den Benutzernamen von <replaceable>ANMELDENAME</replaceable> zu "
+"<replaceable>NEUER_ANMELDENAME</replaceable>. Alles andere wird beibehalten. "
+"Es empfiehlt sich, das persönliche Verzeichnis und die Maileingangsdatei "
+"manuell umzubenennen, so dass sie dem neuen Anmeldenamen entsprechen."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
@@ -12170,11 +13076,12 @@ msgid ""
 "effectively disabling the password. You can't use this option with <_:"
 "option-1/> or <_:option-2/>."
 msgstr ""
-"Sperrt das Passwort eines Benutzers. Dadurch wird ein »!« vor das "
-"verschlüsselte Passwort gesetzt, wodurch im Ergebnis das Passwort "
-"abgeschaltet wird. Sie können diese Option nicht mit <option>-p</option> "
-"oder <option>-U</option> verwenden."
+"sperrt das Passwort eines Benutzers. Dadurch wird ein »!« vor das "
+"verschlüsselte Passwort gesetzt, wodurch das Passwort außer Kraft gesetzt "
+"wird. Sie können diese Option nicht mit <option>-p</option> oder <option>-U</"
+"option> verwenden."
 
+# MH eine Eingabe von 1 wird als ein Tag nach dem 1.1.1970 interpretiert
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:240
 #, fuzzy
@@ -12187,7 +13094,7 @@ msgid ""
 "should also set the <_:replaceable-1/> to <_:replaceable-2/>."
 msgstr ""
 "Hinweis: Wenn Sie das Konto sperren wollen (und nicht nur den Zugang mit "
-"einem Passwort), müssen Sie auch das <replaceable>VERFALLSDATUM</"
+"einem Passwort), sollten Sie auch das <replaceable>LÖSCHUNGSDATUM</"
 "replaceable> auf <replaceable>1</replaceable> setzen."
 
 #. (itstool) path: term/option
@@ -12229,10 +13136,10 @@ msgid ""
 "afterwards."
 msgstr ""
 "<command>usermod</command> versucht, den Eigentümer der Dateien anzupassen "
-"und die Rechte, ACL und erweiterten Attribute zu übernehmen, aber "
-"Anpassungen per Hand können dennoch notwendig sein."
+"und die Dateimodi, die ACL und die erweiterten Attribute zu übernehmen. "
+"Dennoch können anschließend manuelle Anpassungen notwendig sein."
 
-# SB: What is that suppossed to mean? I can assign the UID 1000 twice?
+# Original explanation is about to be improved SH 2022-02-11
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:274
 #, fuzzy
@@ -12241,9 +13148,9 @@ msgstr ""
 #| "change the user ID to a non-unique value."
 msgid "allows to change the user ID to a non-unique value."
 msgstr ""
-"Wenn es mit der Option <option>-u</option> verwendet wird, kann mit dieser "
-"Option der Wert der Benutzer-ID auf einen nicht eindeutigen Wert gesetzt "
-"werden."
+"erlaubt es, dem Benutzer eine schon vergebene Benutzerkennung zuzuweisen. "
+"Die Eindeutigkeit der Zuordnung von Benutzerkonto zu einem Anmeldenamen geht "
+"verloren."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:293
@@ -12263,10 +13170,12 @@ msgid ""
 "<_:emphasis-1/> Avoid this option on the command line because the password "
 "(or encrypted password) will be visible by users listing the processes."
 msgstr ""
-"<emphasis role=\"bold\">Hinweis:</emphasis> Diese Option ist nicht "
-"empfehlenswert, weil das Passwort (auch wenn es verschlüsselt ist) für "
-"Benutzer sichtbar ist, die sich den Prozess anzeigen lassen."
+"<emphasis role=\"bold\">Hinweis:</emphasis> Von dieser Option wird "
+"abgeraten, weil das Passwort (auch wenn es verschlüsselt ist) für Benutzer "
+"sichtbar ist, die sich den Prozess anzeigen lassen."
 
+# MH 2022-12-28: Second phrase with the hint to the PAM configuration could be improved, i.e.
+# it could be explained, whether the changes in these files will have no effect then.
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:303
 #, fuzzy
@@ -12281,7 +13190,7 @@ msgid ""
 msgstr ""
 "Das Passwort wird in die lokale Datei <filename>/etc/passwd</filename> oder "
 "<filename>/etc/shadow</filename> geschrieben. Dies könnte von der Passwort-"
-"Datenbank abweichen, die Sie für PAM konfiguriert haben."
+"Datenbank Ihrer PAM-Konfiguration abweichen."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:320
@@ -12293,11 +13202,22 @@ msgid ""
 "Remove the user from named supplementary group(s). Use only with the <_:"
 "option-1/> option."
 msgstr ""
-"Fügt den Benutzer weiteren Gruppen hinzu. Kann nur zusammen mit der Option "
-"<option>-G</option> verwendet werden."
+"verleiht dem Benutzer zusätzliche, ergänzende Gruppenzugehörigkeiten. Kann "
+"nur zusammen mit der Option <option>-G</option> verwendet werden."
 
+# MH option makes usermod work on a directory tree where PREFIX is the root
+# directory for the system: e.g. PREFIX = /mnt  usermod -e "2022-02-20" tester2
+# will work on /mnt/etc/shadow
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:344
+#, fuzzy
+#| msgid ""
+#| "Apply changes in the <replaceable>PREFIX_DIR</replaceable> directory and "
+#| "use the configuration files from the <replaceable>PREFIX_DIR</"
+#| "replaceable> directory. This option does not chroot and is intended for "
+#| "preparing a cross-compilation target. Some limitations: NIS and LDAP "
+#| "users/groups are not verified. PAM authentication is using the host "
+#| "files. No SELINUX support."
 msgid ""
 "Apply changes within the directory tree starting with <_:replaceable-1/> and "
 "use as well the configuration files located there. This option does not "
@@ -12305,20 +13225,37 @@ msgid ""
 "limitations: NIS and LDAP users/groups are not verified. PAM authentication "
 "is using the host files. No SELINUX support."
 msgstr ""
+"die Änderungen sind auf Daten im <replaceable>PRAEFIX_VERZ</replaceable> "
+"anzuwenden und ebenso die dortigen Konfigurationsdateien zu verwenden. Diese "
+"Option nimmt kein anderes Dateisystem zum Wurzelverzeichnis (chroot) und ist "
+"gedacht, Kompilierungen für fremde Systeme vorzubereiten (cross "
+"compilation). Einige Beschränkungen: Die in NIS und LDAP vorliegenden Daten "
+"zu Benutzern und Gruppen werden nicht kontrolliert. Zur PAM-"
+"Authentifizierung werden die Daten des Host-Computers herangezogen. SELINUX "
+"steht nicht zur Verfügung."
 
+# Original message is about to be improved SG 2022-02-11
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:360
+#, fuzzy
+#| msgid ""
+#| "The name of the user's new login shell. Setting this field to blank "
+#| "causes the system to select the default login shell."
 msgid ""
 "changes the user's login shell. An empty string for SHELL blanks the field "
 "in <_:filename-1/> and logs the user into the system's default shell."
 msgstr ""
+"ändert die Anmelde-Shell des Benutzers. Mit dem Leerstring als "
+"<replaceable>SHELL</replaceable> wird dieser in die Datei <filename>/etc/"
+"passwd</filename> übernommen und dem Benutzer nach der Anmeldung die "
+"Standard-Shell des Systems zur Verfügung gestellt."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:372
 #, fuzzy
 #| msgid "The new numerical value of the user's ID."
 msgid "The new value of the user's ID."
-msgstr "der neue numerische Wert der UID des Benutzers"
+msgstr "ändert die numerische Kennung (UID) des Benutzers"
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:375
@@ -12330,8 +13267,9 @@ msgid ""
 "This value must be unique, unless the <_:option-1/> option is used. The "
 "value must be non-negative."
 msgstr ""
-"Dieser Wert muss eindeutig sein, sofern nicht die Option <option>-o</option> "
-"verwendet wird. Der Wert darf nicht negativ sein."
+"ändert die Benutzerkennung (UID). Diese darf, sofern nicht die Option "
+"<option>-o</option> mitverwendet wird, nicht schon vergeben sein. Der Wert "
+"darf nicht negativ sein."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:380
@@ -12340,9 +13278,9 @@ msgid ""
 "in the user's home directory will have the file user ID changed "
 "automatically."
 msgstr ""
-"Für die Mailbox des Benutzers und alle Dateien, die ihm gehören und sich in "
-"seinem Home-Verzeichnis befinden, wird die ID des Eigentümers automatisch "
-"angepasst."
+"Für das Postfach des Benutzers und alle Dateien, die ihm gehören und sich in "
+"seinem persönlichen Verzeichnis befinden, wird die Eigentümerkennung "
+"automatisch angepasst."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:385
@@ -12350,8 +13288,8 @@ msgid ""
 "The ownership of files outside of the user's home directory must be fixed "
 "manually."
 msgstr ""
-"Der Eigentümer von Dateien außerhalb des Home-Verzeichnisses des Benutzers "
-"muss per Hand angepasst werden."
+"Der Eigentümer von Dateien außerhalb des persönlichen Verzeichnisses des "
+"Benutzers muss per Hand angepasst werden."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:389
@@ -12373,9 +13311,9 @@ msgid ""
 "Unlock a user's password. This removes the '!' in front of the encrypted "
 "password. You can't use this option with <_:option-1/> or <_:option-2/>."
 msgstr ""
-"Gibt das Passwort eines Benutzers frei. Dies entfernt das »!« vor dem "
+"gibt das Passwort eines Benutzers frei. Dies entfernt das »!« vor dem "
 "verschlüsselten Passwort. Sie können diese Option nicht mit <option>-p</"
-"option> oder <option>-U</option> verwenden."
+"option> oder <option>-L</option> verwenden."
 
 #. (itstool) path: para/replaceable
 #: usermod.8.xml.out:417
@@ -12397,10 +13335,10 @@ msgid ""
 ">, or to the <_:option-3/> value from <_:filename-4/>)."
 msgstr ""
 "Hinweis: Falls Sie das Benutzerkonto freigeben wollen (und nicht nur den "
-"Zugang mit einem Passwort), sollten Sie auch das <replaceable>VERFALLSDATUM</"
-"replaceable> bearbeiten (zum Beispiel auf <replaceable>99999</replaceable> "
-"oder den Wert von <option>EXPIRE</option> aus <filename>/etc/default/"
-"useradd</filename> setzen)."
+"Zugang mit einem Passwort), sollten Sie auch das "
+"<replaceable>LÖSCHUNGSDATUM</replaceable> bearbeiten (zum Beispiel auf "
+"<replaceable>99999</replaceable> oder den Wert von <option>EXPIRE</option> "
+"aus <filename>/etc/default/useradd</filename> setzen)."
 
 #. (itstool) path: term/option
 #: usermod.8.xml.out:425
@@ -12443,13 +13381,22 @@ msgstr ""
 #: usermod.8.xml.out:428
 msgid "Add a range of subordinate uids to the user's account."
 msgstr ""
+"fügt dem Konto des Benutzers einen Bereich untergeordneter Benutzerkennungen "
+"zu. "
 
+# MH s/users account/user's account
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:431 usermod.8.xml.out:469
+#, fuzzy
+#| msgid ""
+#| "This option may be specified multiple times to add multiple ranges to a "
+#| "users account."
 msgid ""
 "This option may be specified multiple times to add multiple ranges to a "
 "user's account."
 msgstr ""
+"Um einem Benutzerkonto mehrere Bereiche hinzuzufügen, kann diese Option "
+"mehrfach eingegeben werden."
 
 #. (itstool) path: para/option
 #: usermod.8.xml.out:436 usermod.8.xml.out:456
@@ -12458,8 +13405,10 @@ msgstr ""
 
 #. (itstool) path: para/option
 #: usermod.8.xml.out:436 usermod.8.xml.out:456
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "SUB_UID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: para/option
 #: usermod.8.xml.out:437 usermod.8.xml.out:457
@@ -12471,16 +13420,16 @@ msgstr ""
 #: usermod.8.xml.out:492
 #, fuzzy
 #| msgid ""
-#| "No checks will be performed with regard to the <option>UID_MIN</option>, "
-#| "<option>UID_MAX</option>, <option>SYS_UID_MIN</option>, or "
-#| "<option>SYS_UID_MAX</option> from <filename>/etc/login.defs</filename>."
+#| "No checks will be performed with regard to <option>SUB_UID_MIN</option>, "
+#| "<option>SUB_UID_MAX</option>, or <option>SUB_UID_COUNT</option> from /etc/"
+#| "login.defs."
 msgid ""
 "No checks will be performed with regard to <_:option-1/>, <_:option-2/>, or "
 "<_:option-3/> from /etc/login.defs."
 msgstr ""
-"Die Werte von <option>UID_MIN</option>, <option>UID_MAX</option>, "
-"<option>SYS_UID_MIN</option> und <option>SYS_UID_MAX</option> aus <filename>/"
-"etc/login.defs</filename> werden nicht geprüft."
+"Ein Abgleich hinsichtlich der Einträge für <option>SUB_UID_MIN</option>, "
+"<option>SUB_UID_MAX</option> und <option>SUB_UID_COUNT</option> aus "
+"<filename>/etc/login.defs</filename> erfolgt nicht."
 
 #. (itstool) path: term/option
 #: usermod.8.xml.out:443
@@ -12499,15 +13448,29 @@ msgstr ""
 #: usermod.8.xml.out:446
 msgid "Remove a range of subordinate uids from the user's account."
 msgstr ""
+"entfernt aus dem Benutzerkonto einen Bereich untergeordneter "
+"Benutzerkennungen."
 
+# MH s/users account/user's account
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:449
+#, fuzzy
+#| msgid ""
+#| "This option may be specified multiple times to remove multiple ranges to "
+#| "a users account. When both <option>--del-subuids</option> and <option>--"
+#| "add-subuids</option> are specified, the removal of all subordinate uid "
+#| "ranges happens before any subordinate uid range is added."
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
 "user's account. When both <_:option-1/> and <_:option-2/> are specified, the "
 "removal of all subordinate uid ranges happens before any subordinate uid "
 "range is added."
 msgstr ""
+"Diese Option kann, um mehr als einen Bereich aus einem Benutzerkonto zu "
+"entfernen, mehrfach eingegeben werden. Wenn beide Optionen, <option>--del-"
+"subuids</option> und <option>--add-subuids</option> angegeben sind, werden "
+"zuerst die Bereiche untergeordneter Benutzerkennungen entfernt, dann neue "
+"angelegt."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
@@ -12519,6 +13482,7 @@ msgstr ""
 #: usermod.8.xml.out:466
 msgid "Add a range of subordinate gids to the user's account."
 msgstr ""
+"fügt dem Benutzerkonto einen Bereich untergeordneter Gruppenkennungen zu. "
 
 #. (itstool) path: para/option
 #: usermod.8.xml.out:474 usermod.8.xml.out:494
@@ -12527,8 +13491,10 @@ msgstr ""
 
 #. (itstool) path: para/option
 #: usermod.8.xml.out:474 usermod.8.xml.out:494
+#, fuzzy
+#| msgid "LASTLOG_UID_MAX"
 msgid "SUB_GID_MAX"
-msgstr ""
+msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: para/option
 #: usermod.8.xml.out:475 usermod.8.xml.out:495
@@ -12543,21 +13509,31 @@ msgstr ""
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:484
-#, fuzzy
-#| msgid "Remove any SELinux user mapping for the user's login."
 msgid "Remove a range of subordinate gids from the user's account."
 msgstr ""
-"entfernt die Zuordnung von SELinux-Benutzern aus den Anmeldeinformationen "
-"des Benutzers"
+"entfernt einen Bereich untergeordneter Gruppenkennungen aus dem "
+"Benutzerkonto."
 
+# MH s/users account/user's account
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:487
+#, fuzzy
+#| msgid ""
+#| "This option may be specified multiple times to remove multiple ranges to "
+#| "a users account. When both <option>--del-subgids</option> and <option>--"
+#| "add-subgids</option> are specified, the removal of all subordinate gid "
+#| "ranges happens before any subordinate gid range is added."
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
 "user's account. When both <_:option-1/> and <_:option-2/> are specified, the "
 "removal of all subordinate gid ranges happens before any subordinate gid "
 "range is added."
 msgstr ""
+"Diese Option kann, um mehr als einen Bereich aus einem Benutzerkonto zu "
+"entfernen, mehrfach eingegeben werden. Wenn beide Optionen, <option>--del-"
+"subgids</option> und <option>--add-subgids</option>, angegeben sind, werden "
+"zuerst die Bereiche untergeordneter Gruppenkennungen gelöscht, dann neue "
+"angelegt."
 
 #. (itstool) path: listitem/para
 #: usermod.8.xml.out:504
@@ -12567,15 +13543,25 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
+msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+# Here, the attribute "numerical" is not necessary when speaking of a user ID.
+# "platform" often refers to processor architectures. In the next version
+# it will be replaced by "other operating systems" SH 2022-02-11
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
 #, fuzzy
 #| msgid ""
 #| "You must make certain that the named user is not executing any processes "
 #| "when this command is being executed if the user's numerical user ID, the "
 #| "user's name, or the user's home directory is being changed. "
-#| "<command>usermod</command> checks this on Linux, but only check if the "
-#| "user is logged in according to utmp on other architectures."
+#| "<command>usermod</command> checks this on Linux. On other platforms it "
+#| "only uses utmp to check if the user is logged in."
 msgid ""
 "You must make certain that the named user is not executing any processes "
 "when this command is being executed if the user's numerical user ID, the "
@@ -12583,24 +13569,25 @@ msgid ""
 "checks this on Linux. On other operating systems it only uses utmp to check "
 "if the user is logged in."
 msgstr ""
-"Wenn Sie mit diesem Befehl die numerische UID, den Namen oder das Home-"
-"Verzeichnis eines Benutzers verändern wollen, müssen Sie sicherstellen, dass "
-"dieser Benutzer keine Prozesse laufen lässt. Bei Linux stellt dies "
-"<command>usermod</command> sicher, auf anderen Architekturen überprüft es "
-"nur, ob der Benutzer laut utmp eingeloggt ist."
+"Wenn dieser Befehl ausgeführt wird und hiervon die Kennung, der Anmeldename "
+"oder das persönliche Verzeichnis eines Benutzers betroffen sind, müssen Sie "
+"sicherstellen, dass für diesen Benutzer momentan keine Prozesse laufen. Bei "
+"Linux stellt <command>usermod</command> dies sicher. Bei anderen "
+"Betriebssystemen wird nur überprüft, ob der Benutzer laut utmp eingeloggt "
+"ist."
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "You must change the owner of any <command>crontab</command> files or "
@@ -12613,57 +13600,72 @@ msgstr ""
 "<command>at</command>-Aufträgen per Hand ändern."
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr ""
-"Sie müssen alle Änderung in Bezug auf NIS auf dem NIS-Server vornehmen."
+"Sie müssen alle Änderungen, an welchen NIS beteiligt ist, auf dem NIS-Server "
+"vornehmen."
 
+# MH2: no full stop at the strings' end necessary
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
 msgstr "Informationen zu den Gruppenkonten"
 
+# MH3: no full stop at the strings end necessary
 # type: Plain text
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
-msgstr "sichere Informationen zu den Gruppenkonten"
+msgid "Secure group account information"
+msgstr "geschützte Informationen zu den Gruppenkonten"
 
+# MH full stop at the end of the string is not necessary
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 #, fuzzy
 #| msgid "Shadow password suite configuration."
 msgid "Shadow password suite configuration"
-msgstr "Konfiguration der Shadow-Passwort-Werkzeugsammlung"
+msgstr "konfiguriert die Shadow-Hilfsprogramme."
 
+# MH4: no full stop at the strings end necessary
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
 msgstr "Informationen zu den Benutzerkonten"
 
+# MH5: Unsicherheit der Ãœbersetzung: in vipw.8.xml:206 wurde "secure" mit
+# "sicher übersetzt", hier mit "verschlüsselt". Vielleicht heißt es auch
+# "geschützt".
+# MH6: no full stop at the strings end necessary
 # type: Plain text
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
-msgstr "verschlüsselte Informationen zu den Benutzerkonten"
+msgstr "geschützte Informationen zu den Benutzerkonten"
 
+# MH full stop at the end of the string is not necessary
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
+#, fuzzy
+#| msgid "Per user subordinate group IDs."
 msgid "Per user subordinate group IDs"
-msgstr ""
+msgstr "enthält untergeordnete Gruppenkennungen der einzelnen Benutzer."
 
+# full stop at the end of the string is not necessary
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
+#, fuzzy
+#| msgid "Per user subordinate user IDs."
 msgid "Per user subordinate user IDs"
-msgstr ""
+msgstr "enthält untergeordnete Benutzerkennungen der einzelnen Benutzer."
 
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -12676,8 +13678,8 @@ msgstr "vigr"
 #: vipw.8.xml.out:44
 msgid "edit the password, group, shadow-password or shadow-group file"
 msgstr ""
-"bearbeitet die Passwort-, Gruppen-, Shadow-Passwort- oder Shadow-Gruppen-"
-"Datei"
+"bearbeitet die Passwort- und die Gruppendatei in den ungeschützten und "
+"geschützen Versionen"
 
 #. (itstool) path: para/envar
 #: vipw.8.xml.out:75
@@ -12715,7 +13717,7 @@ msgstr "vipw"
 #| "envar>, and finally the default editor, <citerefentry><refentrytitle>vi</"
 #| "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -12725,8 +13727,8 @@ msgid ""
 msgstr ""
 "Die Befehle <command>vipw</command> und <command>vigr</command> bearbeiten "
 "die Dateien <filename>/etc/passwd</filename> beziehungsweise <filename>/etc/"
-"group</filename>. Mit der Option <option>-s</option> bearbeiten Sie die "
-"Shadow-Versionen beider Dateien, <filename>/etc/shadow</filename> und "
+"group</filename>. Mit der Option <option>-s</option> bearbeiten sie die "
+"geschützten Versionen beider Dateien, <filename>/etc/shadow</filename> und "
 "<filename>/etc/gshadow</filename>. Die Programme werden die geeigneten "
 "Sperren setzen, um eine Beschädigung der Dateien zu verhindern. Wenn ein "
 "Editor benötigt wird, wird zuerst die Umgebungsvariable <envar>$VISUAL</"
@@ -12743,14 +13745,19 @@ msgid ""
 "The options which apply to the <_:command-1/> and <_:command-2/> commands "
 "are:"
 msgstr ""
-"Die Optionen, die vom Befehl <command>passwd</command> unterstützt werden, "
-"sind:"
+"Der Befehl <command>passwd</command> kann mit folgenden Optionen verwendet "
+"werden:"
 
+# MH Speaking of a "group database" is confusing as nothing else than the files with
+# information on the groups, i.e. /etc/group /etc/gshadow, are meant
 #. (itstool) path: listitem/para
 #: vipw.8.xml.out:92
 msgid "Edit group database."
-msgstr "bearbeitet die Gruppendatenbank"
+msgstr "bearbeitet die Daten bezüglich Gruppen."
 
+# MH this string is the argument for pwck. Elsewhere, capital letters are used in this context
+# s/passwd/PASSWD
+# The same refers to the argument shadow s/shadow/SHADOW
 #. (itstool) path: term/option
 #: vipw.8.xml.out:102
 #, fuzzy
@@ -12758,11 +13765,15 @@ msgstr "bearbeitet die Gruppendatenbank"
 msgid "--passwd"
 msgstr "passwd"
 
+# MH Speaking of a "passwd database" is confusing as nothing else than the files with
+# information on users, i.e. /etc/passwd /etc/shadow, are meant
 #. (itstool) path: listitem/para
 #: vipw.8.xml.out:104
 msgid "Edit passwd database."
-msgstr "bearbeitet die Passwd-Datenbank"
+msgstr "bearbeitet die Daten bezüglich Benutzern."
 
+# ENDE Teil 08 weiter mit shadow.5
+# BEGINN Teil 09 setzt sg fort
 #. (itstool) path: term/option
 #: vipw.8.xml.out:127
 #, fuzzy
@@ -12770,15 +13781,19 @@ msgstr "bearbeitet die Passwd-Datenbank"
 msgid "--shadow"
 msgstr "shadow"
 
+# MH Word "database" is misleading
 #. (itstool) path: listitem/para
 #: vipw.8.xml.out:129
 msgid "Edit shadow or gshadow database."
-msgstr "bearbeitet die Shadow- oder Gshadow-Datenbank"
+msgstr "bearbeitet die geschützten Dateiversionen."
 
+# MH1 Is there a tbc shadow file to each user? Yes, see
+# https://man.linuxreviews.org/man8/tcb_convert.8.html
+# https://man.linuxreviews.org/man5/tcb.5.html
 #. (itstool) path: listitem/para
 #: vipw.8.xml.out:135
 msgid "Indicates which user's tcb shadow file to edit."
-msgstr "bestimmt, welche Tcb-Shadow-Datei des Benutzers bearbeitet werden soll"
+msgstr "gibt den Benutzer an, dessen geschützte Tcb-Datei zu bearbeiten ist."
 
 #. (itstool) path: refsect1/title
 #: vipw.8.xml.out:154
@@ -12794,7 +13809,7 @@ msgstr "VISUAL"
 #. (itstool) path: listitem/para
 #: vipw.8.xml.out:159
 msgid "Editor to be used."
-msgstr "der verwendete Editor"
+msgstr "der zu verwendende Editor"
 
 #. (itstool) path: term/option
 #: vipw.8.xml.out:163
@@ -12806,7 +13821,8 @@ msgstr "EDITOR"
 #, fuzzy
 #| msgid "Editor to be used if <option>VISUAL</option> is not set."
 msgid "Editor to be used if <_:option-1/> is not set."
-msgstr "der verwendete Editor, wenn <option>VISUAL</option> nicht gesetzt ist"
+msgstr ""
+"der zu verwendende Editor, wenn <option>VISUAL</option> nicht gesetzt ist"
 
 #. (itstool) path: citerefentry/refentrytitle
 #: vipw.8.xml.out:220
@@ -12838,7 +13854,7 @@ msgstr ""
 #~ "<replaceable>CHROOT_DIR</replaceable>"
 #~ msgstr ""
 #~ "<option>-R</option>, <option>--root</option>&nbsp;"
-#~ "<replaceable>CHROOT_VERZ</replaceable>"
+#~ "xxx<replaceable>CHROOT_VERZ</replaceable>"
 
 #~ msgid "<option>-s</option>, <option>--shadow</option>"
 #~ msgstr "<option>-s</option>, <option>--shadow</option>"
@@ -12847,16 +13863,16 @@ msgstr ""
 #~ msgstr "<option>-u</option>, <option>--user</option>"
 
 #~ msgid "<option>USE_TCB</option> (boolean)"
-#~ msgstr "<option>USE_TCB</option> (boolesch)"
+#~ msgstr "<option>USE_TCB</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "If <replaceable>yes</replaceable>, the <citerefentry><refentrytitle>tcb</"
 #~ "refentrytitle><manvolnum>5</manvolnum></citerefentry> password shadowing "
 #~ "scheme will be used."
 #~ msgstr ""
-#~ "Wenn auf <replaceable>yes</replaceable> gesetzt, wird das "
+#~ "Wenn auf <replaceable>yes</replaceable> gesetzt, wird das in "
 #~ "<citerefentry><refentrytitle>tcb</refentrytitle><manvolnum>5</manvolnum></"
-#~ "citerefentry>-Passwort-Shadowing-Schema verwendet."
+#~ "citerefentry> dargestellte Passwortschutz-Konzept verwendet."
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>vi</refentrytitle><manvolnum>1</manvolnum></"
@@ -12883,23 +13899,27 @@ msgstr ""
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</"
 #~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>."
 
+# "to reflect the changes" wurde auch von Paketbetreuer Serge Hallyn als
+# unnötig kompliziert erachtet SH 2022-02-11. Original mittlerweile ueberarbeitet.
 #~ msgid ""
 #~ "The <command>usermod</command> command modifies the system account files "
 #~ "to reflect the changes that are specified on the command line."
 #~ msgstr ""
-#~ "Der Befehl <command>usermod</command> verändert die Kontodateien des "
-#~ "Systems, so dass sie die Änderungen enthalten, die in der Befehlszeile "
-#~ "eingegeben wurden."
+#~ "Der Befehl <command>usermod</command> verändert die Dateien mit den "
+#~ "Angaben über die Benutzerkonten auf dem System."
 
 #~ msgid ""
 #~ "The options which apply to the <command>usermod</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>usermod</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>usermod</command> kann mit folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid "<option>-a</option>, <option>--append</option>"
 #~ msgstr "<option>-a</option>, <option>--append</option>"
 
+#~ msgid "<option>-b</option>, <option>--badname</option>"
+#~ msgstr "<option>-b</option>, <option>--badname</option>"
+
 #~ msgid ""
 #~ "<option>-c</option>, <option>--comment</option>&nbsp;"
 #~ "<replaceable>COMMENT</replaceable>"
@@ -12907,20 +13927,23 @@ msgstr ""
 #~ "<option>-c</option>, <option>--comment</option>&nbsp;"
 #~ "<replaceable>KOMMENTAR</replaceable>"
 
+# wird im Original geändert zu
+# "update the comment field of the user in <filename>/etc/passwd</filename>, which is normally ...."
 #~ msgid ""
 #~ "The new value of the user's password file comment field. It is normally "
 #~ "modified using the <citerefentry><refentrytitle>chfn</"
 #~ "refentrytitle><manvolnum>1</manvolnum></citerefentry> utility."
 #~ msgstr ""
-#~ "Der neue Wert des Kommentarfelds in der Passwortdatei des Benutzers. Er "
-#~ "wird normalerweise mit dem Werkzeug <citerefentry><refentrytitle>chfn</"
-#~ "refentrytitle><manvolnum>1</manvolnum></citerefentry> verändert."
+#~ "aktualisiert das Kommentarfeld zum Benutzer in der Datei <filename>/etc/"
+#~ "passwd</filename>. Es wird normalerweise mit dem Befehl "
+#~ "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
+#~ "manvolnum></citerefentry> verändert."
 
 #~ msgid ""
 #~ "<option>-d</option>, <option>--home</option>&nbsp;<replaceable>HOME_DIR</"
 #~ "replaceable>"
 #~ msgstr ""
-#~ "<option>-d</option>, <option>--home</option>&nbsp;<replaceable>HOME_VERZ</"
+#~ "<option>-d</option>, <option>--home</option>&nbsp;<replaceable>PERS_VERZ</"
 #~ "replaceable>"
 
 #~ msgid ""
@@ -12928,14 +13951,21 @@ msgstr ""
 #~ "<replaceable>EXPIRE_DATE</replaceable>"
 #~ msgstr ""
 #~ "<option>-e</option>, <option>--expiredate</option>&nbsp;"
-#~ "<replaceable>VERFALLS_DATUM</replaceable>"
+#~ "<replaceable>LÖSCHUNGSDATUM</replaceable>"
 
+# MH Auch eine Eingabe von -1 entfernt einen existierenden Eintrag in dem Feld
+# Wird in Abstimmung geändert zu
+#  "With an empty string ("") as argument, an
+#  <replaceable>EXPIRE_DATE</replaceable> in the shadow password file
+#  is removed and the account remains available with no date limit."
+# SH 2022-02-13
 #~ msgid ""
 #~ "An empty <replaceable>EXPIRE_DATE</replaceable> argument will disable the "
 #~ "expiration of the account."
 #~ msgstr ""
-#~ "Wenn das Argument <replaceable>VERFALLS_DATUM</replaceable> leer bleibt, "
-#~ "wird der Verfall des Kontos deaktiviert."
+#~ "Mit dem Leerstring als <replaceable>LÖSCHUNGSDATUM</replaceable> wird ein "
+#~ "Eintrag im entsprechenden Feld der geschützten Passwortdatei entfernt und "
+#~ "das Benutzerkonto steht ohne zeitliche Begrenzung zur Verfügung."
 
 #~ msgid ""
 #~ "<option>-f</option>, <option>--inactive</option>&nbsp;"
@@ -12944,19 +13974,26 @@ msgstr ""
 #~ "<option>-f</option>, <option>--inactive</option>&nbsp;"
 #~ "<replaceable>INAKTIV</replaceable>"
 
+# "permanently disabled" is misleading, the account becomes inaccessible.
+# String will be improved SH 2022-02-11
 #~ msgid ""
 #~ "The number of days after a password expires until the account is "
 #~ "permanently disabled."
 #~ msgstr ""
-#~ "Die Anzahl von Tagen, nach denen ein Passwort abgelaufen ist, bis das "
-#~ "Konto deaktiviert wird."
+#~ "definiert eine Anzahl von Tagen nach Überschreiten des Höchstalters des "
+#~ "Passworts. In dieser Zeit wird der Benutzer aufgefordert, sein Passwort "
+#~ "zu ersetzen. Der Wert wird in der geschützten Passwortdatei abgelegt."
 
+# String will be improved SH 2022-02-11
 #~ msgid ""
 #~ "A value of 0 disables the account as soon as the password has expired, "
 #~ "and a value of -1 disables the feature."
 #~ msgstr ""
-#~ "Ein Wert von 0 deaktiviert das Konto, sobald das Passwort abläuft. Ein "
-#~ "Wert von -1 schaltet diese Funktion ab."
+#~ "Ein Wert von 0 macht das Passwort sofort nach Ablauf des Passworts "
+#~ "unbrauchbar. Ein Wert von -1 entfernt den entsprechenden Eintrag in "
+#~ "<filename>/etc/shadow</filename>. In <citerefentry><refentrytitle>shadow</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>finden Sie weitere "
+#~ "Informationen."
 
 #~ msgid ""
 #~ "<option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GROUP</"
@@ -12987,10 +14024,11 @@ msgstr ""
 #~ msgid "<option>-m</option>, <option>--move-home</option>"
 #~ msgstr "<option>-m</option>, <option>--move-home</option>"
 
+# "move the " will be replaced with "moves the" SH 2022-02-13
 #~ msgid "Move the content of the user's home directory to the new location."
 #~ msgstr ""
-#~ "verschiebt den Inhalt des Home-Verzeichnisses eines Benutzers zu dem "
-#~ "neuen Ziel"
+#~ "verschiebt den Inhalt des persönlichen Verzeichnisses eines Benutzers an "
+#~ "den neuen Ort."
 
 #~ msgid ""
 #~ "This option is only valid in combination with the <option>-d</option> (or "
@@ -13009,14 +14047,23 @@ msgstr ""
 #~ "<option>-p</option>, <option>--password</option>&nbsp;"
 #~ "<replaceable>PASSWORT</replaceable>"
 
+# MH Original is to be updated. SH 2022-02-11
 #~ msgid ""
 #~ "The encrypted password, as returned by "
 #~ "<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
 #~ "manvolnum></citerefentry>."
 #~ msgstr ""
-#~ "das verschlüsselte Passwort, wie es von "
+#~ "ändert das Passwort, wobei <replaceable>PASSWORT</replaceable> für das "
+#~ "verschlüsselte Passwort steht, wie es von "
 #~ "<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
-#~ "manvolnum></citerefentry> zurückgegeben wird"
+#~ "manvolnum></citerefentry> geliefert wird."
+
+#~ msgid ""
+#~ "<option>-P</option>, <option>--prefix</option>&nbsp;"
+#~ "<replaceable>PREFIX_DIR</replaceable>"
+#~ msgstr ""
+#~ "<option>-P</option>, <option>--prefix</option>&nbsp;"
+#~ "<replaceable>PRAEFIX_VERZ</replaceable>"
 
 #~ msgid ""
 #~ "<option>-s</option>, <option>--shell</option>&nbsp;<replaceable>SHELL</"
@@ -13028,63 +14075,42 @@ msgstr ""
 #~ msgid "<option>-U</option>, <option>--unlock</option>"
 #~ msgstr "<option>-U</option>, <option>--unlock</option>"
 
-#, fuzzy
-#~| msgid ""
-#~| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~| "replaceable>|<replaceable>RANGE</replaceable>"
 #~ msgid ""
 #~ "<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 #~ "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 #~ msgstr ""
-#~ "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~ "replaceable>|<replaceable>MENGE</replaceable>"
+#~ "<option>-v</option>, <option>--add-subuids</option>&nbsp;"
+#~ "<replaceable>ERSTE</replaceable>-<replaceable>LETZTE</replaceable>"
 
-#, fuzzy
-#~| msgid ""
-#~| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~| "replaceable>|<replaceable>RANGE</replaceable>"
 #~ msgid ""
 #~ "<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 #~ "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 #~ msgstr ""
-#~ "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~ "replaceable>|<replaceable>MENGE</replaceable>"
+#~ "<option>-V</option>, <option>--del-subuids</option>&nbsp;"
+#~ "<replaceable>ERSTE</replaceable>-<replaceable>LETZTE</replaceable>"
 
-#, fuzzy
-#~| msgid ""
-#~| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~| "replaceable>|<replaceable>RANGE</replaceable>"
 #~ msgid ""
 #~ "<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 #~ "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 #~ msgstr ""
-#~ "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~ "replaceable>|<replaceable>MENGE</replaceable>"
+#~ "<option>-w</option>, <option>--add-subgids</option>&nbsp;"
+#~ "<replaceable>ERSTE</replaceable>-<replaceable>LETZTE</replaceable>"
 
-#, fuzzy
-#~| msgid ""
-#~| "No checks will be performed with regard to the <option>GID_MIN</option>, "
-#~| "<option>GID_MAX</option>, <option>SYS_GID_MIN</option>, or "
-#~| "<option>SYS_GID_MAX</option> from <filename>/etc/login.defs</filename>."
 #~ msgid ""
 #~ "No checks will be performed with regard to <option>SUB_GID_MIN</option>, "
 #~ "<option>SUB_GID_MAX</option>, or <option>SUB_GID_COUNT</option> from /etc/"
 #~ "login.defs."
 #~ msgstr ""
-#~ "Die Werte von <option>GID_MIN</option>, <option>GID_MAX</option>, "
-#~ "<option>SYS_GID_MIN</option> und <option>SYS_GID_MAX</option> aus "
-#~ "<filename>/etc/login.defs</filename> werden nicht geprüft."
+#~ "Ein Abgleich hinsichtlich der Einträge für <option>SUB_GID_MIN</option>, "
+#~ "<option>SUB_GID_MAX</option> und <option>SUB_GID_COUNT</option> aus "
+#~ "<filename>/etc/login.defs</filename> erfolgt nicht."
 
-#, fuzzy
-#~| msgid ""
-#~| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~| "replaceable>|<replaceable>RANGE</replaceable>"
 #~ msgid ""
 #~ "<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 #~ "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 #~ msgstr ""
-#~ "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~ "replaceable>|<replaceable>MENGE</replaceable>"
+#~ "<option>-W</option>, <option>--del-subgids</option>&nbsp;"
+#~ "<replaceable>ERSTE</replaceable>-<replaceable>LETZTE</replaceable>"
 
 #~ msgid ""
 #~ "<option>-Z</option>, <option>--selinux-user</option>&nbsp;"
@@ -13094,15 +14120,50 @@ msgstr ""
 #~ "BENUTZER</replaceable>"
 
 #~ msgid "The new SELinux user for the user's login."
-#~ msgstr "der neue SELinux-Benutzer für den Anmeldenamen des Benutzers"
+#~ msgstr ""
+#~ "definiert den SELinux-Benutzer <replaceable>SE-BENUTZER</replaceable>, "
+#~ "der dem Anmeldenamen <replaceable>LOGIN</replaceable> zuzuordnen ist. "
 
+# MH change this string in the same way as in useradd.8, see SH 2022-02-05:
+# defines the SELinux user for the new account. Without this
+# option, an SELinux system uses the default user.  Note that the shadow system
+# doesn't store the selinux-user, it uses semanage(8) for that.
+#
+# defines the SELinux user to be mapped with <replaceable>LOGIN</replaceable>.
+# An empty string ("") will remove the respective entry (if any). Note that the shadow system
+# doesn't store the selinux-user, it uses semanage(8) for that.
+#
 #~ msgid ""
 #~ "A blank <replaceable>SEUSER</replaceable> will remove the SELinux user "
 #~ "mapping for user <replaceable>LOGIN</replaceable> (if any)."
 #~ msgstr ""
-#~ "Wenn <replaceable>SEBENUTZER</replaceable> leer ist, wird die Zuordnung "
-#~ "von SELinux-Benutzern (sofern vorhanden) aus den Anmeldeinformationen des "
-#~ "Benutzers entfernt"
+#~ "Wird ein Leerstring (\"\") übergeben, wird eine Zuordnung, soweit "
+#~ "vorhanden, aufgehoben. Beachten sie, dass die SE-Linux-Benutzer nicht von "
+#~ "den Shadow-Programmen gespeichert werden, sondern diese sich semanage(8) "
+#~ "bedienen. "
+
+#~ msgid "<option>LASTLOG_UID_MAX</option> (number)"
+#~ msgstr "<option>LASTLOG_UID_MAX</option> (Zahl)"
+
+#~ msgid ""
+#~ "Highest user ID number for which the lastlog entries should be updated. "
+#~ "As higher user IDs are usually tracked by remote user identity and "
+#~ "authentication services there is no need to create a huge sparse lastlog "
+#~ "file for them."
+#~ msgstr ""
+#~ "Die höchste Benutzerkennung, die <command>lastlog</command> bei den "
+#~ "Aufzeichnungen berücksichtigen soll. Da gewöhnlich spezielle Dienste die "
+#~ "Identität und Authentizität von Benutzern an entfernten Systemen "
+#~ "protokollieren, gibt es keinen Grund, ihretwegen eine riesige Sparse-"
+#~ "Datei <filename>lastlog</filename> anzulegen."
+
+#~ msgid ""
+#~ "No <option>LASTLOG_UID_MAX</option> option present in the configuration "
+#~ "means that there is no user ID limit for writing lastlog entries."
+#~ msgstr ""
+#~ "Wenn in der Konfiguration <option>LASTLOG_UID_MAX</option> fehlt, gibt es "
+#~ "keine Grenze zur Berücksichtigung von Benutzerkennungen bei den "
+#~ "Aufzeichungen in <filename>lastlog</filename>."
 
 #~ msgid "<option>MAIL_DIR</option> (string)"
 #~ msgstr "<option>MAIL_DIR</option> (Zeichenkette)"
@@ -13112,10 +14173,10 @@ msgstr ""
 #~ "its corresponding user account is modified or deleted. If not specified, "
 #~ "a compile-time default is used."
 #~ msgstr ""
-#~ "Das Verzeichnis des Mail-Spools. Diese Angabe wird benötigt, um die "
-#~ "Mailbox zu bearbeiten, nachdem das entsprechende Benutzerkonto verändert "
-#~ "oder gelöscht wurde. Falls nicht angegeben, wird ein Standard verwendet, "
-#~ "der beim Kompilieren festgelegt wurde."
+#~ "das Verzeichnis der Mail-Warteschlange. Diese Angabe wird benötigt, um "
+#~ "das Postfach zu bearbeiten, nachdem das entsprechende Benutzerkonto "
+#~ "verändert oder gelöscht wurde. Falls nicht angegeben, wird eine auf die "
+#~ "Kompilierung zurückgehende Vorgabe herangezogen."
 
 #~ msgid "<option>MAIL_FILE</option> (string)"
 #~ msgstr "<option>MAIL_FILE</option> (Zeichenkette)"
@@ -13124,8 +14185,8 @@ msgstr ""
 #~ "Defines the location of the users mail spool files relatively to their "
 #~ "home directory."
 #~ msgstr ""
-#~ "Legt den Ort der Mail-Spool-Dateien eines Benutzers relativ zu seinem "
-#~ "Home-Verzeichnis fest."
+#~ "legt fest, wo sich die Dateien der Mail-Warteschlange des Benutzers "
+#~ "relativ zu seinem persönlichen Verzeichnis befinden."
 
 #~ msgid ""
 #~ "The <option>MAIL_DIR</option> and <option>MAIL_FILE</option> variables "
@@ -13135,9 +14196,11 @@ msgstr ""
 #~ msgstr ""
 #~ "Die Variablen <option>MAIL_DIR</option> und <option>MAIL_FILE</option>  "
 #~ "werden von <command>useradd</command>, <command>usermod</command> und "
-#~ "<command>userdel</command> verwendet, um den Mail-Spool eines Benutzers "
-#~ "zu erstellen, zu verschieben oder zu löschen."
+#~ "<command>userdel</command> verwendet, um die Mail-Warteschlange eines "
+#~ "Benutzers zu erstellen, zu verschieben oder zu löschen."
 
+# MH 2022-12-28: Presumably no one understand this explanation,
+# varible MAIL does not appear anywhere else.
 #~ msgid ""
 #~ "If <option>MAIL_CHECK_ENAB</option> is set to <replaceable>yes</"
 #~ "replaceable>, they are also used to define the <envar>MAIL</envar> "
@@ -13155,16 +14218,16 @@ msgstr ""
 #~ "entry (line) is started in <filename>/etc/group</filename> (with the same "
 #~ "name, same password, and same GID)."
 #~ msgstr ""
-#~ "Maximale Anzahl von Mitgliedern je Gruppeneintrag. Wenn das Maximum "
+#~ "maximale Anzahl von Mitgliedern je Gruppeneintrag. Wenn das Maximum "
 #~ "erreicht wird, wird ein weiterer Eintrag in <filename>/etc/group</"
 #~ "filename> (mit dem gleichen Namen, dem gleichen Passwort und der gleichen "
-#~ "GID) erstellt."
+#~ "Gruppenkennung) erstellt."
 
 #~ msgid ""
 #~ "The default value is 0, meaning that there are no limits in the number of "
 #~ "members in a group."
 #~ msgstr ""
-#~ "Der Standardwert ist 0, was zur Folge hat, dass die Anzahl der Mitglieder "
+#~ "Der Standardwert ist 0, was bedeutet, dass die Anzahl der Mitglieder "
 #~ "einer Gruppe nicht begrenzt ist."
 
 #~ msgid ""
@@ -13172,9 +14235,9 @@ msgstr ""
 #~ "group file. This is useful to make sure that lines for NIS groups are not "
 #~ "larger than 1024 characters."
 #~ msgstr ""
-#~ "Diese Fähigkeit (der aufgeteilten Gruppe) ermöglicht es, die Zeilenlänge "
-#~ "in der Gruppendatei zu begrenzen. Damit kann sichergestellt werden, dass "
-#~ "die Zeilen für NIS-Gruppen nicht länger als 1024 Zeichen sind."
+#~ "Das Aufteilen von Gruppen ermöglicht es, Längenvorgaben für die Zeilen "
+#~ "der Gruppendatei einzuhalten. Damit kann sichergestellt werden, dass die "
+#~ "Zeilen für NIS-Gruppen nicht länger als 1024 Zeichen sind."
 
 #~ msgid "If you need to enforce such limit, you can use 25."
 #~ msgstr ""
@@ -13184,67 +14247,78 @@ msgstr ""
 #~ "Note: split groups may not be supported by all tools (even in the Shadow "
 #~ "toolsuite). You should not use this variable unless you really need it."
 #~ msgstr ""
-#~ "Hinweis: Aufgeteilte Gruppen werden möglicherweise nicht von allen "
-#~ "Werkzeugen unterstützt, selbst nicht aus der Shadow-Werkzeugsammlung. Sie "
-#~ "sollten diese Variable nur setzen, falls Sie zwingend darauf angewiesen "
-#~ "sind."
+#~ "Hinweis: Mit aufgeteilten Gruppen können möglicherweise nicht alle "
+#~ "Hilfsprogramme (nicht einmal jene der Shadow-Programmsammlung) umgehen. "
+#~ "Sie sollten diese Variable nur setzen, wenn Sie sie wirklich benötigen."
 
-#, fuzzy
-#~| msgid "<option>SYS_GID_MIN</option> (number)"
 #~ msgid "<option>SUB_GID_MIN</option> (number)"
-#~ msgstr "<option>SYS_GID_MIN</option> (Zahl)"
+#~ msgstr "<option>SUB_GID_MIN</option> (Zahl)"
 
-#, fuzzy
-#~| msgid "<option>SYS_GID_MAX</option> (number)"
 #~ msgid "<option>SUB_GID_MAX</option> (number)"
-#~ msgstr "<option>SYS_GID_MAX</option> (Zahl)"
+#~ msgstr "<option>SUB_GID_MAX</option> (Zahl)"
 
-#, fuzzy
-#~| msgid "<option>SYS_GID_MIN</option> (number)"
 #~ msgid "<option>SUB_GID_COUNT</option> (number)"
-#~ msgstr "<option>SYS_GID_MIN</option> (Zahl)"
+#~ msgstr "<option>SUB_GID_COUNT</option> (Zahl)"
+
+# Wird in nächster Version korrigiert:
+# Statt Datei subuid muss hier subgid genannt werden SG 2022-02-11
+#~ msgid ""
+#~ "If <filename>/etc/subuid</filename> exists, the commands "
+#~ "<command>useradd</command> and <command>newusers</command> (unless the "
+#~ "user already have subordinate group IDs) allocate <option>SUB_GID_COUNT</"
+#~ "option> unused group IDs from the range <option>SUB_GID_MIN</option> to "
+#~ "<option>SUB_GID_MAX</option> for each new user."
+#~ msgstr ""
+#~ "Wenn <filename>/etc/subgid</filename> existiert, fordern die Befehle "
+#~ "<command>useradd</command> und <command>newusers</command> für jeden "
+#~ "neuen Benutzer eine Zahl von <option>SUB_GID_COUNT</option> freier "
+#~ "Gruppenkennungen aus dem Bereich von <option>SUB_GID_MIN</option> bis "
+#~ "<option>SUB_GID_MAX</option> an. (Dies gilt nicht, wenn für diesen "
+#~ "Benutzer bereits untergeordnete Gruppenkennungen existieren.)"
 
-#, fuzzy
-#~| msgid ""
-#~| "The default value for <option>SYS_GID_MIN</option> (resp. "
-#~| "<option>SYS_GID_MAX</option>) is 101 (resp. <option>GID_MIN</option>-1)."
 #~ msgid ""
 #~ "The default values for <option>SUB_GID_MIN</option>, <option>SUB_GID_MAX</"
 #~ "option>, <option>SUB_GID_COUNT</option> are respectively 100000, "
-#~ "600100000 and 10000."
+#~ "600100000 and 65536."
 #~ msgstr ""
-#~ "Der Standardwert für <option>SYS_GID_MIN</option> ist 101, für  "
-#~ "<option>SYS_GID_MAX</option> <option>GID_MIN</option>-1."
+#~ "Die jeweiligen Standardwerte für <option>SUB_GID_MIN</option>, "
+#~ "<option>SUB_GID_MAX</option> und <option>SUB_GID_COUNT</option> sind "
+#~ "100000, 600100000 und 65536"
 
-#, fuzzy
-#~| msgid "<option>SYS_UID_MIN</option> (number)"
 #~ msgid "<option>SUB_UID_MIN</option> (number)"
-#~ msgstr "<option>SYS_UID_MIN</option> (Zahl)"
+#~ msgstr "<option>SUB_UID_MIN</option> (Zahl)"
 
-#, fuzzy
-#~| msgid "<option>SYS_UID_MAX</option> (number)"
 #~ msgid "<option>SUB_UID_MAX</option> (number)"
-#~ msgstr "<option>SYS_UID_MAX</option> (Zahl)"
+#~ msgstr "<option>SUB_UID_MAX</option> (Zahl)"
 
-#, fuzzy
-#~| msgid "<option>SYS_UID_MIN</option> (number)"
 #~ msgid "<option>SUB_UID_COUNT</option> (number)"
-#~ msgstr "<option>SYS_UID_MIN</option> (Zahl)"
+#~ msgstr "<option>SUB_UID_COUNT</option> (Zahl)"
+
+#~ msgid ""
+#~ "If <filename>/etc/subuid</filename> exists, the commands "
+#~ "<command>useradd</command> and <command>newusers</command> (unless the "
+#~ "user already have subordinate user IDs) allocate <option>SUB_UID_COUNT</"
+#~ "option> unused user IDs from the range <option>SUB_UID_MIN</option> to "
+#~ "<option>SUB_UID_MAX</option> for each new user."
+#~ msgstr ""
+#~ "Wenn <filename>/etc/subuid</filename> existiert, fordern die Befehle "
+#~ "<command>useradd</command> und <command>newusers</command> für jeden "
+#~ "neuen Benutzer eine Zahl von <option>SUB_UID_COUNT</option> freier "
+#~ "Benutzerkennungen aus dem Bereich von <option>SUB_UID_MIN</option> bis "
+#~ "<option>SUB_UID_MAX</option> an. (Dies gilt nicht, wenn für diesen "
+#~ "Benutzer bereits untergeordnete Benutzerkennungen existieren.)"
 
-#, fuzzy
-#~| msgid ""
-#~| "The default value for <option>SYS_UID_MIN</option> (resp. "
-#~| "<option>SYS_UID_MAX</option>) is 101 (resp. <option>UID_MIN</option>-1)."
 #~ msgid ""
 #~ "The default values for <option>SUB_UID_MIN</option>, <option>SUB_UID_MAX</"
 #~ "option>, <option>SUB_UID_COUNT</option> are respectively 100000, "
-#~ "600100000 and 10000."
+#~ "600100000 and 65536."
 #~ msgstr ""
-#~ "Der Standardwert für <option>SYS_UID_MIN</option> ist 101, für "
-#~ "<option>SYS_UID_MAX</option> <option>UID_MIN</option>-1."
+#~ "Die jeweiligen Standardwerte für <option>SUB_UID_MIN</option>, "
+#~ "<option>SUB_UID_MAX</option> und <option>SUB_UID_COUNT</option> sind "
+#~ "100000, 600100000 und 65536."
 
 #~ msgid "<option>TCB_SYMLINKS</option> (boolean)"
-#~ msgstr "<option>TCB_SYMLINKS</option> (boolesch)"
+#~ msgstr "<option>TCB_SYMLINKS</option> (Wahrheitswert)"
 
 #, no-wrap
 #~ msgid ""
@@ -13269,12 +14343,12 @@ msgstr ""
 #~ "} anderenfalls, falls ( UID kleiner als 1000000) {\n"
 #~ "  kilos = UID / 1000\n"
 #~ "  verwende /etc/tcb/:kilos/user\n"
-#~ "  erstelle symbolischen Verweis /etc/tcb/user zu dem genannten Verzeichnis\n"
+#~ "  erstelle symbolischen Verweis /etc/tcb/user zu obigem Verzeichnis\n"
 #~ "} anderenfalls {\n"
 #~ "  megas = UID / 1000000\n"
 #~ "  kilos = ( UID / megas * 1000000 ) / 1000\n"
 #~ "  verwende /etc/tcb/:megas/:kilos/user\n"
-#~ "  erstelle symbolischen Verweis /etc/tcb/user zu dem genannten Verzeichnis\n"
+#~ "  erstelle symbolischen Verweis /etc/tcb/user zu obigem Verzeichnis\n"
 #~ "}\n"
 #~ "      "
 
@@ -13284,30 +14358,11 @@ msgstr ""
 #~ "computed depending on the UID of the user, according to the following "
 #~ "algorithm: <placeholder-1/>"
 #~ msgstr ""
-#~ "Falls der Wert <replaceable>yes</replaceable> ist, wird der Ort des Tcb-"
+#~ "Falls der Wert <replaceable>yes</replaceable> ist, wird der Ort des tcb-"
 #~ "Verzeichnisses des Benutzers nicht automatisch /etc/tcb/user sein, "
-#~ "sondern nach dem folgenden Algorithmus aus der UID des Benutzers "
+#~ "sondern nach dem folgenden Algorithmus aus der Kennung des Benutzers "
 #~ "errechnet: <placeholder-1/>"
 
-#, fuzzy
-#~| msgid ""
-#~| "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</"
-#~| "refentrytitle><manvolnum>1</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>crypt</"
-#~| "refentrytitle><manvolnum>3</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>."
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</"
@@ -13344,7 +14399,11 @@ msgstr ""
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</"
 #~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
 #~ "<citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</"
-#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</"
+#~ "manvolnum></citerefentry>, <phrase "
+#~ "condition=\"subids\"><citerefentry><refentrytitle>subgid</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
+#~ "<citerefentry><refentrytitle>subuid</refentrytitle><manvolnum>5</"
+#~ "manvolnum></citerefentry>, </phrase><citerefentry><refentrytitle>useradd</"
 #~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
 #~ "<citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
@@ -13352,8 +14411,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>userdel</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>userdel</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>userdel</command> kann mit den folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid "<option>-f</option>, <option>--force</option>"
 #~ msgstr "<option>-f</option>, <option>--force</option"
@@ -13367,17 +14426,21 @@ msgstr ""
 #~ msgid "<option>USERDEL_CMD</option> (string)"
 #~ msgstr "<option>USERDEL_CMD</option> (Zeichenkette)"
 
+# MH30: make more simple and more clear:
+# s/owned by the user to be removed (passed as the first
+# /owned by this user. His login name is expected as first
 #~ msgid ""
 #~ "If defined, this command is run when removing a user. It should remove "
 #~ "any at/cron/print jobs etc. owned by the user to be removed (passed as "
 #~ "the first argument)."
 #~ msgstr ""
-#~ "Falls angegeben, wird dieser Befehl ausgeführt, wenn ein Benutzer "
+#~ "falls angegeben, wird dieser Befehl ausgeführt, wenn ein Benutzer "
 #~ "entfernt wird. Damit können At-, Cron- und Druckaufträge etc. des "
-#~ "entfernten Benutzers (wird als erstes Argument übergeben) gelöscht werden."
+#~ "Benutzers (sein Name ist als erstes Argument zu übergeben) gelöscht "
+#~ "werden."
 
 #~ msgid "The return code of the script is not taken into account."
-#~ msgstr "Der Rückgabewert des Skripts wird nicht ausgewertet."
+#~ msgstr "Der Rückgabewert des Skripts bleibt unberücksichtigt."
 
 #, no-wrap
 #~ msgid ""
@@ -13411,7 +14474,7 @@ msgstr ""
 #~ "\n"
 #~ "# Prüfen, ob das benötigte Argument angegeben wurde\n"
 #~ "if [ $# != 1 ]; then\n"
-#~ "\techo \"Verwendungsweise: $0 Benutzername\"\n"
+#~ "\techo \"Verwendungsweis: $0 Anmeldename\"\n"
 #~ "\texit 1\n"
 #~ "fi\n"
 #~ "\n"
@@ -13419,9 +14482,9 @@ msgstr ""
 #~ "crontab -r -u $1\n"
 #~ "\n"
 #~ "# at-Aufträge entfernen.\n"
-#~ "# Hinweis: Dies wird alle Aufträge entfernen, die der gleichen UID\n"
-#~ "# gehören, selbst wenn sie von einem Benutzer mit einem anderen Namen\n"
-#~ "# eingerichtet wurden.\n"
+#~ "# Hinweis: Dies wird alle Aufträge entfernen, die der gleichen \n"
+#~ "# Benutzerkennung gehören, selbst wenn sie von einem Benutzer mit \n"
+#~ "# einem anderen Namen eingerichtet wurden.\n"
 #~ "AT_SPOOL_DIR=/var/spool/cron/atjobs\n"
 #~ "find $AT_SPOOL_DIR -name \"[^.]*\" -type f -user $1 -delete \\;\n"
 #~ "\n"
@@ -13440,17 +14503,20 @@ msgstr ""
 #~ "Benutzers entfernt:<placeholder-1/>"
 
 #~ msgid "<option>USERGROUPS_ENAB</option> (boolean)"
-#~ msgstr "<option>USERGROUPS_ENAB</option> (boolesch)"
+#~ msgstr "<option>USERGROUPS_ENAB</option> (Wahrheitswert)"
 
+# MH31: Perhaps, it would be easier to use the file mode bits (e.g. 755)
+# instead of their description as umask (e.g. 077) bit pattern.
 #~ msgid ""
 #~ "Enable setting of the umask group bits to be the same as owner bits "
 #~ "(examples: 022 -&gt; 002, 077 -&gt; 007) for non-root users, if the uid "
 #~ "is the same as gid, and username is the same as the primary group name."
 #~ msgstr ""
-#~ "Erlaubt Benutzern, die nicht Root sind, die Umask-Gruppen-Bits auf ihre "
-#~ "Umask-Bits zu setzen (Beispiel: 022 -&gt; 002, 077 -&gt; 007), falls die "
-#~ "UID mit der GID identisch ist sowie der Benutzername mit dem Gruppennamen "
-#~ "übereinstimmt."
+#~ "Führt bei Benutzern, die nicht Systemadministrator sind, dazu, dass der "
+#~ "Gruppe die gleichen Zugriffsrechte wie dem Eigentümer eingeräumt werden. "
+#~ "Die Objekte erhielten als Umask-Muster beispielsweise 002 statt 022 und "
+#~ "007 statt 077. Hierfür müssen Benutzerkennung und Gruppenkennung sowie "
+#~ "der Benutzername und der der primären Gruppe übereinstimmen."
 
 #~ msgid ""
 #~ "If set to <replaceable>yes</replaceable>, <command>userdel</command> will "
@@ -13470,25 +14536,6 @@ msgstr ""
 #~ "Der Befehl <command>userdel</command> gibt beim Beenden folgende Werte "
 #~ "zurück: <placeholder-1/>"
 
-#, fuzzy
-#~| msgid ""
-#~| "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</"
-#~| "refentrytitle><manvolnum>1</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>crypt</"
-#~| "refentrytitle><manvolnum>3</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>."
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</"
@@ -13514,55 +14561,61 @@ msgstr ""
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</"
 #~ "refentrytitle><manvolnum>1</manvolnum></citerefentry>, "
 #~ "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</"
-#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>crypt</"
-#~ "refentrytitle><manvolnum>3</manvolnum></citerefentry>, "
+#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
 #~ "<citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</"
 #~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
 #~ "<citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</"
+#~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, <phrase "
+#~ "condition=\"subids\"><citerefentry><refentrytitle>subgid</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
+#~ "<citerefentry><refentrytitle>subuid</refentrytitle><manvolnum>5</"
+#~ "manvolnum></citerefentry>, </phrase><citerefentry><refentrytitle>useradd</"
 #~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~ "<citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</"
-#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</"
-#~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~ "<citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</"
+#~ "<citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
 #~ msgid ""
 #~ "The options which apply to the <command>useradd</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>useradd</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>useradd</command> kann mit folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<option>-b</option>, <option>--base-dir</option>&nbsp;"
 #~ "<replaceable>BASE_DIR</replaceable>"
 #~ msgstr ""
 #~ "<option>-b</option>, <option>--base-dir</option>&nbsp;"
-#~ "<replaceable>WURZEL_VERZ</replaceable>"
+#~ "<replaceable>BASIS_VERZ</replaceable>"
 
-#, fuzzy
-#~| msgid ""
-#~| "<option>-d</option>, <option>--home</option>&nbsp;<replaceable>HOME_DIR</"
-#~| "replaceable>"
 #~ msgid ""
 #~ "<option>-d</option>, <option>--home-dir</option>&nbsp;"
 #~ "<replaceable>HOME_DIR</replaceable>"
 #~ msgstr ""
-#~ "<option>-d</option>, <option>--home</option>&nbsp;<replaceable>HOME_VERZ</"
-#~ "replaceable>"
+#~ "<option>-d</option>, <option>--home-dir</option>&nbsp;"
+#~ "<replaceable>PERS_VERZ</replaceable>"
 
 #~ msgid "<option>-D</option>, <option>--defaults</option>"
 #~ msgstr "<option>-D</option>, <option>--defaults</option>"
 
+# SH 2022-02-05: Is about to be fixed/improved
+# 'disabling inactivity' field means user can't login without changing password.
+# Inactivity that's expired means you can't even change your password.
 #~ msgid ""
 #~ "The number of days after a password expires until the account is "
 #~ "permanently disabled. A value of 0 disables the account as soon as the "
 #~ "password has expired, and a value of -1 disables the feature."
 #~ msgstr ""
-#~ "Die Anzahl von Tagen nach Ablaufen des Passworts bis das Konto dauerhaft "
-#~ "deaktiviert wird. Ein Wert von 0 deaktiviert das Konto, sobald das "
-#~ "Passwort abläuft. Ein Wert von -1 schaltet diese Funktion ab."
+#~ "definiert eine Anzahl von Tagen nach Überschreiten des Höchstalters des "
+#~ "Passworts, In dieser Zeit wird der Benutzer aufgefordert, sein Passwort "
+#~ "zu ersetzen. DerWert wird in der geschützten Passwortdatei abgelegt. Ein "
+#~ "Wert von 0 macht das Passwort sofort nach Ablauf des Passworts "
+#~ "unbrauchbar. Ein Wert von -1 entfernt den entsprechenden Eintrag in "
+#~ "<filename>/etc/shadow</filename>. In <citerefentry><refentrytitle>shadow</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>finden Sie weitere "
+#~ "Informationen."
 
 #~ msgid ""
 #~ "<option>-k</option>, <option>--skel</option>&nbsp;<replaceable>SKEL_DIR</"
@@ -13578,19 +14631,8 @@ msgstr ""
 #~ "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>SCHLÃœSSEL</"
 #~ "replaceable>=<replaceable>WERT</replaceable>"
 
-#, fuzzy
-#~| msgid ""
-#~| "Overrides <filename>/etc/login.defs</filename> defaults "
-#~| "(<option>UID_MIN</option>, <option>UID_MAX</option>, <option>UMASK</"
-#~| "option>, <option>PASS_MAX_DAYS</option> and others). <placeholder-1/> "
-#~| "Example: <option>-K</option>&nbsp;<replaceable>PASS_MAX_DAYS</"
-#~| "replaceable>=<replaceable>-1</replaceable> can be used when creating "
-#~| "system account to turn off password ageing, even though system account "
-#~| "has no password at all. Multiple <option>-K</option> options can be "
-#~| "specified, e.g.: <option>-K</option>&nbsp;<replaceable>UID_MIN</"
-#~| "replaceable>=<replaceable>100</replaceable>&nbsp;<option>-K</"
-#~| "option>&nbsp;<replaceable>UID_MAX</replaceable>=<replaceable>499</"
-#~| "replaceable>"
+# SH 2022-02-05: String is about to be simplified,
+# with no statement on passwords and system account creation
 #~ msgid ""
 #~ "Overrides <filename>/etc/login.defs</filename> defaults (<option>UID_MIN</"
 #~ "option>, <option>UID_MAX</option>, <option>UMASK</option>, "
@@ -13603,14 +14645,13 @@ msgstr ""
 #~ "replaceable>=<replaceable>100</replaceable>&nbsp;<option>-K</option>&nbsp;"
 #~ "<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>"
 #~ msgstr ""
-#~ "Ãœberschreibt die Standardwerte aus <filename>/etc/login.defs</filename> "
-#~ "(<option>UID_MIN</option>, <option>UID_MAX</option>, <option>UMASK</"
-#~ "option>, <option>PASS_MAX_DAYS</option> und andere). <placeholder-1/> "
-#~ "Beispiel: <option>-K</option>&nbsp;<replaceable>PASS_MAX_TAGE</"
-#~ "replaceable>=<replaceable>-1</replaceable> kann eingesetzt werden, wenn "
-#~ "ein Systemkonto erstellt wird, um den Verfall des Passworts abzuschalten, "
-#~ "selbst wenn das Systemkonto überhaupt kein Passwort besitzt. Die Option "
-#~ "<option>-K</option> kann mehrmals verwendet werden, z.B.: <option>-K</"
+#~ "setzt <option>UID_MIN</option>, <option>UID_MAX</option>, <option>UMASK</"
+#~ "option>, <option>PASS_MAX_DAYS</option> und andere Standardwerte aus "
+#~ "<filename>/etc/login.defs</filename> außer Kraft.<placeholder-1/> "
+#~ "Beispiel: Mit <option>-K</option>&nbsp;<replaceable>PASS_MAX_DAYS</"
+#~ "replaceable>=<replaceable>-1</replaceable> kann ein Systemkonto mit "
+#~ "zeitlich unbegrenzt gültigem Passwort erstellt werden. Die Option "
+#~ "<option>-K</option> kann mehrfach verwendet werden, z.B.: <option>-K</"
 #~ "option>&nbsp;<replaceable>UID_MIN</replaceable>=<replaceable>100</"
 #~ "replaceable>&nbsp;<option>-K</option>&nbsp;<replaceable>UID_MAX</"
 #~ "replaceable>=<replaceable>499</replaceable>"
@@ -13621,23 +14662,35 @@ msgstr ""
 #~ msgid "<option>-m</option>, <option>--create-home</option>"
 #~ msgstr "<option>-m</option>, <option>--create-home</option>"
 
-#, fuzzy
-#~| msgid "<option>-m</option>, <option>--create-home</option>"
 #~ msgid "<option>-M</option>, <option>--no-create-home</option>"
-#~ msgstr "<option>-m</option>, <option>--create-home</option>"
+#~ msgstr "<option>-M</option>, <option>--no-create-home</option>"
 
 #~ msgid "<option>-N</option>, <option>--no-user-group</option>"
 #~ msgstr "<option>-N</option>, <option>--no-user-group</option>"
 
+# Question: What is the purpose of this option? I assume, to
+# set a password for the account in one step, there will be no need to define it
+# afterwards with passwd(1).
+# I regard it as confusing to read "the password is disabled". A test showed that
+# /etc/shadow will just contain an exclamation mark in the respective field.
+# According to shadow(5), this locks the account.
+#
+# Maintainer's comment on the last phrase that a disabled password
+# is the default: "A valid password field is one for which
+# hash(concatenate(plain_password, salt)) == password_field
+# is true. For password_field == '!', there is no plain_password which
+# can hash to it. Literally, "!" is an "invalid" or "disabled" password.
+# Semantically you are right: "no valid password" is the intent. SG 2022-02-05
 #~ msgid ""
 #~ "The encrypted password, as returned by "
 #~ "<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
 #~ "manvolnum></citerefentry>. The default is to disable the password."
 #~ msgstr ""
-#~ "Das verschlüsselte Passwort, wie es von "
+#~ "legt des Benutzerkonto mit Passwort an. <replaceable>PASSWORT</"
+#~ "replaceable> ist das Passwort in verschlüsselter Form, wie es von "
 #~ "<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
-#~ "manvolnum></citerefentry> zurückgegeben wird. Standardmäßig ist das "
-#~ "Passwort deaktiviert."
+#~ "manvolnum></citerefentry> geliefert wird. Standardmäßig ist das neue "
+#~ "Konto gesperrt und kein Passwort hinterlegt."
 
 #~ msgid "<option>-r</option>, <option>--system</option>"
 #~ msgstr "<option>-r</option>, <option>--system</option>"
@@ -13650,47 +14703,65 @@ msgstr ""
 #~ "option>-<option>UID_MAX</option> (and their <option>GID</option> "
 #~ "counterparts for the creation of groups)."
 #~ msgstr ""
-#~ "Systembenutzer werden ohne Hinterlegung ihres Alters in <filename>/etc/"
-#~ "shadow</filename> erstellt. Ihre numerische Kennung wird aus der Spanne "
-#~ "<option>SYS_UID_MIN</option> bis <option>SYS_UID_MAX</option> anstelle "
-#~ "von <option>UID_MIN</option> bis <option>UID_MAX</option> gewählt "
-#~ "(gleiches gilt für die GID bei der Erstellung von Gruppen)."
-
+#~ "Systemkonten werden ohne Hinterlegung von Fristen in <filename>/etc/"
+#~ "shadow</filename> erstellt. Sie erhalten eine Kennung aus dem in "
+#~ "<filename>/etc/login.defs</filename> für sie vorgesehenen Bereich von "
+#~ "<option>SYS_UID_MIN</option> bis <option>SYS_UID_MAX</option> statt "
+#~ "<option>UID_MIN</option> bis <option>UID_MAX</option>. Gleiches gilt für "
+#~ "die Gruppenkennung bei der Erstellung von Gruppen."
+
+# Mentioning the setting "blank" twice is confusing and probably redundant
+# Alternative, whith implicitely meant references to two modes of usage:
+# sets of the user's login shell. Without this option, the default
+# login shell specified by the <option>SHELL</option> variable in
+# <filename>/etc/default/useradd</filename> is passed to the user entry
+# in <filename>/etc/passwd</filename>. With no setting for SHELL in the
+# useradd configuration file, the login shell field remains empty.
+# When combined with -D, option -s sets the configuration variable
+# SHELL in /etc/default/useradd?. MH, 2022-01-25
+#
+# String is about to be improved in next version of this manual page
+# SG 2022-02-06
 #~ msgid ""
 #~ "The name of the user's login shell. The default is to leave this field "
 #~ "blank, which causes the system to select the default login shell "
 #~ "specified by the <option>SHELL</option> variable in <filename>/etc/"
 #~ "default/useradd</filename>, or an empty string by default."
 #~ msgstr ""
-#~ "Der Name der Anmelde-Shell des Benutzers. Standardmäßig wird dieses Feld "
-#~ "leer gelassen. Das System verwendet dann die Standard-Anmelde-Shell, die "
-#~ "mit der Variable <option>SHELL</option> in <filename>/etc/default/"
-#~ "useradd</filename> definiert wird, anderenfalls bleibt das Feld leer."
+#~ "gibt den Name der Anmelde-Shell des Benutzers an. Sonst wird die Variable "
+#~ "<option>SHELL</option> in <filename>/etc/default/useradd</filename> "
+#~ "herangezogen oder in <filename>/etc/passwd</filename> bleibt das Feld "
+#~ "leer."
 
 #~ msgid "<option>-U</option>, <option>--user-group</option>"
 #~ msgstr "<option>-U</option>, <option>--user-group</option>"
 
+# Is to be edited in the next version as "field" which
+# refers to a configuration file. The argument for option -Z is mandatory  SH 2022-01-30
 #~ msgid ""
 #~ "The SELinux user for the user's login. The default is to leave this field "
 #~ "blank, which causes the system to select the default SELinux user."
 #~ msgstr ""
-#~ "Der SELinux-Benutzer für den Benutzer nach seiner Anmeldung. "
-#~ "Standardmäßig bleibt dieses Feld leer und es wird dem System überlassen, "
-#~ "den SELinux-Benutzer zu bestimmen."
+#~ "gibt den SELinux-Benutzer zum Benutzerkonto an. Im Regelfall wird dem "
+#~ "System überlassen, den SELinux-Benutzer zu bestimmen."
 
 #~ msgid ""
 #~ "This option sets the <option>EXPIRE</option> variable in <filename>/etc/"
 #~ "default/useradd</filename>."
 #~ msgstr ""
-#~ "Diese Option verändert die Variable <option>EXPIRE</option> in <filename>/"
-#~ "etc/default/useradd</filename>."
+#~ "Hierdurch wird die Variable <option>EXPIRE</option> in <filename>/etc/"
+#~ "default/useradd</filename> verändert."
 
+# String is to be improved SG 2022-02-05.
 #~ msgid ""
 #~ "The number of days after a password has expired before the account will "
 #~ "be disabled."
 #~ msgstr ""
-#~ "die Anzahl von Tagen nach dem Ablaufen des Passworts bis das Konto "
-#~ "deaktiviert wird"
+#~ "definiert eine Anzahl von Tagen nach Überschreiten des Höchstalters des "
+#~ "Passworts. In dieser Zeit wird der Benutzer aufgefordert, sein Passwort "
+#~ "zu ersetzen. In <citerefentry><refentrytitle>shadow</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>finden Sie weitere "
+#~ "Informationen."
 
 #~ msgid ""
 #~ "This option sets the <option>INACTIVE</option> variable in <filename>/etc/"
@@ -13699,6 +14770,9 @@ msgstr ""
 #~ "Diese Option verändert die Variable <option>INACTIVE</option> in "
 #~ "<filename>/etc/default/useradd</filename>."
 
+# Usage of plural form of "account" discussed, but Serge thinks
+# this is no improvement mh 2022-02-01
+# Is to be edited. Next version s/initial/primary SH 2022-01-29
 #~ msgid ""
 #~ "The group name or ID for a new user's initial group (when the <option>-"
 #~ "N/--no-user-group</option> is used or when the <option>USERGROUPS_ENAB</"
@@ -13706,11 +14780,12 @@ msgstr ""
 #~ "etc/login.defs</filename>). The named group must exist, and a numerical "
 #~ "group ID must have an existing entry."
 #~ msgstr ""
-#~ "Der Gruppenname oder die GID für die Anfangsgruppe eines neuen Benutzers "
-#~ "(wenn <option>-N/--no-user-group</option> verwendet wird oder wenn in "
+#~ "setzt den Standardwert für die primäre Gruppe neuangelegter Benutzer. "
+#~ "(Wenn <option>-N/--no-user-group</option> verwendet wird oder wenn in "
 #~ "<filename>/etc/login.defs</filename> die Variable "
 #~ "<option>USERGROUPS_ENAB</option> auf <replaceable>no</replaceable> "
-#~ "gesetzt ist). Die bezeichnete Gruppe und die GID müssen existieren."
+#~ "gesetzt ist). Akzeptiert wird der Name oder die Kennung einer Gruppe, "
+#~ "diese muss bereits existieren."
 
 #~ msgid ""
 #~ "This option sets the <option>GROUP</option> variable in <filename>/etc/"
@@ -13719,6 +14794,8 @@ msgstr ""
 #~ "Diese Option verändert die Variable <option>GROUP</option> in <filename>/"
 #~ "etc/default/useradd</filename>."
 
+# Usage of plural form of "account" discussed, but Serge thinks
+# this is no improvement mh 2022-02-01
 #~ msgid "The name of a new user's login shell."
 #~ msgstr "der Name der Anmelde-Shell des neuen Benutzers"
 
@@ -13740,20 +14817,20 @@ msgstr ""
 #~ "regulärer Ausdruck: [a-z_][a-z0-9_-]*[$]?"
 
 #~ msgid "<option>CREATE_HOME</option> (boolean)"
-#~ msgstr "<option>CREATE_HOME</option> (boolesch)"
+#~ msgstr "<option>CREATE_HOME</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "Indicate if a home directory should be created by default for new users."
 #~ msgstr ""
-#~ "bestimmt, ob standardmäßig ein Home-Verzeichnis für neue Benutzer "
-#~ "erstellt werden soll"
+#~ "bestimmt, ob standardmäßig für neue Benutzer ein persönliches Verzeichnis "
+#~ "erstellt werden soll."
 
 #~ msgid ""
 #~ "This setting does not apply to system users, and can be overridden on the "
 #~ "command line."
 #~ msgstr ""
-#~ "Diese Einstellung trifft nicht auf Systembenutzer zu. Sie kann auf der "
-#~ "Befehlszeile überschrieben werden."
+#~ "Diese Einstellung gilt nicht für Systemkonten und kann per Befehlszeile "
+#~ "außer Kraft gesetzt werden."
 
 #~ msgid "<option>GID_MAX</option> (number)"
 #~ msgstr "<option>GID_MAX</option> (Zahl)"
@@ -13766,9 +14843,9 @@ msgstr ""
 #~ "<command>useradd</command>, <command>groupadd</command>, or "
 #~ "<command>newusers</command>."
 #~ msgstr ""
-#~ "der Bereich von Gruppen-IDs, aus dem die Programme <command>useradd</"
+#~ "der Bereich von Gruppenkennungen, aus dem die Programme <command>useradd</"
 #~ "command>, <command>groupadd</command> oder <command>newusers</command> "
-#~ "bei der Erstellung normaler Gruppen auswählen dürfen"
+#~ "bei der Erstellung normaler Gruppen auswählen dürfen."
 
 #~ msgid ""
 #~ "The default value for <option>GID_MIN</option> (resp. <option>GID_MAX</"
@@ -13777,6 +14854,23 @@ msgstr ""
 #~ "Der Standardwert für <option>GID_MIN</option> ist 1000, für "
 #~ "<option>GID_MAX</option> 60.000."
 
+#~ msgid "<option>HOME_MODE</option> (number)"
+#~ msgstr "<option>HOME_MODE</option> (Zahl)"
+
+#~ msgid ""
+#~ "The mode for new home directories. If not specified, the <option>UMASK</"
+#~ "option> is used to create the mode."
+#~ msgstr ""
+#~ "Der Berechtigungsmodus für das neue persönliche Verzeichnis. Wenn nicht "
+#~ "definiert, wird er aus <option>UMASK</option> abgeleitet."
+
+#~ msgid ""
+#~ "<command>useradd</command> and <command>newusers</command> use this to "
+#~ "set the mode of the home directory they create."
+#~ msgstr ""
+#~ "<command>useradd</command> und <command>newusers</command> erstellen das "
+#~ "persönliche Verzeichnis mit diesem Berechtigungsmodus."
+
 #~ msgid "<option>PASS_MAX_DAYS</option> (number)"
 #~ msgstr "<option>PASS_MAX_DAYS</option> (Zahl)"
 
@@ -13785,10 +14879,10 @@ msgstr ""
 #~ "older than this, a password change will be forced. If not specified, -1 "
 #~ "will be assumed (which disables the restriction)."
 #~ msgstr ""
-#~ "Die maximale Anzahl von Tagen, für die ein Passwort verwendet werden "
-#~ "darf. Wenn das Passwort älter ist, wird ein Wechsel des Passworts "
-#~ "erzwungen. Falls nicht angegeben, wird -1 angenommen (was zur Folge hat, "
-#~ "dass diese Beschränkung abgeschaltet ist)."
+#~ "die maximale Anzahl von Tagen, die ein Passwort verwendet werden darf. "
+#~ "Wenn das Passwort älter ist, wird ein Wechsel des Passworts erzwungen. "
+#~ "Falls nicht definiert, wird -1 angenommen, womit Passwörter unbefristet "
+#~ "gelten."
 
 #~ msgid "<option>PASS_MIN_DAYS</option> (number)"
 #~ msgstr "<option>PASS_MIN_DAYS</option> (Zahl)"
@@ -13798,10 +14892,10 @@ msgstr ""
 #~ "changes attempted sooner than this will be rejected. If not specified, -1 "
 #~ "will be assumed (which disables the restriction)."
 #~ msgstr ""
-#~ "Die Mindestanzahl von Tagen, bevor ein Wechsel des Passworts zugelassen "
+#~ "die Mindestanzahl von Tagen, bevor ein Wechsel des Passworts zugelassen "
 #~ "wird. Ein vorheriger Versuch, das Passwort zu ändern, wird abgelehnt. "
-#~ "Falls nicht angegeben, wird -1 angenommen (was zur Folge hat, dass diese "
-#~ "Beschränkung abgeschaltet ist)."
+#~ "Falls nicht angegeben, wird -1 angenommen, womit Passwörter jederzeit "
+#~ "aktualisierbar sind."
 
 #~ msgid "<option>PASS_WARN_AGE</option> (number)"
 #~ msgstr "<option>PASS_WARN_AGE</option> (Zahl)"
@@ -13811,11 +14905,10 @@ msgstr ""
 #~ "warning is given only upon the day of expiration, a negative value means "
 #~ "no warning is given. If not specified, no warning will be provided."
 #~ msgstr ""
-#~ "Die Anzahl von Tagen, an denen der Benutzer vorgewarnt wird, bevor das "
-#~ "Passwort verfällt. Eine Null bedeutet, dass eine Warnung nur am Tag des "
-#~ "Verfalls ausgegeben wird. Ein negativer Wert bedeutet, dass keine "
-#~ "Vorwarnung erfolgt. Falls nicht angegeben, wird keine Vorwarnung "
-#~ "ausgegeben."
+#~ "die Anzahl von Tagen, ab denen der Benutzer über das Ablaufen seines "
+#~ "Passwortes unterrichtet wird. Eine Null bedeutet, dass erst am Tag des "
+#~ "Ablaufens gewarnt wird. Ein negativer Wert oder keine Angabe bedeutet, "
+#~ "dass keine Warnung erfolgt."
 
 #~ msgid "<option>SYS_GID_MAX</option> (number)"
 #~ msgstr "<option>SYS_GID_MAX</option> (Zahl)"
@@ -13828,16 +14921,16 @@ msgstr ""
 #~ "<command>useradd</command>, <command>groupadd</command>, or "
 #~ "<command>newusers</command>."
 #~ msgstr ""
-#~ "der Bereich von Gruppen-IDs, aus dem die Programme <command>useradd</"
-#~ "command>, <command>groupadd</command> oder <command>newusers</command> "
-#~ "bei der Erstellung von Systemgruppen auswählen dürfen"
+#~ "Der Bereich, dem die Programme <command>useradd</command>, "
+#~ "<command>groupadd</command> oder <command>newusers</command> die "
+#~ "Kennungen für Systemgruppen entnehmen."
 
 #~ msgid ""
 #~ "The default value for <option>SYS_GID_MIN</option> (resp. "
 #~ "<option>SYS_GID_MAX</option>) is 101 (resp. <option>GID_MIN</option>-1)."
 #~ msgstr ""
 #~ "Der Standardwert für <option>SYS_GID_MIN</option> ist 101, für  "
-#~ "<option>SYS_GID_MAX</option> <option>GID_MIN</option>-1."
+#~ "<option>SYS_GID_MAX</option> ist er <option>GID_MIN</option>-1."
 
 #~ msgid "<option>SYS_UID_MAX</option> (number)"
 #~ msgstr "<option>SYS_UID_MAX</option> (Zahl)"
@@ -13849,9 +14942,9 @@ msgstr ""
 #~ "Range of user IDs used for the creation of system users by "
 #~ "<command>useradd</command> or <command>newusers</command>."
 #~ msgstr ""
-#~ "der Bereich von Benutzer-IDs, aus dem die Programme <command>useradd</"
-#~ "command> oder <command>newusers</command> bei der Erstellung von "
-#~ "Systembenutzern auswählen dürfen"
+#~ "Der Bereich, dem die Programme <command>useradd</command>, "
+#~ "<command>groupadd</command> oder <command>newusers</command> die "
+#~ "Kennungen für Systembenutzerkonten entnehmen."
 
 #~ msgid ""
 #~ "The default value for <option>SYS_UID_MIN</option> (resp. "
@@ -13861,14 +14954,14 @@ msgstr ""
 #~ "<option>SYS_UID_MAX</option> <option>UID_MIN</option>-1."
 
 #~ msgid "<option>TCB_AUTH_GROUP</option> (boolean)"
-#~ msgstr "<option>TCB_AUTH_GROUP</option> (boolesch)"
+#~ msgstr "<option>TCB_AUTH_GROUP</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "If <replaceable>yes</replaceable>, newly created tcb shadow files will be "
 #~ "group owned by the <replaceable>auth</replaceable> group."
 #~ msgstr ""
-#~ "Falls <replaceable>yes</replaceable>, gehören neu erstellte tcb-shadow-"
-#~ "Dateien der Gruppe <replaceable>auth</replaceable>."
+#~ "Falls mit <replaceable>yes</replaceable> belegt, gehören neu erstellte "
+#~ "tcb-shadow-Dateien der Gruppe <replaceable>auth</replaceable>."
 
 #~ msgid "<option>UID_MAX</option> (number)"
 #~ msgstr "<option>UID_MAX</option> (Zahl)"
@@ -13880,9 +14973,8 @@ msgstr ""
 #~ "Range of user IDs used for the creation of regular users by "
 #~ "<command>useradd</command> or <command>newusers</command>."
 #~ msgstr ""
-#~ "der Bereich von Benutzer-IDs, aus dem die Programme <command>useradd</"
-#~ "command> oder <command>newusers</command> bei der Erstellung normaler "
-#~ "Benutzer auswählen dürfen"
+#~ "der Bereich, dem die Programme <command>useradd</command> und "
+#~ "<command>newusers</command> die Kennungen normaler Benutzer entnehmen."
 
 #~ msgid ""
 #~ "The default value for <option>UID_MIN</option> (resp. <option>UID_MAX</"
@@ -13894,21 +14986,26 @@ msgstr ""
 #~ msgid "<option>UMASK</option> (number)"
 #~ msgstr "<option>UMASK</option> (Zahl)"
 
+# Is to be edited in the next version SH 2022-01-30
 #~ msgid ""
 #~ "The file mode creation mask is initialized to this value. If not "
 #~ "specified, the mask will be initialized to 022."
 #~ msgstr ""
-#~ "Die Bit-Gruppe, welche die Rechte von erstellten Dateien bestimmt, wird "
-#~ "anfänglich auf diesen Wert gesetzt. Falls nicht angegeben, wird sie auf "
-#~ "022 gesetzt."
+#~ "Die Maske zum Berechtigungsmodus neu erstellter Dateien, siehe "
+#~ "<citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</"
+#~ "manvolnum></citerefentry>Falls nicht angegeben, wird 022 verwendet. Somit "
+#~ "werden die Dateien und Verzeichnisse des Benutzers mit dem Modus 755 "
+#~ "beziehungsweise dem Zugriffsmuster rwxr-wr-x angelegt."
 
 #~ msgid ""
 #~ "<command>useradd</command> and <command>newusers</command> use this mask "
-#~ "to set the mode of the home directory they create"
+#~ "to set the mode of the home directory they create if <option>HOME_MODE</"
+#~ "option> is not set."
 #~ msgstr ""
-#~ "<command>useradd</command> und <command>newusers</command> verwenden "
-#~ "diese Bit-Gruppe, um die Rechte des von ihnen erstellten Home-"
-#~ "Verzeichnisses zu setzen."
+#~ "Wenn <option>HOME_MODE</option> nicht angegeben wurde, legen "
+#~ "<command>useradd</command> und <command>newusers</command> den "
+#~ "Berechtigungsmodus für das von ihnen erstellte persönliche Verzeichnis "
+#~ "entsprechend dieser Variablen fest."
 
 #~ msgid ""
 #~ "It is also used by <command>login</command> to define users' initial "
@@ -13921,10 +15018,10 @@ msgstr ""
 #~ "Sie wird auch von <command>login</command> verwendet, um die anfängliche "
 #~ "Umask eines Benutzers zu bestimmen. Beachten Sie, dass diese Bit-Gruppe "
 #~ "durch die GECOS-Zeile des Benutzers (wenn <option>QUOTAS_ENAB</option> "
-#~ "gesetzt wurde) oder die Festlegung eines Limits in "
+#~ "gesetzt wurde) oder die Festlegung einer Beschränkung in "
 #~ "<citerefentry><refentrytitle>limits</refentrytitle><manvolnum>5</"
-#~ "manvolnum></citerefentry> mit der Kennung <emphasis>K</emphasis> "
-#~ "überschrieben werden kann."
+#~ "manvolnum></citerefentry> mit der Kennung <emphasis>K</emphasis> außer "
+#~ "Kraft gesetzt werden kann."
 
 #~ msgid ""
 #~ "It is also used by <command>pam_umask</command> as the default umask "
@@ -13933,9 +15030,6 @@ msgstr ""
 #~ "Sie wird ebenfalls von <command>pam_umask</command> als die Standard-"
 #~ "Umask verwendet."
 
-#~ msgid "username already in use"
-#~ msgstr "Benutzername ist schon vergeben"
-
 #~ msgid ""
 #~ "The <command>useradd</command> command exits with the following values: "
 #~ "<placeholder-1/>"
@@ -13943,25 +15037,6 @@ msgstr ""
 #~ "Der Befehl <command>useradd</command> gibt beim Beenden folgende Werte "
 #~ "zurück: <placeholder-1/>"
 
-#, fuzzy
-#~| msgid ""
-#~| "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</"
-#~| "refentrytitle><manvolnum>1</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>crypt</"
-#~| "refentrytitle><manvolnum>3</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</"
-#~| "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>newusers</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>."
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</"
@@ -13998,33 +15073,15 @@ msgstr ""
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</"
 #~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
 #~ "<citerefentry><refentrytitle>newusers</refentrytitle><manvolnum>8</"
-#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</"
+#~ "manvolnum></citerefentry>, <phrase "
+#~ "condition=\"subids\"><citerefentry><refentrytitle>subgid</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
+#~ "<citerefentry><refentrytitle>subuid</refentrytitle><manvolnum>5</"
+#~ "manvolnum></citerefentry>, </phrase><citerefentry><refentrytitle>userdel</"
 #~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
 #~ "<citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
-# SB: Bessere Ãœbersetzung als 'Zielbenutzer'?
-#~ msgid ""
-#~ "Additional arguments may be provided after the username, in which case "
-#~ "they are supplied to the user's login shell. In particular, an argument "
-#~ "of <option>-c</option> will cause the next argument to be treated as a "
-#~ "command by most command interpreters. The command will be executed by the "
-#~ "shell specified in <filename>/etc/passwd</filename> for the target user."
-#~ msgstr ""
-#~ "Zusätzliche Argumente können nach dem Benutzernamen angegeben werden. In "
-#~ "diesem Fall werden sie an die Anmelde-Shell des Benutzers weitergereicht. "
-#~ "Insbesondere führt das Argument <option>-c</option> dazu, dass das "
-#~ "nächste Argument von den meisten Interpretatoren als Befehl behandelt "
-#~ "wird. Dieser Befehl wird von der Shell ausgeführt, die in <filename>/etc/"
-#~ "passwd</filename> für den Zielbenutzer angegeben ist."
-
-#~ msgid ""
-#~ "You can use the <option>--</option> argument to separate <command>su</"
-#~ "command> options from the arguments supplied to the shell."
-#~ msgstr ""
-#~ "Sie können das Argument <option>--</option> verwenden, um Optionen für "
-#~ "<command>su</command> von Argumenten für die Shell zu trennen."
-
 #~ msgid ""
 #~ "<option>-c</option>, <option>--command</option>&nbsp;"
 #~ "<replaceable>COMMAND</replaceable>"
@@ -14043,28 +15100,28 @@ msgstr ""
 #~ "option>"
 
 #~ msgid "<option>CONSOLE</option> (string)"
-#~ msgstr "<option>CONSOLE</option> (Zeichenkette)"
+#~ msgstr "<envar>CONSOLE</envar> (Zeichenkette)"
 
 #~ msgid ""
 #~ "If defined, either full pathname of a file containing device names (one "
 #~ "per line) or a \":\" delimited list of device names. Root logins will be "
 #~ "allowed only upon these devices."
 #~ msgstr ""
-#~ "Die Konfiguration erfolgt entweder über die Angabe des vollen Pfadnamens "
-#~ "einer Datei, welche die Namen der Geräte enthält (eines pro Zeile), oder "
-#~ "mit einer Liste der Gerätenamen, die mit »:« getrennt sind. Root kann "
-#~ "sich nur auf diesen Geräten anmelden."
+#~ "falls angegeben, entweder der volle Pfad zu einer Datei, in der pro Zeile "
+#~ "je ein Gerätename steht, oder eine durch »:« getrennte Liste von "
+#~ "Gerätenamen. Nur an diesen Geräten kann sich ein Systemadministrator "
+#~ "anmelden."
 
 #~ msgid "If not defined, root will be allowed on any device."
 #~ msgstr ""
-#~ "Wenn es unkonfiguriert gelassen wird, kann sich Root auf jedem Gerät "
-#~ "anmelden."
+#~ "ist die Variable nicht gesetzt, kann sich der Systemadministrator auf "
+#~ "jedem Gerät anmelden."
 
 #~ msgid "The device should be specified without the /dev/ prefix."
 #~ msgstr "Das Gerät soll ohne vorangestelltes /dev/ angegeben werden."
 
 #~ msgid "<option>CONSOLE_GROUPS</option> (string)"
-#~ msgstr "<option>CONSOLE_GROUPS</option> (Zeichenkette)"
+#~ msgstr "<envar>CONSOLE_GROUPS</envar> (Zeichenkette)"
 
 #~ msgid ""
 #~ "List of groups to add to the user's supplementary groups set when logging "
@@ -14073,44 +15130,50 @@ msgstr ""
 #~ "gain permanent access to these groups, even when not logged in on the "
 #~ "console."
 #~ msgstr ""
-#~ "Liste von Gruppen, deren Mitglied der Benutzer wird, wenn der sich auf "
-#~ "der Konsole anmeldet, die mit dem Parameter CONSOLE festgelegt wird. "
-#~ "Standardmäßig ist die Liste leer. <placeholder-1/> Seien Sie vorsichtig. "
-#~ "Benutzer können dauerhaft Zugang zu den Gruppen erlangen, auch wenn sie "
-#~ "nicht auf der Konsole angemeldet sind."
+#~ "Liste von ergänzender Gruppenzugehörigkeiten des Benutzers, nachdem "
+#~ "dieser sich an der Konsole angemeldet (die durch <envar>CONSOLE</envar> "
+#~ "bestimmt war). Standardmäßig ist die Liste leer. <placeholder-1/> Seien "
+#~ "Sie vorsichtig: Benutzer können dauerhaft Zugang zu diesen Gruppen "
+#~ "erlangen, auch wenn sie nicht auf der Konsole angemeldet sind."
 
 #~ msgid "<option>DEFAULT_HOME</option> (boolean)"
-#~ msgstr "<option>DEFAULT_HOME</option> (boolesch)"
+#~ msgstr "<envar>DEFAULT_HOME</envar> (Wahrheitswert)"
 
+# MH67: s/Indicate if/indicates whether
+# MH68: s/if we can't cd to/in cases where we can't change to
 #~ msgid ""
 #~ "Indicate if login is allowed if we can't cd to the home directory. "
 #~ "Default is no."
 #~ msgstr ""
-#~ "Legt fest, ob ein Login erlaubt wird, wenn mit cd nicht in das Home-"
-#~ "Verzeichnis gewechselt werden kann. Standardmäßig wird dies nicht "
-#~ "zugelassen."
+#~ "Legt fest, ob eine Anmeldung erlaubt ist, wenn nicht in das persönliche "
+#~ "Verzeichnis gewechselt werden kann. Voreingestellt ist <replaceable>no</"
+#~ "replaceable>."
 
 #~ msgid ""
 #~ "If set to <replaceable>yes</replaceable>, the user will login in the root "
 #~ "(<filename>/</filename>) directory if it is not possible to cd to her "
 #~ "home directory."
 #~ msgstr ""
-#~ "Falls auf <replaceable>yes</replaceable> gesetzt, wird der Benutzer mit "
-#~ "dem Wurzelverzeichnis (<filename>/</filename>) angemeldet, wenn mit cd "
-#~ "nicht in sein Home-Verzeichnis gewechselt werden kann."
+#~ "Falls auf <replaceable>yes</replaceable> gesetzt, gelangt der Benutzer "
+#~ "nach der Anmeldung in das Wurzelverzeichnis (<filename>/</filename>), "
+#~ "wenn sein persönliches Verzeichnis nicht erreicht werden kann."
 
 #~ msgid "<option>ENV_HZ</option> (string)"
-#~ msgstr "<option>ENV_HZ</option> (Zeichenkette)"
+#~ msgstr "<envar>ENV_HZ</envar> (Zeichenkette)"
 
+# MH69: Delivers no idea what HZ is, not even what this
+# abbreviation stands for
+# MH70: Bad english
+# s"when a user login"/"when a user logs in" or "for a user login"
 #~ msgid ""
 #~ "If set, it will be used to define the HZ environment variable when a user "
 #~ "login. The value must be preceded by <replaceable>HZ=</replaceable>. A "
 #~ "common value on Linux is <replaceable>HZ=100</replaceable>."
 #~ msgstr ""
-#~ "Wenn vergeben, wird damit die Umgebungsvariable HZ definiert, wenn sich "
-#~ "ein Benutzer anmeldet. Dem Wert muss ein <replaceable>HZ=</replaceable> "
-#~ "vorangestellt werden. Ein üblicher Wert bei Linux ist "
-#~ "<replaceable>HZ=100</replaceable>."
+#~ "Falls gesetzt, wird damit die Umgebungsvariable <envar>HZ</envar> "
+#~ "definiert, wenn sich ein Benutzer anmeldet. Dem Wert ist "
+#~ "<replaceable>HZ=</replaceable> voranzustellen. Ein üblicher Wert bei "
+#~ "Linux ist <replaceable>HZ=100</replaceable>."
 
 #~ msgid ""
 #~ "The <envar>HZ</envar> environment variable is only set when the user (the "
@@ -14120,23 +15183,24 @@ msgstr ""
 #~ "Benutzer (der Administrator) mit <command>sulogin</command> anmeldet."
 
 #~ msgid "<option>ENVIRON_FILE</option> (string)"
-#~ msgstr "<option>ENVIRON_FILE</option> (Zeichenkette)"
+#~ msgstr "<envar>ENVIRON_FILE</envar> (Zeichenkette)"
 
 #~ msgid ""
 #~ "If this file exists and is readable, login environment will be read from "
 #~ "it. Every line should be in the form name=value."
 #~ msgstr ""
-#~ "Wenn diese Datei vorhanden ist, wird die Anmeldeumgebung aus ihr gelesen. "
-#~ "Jede Zeile sollte die Form Name=Wert haben."
+#~ "Wenn diese Datei vorhanden und lesbar ist, wird ihr die Anmeldeumgebung "
+#~ "entnommen. Jede Zeile sollte die Form Name=Wert haben."
 
 #~ msgid "Lines starting with a # are treated as comment lines and ignored."
 #~ msgstr ""
 #~ "Zeilen, die mit einem # beginnen, werden als Kommentare behandelt und "
-#~ "daher ignoriert."
+#~ "ignoriert."
 
 #~ msgid "<option>ENV_PATH</option> (string)"
-#~ msgstr "<option>ENV_PATH</option> (Zeichenkette)"
+#~ msgstr "<envar>ENV_PATH</envar> (Zeichenkette)"
 
+# MH71: bad english "when a regular user login"
 #~ msgid ""
 #~ "If set, it will be used to define the PATH environment variable when a "
 #~ "regular user login. The value is a colon separated list of paths (for "
@@ -14145,15 +15209,16 @@ msgstr ""
 #~ "bin:/usr/bin</replaceable>."
 #~ msgstr ""
 #~ "Wenn gesetzt, wird damit die Umgebungsvariable PATH definiert, wenn sich "
-#~ "ein normaler Benutzer anmeldet. Der Wert ist eine Liste, deren Einträge "
-#~ "durch Doppelpunkte getrennt sind (zum Beispiel <replaceable>/bin:/usr/"
-#~ "bin</replaceable>). Ihr kann ein <replaceable>PATH=</replaceable> "
+#~ "ein normaler Benutzer anmeldet. Der Wert ist eine Liste mit durch "
+#~ "Doppelpunkte getrennten Pfaden (zum Beispiel <replaceable>/bin:/usr/bin</"
+#~ "replaceable>). Ihr kann ein <replaceable>PATH=</replaceable> "
 #~ "vorangestellt werden. Der Standardwert ist <replaceable>PATH=/bin:/usr/"
 #~ "bin</replaceable>."
 
 #~ msgid "<option>ENV_SUPATH</option> (string)"
-#~ msgstr "<option>ENV_SUPATH</option> (Zeichenkette)"
+#~ msgstr "<envar>ENV_SUPATH</envar> (Zeichenkette)"
 
+# MH72: bad english "when the superuser login"
 #~ msgid ""
 #~ "If set, it will be used to define the PATH environment variable when the "
 #~ "superuser login. The value is a colon separated list of paths (for "
@@ -14162,15 +15227,16 @@ msgstr ""
 #~ "<replaceable>PATH=/sbin:/bin:/usr/sbin:/usr/bin</replaceable>."
 #~ msgstr ""
 #~ "Wenn gesetzt, wird damit die Umgebungsvariable PATH definiert, wenn sich "
-#~ "der Superuser anmeldet. Der Wert ist eine Liste, deren Einträge durch "
-#~ "Doppelpunkte getrennt sind (zum Beispiel <replaceable>/sbin:/bin:/usr/"
+#~ "der Systemadministrator anmeldet. Der Wert ist eine Liste mit durch "
+#~ "Doppelpunkte getrennten Pfaden (zum Beispiel <replaceable>/sbin:/bin:/usr/"
 #~ "sbin:/usr/bin</replaceable>). Ihr kann ein <replaceable>PATH=</"
 #~ "replaceable> vorangestellt werden. Der Standardwert ist "
 #~ "<replaceable>PATH=/sbin:/bin:/usr/sbin:/usr/bin</replaceable>."
 
 #~ msgid "<option>ENV_TZ</option> (string)"
-#~ msgstr "<option>ENV_TZ</option> (Zeichenkette)"
+#~ msgstr "<envar>ENV_TZ</envar> (Zeichenkette)"
 
+# MH71: bad english "when a regular user login"
 #~ msgid ""
 #~ "If set, it will be used to define the TZ environment variable when a user "
 #~ "login. The value can be the name of a timezone preceded by "
@@ -14178,12 +15244,12 @@ msgstr ""
 #~ "replaceable>), or the full path to the file containing the timezone "
 #~ "specification (for example <filename>/etc/tzname</filename>)."
 #~ msgstr ""
-#~ "Wenn gesetzt, wird damit die Umgebungsvariable TZ definiert, wenn sich "
-#~ "ein Benutzer anmeldet. Der Wert kann der Name der Zeitzone sein, dem "
-#~ "<replaceable>TZ=</replaceable> vorausgeht (zum Beispiel "
-#~ "<replaceable>TZ=CST6CDT</replaceable>), oder der vollständige Pfad der "
-#~ "Datei, welche die Konfiguration der Zeitzone enthält (zum Beispiel "
-#~ "<filename>/etc/tzname</filename>)."
+#~ "Wenn gesetzt, wird damit die Umgebungsvariable <envar>TZ</envar> "
+#~ "definiert, wenn sich ein Benutzer anmeldet. Der Wert kann der Name der "
+#~ "Zeitzone mit vorangestelltem <replaceable>TZ=</replaceable> sein (zum "
+#~ "Beispiel <replaceable>TZ=CST6CDT</replaceable>). Oder es ist der "
+#~ "vollständige Pfad der Datei, in welche die Zeitzone angegeben ist (zum "
+#~ "Beispiel <filename>/etc/tzname</filename>)."
 
 #~ msgid ""
 #~ "If a full path is specified but the file does not exist or cannot be "
@@ -14194,16 +15260,16 @@ msgstr ""
 #~ "replaceable> verwendet."
 
 #~ msgid "<option>LOGIN_STRING</option> (string)"
-#~ msgstr "<option>LOGIN_STRING</option> (Zeichenkette)"
+#~ msgstr "<envar>LOGIN_STRING</envar> (Zeichenkette)"
 
 #~ msgid ""
 #~ "The string used for prompting a password. The default is to use "
 #~ "\"Password: \", or a translation of that string. If you set this "
 #~ "variable, the prompt will not be translated."
 #~ msgstr ""
-#~ "Diese Zeichenkette wird bei der Eingabeaufforderung des Passworts "
-#~ "(Prompt) verwendet. Standardmäßig wird »Password: « oder eine Übersetzung "
-#~ "davon benutzt. Wenn Sie diese Variable definieren, wird die "
+#~ "Diese Zeichenkette wird als Aufforderung (prompt) zur Eingabe des "
+#~ "Passworts verwendet. Standardmäßig wird »Password: « oder eine "
+#~ "Ãœbersetzung davon benutzt. Wenn Sie diese Variable definieren, wird die "
 #~ "Eingabeaufforderung nicht übersetzt."
 
 #~ msgid ""
@@ -14211,58 +15277,61 @@ msgstr ""
 #~ "replaced by the user's name."
 #~ msgstr ""
 #~ "Wenn die Zeichenkette ein <replaceable>%s</replaceable> enthält, wird "
-#~ "dies durch den Benutzernamen ersetzt."
+#~ "dies durch den Anmeldenamen ersetzt."
 
 #~ msgid "<option>MAIL_CHECK_ENAB</option> (boolean)"
-#~ msgstr "<option>MAIL_CHECK_ENAB</option> (boolesch)"
+#~ msgstr "<envar>MAIL_CHECK_ENAB</envar> (Wahrheitswert)"
 
 #~ msgid "Enable checking and display of mailbox status upon login."
 #~ msgstr ""
-#~ "aktiviert die Prüfung und Anzeige des Status der Mailbox bei der Anmeldung"
+#~ "aktiviert die Prüfung und Anzeige des Status des Postfaches bei der "
+#~ "Anmeldung."
 
 #~ msgid ""
 #~ "You should disable it if the shell startup files already check for mail "
 #~ "(\"mailx -e\" or equivalent)."
 #~ msgstr ""
-#~ "Sie sollten dies abschalten, wenn schon die Startdateien der Shell die "
-#~ "Mails prüfen (»mailx -e« oder ähnliches)."
+#~ "Sie sollten dies abschalten, wenn beim Start der Shell schon auf E-Mails "
+#~ "geprüft wird (»mailx -e« oder ähnliches)."
 
 #~ msgid "<option>QUOTAS_ENAB</option> (boolean)"
-#~ msgstr "<option>QUOTAS_ENAB</option> (boolesch)"
+#~ msgstr "<envar>QUOTAS_ENAB</envar> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "Enable setting of resource limits from <filename>/etc/limits</filename> "
 #~ "and ulimit, umask, and niceness from the user's passwd gecos field."
 #~ msgstr ""
-#~ "aktiviert das Setzen von Resourcenbeschränkungen aus <filename>/etc/"
-#~ "limits</filename> und von ulimit, umask und niceness aus dem gecos-Feld "
-#~ "des Benutzers von passwd"
+#~ "aktiviert die Beschränkung von Resourcen mit den Werten für ulimit, umask "
+#~ "und nice aus dem GECOS-Feld von <filename>passwd</filename> sowie den "
+#~ "Vorgaben aus <filename>/etc/limits</filename>."
 
 #~ msgid "<option>SULOG_FILE</option> (string)"
-#~ msgstr "<option>SULOG_FILE</option> (Zeichenkette)"
+#~ msgstr "<envar>SULOG_FILE</envar> (Zeichenkette)"
 
 #~ msgid "If defined, all su activity is logged to this file."
 #~ msgstr ""
-#~ "Wenn angegeben, wird jeder Aufruf von su in dieser Datei protokolliert."
+#~ "Falls angegeben, werden alle mit <command>su</command> verbundenen "
+#~ "Aktivitäten in dieser Datei protokolliert."
 
 #~ msgid "<option>SU_NAME</option> (string)"
-#~ msgstr "<option>SU_NAME</option> (Zeichenkette)"
+#~ msgstr "<envar>SU_NAME</envar> (Zeichenkette)"
 
+# FIXME s/will display the command is \"-su\" /will display \"-su\"
 #~ msgid ""
 #~ "If defined, the command name to display when running \"su -\". For "
 #~ "example, if this is defined as \"su\" then a \"ps\" will display the "
 #~ "command is \"-su\". If not defined, then \"ps\" would display the name of "
 #~ "the shell actually being run, e.g. something like \"-sh\"."
 #~ msgstr ""
-#~ "Damit kann die Anzeige des Namens des Befehls festgelegt werden, wenn »su "
-#~ "-« ausgeführt wird. Wenn beispielsweise dies auf »su« gesetzt wurde, "
-#~ "zeigt »ps« den Befehl als »-su« an. Wenn es dagegen nicht vergeben wurde, "
-#~ "wird »ps« den Namen der Shell anzeigen, die ausgeführt wird, also etwa »-"
-#~ "sh«."
+#~ "Falls angegeben, wird während der Ausführung von »su -« dieser Wert als "
+#~ "Befehlsname angezeigt. Mit <replaceble>su</replaceble> würde <command>ps</"
+#~ "command> »-su« ausgeben. Andernfalls wird der Name der gerade "
+#~ "ausgeführten Shell angezeigt, also etwa »-sh«."
 
 #~ msgid "<option>SU_WHEEL_ONLY</option> (boolean)"
-#~ msgstr "<option>SU_WHEEL_ONLY</option> (boolesch)"
+#~ msgstr "<envar>SU_WHEEL_ONLY</envar> (Wahrheitswert)"
 
+# MH73: Bad english "to be able to <command>su</command> to uid 0 accounts"
 #~ msgid ""
 #~ "If <replaceable>yes</replaceable>, the user must be listed as a member of "
 #~ "the first gid 0 group in <filename>/etc/group</filename> (called "
@@ -14271,21 +15340,22 @@ msgstr ""
 #~ "empty, no one will be able to <command>su</command> to uid 0."
 #~ msgstr ""
 #~ "Falls <replaceable>yes</replaceable>, muss der Benutzer Mitglied der "
-#~ "ersten Gruppe mit der GID 0 in <filename>/etc/group</filename> sein (auf "
-#~ "den meisten Linux-Systemen heißt die <replaceable>root</replaceable>), um "
-#~ "mit <command>su</command> zu einem Konto mit der UID 0 wechseln zu "
-#~ "können. Falls die Gruppe nicht existiert oder keine Mitglieder hat, kann "
-#~ "niemand mittels <command>su</command> zur UID 0 wechseln."
+#~ "ersten Gruppe mit der Kennung 0 in <filename>/etc/group</filename> sein "
+#~ "(auf den meisten Linux-Systemen heißt diese <replaceable>root</"
+#~ "replaceable>), um mit <command>su</command> zu einem Konto mit der "
+#~ "Benutzerkennung 0 wechseln zu können. Falls die Gruppe nicht existiert "
+#~ "oder keine Mitglieder hat, kann niemand mittels <command>su</command> zur "
+#~ "Benutzerkennung 0 wechseln."
 
 #~ msgid "<option>SYSLOG_SU_ENAB</option> (boolean)"
-#~ msgstr "<option>SYSLOG_SU_ENAB</option> (boolesch)"
+#~ msgstr "<envar>SYSLOG_SU_ENAB</envar> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "Enable \"syslog\" logging of <command>su</command> activity - in addition "
 #~ "to sulog file logging."
 #~ msgstr ""
-#~ "aktiviert das Protokollieren der Aktivitäten von <command>su</command> in "
-#~ "»syslog« neben der Protokollierung in der sulog-Datei"
+#~ "aktiviert neben der Protokollierung der Aktivitäten von <command>su</"
+#~ "command> in der sulog-Datei zusätzlich die Aufzeichnung durch »syslog«."
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</"
@@ -14303,11 +15373,11 @@ msgstr ""
 #~ "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 
 #~ msgid "<option>SYSLOG_SG_ENAB</option> (boolean)"
-#~ msgstr "<option>SYSLOG_SG_ENAB</option> (boolesch)"
+#~ msgstr "<option>SYSLOG_SG_ENAB</option> (Wahrheitswert)"
 
 #~ msgid "Enable \"syslog\" logging of <command>sg</command> activity."
 #~ msgstr ""
-#~ "aktiviert das Protokollieren der Aktivitäten von <command>sg</command> in "
+#~ "Aktiviert das Protokollieren der Aktivitäten von <command>sg</command> in "
 #~ "»syslog«"
 
 #~ msgid ""
@@ -14375,7 +15445,6 @@ msgstr ""
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</"
 #~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>."
 
-# SB: Translation ok?
 #~ msgid ""
 #~ "The <command>pwunconv</command> command creates <emphasis "
 #~ "remap=\"I\">passwd</emphasis> from <emphasis remap=\"I\">passwd</"
@@ -14384,8 +15453,8 @@ msgstr ""
 #~ msgstr ""
 #~ "Der Befehl <command>pwunconv</command> erstellt eine <emphasis "
 #~ "remap=\"I\">passwd</emphasis>-Datei aus einer <emphasis "
-#~ "remap=\"I\">passwd</emphasis>- und <emphasis remap=\"I\">shadow</"
-#~ "emphasis>-Datei und entfernt anschließend die<emphasis "
+#~ "remap=\"I\">passwd</emphasis>- und einer <emphasis remap=\"I\">shadow</"
+#~ "emphasis>-Datei und entfernt anschließend die <emphasis "
 #~ "remap=\"I\">shadow</emphasis>-Datei."
 
 #~ msgid ""
@@ -14396,8 +15465,8 @@ msgstr ""
 #~ msgstr ""
 #~ "Der Befehl <command>grconv</command> erstellt eine <emphasis "
 #~ "remap=\"I\">gshadow</emphasis>-Datei aus einer <emphasis "
-#~ "remap=\"I\">group</emphasis>-Datei und gegebenenfalls aus einer bereits "
-#~ "vorhandenen <emphasis remap=\"I\">gshadow</emphasis>-Datei."
+#~ "remap=\"I\">group</emphasis>-Datei und einer gegebenenfalls vorhandenen "
+#~ "<emphasis remap=\"I\">gshadow</emphasis>-Datei."
 
 #~ msgid ""
 #~ "The <command>grpunconv</command> command creates <emphasis "
@@ -14407,7 +15476,7 @@ msgstr ""
 #~ msgstr ""
 #~ "Der Befehl <command>grpunconv</command> erstellt eine <emphasis "
 #~ "remap=\"I\">group</emphasis>-Datei aus einer <emphasis remap=\"I\">group</"
-#~ "emphasis>- und <emphasis remap=\"I\">gshadow</emphasis>-Datei und "
+#~ "emphasis>- und einer <emphasis remap=\"I\">gshadow</emphasis>-Datei und "
 #~ "entfernt anschließend die <emphasis remap=\"I\">gshadow</emphasis>-Datei."
 
 #~ msgid ""
@@ -14429,17 +15498,17 @@ msgstr ""
 #~ "<command>pwunconv</command>, <command>grpconv</command>, and "
 #~ "<command>grpunconv</command> commands are:"
 #~ msgstr ""
-#~ "Die Optionen, die von den Befehlen <command>pwconv</command>, "
-#~ "<command>pwunconv</command>, <command>grpconv</command> und "
-#~ "<command>grpunconv</command> unterstützt werden, sind:"
+#~ "Die Befehle <command>pwconv</command>, <command>pwunconv</command>, "
+#~ "<command>grpconv</command> und <command>grpunconv</command> können mit "
+#~ "folgenden Optionen verwendet werden:"
 
 #~ msgid ""
 #~ "The following configuration variable in <filename>/etc/login.defs</"
 #~ "filename> changes the behavior of <command>grpconv</command> and "
 #~ "<command>grpunconv</command>:"
 #~ msgstr ""
-#~ "Die folgende Konfigurationsvariablen in <filename>/etc/login.defs</"
-#~ "filename> beeinflussen das Verhalten von <command>grpconv</command> und "
+#~ "Die folgende Konfigurationsvariable in <filename>/etc/login.defs</"
+#~ "filename> beeinflusst das Verhalten von <command>grpconv</command> und "
 #~ "<command>grpunconv</command>:"
 
 #~ msgid ""
@@ -14471,18 +15540,19 @@ msgstr ""
 #~ "improperly formatted or which have other uncorrectable errors."
 #~ msgstr ""
 #~ "Der Befehl <command>pwck</command> überprüft die Stimmigkeit der "
-#~ "Benutzer- und Authentifizierungsdaten. Alle Einträge in <filename>/etc/"
-#~ "passwd</filename> und <filename>/etc/shadow</filename><phrase "
-#~ "condition=\"tcb\"> (oder die Dateien in <filename>/etc/tcb</filename>, "
-#~ "falls <option>USE_TCB</option> aktiviert ist)</phrase> werden darauf "
-#~ "überprüft, ob der Eintrag das richtige Format hat und gültige Daten "
-#~ "enthält. Der Benutzer wird aufgefordert, Einträge zu löschen, die falsch "
-#~ "formatiert sind oder andere unbehebbare Fehler enthalten."
+#~ "Benutzer- und Authentifizierungsdaten. Alle Einträge in der Datei "
+#~ "<filename>/etc/passwd</filename> und der geschützten Passwortdatei "
+#~ "<filename>/etc/shadow</filename><phrase condition=\"tcb\"> (oder die "
+#~ "Dateien in <filename>/etc/tcb</filename>, falls <option>USE_TCB</option> "
+#~ "aktiviert ist)</phrase> werden darauf überprüft, ob sie das richtige "
+#~ "Format haben und gültige Daten enthalten. Der Benutzer wird aufgefordert, "
+#~ "Einträge zu löschen, die falsch formatiert sind oder andere unbehebbare "
+#~ "Fehler aufweisen."
 
 #~ msgid "The options which apply to the <command>pwck</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>pwck</command> unterstützt werden, "
-#~ "sind:"
+#~ "Der Befehl <command>pwck</command> kann mit folgenden Optionen verwendet "
+#~ "werden:"
 
 #~ msgid "<option>-r</option>, <option>--read-only</option>"
 #~ msgstr "<option>-r</option>, <option>--read-only</option>"
@@ -14516,43 +15586,28 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</"
 #~ "manvolnum></citerefentry>."
 
+# MH113
+# s
+# /The remaining characters on the line represent the <emphasis>password</emphasis> field
+# /The remaining characters in within the field represent the <emphasis>password</emphasis>
 #~ msgid ""
-#~ "The encrypted password field may be blank, in which case no password is "
-#~ "required to authenticate as the specified login name. However, some "
-#~ "applications which read the <filename>/etc/passwd</filename> file may "
-#~ "decide not to permit <emphasis>any</emphasis> access at all if the "
-#~ "<emphasis>password</emphasis> field is blank. If the <emphasis>password</"
-#~ "emphasis> field is a lower-case <quote>x</quote>, then the encrypted "
-#~ "password is actually stored in the <citerefentry><refentrytitle>shadow</"
-#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry> file instead; there "
-#~ "<emphasis>must</emphasis> be a corresponding line in the <filename>/etc/"
-#~ "shadow</filename> file, or else the user account is invalid. If the "
-#~ "<emphasis>password</emphasis> field is any other string, then it will be "
-#~ "treated as an encrypted password, as specified by "
-#~ "<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
-#~ "manvolnum></citerefentry>."
+#~ "A <emphasis>password</emphasis> field which starts with an exclamation "
+#~ "mark means that the password is locked. The remaining characters on the "
+#~ "line represent the <emphasis>password</emphasis> field before the "
+#~ "password was locked."
 #~ msgstr ""
-#~ "Das Feld für das verschlüsselte Passwort kann leer sein. In diesem Fall "
-#~ "wird kein Passwort benötigt, um sich beim System anzumelden. Allerdings "
-#~ "werden einige Anwendung, die <filename>/etc/passwd</filename> auswerten, "
-#~ "<emphasis>keinen</emphasis> Zugriff erlauben, wenn das "
-#~ "<emphasis>Passwort</emphasis>-Feld leer ist. Wenn das <emphasis>Passwort</"
-#~ "emphasis>-Feld ein kleines <quote>x</quote> enthält, ist das Passwort in "
-#~ "der Datei <citerefentry><refentrytitle>shadow</"
-#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry> gespeichert. Es "
-#~ "<emphasis>muss</emphasis> sich dann ein passender Eintrag in <filename>/"
-#~ "etc/shadow</filename> befinden, oder das Benutzerkonto ist ungültig. Wenn "
-#~ "das <emphasis>Passwort</emphasis>-Feld eine andere Zeichenkette enthält, "
-#~ "wird diese als ein verschlüsseltes Passwort behandelt. Genaueres dazu "
-#~ "befindet sich unter <citerefentry><refentrytitle>crypt</"
-#~ "refentrytitle><manvolnum>3</manvolnum></citerefentry>."
+#~ "Ein Ausrufezeichen als erstes Zeichen im Feld <emphasis>Passwort</"
+#~ "emphasis> markiert eine Sperrung dieses Passworts. Bei den übrigen "
+#~ "Zeichen handelt es sich um das Passwort vor der Sperrung."
 
+# MH refer that this field usually contains the complete username and GECOS information
 #~ msgid ""
 #~ "The comment field is used by various system utilities, such as "
 #~ "<citerefentry><refentrytitle>finger</refentrytitle><manvolnum>1</"
 #~ "manvolnum></citerefentry>."
 #~ msgstr ""
-#~ "Das Kommentarfeld wird von verschiedenen Systemprogrammen wie z.B. "
+#~ "Das Kommentarfeld (mit dem kompletten Benutzernamen und den GECOS-"
+#~ "Informationen) wird von verschiedenen Systemprogrammen wie z.B. "
 #~ "<citerefentry><refentrytitle>finger</refentrytitle><manvolnum>1</"
 #~ "manvolnum></citerefentry> ausgewertet."
 
@@ -14593,6 +15648,35 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>sulogin</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
+#~ msgid ""
+#~ "Then, the password is tested for complexity. As a general guideline, "
+#~ "passwords should consist of 6 to 8 characters including one or more "
+#~ "characters from each of the following sets:"
+#~ msgstr ""
+#~ "Anschließend wird das Passwort auf seine Komplexität überprüft. "
+#~ "Entsprechend einer verbreiteten Richtschnur sollten Passwörter aus sechs "
+#~ "bis acht Zeichen bestehen und ein oder mehrere Zeichen aus folgenden "
+#~ "Mengen enthalten:"
+
+#~ msgid "lower case alphabetics"
+#~ msgstr "Kleinbuchstaben"
+
+# MH99: s/thru/through
+#~ msgid "digits 0 thru 9"
+#~ msgstr "Ziffern 0 bis 9"
+
+#~ msgid "punctuation marks"
+#~ msgstr "Satzzeichen"
+
+#~ msgid ""
+#~ "Care must be taken not to include the system default erase or kill "
+#~ "characters. <command>passwd</command> will reject any password which is "
+#~ "not suitably complex."
+#~ msgstr ""
+#~ "Passen Sie auf, die standardmäßigen Lösch- und Kill-Zeichen des Systems "
+#~ "zu meiden. <command>passwd</command> weist Passwörter zurück, die nicht "
+#~ "hinreichend komplex sind."
+
 #~ msgid "<option>-d</option>, <option>--delete</option>"
 #~ msgstr "<option>-d</option>, <option>--delete</option>"
 
@@ -14649,13 +15733,14 @@ msgstr ""
 #~ msgid "<option>ENCRYPT_METHOD</option> (string)"
 #~ msgstr "<option>ENCRYPT_METHOD</option> (Zeichenkette)"
 
+# MH108 aus login.defs.d/ENCRYPT_METHOD.xml
+# s/are specified/is specified
 #~ msgid ""
 #~ "This defines the system default encryption algorithm for encrypting "
 #~ "passwords (if no algorithm are specified on the command line)."
 #~ msgstr ""
-#~ "Damit wird der standardmäßige Verschlüsselungsalgorithmus, mit dem "
-#~ "Passwörter verschlüsselt werden, bestimmt (soweit nicht in der "
-#~ "Befehlszeile ein Algorithmus angegeben wird)."
+#~ "bestimmt, soweit in der Befehlszeile kein anderer angegeben ist, den zur "
+#~ "Verschlüsselung des Passworts benutzten Algorithmus."
 
 #~ msgid ""
 #~ "It can take one of these values: <replaceable>DES</replaceable> "
@@ -14663,8 +15748,8 @@ msgstr ""
 #~ "condition=\"sha_crypt\">, <replaceable>SHA256</replaceable>, "
 #~ "<replaceable>SHA512</replaceable></phrase>."
 #~ msgstr ""
-#~ "Ihm kann einer der folgenden Wert zugewiesen werden: <replaceable>DES</"
-#~ "replaceable> (default), <replaceable>MD5</replaceable><phrase "
+#~ "Einer der folgenden Werte kann zugewiesen werden: <replaceable>DES</"
+#~ "replaceable> (Standardwert), <replaceable>MD5</replaceable><phrase "
 #~ "condition=\"sha_crypt\">, <replaceable>SHA256</replaceable>, "
 #~ "<replaceable>SHA512</replaceable></phrase>."
 
@@ -14672,23 +15757,32 @@ msgstr ""
 #~ "Note: this parameter overrides the <option>MD5_CRYPT_ENAB</option> "
 #~ "variable."
 #~ msgstr ""
-#~ "Hinweis: Dieser Parameter überschreibt die Variable "
-#~ "<option>MD5_CRYPT_ENAB</option>."
+#~ "Hinweis: Dieser Parameter setzt die Variable <option>MD5_CRYPT_ENAB</"
+#~ "option> außer Kraft."
 
+# MH109 s/ only affect / only affects
+# MH maybe throughout the manual page
+# s/the generation/the encryption - as passwords are defined by users
+# or alternatively
+# s/the generation/the processing
 #~ msgid ""
 #~ "Note: This only affect the generation of group passwords. The generation "
 #~ "of user passwords is done by PAM and subject to the PAM configuration. It "
 #~ "is recommended to set this variable consistently with the PAM "
 #~ "configuration."
 #~ msgstr ""
-#~ "Hinweis: Damit wird lediglich die Erstellung von Gruppenpasswörtern "
-#~ "beeinflusst. Benutzerpasswörter werden dagegen von PAM erstellt, so dass "
-#~ "dieser Vorgang in PAM konfiguriert werden muss. Empfehlenswert ist, diese "
-#~ "Variable mit der Konfiguration von PAM in Einklang zu bringen."
+#~ "Hinweis: Dies beeinflusst nur die Verschlüsselung von Gruppenpasswörtern. "
+#~ "Benutzerpasswörter werden dagegen von PAM verarbeitet, so dass dieser "
+#~ "Vorgang in PAM konfiguriert werden muss. Es wird empfohlen, die "
+#~ "Einstellung in Einklang mit der Konfiguration von PAM vorzunehmen."
 
 #~ msgid "<option>MD5_CRYPT_ENAB</option> (boolean)"
-#~ msgstr "<option>MD5_CRYPT_ENAB</option> (boolesch)"
+#~ msgstr "<option>MD5_CRYPT_ENAB</option> (Wahrheitswert)"
 
+# MH110: aus MD5_CRYPT_ENAB.xml
+# s/indicate if/indicates whether
+# or
+# s/indicate if/controls  whether
 #~ msgid ""
 #~ "Indicate if passwords must be encrypted using the MD5-based algorithm. If "
 #~ "set to <replaceable>yes</replaceable>, new passwords will be encrypted "
@@ -14698,15 +15792,14 @@ msgstr ""
 #~ "encrypted passwords to other systems which don't understand the new "
 #~ "algorithm. Default is <replaceable>no</replaceable>."
 #~ msgstr ""
-#~ "Legt fest, ob Passwörter mit dem auf MD5 beruhenden Algorithmus "
-#~ "verschlüsselt werden. Falls diesem Wert <replaceable>yes</replaceable> "
-#~ "zugewiesen ist, werden neue Passwörter mit dem auf MD5 beruhenden "
-#~ "Algorithmus verschlüsselt, der zu dem in der aktuellen Veröffentlichung "
-#~ "von FreeBSD eingesetzten Algorithmus kompatibel ist. Passwörter können "
-#~ "dann beliebig lang sein, auch die Salt-Zeichenketten sind länger. Setzen "
-#~ "Sie diesen Wert auf <replaceable>no</replaceable>, wenn Sie "
-#~ "verschlüsselte Passwörter auf ein anderes System kopieren möchten, das "
-#~ "den neuen Algorithmus nicht versteht. Der Standardwert ist "
+#~ "legt fest, ob Passwörter mit einem auf MD5 beruhenden Algorithmus "
+#~ "verschlüsselt werden müssen. Falls <replaceable>yes</replaceable> "
+#~ "zugewiesen ist, werden neue Passwörter nach dem mit neueren "
+#~ "Veröffentlichungen von FreeBSD kompatiblen MD5-Algorithmus verschlüsselt. "
+#~ "Passwörter können dann beliebig lang sein; auch die Salt-Zeichenketten "
+#~ "sind länger. Setzen Sie diesen Wert auf <replaceable>no</replaceable>, "
+#~ "wenn Sie verschlüsselte Passwörter auf andere Systeme kopieren möchten, "
+#~ "die den neuen Algorithmus nicht beherrschen. Der Standardwert ist "
 #~ "<replaceable>no</replaceable>."
 
 #~ msgid ""
@@ -14714,29 +15807,30 @@ msgstr ""
 #~ "variable or by any command line option used to configure the encryption "
 #~ "algorithm."
 #~ msgstr ""
-#~ "Dieser Variable geht die Variable <option>ENCRYPT_METHOD</option> und "
-#~ "eine Option auf der Befehlszeile, mit der der Verschlüsselungsalgorithmus "
-#~ "bestimmt wird, vor."
+#~ "Diese Variable wurde von <option>ENCRYPT_METHOD</option> abgelöst. Sie "
+#~ "oder ein per Befehlszeile angegebener Verschlüsselungsalgorithmus haben "
+#~ "daher Vorrang."
 
 #~ msgid ""
 #~ "This variable is deprecated. You should use <option>ENCRYPT_METHOD</"
 #~ "option>."
 #~ msgstr ""
-#~ "Der Einsatz dieser Variable ist veraltet. Sie sollten "
-#~ "<option>ENCRYPT_METHOD</option> verwenden."
+#~ "Diese Variable ist veraltet. Sie sollten <option>ENCRYPT_METHOD</option> "
+#~ "verwenden."
 
 #~ msgid "<option>OBSCURE_CHECKS_ENAB</option> (boolean)"
-#~ msgstr "<option>OBSCURE_CHECKS_ENAB</option> (boolesch)"
+#~ msgstr "<option>OBSCURE_CHECKS_ENAB</option> (Wahrheitswert)"
 
 #~ msgid "Enable additional checks upon password changes."
 #~ msgstr "Aktiviert zusätzliche Tests bei der Veränderung eines Passworts."
 
 #~ msgid "<option>PASS_ALWAYS_WARN</option> (boolean)"
-#~ msgstr "<option>PASS_ALWAYS_WARN</option> (boolesch)"
+#~ msgstr "<option>PASS_ALWAYS_WARN</option> (Wahrheitswert)"
 
 #~ msgid "Warn about weak passwords (but still allow them) if you are root."
 #~ msgstr ""
-#~ "weist auf schwache Passwörter hin (aber lässt sie zu), falls Sie root sind"
+#~ "warnt vor schwachen Passwörtern, lässt sie zu, falls Sie "
+#~ "Systemadministrator sind."
 
 #~ msgid "<option>PASS_CHANGE_TRIES</option> (number)"
 #~ msgstr "<option>PASS_CHANGE_TRIES</option> (Zahl)"
@@ -14744,8 +15838,8 @@ msgstr ""
 #~ msgid ""
 #~ "Maximum number of attempts to change password if rejected (too easy)."
 #~ msgstr ""
-#~ "maximale Anzahl von Versuchen, ein Passwort zu ändern, wenn dies wegen zu "
-#~ "geringer Stärke des gewählten Passworts abgelehnt wurde"
+#~ "maximale Anzahl von Änderungsversuchen, wenn eingegebene Passwörter "
+#~ "abgelehnt wurden, weil sie zu schwach waren."
 
 #~ msgid "<option>PASS_MAX_LEN</option> (number)"
 #~ msgstr "<option>PASS_MAX_LEN</option> (Zahl)"
@@ -14760,9 +15854,10 @@ msgstr ""
 #~ "to <replaceable>yes</replaceable>."
 #~ msgstr ""
 #~ "Anzahl der von crypt() berücksichtigten Zeichen des Passworts. "
-#~ "Standardmäßig ist <option>PASS_MAX_LEN</option> 8. Diese Option wird "
-#~ "ignoriert, wenn <option>MD5_CRYPT_ENAB</option> auf <replaceable>yes</"
-#~ "replaceable> gesetzt ist."
+#~ "Standardmäßig ist <option>PASS_MAX_LEN</option> 8. Belassen Sie es bei "
+#~ "diesem Wert, es sei denn, Ihr System arbeitet mit einem besseren crypt() "
+#~ "- Aufruf Diese Variable wird ignoriert, wenn <option>MD5_CRYPT_ENAB</"
+#~ "option> auf <replaceable>yes</replaceable> gesetzt ist."
 
 #~ msgid "<option>SHA_CRYPT_MIN_ROUNDS</option> (number)"
 #~ msgstr "<option>SHA_CRYPT_MIN_ROUNDS</option> (Zahl)"
@@ -14778,9 +15873,9 @@ msgstr ""
 #~ msgstr ""
 #~ "Wenn <option>ENCRYPT_METHOD</option> auf <replaceable>SHA256</"
 #~ "replaceable> oder <replaceable>SHA512</replaceable> gesetzt ist, legt "
-#~ "dies die Anzahl der Runden von SHA fest, die standardmäßig vom "
-#~ "Verschlüsselungsalgorithmus verwendet werden (falls die Anzahl der Runden "
-#~ "nicht auf der Befehlszeile angegeben wird)."
+#~ "dies die Anzahl der Runden von SHA fest, die im "
+#~ "Verschlüsselungsalgorithmus durchlaufen werden, falls diese nicht mit der "
+#~ "Befehlszeile angegeben wurde."
 
 #~ msgid ""
 #~ "With a lot of rounds, it is more difficult to brute forcing the password. "
@@ -14788,18 +15883,19 @@ msgstr ""
 #~ "users."
 #~ msgstr ""
 #~ "Je mehr Runden Sie definieren, umso schwieriger ist es, das Passwort mit "
-#~ "sturem Durchprobieren (brute force) zu knacken; umso mehr Rechenleistung "
-#~ "wird jedoch auch für die Anmeldung eines Benutzers benötigt."
+#~ "sturem Durchprobieren (brute force) zu knacken. Damit wird für die "
+#~ "Authentifizierung eines Benutzers jedoch auch mehr Prozessorleistung "
+#~ "benötigt. "
 
 #~ msgid ""
 #~ "If not specified, the libc will choose the default number of rounds "
 #~ "(5000)."
 #~ msgstr ""
-#~ "Falls Sie nichts angeben, wird libc die Standardanzahl der Runden  "
+#~ "Falls Sie nichts angeben, wird libc die Standardanzahl der Runden "
 #~ "festlegen (5000)."
 
 #~ msgid "The values must be inside the 1000-999,999,999 range."
-#~ msgstr "Die Werte müssen zwischen 1000-999.999.999 liegen."
+#~ msgstr "Die Werte müssen zwischen 1000 und 999.999.999 liegen."
 
 #~ msgid ""
 #~ "If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or "
@@ -14849,9 +15945,9 @@ msgstr ""
 #~ "To disable all logins, investigate <citerefentry><refentrytitle>nologin</"
 #~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>."
 #~ msgstr ""
-#~ "Wie Sie alle Konten abschalten, erfahren Sie unter "
+#~ "Wie alle Konten stillgelegt werden, kann "
 #~ "<citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</"
-#~ "manvolnum></citerefentry>."
+#~ "manvolnum></citerefentry> entnommen werden."
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</"
@@ -14862,40 +15958,48 @@ msgstr ""
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>nologin</"
 #~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>."
 
+# MH116 language check, Suggestion
+# s/
+# /is created, with ownership set to the user being created or updated and its primary group.
+# /is created, with ownership and primary group set to the user being created or updated.
 #~ msgid ""
 #~ "If this field does not specify an existing directory, the specified "
 #~ "directory is created, with ownership set to the user being created or "
 #~ "updated and its primary group."
 #~ msgstr ""
-#~ "Wenn in diesem Feld ein Verzeichnis angegeben wird, das nicht vorhanden "
-#~ "ist, wird es erstellt. Dieses gehört dem Benutzer, der gerade erstellt "
-#~ "und aktualisiert wird, und dessen Hauptgruppe."
+#~ "Wenn in diesem Feld ein nicht existierendes Verzeichnis angegeben ist, "
+#~ "wird es angelegt. Dieses Verzeichnis wird dem gerade erstellten oder "
+#~ "aktualisierten Benutzer gehören und ist dessen primärer Gruppe zugeordnet."
 
 #~ msgid ""
 #~ "The options which apply to the <command>newusers</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>newusers</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>newusers</command> kann mit folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid "<option>-c</option>, <option>--crypt-method</option>"
 #~ msgstr "<option>-c</option>, <option>--crypt-method</option>"
 
+# MH184 The number of rounds is an obligatory argument for this option
+# when introduced, this string becomes identical to chpasswd.8.xml
 #~ msgid "<option>-s</option>, <option>--sha-rounds</option>"
 #~ msgstr "<option>-s</option>, <option>--sha-rounds</option>"
 
+#~ msgid ""
+#~ "The value 0 means that the system will choose the default number of "
+#~ "rounds for the crypt method (5000)."
+#~ msgstr ""
+#~ "Ein Wert von 0 bedeutet, dass das System den Standard von 5000 Runden zur "
+#~ "Verschlüsselung auswählen wird."
+
+#~ msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#~ msgstr ""
+#~ "Sie können diese Option nur mit den Verschlüsselungsmethoden SHA256 und "
+#~ "SHA512 verwenden."
+
 #~ msgid "PAM configuration for <command>newusers</command>."
 #~ msgstr "Konfiguration von PAM für <command>newusers</command>."
 
-#, fuzzy
-#~| msgid ""
-#~| "<citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>grpck</"
-#~| "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</"
-#~| "manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</"
-#~| "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
-#~| "<citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</"
-#~| "manvolnum></citerefentry>."
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</"
 #~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</"
@@ -14906,14 +16010,14 @@ msgstr ""
 #~ "manvolnum></citerefentry>, </phrase><citerefentry><refentrytitle>useradd</"
 #~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>."
 #~ msgstr ""
-#~ "<citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</"
-#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>grpck</"
-#~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>, "
-#~ "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</"
-#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</"
+#~ "<citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</"
+#~ "manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</"
+#~ "refentrytitle><manvolnum>1</manvolnum></citerefentry>, <phrase "
+#~ "condition=\"subids\"><citerefentry><refentrytitle>subgid</"
 #~ "refentrytitle><manvolnum>5</manvolnum></citerefentry>, "
-#~ "<citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</"
-#~ "manvolnum></citerefentry>."
+#~ "<citerefentry><refentrytitle>subuid</refentrytitle><manvolnum>5</"
+#~ "manvolnum></citerefentry>, </phrase><citerefentry><refentrytitle>useradd</"
+#~ "refentrytitle><manvolnum>8</manvolnum></citerefentry>."
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>id</refentrytitle><manvolnum>1</manvolnum></"
@@ -14943,16 +16047,17 @@ msgstr ""
 #~ "manvolnum></citerefentry></phrase>."
 
 #~ msgid "<option>CHFN_AUTH</option> (boolean)"
-#~ msgstr "<option>CHFN_AUTH</option> (boolesch)"
+#~ msgstr "<option>CHFN_AUTH</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "If <replaceable>yes</replaceable>, the <command>chfn</command> program "
 #~ "will require authentication before making any changes, unless run by the "
 #~ "superuser."
 #~ msgstr ""
-#~ "Falls <replaceable>yes</replaceable>, benötigt das Programm "
-#~ "<command>chfn</command> eine Authentifizierung, bevor es Änderungen "
-#~ "vornimmt, sofern es nicht von Root ausgeführt wird."
+#~ "Falls <replaceable>yes</replaceable>, muss sich der Benutzer gegenüber "
+#~ "dem Programm <command>chfn</command> authentifizieren, bevor er "
+#~ "Änderungen vornimmt. Dies gilt nicht für den Aufruf durch den "
+#~ "Systemadministrator."
 
 #~ msgid "<option>CHFN_RESTRICT</option> (string)"
 #~ msgstr "<option>CHFN_RESTRICT</option> (Zeichenkette)"
@@ -14971,31 +16076,33 @@ msgstr ""
 #~ "The most restrictive setting is better achieved by not installing "
 #~ "<command>chfn</command> SUID."
 #~ msgstr ""
-#~ "Der Parameter bestimmt, welcher Wert in dem <emphasis remap=\"I\">gecos</"
+#~ "Der Parameter bestimmt, welcher Wert in dem <emphasis remap=\"I\">GECOS</"
 #~ "emphasis>-Feld von <filename>/etc/passwd</filename> von gewöhnlichen "
 #~ "Benutzern mittels des Programms <command>chfn</command> geändert werden "
 #~ "darf. Er kann aus jeder Kombination der Buchstaben <emphasis "
 #~ "remap=\"I\">f</emphasis> ,<emphasis remap=\"I\">r</emphasis>, <emphasis "
 #~ "remap=\"I\">w</emphasis> und <emphasis remap=\"I\">h</emphasis> bestehen. "
 #~ "Diese Buchstaben stehen für den vollständigen Namen, die Zimmernummer, "
-#~ "die geschäftliche Telefonnummer und die private Telefonnummer. Zum Zweck "
-#~ "der Abwärtskompatibilität entspricht <replaceable>yes</replaceable> "
+#~ "die geschäftliche und die private Telefonnummer. Zur Kompatibiltät mit "
+#~ "älteren Versionen entspricht <replaceable>yes</replaceable> "
 #~ "<replaceable>rwh</replaceable> und <replaceable>no</replaceable> "
-#~ "<replaceable>frwh</replaceable>. Falls nichts festgelegt wird, kann nur "
-#~ "Root Änderungen vornehmen. Die größte Einschränkung erreicht man besser, "
-#~ "indem <filename>chfn</filename> nicht mit SUID-Rechten ausgestattet wird."
+#~ "<replaceable>frwh</replaceable>. Falls nichts festgelegt ist, kann nur "
+#~ "der Systemadministrator Änderungen vornehmen. Für eine noch stärkere "
+#~ "Restriktion sollte <command>chfn</command> ohne SUID-Recht installiert "
+#~ "werden."
 
 #~ msgid "<option>CHSH_AUTH</option> (boolean)"
-#~ msgstr "<option>CHSH_AUTH</option> (boolesch)"
+#~ msgstr "<option>CHSH_AUTH</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "If <replaceable>yes</replaceable>, the <command>chsh</command> program "
 #~ "will require authentication before making any changes, unless run by the "
 #~ "superuser."
 #~ msgstr ""
-#~ "Falls <replaceable>yes</replaceable>, benötigt das Programm "
-#~ "<command>chsh</command> eine Authentifizierung, bevor es Änderungen "
-#~ "vornimmt, sofern es nicht von Root ausgeführt wird."
+#~ "Falls <replaceable>yes</replaceable>, muss sich der Benutzer gegenüber "
+#~ "dem Programm <command>chsh</command> authentifizieren, bevor es "
+#~ "Änderungen vornimmt. Dies gilt nicht für den Aufruf durch den "
+#~ "Systemadministrator."
 
 #~ msgid "<option>ERASECHAR</option> (number)"
 #~ msgstr "<option>ERASECHAR</option> (Zahl)"
@@ -15005,7 +16112,7 @@ msgstr ""
 #~ "<replaceable>0177</replaceable> = DEL)."
 #~ msgstr ""
 #~ "Das Löschzeichen des Terminals (<replaceable>010</replaceable> = "
-#~ "Rücktaste, <replaceable>0177</replaceable> = Entf)."
+#~ "Rücklöschtaste, <replaceable>0177</replaceable> = Entf)."
 
 #~ msgid ""
 #~ "The value can be prefixed \"0\" for an octal value, or \"0x\" for an "
@@ -15021,18 +16128,18 @@ msgstr ""
 #~ "Delay in seconds before being allowed another attempt after a login "
 #~ "failure."
 #~ msgstr ""
-#~ "Wartezeit in Sekunden, ehe nach einem fehlgeschlagenen Anmeldeversuch ein "
-#~ "neuer unternommen werden kann"
+#~ "Wartezeit nach einem Anmeldefehlschlag in Sekunden, ehe ein neuer Versuch "
+#~ "unternommen werden kann."
 
 #~ msgid "<option>FAILLOG_ENAB</option> (boolean)"
-#~ msgstr "<option>FAILLOG_ENAB</option> (boolesch)"
+#~ msgstr "<option>FAILLOG_ENAB</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "Enable logging and display of <filename>/var/log/faillog</filename> login "
 #~ "failure info."
 #~ msgstr ""
-#~ "aktiviert die Protokollierung und Anzeige der Informationen zu "
-#~ "fehlgeschlagenen Anmeldeversuchen in <filename>/var/log/faillog</filename>"
+#~ "Aktiviert die Protokollierung und Anzeige der Informationen zu "
+#~ "Anmeldefehlschlägen in <filename>/var/log/faillog</filename>."
 
 #~ msgid "<option>FAKE_SHELL</option> (string)"
 #~ msgstr "<option>FAKE_SHELL</option> (Zeichenkette)"
@@ -15056,6 +16163,7 @@ msgstr ""
 #~ msgid "<option>HUSHLOGIN_FILE</option> (string)"
 #~ msgstr "<option>HUSHLOGIN_FILE</option> (Zeichenkette)"
 
+# MH more precisely s/chatter during the login sequence/chatter when having logged in successfully
 #~ msgid ""
 #~ "If defined, this file can inhibit all the usual chatter during the login "
 #~ "sequence. If a full pathname is specified, then hushed mode will be "
@@ -15063,17 +16171,20 @@ msgstr ""
 #~ "pathname, then hushed mode will be enabled if the file exists in the "
 #~ "user's home directory."
 #~ msgstr ""
-#~ "Falls angegeben, kann diese Datei die übliche Informationsanzeige während "
-#~ "des Anmeldevorgangs unterbinden. Wenn ein vollständiger Pfad angegeben "
-#~ "wird, wird der Modus ohne Anmeldeinformationen verwendet, wenn der Name "
-#~ "oder die Shell des Benutzers in der Datei enthalten sind. Wenn kein "
-#~ "vollständiger Pfad angegeben wird, wird der Modus ohne "
-#~ "Anmeldeinformationen aktiviert, wenn die Datei im Home-Verzeichnis des "
-#~ "Benutzers existiert."
+#~ "Falls angegeben, kann diese Datei die nach Anmeldung übliche Anzeige von "
+#~ "Informationen unterbinden. Der Modus ohne Anmeldeinformationen (»hushed "
+#~ "login mode«) ist eingestellt, wenn ein vollständiger Pfad angegeben ist "
+#~ "und in dieser Datei der Name oder die Shell des Benutzers genannt ist. "
+#~ "Wenn kein vollständiger Pfad angegeben ist, aber diese Datei im "
+#~ "persönlichen Verzeichnis des Benutzers existiert, wird ebenfalls dieser "
+#~ "Modus aktiviert."
 
 #~ msgid "<option>ISSUE_FILE</option> (string)"
 #~ msgstr "<option>ISSUE_FILE</option> (Zeichenkette)"
 
+# MH129 according to comments in login.defs, such a file is now
+# specified within the configuration of PAM
+# s/this file/the content of this file
 #~ msgid "If defined, this file will be displayed before each login prompt."
 #~ msgstr ""
 #~ "Falls angegeben, wird diese Datei vor der Anmeldeaufforderung angezeigt."
@@ -15083,31 +16194,32 @@ msgstr ""
 
 #~ msgid "Terminal KILL character (<replaceable>025</replaceable> = CTRL/U)."
 #~ msgstr ""
-#~ "Das KILL-Zeichen des Terminals (<replaceable>025</replaceable> = CTRL/U)."
+#~ "Das KILL-Zeichen des Terminals (<replaceable>025</replaceable> = STRG/U)."
 
 #~ msgid "<option>LASTLOG_ENAB</option> (boolean)"
-#~ msgstr "<option>LASTLOG_ENAB</option> (boolesch)"
+#~ msgstr "<option>LASTLOG_ENAB</option> (Wahrheitswert)"
 
 #~ msgid "Enable logging and display of /var/log/lastlog login time info."
 #~ msgstr ""
-#~ "aktiviert die Protokollierung und Anzeige der Informationen zu "
-#~ "Anmeldezeiten in <filename>/var/log/lastlog</filename>"
+#~ "Aktiviert die Protokollierung und die Anzeige der Zeit der letzten "
+#~ "Anmeldung in <filename>/var/log/lastlog</filename>."
 
 #~ msgid "<option>LOG_OK_LOGINS</option> (boolean)"
-#~ msgstr "<option>LOG_OK_LOGINS</option> (boolesch)"
+#~ msgstr "<option>LOG_OK_LOGINS</option> (Wahrheitswert)"
 
 #~ msgid "Enable logging of successful logins."
-#~ msgstr "aktiviert die Protokollierung erfolgreicher Anmeldungen"
+#~ msgstr "Aktiviert die Protokollierung erfolgreicher Anmeldungen."
 
 #~ msgid "<option>LOG_UNKFAIL_ENAB</option> (boolean)"
-#~ msgstr "<option>LOG_UNKFAIL_ENAB</option> (boolesch)"
+#~ msgstr "<option>LOG_UNKFAIL_ENAB</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "Enable display of unknown usernames when login failures are recorded."
 #~ msgstr ""
-#~ "aktiviert die Anzeige unbekannter Benutzernamen, wenn fehlgeschlagene "
-#~ "Anmeldeversuche aufgezeichnet werden"
+#~ "Aktiviert die Anzeige unbekannter Benutzernamen, wenn fehlgeschlagene "
+#~ "Anmeldeversuche aufgezeichnet werden."
 
+# MH130 s/an user enter/an user enters
 #~ msgid ""
 #~ "Note: logging unknown usernames may be a security issue if an user enter "
 #~ "her password instead of her login name."
@@ -15119,10 +16231,11 @@ msgstr ""
 #~ msgid "<option>LOGIN_RETRIES</option> (number)"
 #~ msgstr "<option>LOGIN_RETRIES</option> (Zahl)"
 
+# MH131 English s/of bad/of a bad
 #~ msgid "Maximum number of login retries in case of bad password."
 #~ msgstr ""
-#~ "maximale Anzahl von Anmeldeversuchen, wenn ein falsches Passwort "
-#~ "eingegeben wird"
+#~ "Die maximale Anzahl von Versuchen, wenn zur Anmeldung falsche Passwörter "
+#~ "eingegeben werden."
 
 #~ msgid ""
 #~ "This will most likely be overridden by PAM, since the default pam_unix "
@@ -15130,16 +16243,16 @@ msgstr ""
 #~ "fallback in case you are using an authentication module that does not "
 #~ "enforce PAM_MAXTRIES."
 #~ msgstr ""
-#~ "Dies wird höchstwahrscheinlich von PAM überschrieben, da standardmäßig "
-#~ "das Modul pam_unix drei Versuche enthält. Dennoch stellt dies ein "
-#~ "zusätzliches Sicherungssystem dar, falls Sie eine Anmeldemöglichkeit "
-#~ "einsetzen, die nicht PAM_MAXTRIES beachtet."
+#~ "Dieser Parameter ist sehr wahrscheinlich auf Systemen mit PAM außer Kraft "
+#~ "gesetzt, da das Modul »pam_unix« standardmäßig drei Versuche vorsieht. Er "
+#~ "gewährt jedoch gewisse Sicherheit, falls Sie ein Authentifizierungsmodul "
+#~ "verwenden, das PAM_MAXTRIES nicht anwendet."
 
 #~ msgid "<option>LOGIN_TIMEOUT</option> (number)"
 #~ msgstr "<option>LOGIN_TIMEOUT</option> (Zahl)"
 
 #~ msgid "Max time in seconds for login."
-#~ msgstr "Höchstdauer für einen Anmeldeversuch"
+#~ msgstr "Höchstdauer für einen Anmeldeversuch in Sekunden"
 
 #~ msgid "<option>MOTD_FILE</option> (string)"
 #~ msgstr "<option>MOTD_FILE</option> (Zeichenkette)"
@@ -15148,9 +16261,8 @@ msgstr ""
 #~ "If defined, \":\" delimited list of \"message of the day\" files to be "
 #~ "displayed upon login."
 #~ msgstr ""
-#~ "Falls angegeben, eine Aufzählung von Dateien, welche die bei der "
-#~ "Anmeldung anzuzeigenden »Nachrichten des Tages« enthält. Die Dateien "
-#~ "werden mit einem »:« getrennt."
+#~ "Falls angegeben, eine durch »:« getrennte Aufzählung von Dateien, welche "
+#~ "die bei der Anmeldung anzuzeigenden »Nachrichten des Tages« enthalten."
 
 #~ msgid "<option>NOLOGINS_FILE</option> (string)"
 #~ msgstr "<option>NOLOGINS_FILE</option> (Zeichenkette)"
@@ -15160,19 +16272,19 @@ msgstr ""
 #~ "contents of this file should be a message indicating why logins are "
 #~ "inhibited."
 #~ msgstr ""
-#~ "Falls angegeben, der Name einer Datei, deren Existenz Anmeldungen außer "
-#~ "von Root verhindert. Der Inhalt der Datei sollte die Gründe enthalten, "
-#~ "weshalb Anmeldungen untersagt sind."
+#~ "Falls angegeben, der Name einer Datei, die verhindert, dass andere "
+#~ "Benutzer als der Systemadministrator sich anmelden können. Diese Datei "
+#~ "sollte den Meldungstext enthalten, weshalb Anmeldungen verhindert werden."
 
 #~ msgid "<option>PORTTIME_CHECKS_ENAB</option> (boolean)"
-#~ msgstr "<option>PORTTIME_CHECKS_ENAB</option> (boolesch)"
+#~ msgstr "<option>PORTTIME_CHECKS_ENAB</option> (Wahrheitswert)"
 
 #~ msgid ""
 #~ "Enable checking of time restrictions specified in <filename>/etc/"
 #~ "porttime</filename>."
 #~ msgstr ""
-#~ "aktiviert die Auswertung der in <filename>/etc/porttime</filename> "
-#~ "angegebenen Zeitbegrenzungen"
+#~ "Schaltet die Kontrolle der in <filename>/etc/porttime</filename> "
+#~ "angegebenen zeitlichen Einschränkungen ein."
 
 #~ msgid "<option>TTYGROUP</option> (string)"
 #~ msgstr "<option>TTYGROUP</option> (Zeichenkette)"
@@ -15180,57 +16292,75 @@ msgstr ""
 #~ msgid "<option>TTYPERM</option> (string)"
 #~ msgstr "<option>TTYPERM</option> (Zeichenkette)"
 
+# MH132: A group becomes the owner of a terminal? A group which is owner is confusing.
+# Tests showed that the logged in user
+# becomes the owner of the device
+# Perhaps it is better
+# s/tty will be owned by the/tty will be assigned to the group
 #~ msgid ""
 #~ "The terminal permissions: the login tty will be owned by the "
 #~ "<option>TTYGROUP</option> group, and the permissions will be set to "
 #~ "<option>TTYPERM</option>."
 #~ msgstr ""
-#~ "Die Rechte des Terminals: Das Anmelde-tty gehört der Gruppe "
-#~ "<option>TTYGROUP</option> an, die Rechte werden auf <option>TTYPERM</"
-#~ "option> gesetzt."
+#~ "Die Zugriffsregelung für Terminals: Das Anmeldeterminal wird der Gruppe "
+#~ "<option>TTYGROUP</option> zugeordnet, die Rechte werden auf "
+#~ "<option>TTYPERM</option> gesetzt."
 
+# MH Perhaps it is better:
+# s/the ownership of the terminal is set to/the terminal is assigned to
 #~ msgid ""
 #~ "By default, the ownership of the terminal is set to the user's primary "
 #~ "group and the permissions are set to <replaceable>0600</replaceable>."
 #~ msgstr ""
-#~ "Standardmäßig ist der Eigentümer des Terminals die Hauptgruppe des "
-#~ "Benutzers, die Rechte werden auf <replaceable>0600</replaceable> gesetzt."
+#~ "Standardmäßig wird das Terminal der primären Gruppe des "
+#~ "Benutzerszugeordnet, die Rechte werden auf <replaceable>0600</"
+#~ "replaceable> gesetzt."
 
 #~ msgid ""
 #~ "<option>TTYGROUP</option> can be either the name of a group or a numeric "
 #~ "group identifier."
 #~ msgstr ""
-#~ "<option>TTYGROUP</option> kann der Gruppenname oder die als Zahl "
-#~ "ausgedrückte Gruppen-ID sein."
+#~ "<option>TTYGROUP</option> kann der Gruppenname oder die Gruppenkennung "
+#~ "sein."
 
+# MH134 s/to the group number/to the group   as both group name and group number are accepted,
+# MH Perhaps it is better
+# s
+# /which is \"setgid\" to a special group which owns the terminals,
+# /which is \"setgid\" and assigned to a special group for terminal users
 #~ msgid ""
 #~ "If you have a <command>write</command> program which is \"setgid\" to a "
 #~ "special group which owns the terminals, define TTYGROUP to the group "
 #~ "number and TTYPERM to 0620. Otherwise leave TTYGROUP commented out and "
 #~ "assign TTYPERM to either 622 or 600."
 #~ msgstr ""
-#~ "Wenn Sie ein <command>write</command>-Programm haben, das »setgid« für "
-#~ "eine Gruppe besitzt, der das Terminal gehört, sollten Sie TTYGROUP die "
-#~ "Gruppennummer und TTYPERM den Wert 0620 zuweisen. Oder Sie sollten "
-#~ "TTYGROUP als Kommentar belassen und TTYPERM den Wert 622 oder 600 "
-#~ "zuweisen."
+#~ "Wenn Ihr Programm <command>write</command> mit »setgid« für eine "
+#~ "spezielle Gruppe von Benutzern der Terminals installiert ist, sollten Sie "
+#~ "TTYGROUP mit der Kennung dieser Gruppe belegen und TTYPERM den Wert 0620 "
+#~ "zuweisen. Andernfalls sollten Sie TTYGROUP auskommentiert lassen und "
+#~ "TTYPERM den Wert 622 oder 600 zuweisen."
 
 #~ msgid "<option>TTYTYPE_FILE</option> (string)"
 #~ msgstr "<option>TTYTYPE_FILE</option> (Zeichenkette)"
 
+# MH135: tty-Line meint wohl eher TTY-Verbindung als TTY-Zeile, also eine Tastatur
+# an einem Kabel
+# s
+# /file which maps tty line to TERM environment parameter
+# /a file which maps between tty connection and environment parameter TERM
 #~ msgid ""
 #~ "If defined, file which maps tty line to TERM environment parameter. Each "
 #~ "line of the file is in a format something like \"vt100 tty01\"."
 #~ msgstr ""
-#~ "Falls angegeben, eine Datei, welche einer tty-Zeile den "
-#~ "Umgebungsparameter TERM zuweist. Jede Zeile hat das Format wie etwa "
+#~ "Falls angegeben, eine Datei, die jedem Terminal einen Umgebungsparameter "
+#~ "TERM zugeweist. Die Datei würde Zeilen folgenden Aufbaus enthalten: "
 #~ "»vt100 tty01«."
 
 #~ msgid "<option>ULIMIT</option> (number)"
 #~ msgstr "<option>ULIMIT</option> (Zahl)"
 
 #~ msgid "Default <command>ulimit</command> value."
-#~ msgstr "der Standardwert von <command>ulimit</command>"
+#~ msgstr "Der Standardwert von <command>ulimit</command>."
 
 #~ msgid ""
 #~ "<phrase condition=\"no_pam\">CHFN_AUTH</phrase> CHFN_RESTRICT <phrase "
@@ -15246,12 +16376,13 @@ msgstr ""
 #~ "condition=\"no_pam\">FAILLOG_ENAB</phrase> FAKE_SHELL <phrase "
 #~ "condition=\"no_pam\">FTMP_FILE</phrase> HUSHLOGIN_FILE <phrase "
 #~ "condition=\"no_pam\">ISSUE_FILE</phrase> KILLCHAR <phrase "
-#~ "condition=\"no_pam\">LASTLOG_ENAB</phrase> LOGIN_RETRIES <phrase "
-#~ "condition=\"no_pam\">LOGIN_STRING</phrase> LOGIN_TIMEOUT LOG_OK_LOGINS "
-#~ "LOG_UNKFAIL_ENAB <phrase condition=\"no_pam\">MAIL_CHECK_ENAB MAIL_DIR "
-#~ "MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB</"
-#~ "phrase> TTYGROUP TTYPERM TTYTYPE_FILE <phrase condition=\"no_pam\">ULIMIT "
-#~ "UMASK</phrase> USERGROUPS_ENAB"
+#~ "condition=\"no_pam\">LASTLOG_ENAB LASTLOG_UID_MAX</phrase> LOGIN_RETRIES "
+#~ "<phrase condition=\"no_pam\">LOGIN_STRING</phrase> LOGIN_TIMEOUT "
+#~ "LOG_OK_LOGINS LOG_UNKFAIL_ENAB <phrase "
+#~ "condition=\"no_pam\">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE "
+#~ "NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB</phrase> TTYGROUP TTYPERM "
+#~ "TTYTYPE_FILE <phrase condition=\"no_pam\">ULIMIT UMASK</phrase> "
+#~ "USERGROUPS_ENAB"
 #~ msgstr ""
 #~ "<phrase condition=\"no_pam\">CONSOLE</phrase> CONSOLE_GROUPS DEFAULT_HOME "
 #~ "<phrase condition=\"no_pam\">ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ "
@@ -15259,12 +16390,13 @@ msgstr ""
 #~ "condition=\"no_pam\">FAILLOG_ENAB</phrase> FAKE_SHELL <phrase "
 #~ "condition=\"no_pam\">FTMP_FILE</phrase> HUSHLOGIN_FILE <phrase "
 #~ "condition=\"no_pam\">ISSUE_FILE</phrase> KILLCHAR <phrase "
-#~ "condition=\"no_pam\">LASTLOG_ENAB</phrase> LOGIN_RETRIES <phrase "
-#~ "condition=\"no_pam\">LOGIN_STRING</phrase> LOGIN_TIMEOUT LOG_OK_LOGINS "
-#~ "LOG_UNKFAIL_ENAB <phrase condition=\"no_pam\">MAIL_CHECK_ENAB MAIL_DIR "
-#~ "MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB</"
-#~ "phrase> TTYGROUP TTYPERM TTYTYPE_FILE <phrase condition=\"no_pam\">ULIMIT "
-#~ "UMASK</phrase> USERGROUPS_ENAB"
+#~ "condition=\"no_pam\">LASTLOG_ENAB LASTLOG_UID_MAX</phrase> LOGIN_RETRIES "
+#~ "<phrase condition=\"no_pam\">LOGIN_STRING</phrase> LOGIN_TIMEOUT "
+#~ "LOG_OK_LOGINS LOG_UNKFAIL_ENAB <phrase "
+#~ "condition=\"no_pam\">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE "
+#~ "NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB</phrase> TTYGROUP TTYPERM "
+#~ "TTYTYPE_FILE <phrase condition=\"no_pam\">ULIMIT UMASK</phrase> "
+#~ "USERGROUPS_ENAB"
 
 #~ msgid ""
 #~ "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -15317,15 +16449,16 @@ msgstr ""
 #~ "emphasis>:<emphasis remap=\"I\">origins</emphasis>"
 #~ msgstr ""
 #~ "<emphasis remap=\"I\">Erlaubnis</emphasis>:<emphasis "
-#~ "remap=\"I\">Benutzer</emphasis>:<emphasis remap=\"I\">Herkunft</emphasis>"
+#~ "remap=\"I\">Benutzer</emphasis>:<emphasis remap=\"I\">Herkünfte</emphasis>"
 
+# FIXME s/compilation options/compile-time options
 #~ msgid ""
 #~ "This version of <command>login</command> has many compilation options, "
 #~ "only some of which may be in use at any particular site."
 #~ msgstr ""
-#~ "Diese Version von <command>login</command> hat viele Optionen für die "
-#~ "Kompilierung, wobei eventuell nicht alle Optionen auf allen Systemen "
-#~ "verwendet werden."
+#~ "Bei dieser Version von <command>login</command> gibt es viele von der "
+#~ "Kompilierung abhängige Optionen. Einzelne können daher im speziellen Fall "
+#~ "nicht zur Verfügung stehen."
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>mail</refentrytitle><manvolnum>1</"
@@ -15389,8 +16522,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>lastlog</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>lastlog</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>lastlog</command> kann mit folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<option>-b</option>, <option>--before</option>&nbsp;<replaceable>DAYS</"
@@ -15399,15 +16532,11 @@ msgstr ""
 #~ "<option>-b</option>, <option>--before</option>&nbsp;<replaceable>TAGE</"
 #~ "replaceable>"
 
-#, fuzzy
-#~| msgid "<option>-u</option>, <option>--user</option>"
 #~ msgid "<option>-C</option>, <option>--clear</option>"
-#~ msgstr "<option>-u</option>, <option>--user</option>"
+#~ msgstr "<option>-C</option>, <option>--clear</option>"
 
-#, fuzzy
-#~| msgid "<option>-r</option>, <option>--reset</option>"
 #~ msgid "<option>-S</option>, <option>--set</option>"
-#~ msgstr "<option>-r</option>, <option>--reset</option>"
+#~ msgstr "<option>-S</option>, <option>--set</option>"
 
 #~ msgid ""
 #~ "<option>-t</option>, <option>--time</option>&nbsp;<replaceable>DAYS</"
@@ -15416,12 +16545,14 @@ msgstr ""
 #~ "<option>-t</option>, <option>--time</option>&nbsp;<replaceable>TAGE</"
 #~ "replaceable>"
 
+# MH144 in --help zu lastlog wird BENUTZERZUGANG benutzt, in den Handbuchseiten
+# hier dagegen dafür immer ANMELDENAME
 #~ msgid ""
 #~ "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #~ "replaceable>|<replaceable>RANGE</replaceable>"
 #~ msgstr ""
-#~ "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
-#~ "replaceable>|<replaceable>MENGE</replaceable>"
+#~ "<option>-u</option>, <option>--user</option>&nbsp;"
+#~ "<replaceable>ANMELDENAME</replaceable>|<replaceable>BEREICH</replaceable>"
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>5</"
@@ -15446,7 +16577,7 @@ msgstr ""
 #~ "a valid group identifier <phrase condition=\"gshadow\"> (<filename>/etc/"
 #~ "group</filename> only)</phrase>"
 #~ msgstr ""
-#~ "eine gültige Gruppenkennung <phrase condition=\"gshadow\"> (nur für "
+#~ "eine gültige Gruppenkennung (GID) <phrase condition=\"gshadow\"> (nur für "
 #~ "<filename>/etc/group</filename>)</phrase>"
 
 #~ msgid ""
@@ -15456,6 +16587,7 @@ msgstr ""
 #~ "eine gültige Liste der Mitglieder <phrase condition=\"gshadow\"> und "
 #~ "Gruppenverwalter</phrase>"
 
+# MH fehlender Leerraum vor "and"
 #~ msgid ""
 #~ "The commands which operate on the <filename>/etc/group</filename><phrase "
 #~ "condition=\"no_gshadow\">file</phrase><phrase condition=\"gshadow\">and "
@@ -15466,24 +16598,27 @@ msgstr ""
 #~ "Die Befehle, welche die <phrase condition=\"no_gshadow\">Datei <filename>/"
 #~ "etc/group</filename></phrase><phrase condition=\"gshadow\">Dateien "
 #~ "<filename>/etc/group</filename> und <filename>/etc/gshadow</filename></"
-#~ "phrase> bearbeiten, können falsche oder doppelte Einträge nicht "
+#~ "phrase> bearbeiten, können beschädigte oder doppelte Einträge nicht "
 #~ "verändern. In solchen Fällen sollte <command>grpwck</command> verwendet "
 #~ "werden, um die betreffenden Einträge zu entfernen."
 
 #~ msgid "The options which apply to the <command>grpck</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>grpck</command> unterstützt werden, "
-#~ "sind:"
+#~ "Der Befehl <command>grpck</command> kann mit folgenden Optionen verwendet "
+#~ "werden:"
 
 #~ msgid ""
 #~ "Sort entries in <filename>/etc/group</filename><phrase "
 #~ "condition=\"gshadow\">and <filename>/etc/gshadow</filename></phrase> by "
 #~ "GID."
 #~ msgstr ""
-#~ "Ordnet die Einträge in <filename>/etc/group</filename><phrase "
-#~ "condition=\"gshadow\">und <filename>/etc/gshadow</filename></phrase> nach "
-#~ "der GID."
+#~ "Sortiert die Einträge in <filename>/etc/group</filename> <phrase "
+#~ "condition=\"gshadow\">und <filename>/etc/gshadow</filename> </phrase>nach "
+#~ "Gruppenkennung."
 
+# MH146: check whether spaces are necessary:
+# after the first appearance /etc/group and
+# and after group to separate it from parameter or and.
 #~ msgid ""
 #~ "By default, <command>grpck</command> operates on <filename>/etc/group</"
 #~ "filename><phrase condition=\"gshadow\">and <filename>/etc/gshadow</"
@@ -15497,9 +16632,9 @@ msgstr ""
 #~ "group</filename><phrase condition=\"gshadow\"> und <filename>/etc/"
 #~ "gshadow</filename></phrase>. Der Benutzer kann andere Dateien mit <phrase "
 #~ "condition=\"no_gshadow\">dem Parameter <emphasis remap=\"I\">group</"
-#~ "emphasis></phrase><phrase condition=\"gshadow\">den Parametern <emphasis "
-#~ "remap=\"I\">group</emphasis> und <emphasis remap=\"I\">shadow</emphasis></"
-#~ "phrase> auswählen."
+#~ "emphasis> </phrase><phrase condition=\"gshadow\">den Parametern <emphasis "
+#~ "remap=\"I\">group</emphasis> und <emphasis remap=\"I\">shadow</emphasis> "
+#~ "</phrase>auswählen."
 
 #~ msgid ""
 #~ "The <command>grpck</command> command exits with the following values: "
@@ -15549,8 +16684,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>groupmod</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>groupmod</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>groupmod</command> kann mit folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GID</"
@@ -15564,9 +16699,9 @@ msgstr ""
 #~ "<option>GID_MAX</option>, <option>SYS_GID_MIN</option>, or "
 #~ "<option>SYS_GID_MAX</option> from <filename>/etc/login.defs</filename>."
 #~ msgstr ""
-#~ "Die Werte von <option>GID_MIN</option>, <option>GID_MAX</option>, "
-#~ "<option>SYS_GID_MIN</option> und <option>SYS_GID_MAX</option> aus "
-#~ "<filename>/etc/login.defs</filename> werden nicht geprüft."
+#~ "Eine Prüfung der Vorgaben <option>GID_MIN</option>, <option>GID_MAX</"
+#~ "option>, <option>SYS_GID_MIN</option> und <option>SYS_GID_MAX</option> "
+#~ "aus <filename>/etc/login.defs</filename> erfolgt nicht."
 
 #~ msgid ""
 #~ "<option>-n</option>, <option>--new-name</option>&nbsp;"
@@ -15575,6 +16710,11 @@ msgstr ""
 #~ "<option>-n</option>, <option>--new-name</option>&nbsp;"
 #~ "<replaceable>NEUE_GRUPPE</replaceable>"
 
+# MH according to line 66 in groupmod.c
+# E_GID_IN_USE  indicates that GID is already in use
+#~ msgid "E_GID_IN_USE: specified group doesn't exist"
+#~ msgstr "E_GID_IN_USE: Die angegebene Gruppenkennung wird schon verwendet"
+
 #~ msgid ""
 #~ "The <command>groupmod</command> command exits with the following values: "
 #~ "<placeholder-1/>"
@@ -15618,29 +16758,29 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>groupmems</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>groupmems</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>groupmems</command> kann mit den folgendenOptionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<option>-a</option>, <option>--add</option>&nbsp;<replaceable>user_name</"
 #~ "replaceable>"
 #~ msgstr ""
 #~ "<option>-a</option>, <option>--add</option>&nbsp;"
-#~ "<replaceable>Benutzer_Name</replaceable>"
+#~ "<replaceable>Anmeldename</replaceable>"
 
 #~ msgid ""
 #~ "<option>-d</option>, <option>--delete</option>&nbsp;"
 #~ "<replaceable>user_name</replaceable>"
 #~ msgstr ""
 #~ "<option>-d</option>, <option>--delete</option>&nbsp;"
-#~ "<replaceable>Benutzer_Name</replaceable>"
+#~ "<replaceable>Anmeldename</replaceable>"
 
 #~ msgid ""
 #~ "<option>-g</option>, <option>--group</option>&nbsp;"
 #~ "<replaceable>group_name</replaceable>"
 #~ msgstr ""
 #~ "<option>-g</option>, <option>--group</option>&nbsp;"
-#~ "<replaceable>Gruppen_Name</replaceable>"
+#~ "<replaceable>Gruppenname</replaceable>"
 
 #~ msgid "<option>-l</option>, <option>--list</option>"
 #~ msgstr "<option>-l</option>, <option>--list</option>"
@@ -15678,8 +16818,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>groupdel</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>groupdel</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>groupdel</command> kann mit den folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "The <command>groupdel</command> command exits with the following values: "
@@ -15722,15 +16862,15 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>groupadd</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>groupadd</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>groupadd</command> kann mit den folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "See also the <option>-r</option> option and the <option>GID_MAX</option> "
 #~ "description."
 #~ msgstr ""
-#~ "Vergleichen Sie auch die Option <option>-r</option> und die Ausführungen "
-#~ "zu <option>GID_MAX</option>."
+#~ "Beachten Sie auch die Option <option>-r</option> und die Beschreibung von "
+#~ "<option>GID_MAX</option>."
 
 #~ msgid ""
 #~ "Example: <option>-K</option>&nbsp;<replaceable>GID_MIN</"
@@ -15741,10 +16881,12 @@ msgstr ""
 #~ "replaceable>=<replaceable>100</replaceable>&nbsp;<option>-K</option>&nbsp;"
 #~ "<replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>"
 
+# Änderung im Original vorgeschlagen MH 2022-02-17
 #~ msgid "This option permits to add a group with a non-unique GID."
 #~ msgstr ""
-#~ "Diese Option erlaubt es, eine Gruppe mit einer nicht eindeutigen GID zu "
-#~ "erstellen."
+#~ "erlaubt es, die neue Gruppe mit einer schon vergebenen Gruppenkennung zu "
+#~ "erstellen. Diese Kennung wird nicht mehr eindeutig einem Gruppennamen "
+#~ "zuordenbar sein."
 
 #~ msgid ""
 #~ "Groupnames must start with a lower case letter or an underscore, followed "
@@ -15752,20 +16894,23 @@ msgstr ""
 #~ "a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?"
 #~ msgstr ""
 #~ "Gruppennamen müssen mit einem Kleinbuchstaben oder einem Unterstrich "
-#~ "beginnen. Nachfolgend dürfen sie Kleinbuchstaben, Zahlen, Unterstriche "
-#~ "und Gedankenstriche enthalten. Das letzte Zeichen darf auch ein "
-#~ "Dollarzeichen sein. Als regulärer Ausdruck: [a-z_][a-z0-9_-]*[$]?"
+#~ "beginnen, dem Kleinbuchstaben, Zahlen, Unterstriche oder Bindestriche "
+#~ "folgen. Das letzte Zeichen darf auch ein Dollarzeichen sein. Als "
+#~ "regulärer Ausdruck: [a-z_][a-z0-9_-]*[$]?"
 
 #~ msgid ""
 #~ "Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long."
 #~ msgstr ""
 #~ "Gruppennamen dürfen nur bis zu &GROUP_NAME_MAX_LENGTH; Zeichen lang sein."
 
+# String müsste auch angepasst werden: s/nicht eindeutig/bereits vergeben MH 2022-02-18
 #~ msgid "GID not unique (when <option>-o</option> not used)"
-#~ msgstr "GID nicht eindeutig (wenn <option>-o</option> nicht angegeben wird)"
+#~ msgstr ""
+#~ "Gruppenkennung ist nicht eindeutig (wenn <option>-o</option> nicht "
+#~ "verwendet wurde)"
 
 #~ msgid "group name not unique"
-#~ msgstr "Gruppenname nicht eindeutig"
+#~ msgstr "Gruppenname ist schon vergeben"
 
 #~ msgid ""
 #~ "The <command>groupadd</command> command exits with the following values: "
@@ -15833,8 +16978,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>gpasswd</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>gpasswd</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>gpasswd</command> kann mit den folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<option>-a</option>, <option>--add</option>&nbsp;<replaceable>user</"
@@ -15905,8 +17050,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>faillog</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>faillog</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>faillog</command> kann mit folgenden Optionen benutzt "
+#~ "werden:"
 
 #~ msgid ""
 #~ "<option>-l</option>, <option>--lock-secs</option>&nbsp;<replaceable>SEC</"
@@ -15937,8 +17082,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>expiry</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>expiry</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>expiry</command> wird mit den folgenden Optionen "
+#~ "verwendet:"
 
 #~ msgid "<option>-c</option>, <option>--check</option>"
 #~ msgstr "<option>-c</option>, <option>--check</option>"
@@ -15954,8 +17099,8 @@ msgstr ""
 
 #~ msgid "The options which apply to the <command>chsh</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>chsh</command> unterstützt werden, "
-#~ "sind:"
+#~ "Der Befehl <command>chsh</command> kann mit den folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</"
@@ -15974,16 +17119,10 @@ msgstr ""
 #~ "<emphasis remap=\"I\">user_name</emphasis>:<emphasis "
 #~ "remap=\"I\">password</emphasis>"
 #~ msgstr ""
-#~ "<emphasis remap=\"I\">Benutzername</emphasis>:<emphasis "
+#~ "<emphasis remap=\"I\">Anmeldename</emphasis>:<emphasis "
 #~ "remap=\"I\">Passwort</emphasis>"
 
-#, fuzzy
-#~| msgid ""
-#~| "The default encryption algorithm can be defined for the system with the "
-#~| "<option>ENCRYPT_METHOD</option> or <option>MD5_CRYPT_ENAB</option> "
-#~| "variables of <filename>/etc/login.defs</filename>, and can be overwitten "
-#~| "with the <option>-e</option>, <option>-m</option>, or <option>-c</"
-#~| "option> options."
+# FIXME s/can be overwritten with /can be overridden with
 #~ msgid ""
 #~ "The default encryption algorithm can be defined for the system with the "
 #~ "<option>ENCRYPT_METHOD</option> or <option>MD5_CRYPT_ENAB</option> "
@@ -15993,15 +17132,15 @@ msgstr ""
 #~ msgstr ""
 #~ "Der standardmäßige Verschlüsselungsalgorithmus kann systemweit mit den "
 #~ "Variablen <option>ENCRYPT_METHOD</option> oder <option>MD5_CRYPT_ENAB</"
-#~ "option> in <filename>/etc/login.defs</filename> definiert werden. Dieser "
+#~ "option> in <filename>/etc/login.defs</filename> definiert werden. Dies "
 #~ "kann mit den Optionen <option>-e</option>, <option>-m</option> oder "
-#~ "<option>-c</option> überschrieben werden."
+#~ "<option>-c</option> außer Kraft gesetzt werden."
 
 #~ msgid ""
 #~ "The options which apply to the <command>chpasswd</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>chpasswd</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>chpasswd</command> kann mit den folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<option>-c</option>, <option>--crypt-method</option>&nbsp;"
@@ -16010,6 +17149,9 @@ msgstr ""
 #~ "<option>-c</option>, <option>--crypt-method</option>&nbsp;"
 #~ "<replaceable>METHODE</replaceable>"
 
+#~ msgid "The available methods are DES, MD5, and NONE."
+#~ msgstr "Die verfügbaren Methoden sind DES, MD5 und NONE."
+
 #~ msgid "<option>-e</option>, <option>--encrypted</option>"
 #~ msgstr "<option>-e</option>, <option>--encrypted</option>"
 
@@ -16023,6 +17165,15 @@ msgstr ""
 #~ "<option>-s</option>, <option>--sha-rounds</option>&nbsp;"
 #~ "<replaceable>RUNDEN</replaceable>"
 
+#~ msgid ""
+#~ "By default, the number of rounds is defined by the "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> variables in <filename>/etc/login.defs</filename>."
+#~ msgstr ""
+#~ "Standardmäßig wird die Anzahl der Runden von den Variablen "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> und <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> in <filename>/etc/login.defs</filename> bestimmt."
+
 #~ msgid "PAM configuration for <command>chpasswd</command>."
 #~ msgstr "PAM-Konfiguration für <command>chpasswd</command>"
 
@@ -16053,8 +17204,8 @@ msgstr ""
 #~ msgid ""
 #~ "The options which apply to the <command>chgpasswd</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>chgpasswd</command> unterstützt "
-#~ "werden, sind:"
+#~ "Der Befehl <command>chgpasswd</command> kann mit folgenden Optionen "
+#~ "verwendet werden:"
 
 #~ msgid ""
 #~ "<citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>1</"
@@ -16071,8 +17222,8 @@ msgstr ""
 
 #~ msgid "The options which apply to the <command>chfn</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>chfn</command> unterstützt werden, "
-#~ "sind:"
+#~ "Der Befehl <command>chfn</command> kann mit folgenden Optionen verwendet "
+#~ "werden:"
 
 #~ msgid ""
 #~ "<option>-f</option>, <option>--full-name</option>&nbsp;"
@@ -16100,7 +17251,7 @@ msgstr ""
 #~ "<replaceable>ROOM_NUMBER</replaceable>"
 #~ msgstr ""
 #~ "<option>-r</option>, <option>--room</option>&nbsp;"
-#~ "<replaceable>ZIMMER_NUMMER</replaceable>"
+#~ "<replaceable>RAUMNUMMER</replaceable>"
 
 #~ msgid "<option>-u</option>, <option>--help</option>"
 #~ msgstr "<option>-u</option>, <option>--help</option>"
@@ -16127,8 +17278,8 @@ msgstr ""
 
 #~ msgid "The options which apply to the <command>chage</command> command are:"
 #~ msgstr ""
-#~ "Die Optionen, die vom Befehl <command>chage</command> unterstützt werden, "
-#~ "sind:"
+#~ "Der Befehl <command>chage</command> kann mit folgenden Optionen verwendet "
+#~ "werden:"
 
 #~ msgid ""
 #~ "<option>-d</option>, <option>--lastday</option>&nbsp;"
@@ -16142,7 +17293,10 @@ msgstr ""
 #~ "<replaceable>EXPIRE_DATE</replaceable>"
 #~ msgstr ""
 #~ "<option>-E</option>, <option>--expiredate</option>&nbsp;"
-#~ "<replaceable>VERFALLSDATUM</replaceable>"
+#~ "<replaceable>STILLLEGUNGSDATUM</replaceable>"
+
+#~ msgid "<option>-i</option>, <option>--iso8601</option>"
+#~ msgstr "<option>-i</option>, <option>--iso8601</option>"
 
 #~ msgid ""
 #~ "<option>-I</option>, <option>--inactive</option>&nbsp;"
@@ -16180,7 +17334,62 @@ msgstr ""
 #~ "zurück: <placeholder-1/>"
 
 #~ msgid "translator-credits"
-#~ msgstr "Simon Brandmair (sbrandmair@gmx.net), 2005, 2007, 2011."
+#~ msgstr ""
+#~ "Simon Brandmair (sbrandmair@gmx.net), 2005, 2007, 2011.\n"
+#~ "Markus Hiereth (translation@hiereth.de), 2023"
+
+# SB: Bessere Ãœbersetzung als 'Zielbenutzer'?
+#~ msgid ""
+#~ "Additional arguments may be provided after the username, in which case "
+#~ "they are supplied to the user's login shell. In particular, an argument "
+#~ "of <option>-c</option> will cause the next argument to be treated as a "
+#~ "command by most command interpreters. The command will be executed by the "
+#~ "shell specified in <filename>/etc/passwd</filename> for the target user."
+#~ msgstr ""
+#~ "Zusätzliche Argumente können nach dem Benutzernamen angegeben werden. In "
+#~ "diesem Fall werden sie an die Anmelde-Shell des Benutzers weitergereicht. "
+#~ "Insbesondere führt das Argument <option>-c</option> dazu, dass das "
+#~ "nächste Argument von den meisten Interpretatoren als Befehl behandelt "
+#~ "wird. Dieser Befehl wird von der Shell ausgeführt, die in <filename>/etc/"
+#~ "passwd</filename> für den Zielbenutzer angegeben ist."
+
+#~ msgid ""
+#~ "You can use the <option>--</option> argument to separate <command>su</"
+#~ "command> options from the arguments supplied to the shell."
+#~ msgstr ""
+#~ "Sie können das Argument <option>--</option> verwenden, um Optionen für "
+#~ "<command>su</command> von Argumenten für die Shell zu trennen."
+
+#~ msgid ""
+#~ "The encrypted password field may be blank, in which case no password is "
+#~ "required to authenticate as the specified login name. However, some "
+#~ "applications which read the <filename>/etc/passwd</filename> file may "
+#~ "decide not to permit <emphasis>any</emphasis> access at all if the "
+#~ "<emphasis>password</emphasis> field is blank. If the <emphasis>password</"
+#~ "emphasis> field is a lower-case <quote>x</quote>, then the encrypted "
+#~ "password is actually stored in the <citerefentry><refentrytitle>shadow</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry> file instead; there "
+#~ "<emphasis>must</emphasis> be a corresponding line in the <filename>/etc/"
+#~ "shadow</filename> file, or else the user account is invalid. If the "
+#~ "<emphasis>password</emphasis> field is any other string, then it will be "
+#~ "treated as an encrypted password, as specified by "
+#~ "<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</"
+#~ "manvolnum></citerefentry>."
+#~ msgstr ""
+#~ "Das Feld für das verschlüsselte Passwort kann leer sein. In diesem Fall "
+#~ "wird kein Passwort benötigt, um sich beim System anzumelden. Allerdings "
+#~ "werden einige Anwendung, die <filename>/etc/passwd</filename> auswerten, "
+#~ "<emphasis>keinen</emphasis> Zugriff erlauben, wenn das "
+#~ "<emphasis>Passwort</emphasis>-Feld leer ist. Wenn das <emphasis>Passwort</"
+#~ "emphasis>-Feld ein kleines <quote>x</quote> enthält, ist das Passwort in "
+#~ "der Datei <citerefentry><refentrytitle>shadow</"
+#~ "refentrytitle><manvolnum>5</manvolnum></citerefentry> gespeichert. Es "
+#~ "<emphasis>muss</emphasis> sich dann ein passender Eintrag in <filename>/"
+#~ "etc/shadow</filename> befinden, oder das Benutzerkonto ist ungültig. Wenn "
+#~ "das <emphasis>Passwort</emphasis>-Feld eine andere Zeichenkette enthält, "
+#~ "wird diese als ein verschlüsseltes Passwort behandelt. Genaueres dazu "
+#~ "befindet sich unter <citerefentry><refentrytitle>crypt</"
+#~ "refentrytitle><manvolnum>3</manvolnum></citerefentry>."
 
 #~ msgid "Kłoczko"
 #~ msgstr "Kłoczko"
diff --git a/man/po/fr.po b/man/po/fr.po
index 2fff1a3..6bc183e 100644
--- a/man/po/fr.po
+++ b/man/po/fr.po
@@ -21,7 +21,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow-man-pages 4.0.18\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2019-01-30 21:55+0100\n"
 "Last-Translator: Jean-Philippe MENGUAL <mengualjeanphi@free.fr>\n"
 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@@ -35,12 +35,12 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -48,12 +48,12 @@ msgid "Julianne Frances"
 msgstr "Julianne Frances"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -66,14 +66,14 @@ msgid "Creation, 1990"
 msgstr "Création, 1990"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -82,14 +82,14 @@ msgid "Thomas"
 msgstr "Thomas"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -98,14 +98,14 @@ msgid "KÅ‚oczko"
 msgstr "KÅ‚oczko"
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -114,14 +114,14 @@ msgid "kloczek@pld.org.pl"
 msgstr "kloczek@pld.org.pl"
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -130,15 +130,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr "Responsable de shadow-utils, 2000 - 2007"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -147,15 +147,15 @@ msgid "Nicolas"
 msgstr "Nicolas"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -164,15 +164,15 @@ msgid "François"
 msgstr "François"
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -181,15 +181,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr "nicolas.francois@centraliens.net"
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -204,9 +204,9 @@ msgstr "Responsable de shadow-utils, 2007 - maintenant"
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -214,11 +214,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -226,44 +226,44 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr "Commandes utilisateur"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -272,20 +272,20 @@ msgid "shadow-utils"
 msgstr "shadow-utils"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -295,10 +295,10 @@ msgstr "Modifier les informations de validité d'un mot de passe"
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -311,22 +311,22 @@ msgstr "options"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
 msgstr "LOGIN"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -354,12 +354,12 @@ msgstr ""
 
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -367,12 +367,12 @@ msgid "OPTIONS"
 msgstr "OPTIONS"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>su</command> command are:"
@@ -381,9 +381,9 @@ msgstr "Les options applicables à la commande <command>su</command> sont :"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 #, fuzzy
 #| msgid "-"
 msgid "-d"
@@ -403,44 +403,44 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
@@ -470,7 +470,7 @@ msgid "-E"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -478,7 +478,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -515,7 +515,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 #, fuzzy
 #| msgid "1"
 msgid "-1"
@@ -538,78 +538,78 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
 msgstr "<option>-a</option>, <option>--all</option>"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "Afficher un message d'aide et quitter."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 #, fuzzy
 #| msgid "-"
 msgid "-i"
@@ -633,8 +633,8 @@ msgid "-I"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -642,8 +642,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -686,10 +686,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -706,11 +706,11 @@ msgstr "Afficher les informations sur l'âge des comptes."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 #, fuzzy
 #| msgid "-"
@@ -718,19 +718,19 @@ msgid "-m"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 #, fuzzy
 #| msgid ""
 #| "Set the minimum number of days between password changes to "
@@ -747,28 +747,28 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 #, fuzzy
 #| msgid "-"
 msgid "-M"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 #, fuzzy
 #| msgid "-"
 msgid "-W"
@@ -800,7 +800,7 @@ msgstr ""
 "message d'alerte."
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 #, fuzzy
 #| msgid ""
 #| "Passing the number <emphasis remap=\"I\">-1</emphasis> as "
@@ -814,12 +814,12 @@ msgstr ""
 "<replaceable>JOURS_MAX</replaceable> supprime la vérification de validité."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 #, fuzzy
 #| msgid "-"
@@ -827,12 +827,12 @@ msgid "-R"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -841,22 +841,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -864,12 +864,12 @@ msgid "CHROOT_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 #| msgid ""
@@ -886,19 +886,58 @@ msgstr ""
 "<replaceable>RÉP_CHROOT</replaceable>."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+#, fuzzy
+#| msgid "-"
+msgid "-P"
+msgstr "-"
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -917,12 +956,12 @@ msgstr ""
 "d'arriver en fin de validité."
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 #, fuzzy
 #| msgid ""
 #| "If none of the options are selected, <command>chage</command> operates in "
@@ -944,13 +983,13 @@ msgstr ""
 "actuelle est affichée entre crochets."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "NOTE"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -962,7 +1001,7 @@ msgstr ""
 "de mots de passe cachés (« shadow password file »)."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -976,7 +1015,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -985,7 +1024,7 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -993,7 +1032,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> command is restricted to the root user, "
@@ -1011,52 +1050,54 @@ msgstr ""
 "compte arrivera en fin de validité."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr "CONFIGURATION"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 #, fuzzy
 #| msgid ""
@@ -1070,126 +1111,126 @@ msgstr ""
 "filename> modifient le comportement de cet outil :"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "FICHIERS"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "Informations sur les comptes des utilisateurs."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "Informations sécurisées sur les comptes utilisateurs."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "VALEURS DE RETOUR"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "succès"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "permission refusée"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr "erreur de syntaxe"
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "impossible de trouver le fichier des mots de passe cachés"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1202,18 +1243,18 @@ msgstr ""
 "quittant : <placeholder-1/>"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "VOIR AUSSI"
 
@@ -1226,53 +1267,53 @@ msgstr "VOIR AUSSI"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1285,20 +1326,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr "shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1310,10 +1351,10 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
@@ -1331,8 +1372,8 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 #, fuzzy
 #| msgid "-"
 msgid "-o"
@@ -1411,7 +1452,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1470,12 +1511,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1498,8 +1539,8 @@ msgstr "Modifier le numéro de bureau de l'utilisateur."
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 #, fuzzy
 #| msgid "-"
@@ -1507,7 +1548,7 @@ msgid "-u"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 #, fuzzy
 #| msgid "-"
 msgid "-w"
@@ -1555,11 +1596,11 @@ msgstr ""
 "actuel."
 
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr ""
 "Configuration de la suite des mots de passe cachés « shadow password »."
@@ -1573,8 +1614,8 @@ msgstr ""
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
@@ -1582,25 +1623,25 @@ msgstr "chsh"
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr "Création, 2006"
 
@@ -1609,19 +1650,19 @@ msgstr "Création, 2006"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1634,43 +1675,43 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
 msgstr "Commandes de gestion du système"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr "Mettre à jour par lot des mots de passe des groupes"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 #, fuzzy
 #| msgid ""
 #| "The <command>chgpasswd</command> command reads a list of group name and "
@@ -1689,12 +1730,12 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr "nom_groupe"
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1703,12 +1744,12 @@ msgid "password"
 msgstr "passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 #, fuzzy
 #| msgid ""
 #| "By default the supplied password must be in clear-text, and is encrypted "
@@ -1721,8 +1762,8 @@ msgstr ""
 "<command>chgpasswd</command>."
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "ENCRYPT_METHOD"
@@ -1730,9 +1771,9 @@ msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #, fuzzy
 #| msgid "-"
@@ -1742,16 +1783,16 @@ msgstr "-"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -1769,7 +1810,7 @@ msgstr ""
 "<option>-m</option> ou <option>-c</option>."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
@@ -1778,48 +1819,102 @@ msgstr ""
 "importants de comptes sont créés en une seule fois."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr "Utiliser la méthode précisée pour chiffrer les mots de passe."
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
-msgstr "Les méthodes disponibles sont DES, MD5 et NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "DESCRIPTION"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
+msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
-"Les méthodes disponibles sont DES, MD5, NONE et SHA256 ou SHA512 si votre "
-"libc prend en charge ces méthodes."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 #, fuzzy
 #| msgid "encrypted password"
 msgid "--encrypted"
 msgstr "mot de passe chiffré"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr "Indiquer que les mots de passe fournis sont chiffrés."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1829,76 +1924,129 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 #, fuzzy
 #| msgid "-"
 msgid "-s"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr "Utiliser le nombre de rounds précisé pour chiffrer les mots de passe."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
-"La valeur 0 signifie que le système choisira la valeur par défaut du nombre "
-"de rounds pour la méthode de chiffrement (5 000)."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+"Par défaut, le nombre de rounds est défini par les variables "
+"SHA_CRYPT_MIN_ROUNDS et SHA_CRYPT_MAX_ROUNDS dans <filename>/etc/login.defs</"
+"filename>."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr ""
 "Une valeur minimale de 1 000 et une valeur maximale de 999 999 999 seront "
 "imposées."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+"Par défaut, le nombre de rounds est défini par les variables "
+"SHA_CRYPT_MIN_ROUNDS et SHA_CRYPT_MAX_ROUNDS dans <filename>/etc/login.defs</"
+"filename>."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
 msgstr ""
-"Vous ne pouvez utiliser cette méthode qu'avec les méthodes de chiffrement "
-"SHA256 ou SHA512."
+"Une valeur minimale de 1 000 et une valeur maximale de 999 999 999 seront "
+"imposées."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
 #| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
 #| "filename>."
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
 msgstr ""
 "Par défaut, le nombre de rounds est défini par les variables "
 "SHA_CRYPT_MIN_ROUNDS et SHA_CRYPT_MAX_ROUNDS dans <filename>/etc/login.defs</"
 "filename>."
 
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
+msgstr ""
+"Une valeur minimale de 1 000 et une valeur maximale de 999 999 999 seront "
+"imposées."
+
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "AVERTISSEMENTS"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
@@ -1907,7 +2055,7 @@ msgstr ""
 "fichiers non chiffrés par les d'autres utilisateurs."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1919,8 +2067,8 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1928,19 +2076,19 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "Informations sur les groupes."
@@ -1948,8 +2096,8 @@ msgstr "Informations sur les groupes."
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1957,17 +2105,17 @@ msgstr "Informations sur les groupes."
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "Informations sécurisées sur les groupes."
 
@@ -1977,12 +2125,12 @@ msgstr "Informations sécurisées sur les groupes."
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -1992,19 +2140,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -2016,20 +2164,20 @@ msgstr "Création, 1991"
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr "Mettre à jour des mots de passe par lot"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 #, fuzzy
 #| msgid ""
 #| "The <command>chpasswd</command> command reads a list of user name and "
@@ -2048,13 +2196,13 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr "nom_utilisateur"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "By default the passwords must be supplied in clear-text, and are "
@@ -2069,14 +2217,14 @@ msgstr ""
 "également mis à jour, s'il est présent."
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -2094,7 +2242,7 @@ msgstr ""
 "<option>-m</option> ou <option>-c</option>."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 #, fuzzy
 #| msgid ""
 #| "By default, passwords are encrypted by PAM, but (even if not recommended) "
@@ -2111,14 +2259,14 @@ msgstr ""
 "option>."
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 #, fuzzy
 #| msgid "By default, PAM is used to encrypt the passwords."
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr "Par défaut, PAM est utilisé pour chiffrer les mots de passe."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 #, fuzzy
 #| msgid ""
 #| "<phrase condition=\"pam\">Except when PAM is used to encrypt the "
@@ -2135,7 +2283,7 @@ msgstr ""
 "aucune erreur n'a eu lieu pour aucun utilisateur."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "When PAM is used to encrypt the passwords (and update the passwords in "
@@ -2155,17 +2303,17 @@ msgstr ""
 "d'erreur en sortie."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr "Par défaut, PAM est utilisé pour chiffrer les mots de passe."
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 #, fuzzy
 #| msgid ""
 #| "By default (if none of the <option>-c</option>, <option>-m</option>, or "
@@ -2183,46 +2331,17 @@ msgstr ""
 "<option>MD5_CRYPT_ENAB</option> de <filename>/etc/login.defs</filename>."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-#, fuzzy
-#| msgid ""
-#| "By default, the number of rounds is defined by the "
-#| "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
-#| "option> variables in <filename>/etc/login.defs</filename>."
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
-"Par défaut, le nombre de rounds est défini par les variables "
-"<option>SHA_CRYPT_MIN_ROUNDS</option> et <option>SHA_CRYPT_MAX_ROUNDS</"
-"option> dans <filename>/etc/login.defs</filename>."
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/pam.d/chpasswd"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 #, fuzzy
 #| msgid "PAM configuration for <command>passwd</command>."
 msgid "PAM configuration for <_:command-1/>."
@@ -2234,17 +2353,17 @@ msgstr "Configuration de PAM pour <command>passwd</command>."
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -2254,21 +2373,21 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -2300,8 +2419,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 #, fuzzy
 #| msgid "pw_shell"
 msgid "--shell"
@@ -2309,8 +2428,8 @@ msgstr "pw_shell"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -2351,12 +2470,13 @@ msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2391,11 +2511,97 @@ msgstr ""
 "un interpréteur restreint empêchera alors l'utilisateur de revenir ensuite à "
 "l'interpréteur précédent."
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr "Liste des interpréteurs de commandes initiaux valables."
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "Liste des interpréteurs de commandes initiaux valables."
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "Directory containing default files."
+msgid "Directory for additional user defined configuration files."
+msgstr "Répertoire contenant les fichiers par défaut."
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2411,7 +2617,7 @@ msgid "check and enforce password expiration policy"
 msgstr "Vérifier et sécuriser la durée de validité des mots de passe"
 
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 msgid "option"
 msgstr "option"
 
@@ -2458,7 +2664,7 @@ msgstr ""
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr "Création, 1989"
@@ -2479,7 +2685,7 @@ msgstr "faillog"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 #, fuzzy
 #| msgid "File Formats and Conversions"
@@ -2593,8 +2799,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 #, fuzzy
 #| msgid "-"
@@ -2602,7 +2808,7 @@ msgid "-a"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -2924,8 +3130,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -2933,30 +3139,30 @@ msgid "login"
 msgstr "login"
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr "rafal"
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr "Maszkowski"
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr "Création, 1996"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 #, fuzzy
 #| msgid "administer <placeholder-1/>"
 msgid "administer <_:filename-1/>"
 msgstr "Administrer <placeholder-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 #, fuzzy
 #| msgid "administer <placeholder-1/> and <placeholder-2/>"
 msgid "administer <_:filename-1/> and <_:filename-2/>"
@@ -2966,9 +3172,9 @@ msgstr "Administrer <placeholder-1/> et <placeholder-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -2977,19 +3183,19 @@ msgid "group"
 msgstr "groupe"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 #, fuzzy
 #| msgid "administrators"
 msgid "administrators,"
 msgstr "administrateurs"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -2997,14 +3203,14 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "-"
 msgid "-A"
 msgstr "-"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 #, fuzzy
 #| msgid ""
 #| "System administrators can use the <option>-A</option> option to define "
@@ -3021,21 +3227,21 @@ msgstr ""
 "administrateurs et membres du groupe."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 #, fuzzy
 #| msgid "administrators"
 msgid "a group administrator"
 msgstr "administrateurs"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 #, fuzzy
 #| msgid "administrators"
 msgid "a system administrator"
 msgstr "administrateurs"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -3046,8 +3252,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -3056,7 +3262,7 @@ msgid "newgrp"
 msgstr "newgrp"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 #, fuzzy
 #| msgid ""
 #| "If a password is set the members can still use "
@@ -3073,12 +3279,12 @@ msgstr ""
 "passe."
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr "Notes sur les mots de passe de groupe"
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -3090,7 +3296,7 @@ msgstr ""
 "différents utilisateurs."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 #, fuzzy
 #| msgid ""
 #| "Except for the <option>-A</option> and <option>-M</option> options, the "
@@ -3103,26 +3309,26 @@ msgstr ""
 "ne peuvent pas être combinées."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr "Les options ne peuvent pas être combinées."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "utilisateur"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 #, fuzzy
 #| msgid ""
 #| "Add the <replaceable>user</replaceable> to the named <replaceable>group</"
@@ -3133,12 +3339,12 @@ msgstr ""
 "replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 #, fuzzy
 #| msgid ""
 #| "Remove the <replaceable>user</replaceable> from the named "
@@ -3149,19 +3355,19 @@ msgstr ""
 "replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #, fuzzy
 #| msgid "-"
 msgid "-Q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 #, fuzzy
 #| msgid ""
 #| "Remove the password from the named <replaceable>group</replaceable>. The "
@@ -3179,12 +3385,12 @@ msgstr ""
 "replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 #, fuzzy
 #| msgid ""
 #| "Restrict the access to the named <replaceable>group</replaceable>. The "
@@ -3202,48 +3408,48 @@ msgstr ""
 "replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "administrators"
 msgid "--administrators"
 msgstr "administrateurs"
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr "Configurer la liste des administrateurs."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 #, fuzzy
 #| msgid "members"
 msgid "--members"
 msgstr "membres"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr "Configurer la liste des membres du groupe."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 msgid "and <_:filename-1/> files."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 #, fuzzy
 #| msgid "file"
 msgid "file."
 msgstr "fichier"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 #, fuzzy
 #| msgid ""
 #| "This tool only operates on the <filename>/etc/group</filename><phrase "
@@ -3268,11 +3474,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -3282,11 +3488,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -3296,10 +3502,10 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
@@ -3309,7 +3515,7 @@ msgstr "grpck"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -3317,12 +3523,12 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -3372,15 +3578,15 @@ msgstr ""
 #, fuzzy
 #| msgid "Usernames may only be up to 32 characters long."
 msgid "Groupnames may only be up to 32 characters long."
-msgstr "Les noms d'utilisateur sont limités à 16 caractères."
+msgstr "Les noms de groupe sont limités à 32 caractères."
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 #, fuzzy
 #| msgid "-"
@@ -3408,7 +3614,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -3417,8 +3623,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr ""
 
@@ -3457,7 +3663,7 @@ msgid "GID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "See also the <option>-r</option> option and the <option>UID_MAX</option> "
@@ -3470,33 +3676,33 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 #, fuzzy
 #| msgid "-"
 msgid "-K"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 #, fuzzy
 #| msgid "EXIT VALUES"
 msgid "VALUE"
 msgstr "VALEURS DE RETOUR"
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 #| msgid ""
 #| "<option>-u</option>, <option>--uid</option>&nbsp;<replaceable>UID</"
@@ -3522,14 +3728,14 @@ msgstr ""
 "être indiquée plusieurs fois."
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 #, fuzzy
 #| msgid "10"
 msgid "100"
 msgstr "10"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -3549,7 +3755,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -3569,7 +3775,7 @@ msgstr ""
 "replaceable>=<replaceable>499</replaceable> ne fonctionne pas pour l'instant."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -3589,13 +3795,13 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 #, fuzzy
 #| msgid "passwd"
@@ -3603,7 +3809,7 @@ msgid "--password"
 msgstr "passwd"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -3612,8 +3818,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -3623,11 +3829,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3647,7 +3853,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3668,7 +3874,7 @@ msgstr ""
 "visible des utilisateurs qui affichent la liste des processus. "
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
@@ -3677,7 +3883,7 @@ msgstr ""
 "mots de passe du système."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -3715,44 +3921,10 @@ msgstr ""
 "option>-<option>GID_MAX</option>"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-#, fuzzy
-#| msgid "-"
-msgid "-P"
-msgstr "-"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 #, fuzzy
 #| msgid "-"
@@ -3778,7 +3950,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 #, fuzzy
 #| msgid "-"
 msgid "-N"
@@ -3786,15 +3958,15 @@ msgstr "-"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 #, fuzzy
 #| msgid ""
 #| "The default behavior (if the <option>-g</option>, <option>-N</option>, "
@@ -3834,13 +4006,13 @@ msgstr ""
 "ou LDAP, <command>groupadd</command> refusera de créer le groupe."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "paramètre non valable pour l'option"
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3852,7 +4024,7 @@ msgid "GID is already used (when called without <_:option-1/>)"
 msgstr "UID déjà utilisé (et pas d'option <option>-o</option>)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3864,7 +4036,7 @@ msgid "group name is already used"
 msgstr "nom de groupe déjà utilisé"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr "impossible de mettre à jour le fichier des groupes"
@@ -3876,11 +4048,11 @@ msgstr "impossible de mettre à jour le fichier des groupes"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
@@ -3891,11 +4063,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3921,8 +4093,8 @@ msgstr "Supprimer un groupe"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GROUPE"
 
@@ -3977,13 +4149,13 @@ msgstr ""
 "subsiste sur tous les systèmes de fichiers."
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "le groupe spécifié n'existe pas"
 
@@ -4028,7 +4200,7 @@ msgstr "Création, 2000"
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
@@ -4212,7 +4384,7 @@ msgstr ""
 #| "\t$ groupmems -g groups -a gk4\n"
 #| "    "
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "\n"
@@ -4335,7 +4507,7 @@ msgstr ""
 "<option>SYS_UID_MAX</option> du fichier <filename>/etc/login.defs</filename>."
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 #, fuzzy
 #| msgid "-"
 msgid "-n"
@@ -4446,7 +4618,7 @@ msgid "E_CLEANUP_SERVICE: can't setup cleanup service"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -4682,7 +4854,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr "fichier"
 
@@ -4726,7 +4898,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -4759,8 +4931,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 #, fuzzy
 #| msgid "-"
 msgid "-S"
@@ -5026,7 +5198,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -5040,7 +5212,7 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
@@ -5102,7 +5274,7 @@ msgstr ""
 "d'apparition dans <filename>/etc/passwd</filename>."
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 #, fuzzy
 #| msgid "-"
@@ -5532,7 +5704,7 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr "nom_utilisateur"
 
@@ -6172,8 +6344,8 @@ msgstr "chsh"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -6388,12 +6560,12 @@ msgid "<_:citerefentry-1/>."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr "configuration de la suite des mots de passe cachés « shadow password »"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 #, fuzzy
 #| msgid ""
 #| "The <filename>/etc/login.defs</filename> file defines the site-specific "
@@ -6411,7 +6583,7 @@ msgstr ""
 "mais aura probablement des conséquences indésirables."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -6427,20 +6599,20 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 #, fuzzy
 #| msgid "0"
 msgid "0x"
 msgstr "0"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 #, fuzzy
 #| msgid ""
 #| "Parameter values may be of four types: strings, booleans, numbers, and "
@@ -6475,32 +6647,32 @@ msgstr ""
 "numériques normaux ou longs dépend de la machine."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr "Les paramètres de configuration suivants sont fournis :"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 #, fuzzy
 #| msgid ""
 #| "<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and "
@@ -6517,12 +6689,12 @@ msgstr ""
 "existants."
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr "RÉFÉRENCES CROISÉES"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -6534,65 +6706,81 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr "USE_TCB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 #| msgid "CHSH_AUTH LOGIN_STRING"
 msgid "LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+#, fuzzy
+#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr "MAX_MEMBERS_PER_GROUP"
 
@@ -6600,65 +6788,65 @@ msgstr "MAX_MEMBERS_PER_GROUP"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 #, fuzzy
 #| msgid "SYSLOG_SG_ENAB"
 msgid "FAILLOG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 #, fuzzy
 #| msgid "FILE"
 msgid "FTMP_FILE"
 msgstr "FICHIER"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -6668,17 +6856,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr "newgrp / sg"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
@@ -6688,10 +6876,11 @@ msgstr "SYSLOG_SG_ENAB"
 #| "SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX "
 #| "UID_MIN UMASK"
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
 "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -6700,27 +6889,28 @@ msgstr ""
 "SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 #| "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 #, fuzzy
 #| msgid ""
 #| "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -6736,7 +6926,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -6749,7 +6939,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -6757,22 +6947,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -6780,28 +6970,22 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 msgid "sulogin"
 msgstr "sulogin"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 #, fuzzy
 #| msgid ""
 #| "CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS "
@@ -6823,12 +7007,12 @@ msgstr ""
 "TCB_SYMLINK USE_TCB</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB "
@@ -6841,7 +7025,7 @@ msgstr ""
 "condition=\"tcb\">TCB_SYMLINKS USE_TCB</phrase>"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
@@ -6856,18 +7040,18 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "BOGUES"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 #, fuzzy
 #| msgid ""
 #| "Much of the functionality that used to be provided by the shadow password "
@@ -6895,14 +7079,14 @@ msgstr ""
 "PAM correspondant."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #, fuzzy
 #| msgid "pw_name"
 msgid "pam"
 msgstr "pw_name"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -7058,12 +7242,12 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr "Mettre à jour, ou créer de nouveaux utilisateurs par lots"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 #, fuzzy
 #| msgid ""
 #| "The <command>newusers</command> command reads a <replaceable>file</"
@@ -7087,22 +7271,22 @@ msgstr ""
 "citerefentry>) avec les exceptions suivantes :"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr "pw_name"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr "C'est le nom de l'utilisateur."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "It can be the name of a new user or the name of an existing user (or a "
@@ -7120,12 +7304,12 @@ msgstr ""
 "l'utilisateur seront modifiées, sinon un nouvel utilisateur sera créé."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_passwd"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
@@ -7134,17 +7318,17 @@ msgstr ""
 "chiffré."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
 msgstr "pw_uid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr "Ce champ est utilisé pour définir l'UID de l'utilisateur."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 #, fuzzy
 #| msgid ""
 #| "If the field is empty, a new (unused) UID will be defined automatically "
@@ -7157,12 +7341,12 @@ msgstr ""
 "automatiquement par <command>newusers</command>."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr "Si ce champ contient un nombre, ce nombre sera utilisé comme UID."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing user (or the name of a "
@@ -7178,7 +7362,7 @@ msgstr ""
 "l'utilisateur indiqué sera utilisé."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
@@ -7187,19 +7371,19 @@ msgstr ""
 "même le propriétaire des fichiers de l'utilisateur."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr ""
 "Ce champ est utilisé pour définir l'identifiant du groupe primaire de "
 "l'utilisateur."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing group (or a group created "
@@ -7215,7 +7399,7 @@ msgstr ""
 "utilisé comme identifiant de groupe primaire pour l'utilisateur."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -7226,7 +7410,7 @@ msgstr ""
 "nouveau groupe sera créé avec ce GID et le nom de l'utilisateur."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 #, fuzzy
 #| msgid ""
 #| "If this field is empty, a new group will be created with the name of the "
@@ -7244,7 +7428,7 @@ msgstr ""
 "l'utilisateur et comme GID pour le nouveau groupe."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of a group which does not exist (and was "
@@ -7265,33 +7449,33 @@ msgstr ""
 "primaire pour l'utilisateur et comme identifiant pour le nouveau groupe."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr "pw_gecos"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr "Ce champ est copié dans le champ GECOS de l'utilisateur."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr "pw_dir"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr ""
 "Ce champ est utilisé pour définir le répertoire personnel de l'utilisateur."
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -7304,7 +7488,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 #, fuzzy
 #| msgid ""
 #| "If the home directory of an existing user is changed, <command>newusers</"
@@ -7321,12 +7505,12 @@ msgstr ""
 "même."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr "pw_shell"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
@@ -7335,7 +7519,7 @@ msgstr ""
 "vérification n'est effectuée sur ce champ."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "<command>newusers</command> first tries to create or change all the "
@@ -7355,7 +7539,7 @@ msgstr ""
 "propagée dans les bases de données."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -7369,7 +7553,7 @@ msgstr ""
 "mais n'empêchent pas les mises à jour des autres mots de passe."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
@@ -7378,48 +7562,57 @@ msgstr ""
 "nombre de comptes sont mis à jour en même temps."
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+"Les méthodes disponibles sont DES, MD5, NONE et SHA256 ou SHA512 si votre "
+"libc prend en charge ces méthodes."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr "Créer un compte système."
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 #, fuzzy
 #| msgid ""
 #| "System users will be created with no aging information in <filename>/etc/"
@@ -7441,8 +7634,47 @@ msgstr ""
 "option>-<option>UID_MAX</option> (et leur <option>GID</option> correspondant "
 "pour la création de groupes)."
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr ""
+"Une valeur minimale de 1 000 et une valeur maximale de 999 999 999 seront "
+"imposées."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr ""
+"Une valeur minimale de 1 000 et une valeur maximale de 999 999 999 seront "
+"imposées."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr ""
+"Une valeur minimale de 1 000 et une valeur maximale de 999 999 999 seront "
+"imposées."
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
@@ -7450,53 +7682,53 @@ msgstr ""
 "mots de passe en clair."
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr "/etc/pam.d/newusers"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 msgid "/etc/subgid"
 msgstr "/etc/subgid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr "IDs des groupes subalternes d'un utilisateur."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 msgid "/etc/subuid"
 msgstr "/etc/subuid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr "IDs de utilisateurs subalternes d'un utilisateur."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
 #| msgid "/etc/subgid"
 msgid "subgid"
 msgstr "/etc/subgid"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
 #| msgid "/etc/subuid"
 msgid "subuid"
 msgstr "/etc/subuid"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -7550,12 +7782,12 @@ msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr "La commande <command>nologin</command> est apparue avec BSD 4.4."
 
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "Modifier le mot de passe d'un utilisateur"
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 #, fuzzy
 #| msgid ""
 #| "The <command>passwd</command> command changes passwords for user "
@@ -7576,12 +7808,12 @@ msgstr ""
 "de fin de validité du compte ou du mot de passe associé."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr "Modifications du mot de passe"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -7595,7 +7827,7 @@ msgstr ""
 "première étape de manière à changer les mots de passe ayant été oubliés."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 #, fuzzy
 #| msgid ""
 #| "After the password has been entered, password aging information is "
@@ -7613,7 +7845,7 @@ msgstr ""
 "<command>passwd</command> refuse de changer le mot de passe, et quitte."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -7624,59 +7856,25 @@ msgstr ""
 "être identiques pour que le mot de passe soit changé."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
-msgstr ""
-"La complexité de ce mot de passe est alors testée. Comme ligne de conduite "
-"générale, un mot de passe doit toujours être constitué de 6 à 8 caractères "
-"en en choisissant un ou plus parmi chacun des ensembles suivants :"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr "caractères alphabétiques minuscules"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr "chiffres de 0 à 9"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr "marques de ponctuation"
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-#, fuzzy
-#| msgid ""
-#| "Care must be taken not to include the system default erase or kill "
-#| "characters. <command>passwd</command> will reject any password which is "
-#| "not suitably complex."
+#: passwd.1.xml.out:98
 msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
-"Il faudra faire attention à ne pas utiliser les caractères de suppression ou "
-"d'effacement. <command>passwd</command> rejettera tout mot de passe dont la "
-"complexité ne sera pas suffisante."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr "Astuces pour les mots de passe"
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 #, fuzzy
 #| msgid ""
 #| "The security of a password depends upon the strength of the encryption "
@@ -7700,7 +7898,7 @@ msgstr ""
 "de clés dépend de l'aléa du mot de passe utilisé."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -7717,7 +7915,19 @@ msgstr ""
 "pour violer la sécurité du système."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 msgid ""
 "You can find advice on how to choose a strong password on http://en."
 "wikipedia.org/wiki/Password_strength"
@@ -7727,7 +7937,7 @@ msgstr ""
 
 # NOTE: pas clair
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 #, fuzzy
 #| msgid ""
 #| "This option can be used only with <option>-S</option> and causes show "
@@ -7740,7 +7950,7 @@ msgstr ""
 "d'afficher l'état des mots de passe pour tous les utilisateurs."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
@@ -7750,14 +7960,14 @@ msgstr ""
 "rend le compte indiqué sans mot de passe."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 #, fuzzy
 #| msgid "expiry"
 msgid "--expire"
 msgstr "expiry"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
@@ -7768,7 +7978,7 @@ msgstr ""
 
 # NOTE: Only this user account
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 #, fuzzy
 #| msgid ""
 #| "This option is used to disable an account after the password has been "
@@ -7788,20 +7998,20 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 #, fuzzy
 #| msgid "-"
 msgid "-k"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 # NOTE: pas clair
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
@@ -7813,12 +8023,12 @@ msgstr ""
 "encore valables."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
@@ -7829,12 +8039,12 @@ msgstr ""
 "passe chiffré possible (cela ajoute un « ! » au début du mot de passe)."
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 #, fuzzy
 #| msgid ""
 #| "Note that this does not disable the account. The user may still be able "
@@ -7854,44 +8064,44 @@ msgstr ""
 "la date d'expiration du compte au 2 janvier 1970)."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr ""
 "Les utilisateurs avec un mot de passe verrouillé ne sont pas autorisés à le "
 "changer."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 #, fuzzy
 #| msgid "-"
 msgid "-q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "Mode silencieux."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 #, fuzzy
 #| msgid "EDITOR"
 msgid "REPOSITORY"
 msgstr "EDITOR"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 #, fuzzy
 #| msgid "change password in <replaceable>REPOSITORY</replaceable> repository"
 msgid "change password in <_:replaceable-1/> repository"
@@ -7899,12 +8109,12 @@ msgstr ""
 "Modifier le mot de passe dans la base <replaceable>REPOSITORY</replaceable>"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -7924,12 +8134,12 @@ msgstr ""
 "en jours."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 #, fuzzy
 #| msgid ""
 #| "Unlock the password of the named account. This option re-enables a "
@@ -7945,7 +8155,7 @@ msgstr ""
 "présente avant l'utilisation de l'option <option>-l</option>)."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -7964,14 +8174,14 @@ msgstr ""
 "le point d'arriver en fin de validité."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 #, fuzzy
 #| msgid "-"
 msgid "-x"
 msgstr "-"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 #, fuzzy
 #| msgid ""
 #| "Set the maximum number of days a password remains valid. After "
@@ -7985,8 +8195,20 @@ msgstr ""
 "valable. Après <replaceable>JOURS_MAX</replaceable>, le mot de passe devra "
 "être modifié."
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
@@ -7997,7 +8219,7 @@ msgstr ""
 "mémoriser. "
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
@@ -8007,7 +8229,7 @@ msgstr ""
 "NIS."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 #, fuzzy
 #| msgid ""
 #| "<command>passwd</command> uses PAM to authenticate users and to change "
@@ -8019,29 +8241,29 @@ msgstr ""
 "modifier leur mot de passe."
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/pam.d/passwd"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "combinaison d'options non valable"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "échec inattendu, rien n'a été fait"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 #, fuzzy
 #| msgid "unexpected failure, <filename>passwd</filename> file missing"
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr "échec inattendu, le fichier <filename>passwd</filename> est manquant"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 #, fuzzy
 #| msgid "<filename>passwd</filename> file busy, try again"
 msgid "<_:filename-1/> file busy, try again"
@@ -8049,11 +8271,25 @@ msgstr ""
 "fichier <filename>passwd</filename> en cours d'utilisation, veuillez "
 "réessayer plus tard"
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:494
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:517
+msgid ""
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -10207,6 +10443,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -10669,7 +10910,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -10713,14 +10954,14 @@ msgstr ""
 "<option>USERGROUPS_ENAB</option>)"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 msgid "BASE_DIR"
 msgstr ""
 
@@ -10752,18 +10993,18 @@ msgstr ""
 "pas utilisée, <replaceable>RÉP_BASE</replaceable> doit exister."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -10874,7 +11115,7 @@ msgstr ""
 "dans le format <emphasis remap=\"I\">AAAA-MM-JJ</emphasis>."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -10922,7 +11163,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -11043,6 +11284,13 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GROUPE"
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
 #, fuzzy
@@ -11057,7 +11305,9 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 "Liste de groupes supplémentaires auxquels appartient également "
 "l'utilisateur. Chaque groupe est séparé du suivant par une virgule, sans "
@@ -11066,17 +11316,17 @@ msgstr ""
 "l'utilisateur est de n'appartenir qu'au groupe initial."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "SKEL_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 #, fuzzy
 #| msgid ""
 #| "The skeleton directory, which contains files and directories to be copied "
@@ -11093,12 +11343,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 #, fuzzy
 #| msgid ""
 #| "This option is only valid if the <option>-m</option> (or <option>--create-"
@@ -11111,19 +11361,19 @@ msgstr ""
 "create-home</option>) est utilisée."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "If this option is not set, the skeleton directory is defined by the "
@@ -11138,24 +11388,24 @@ msgstr ""
 "filename> ou, par défaut, <filename>/etc/skel</filename>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr "Si possible, les ACL et les attributs étendus seront copiés."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -11164,17 +11414,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr "N'ajoute pas l'utilisateur aux bases de données lastlog et faillog."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 msgid ""
 "By default, the user's entries in the lastlog and faillog databases are "
 "reset to avoid reusing the entry from a previously deleted user."
@@ -11184,12 +11434,12 @@ msgstr ""
 "utilisateur précédemment supprimé."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -11197,7 +11447,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "Create the user's home directory if it does not exist. The files and "
@@ -11214,12 +11464,12 @@ msgstr ""
 "personnel."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 #, fuzzy
 #| msgid ""
 #| "By default, if this option is not specified and <option>CREATE_HOME</"
@@ -11232,7 +11482,7 @@ msgstr ""
 "option> n'est pas activée, aucun répertoire personnel ne sera créé."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -11240,12 +11490,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 #, fuzzy
 #| msgid ""
 #| "Do no create the user's home directory, even if the system wide setting "
@@ -11261,12 +11511,12 @@ msgstr ""
 "replaceable>."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 #, fuzzy
 #| msgid ""
 #| "Do not create a group with the same name as the user, but add the user to "
@@ -11284,7 +11534,7 @@ msgstr ""
 "filename>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 #, fuzzy
 #| msgid ""
 #| "Allow the creation of a user account with a duplicate (non-unique) UID."
@@ -11294,7 +11544,7 @@ msgstr ""
 "dupliqué (non unique)."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -11304,7 +11554,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -11312,7 +11562,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -11321,7 +11571,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 #, fuzzy
 #| msgid ""
 #| "<emphasis role=\"bold\">Note:</emphasis> This option is not recommended "
@@ -11336,7 +11586,7 @@ msgstr ""
 "visible des utilisateurs qui affichent la liste des processus. "
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -11357,7 +11607,7 @@ msgstr ""
 "personnel soit créé pour un compte système."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -11377,7 +11627,7 @@ msgstr ""
 "personnel soit créé pour un compte système."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -11386,17 +11636,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "UID"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 #, fuzzy
 #| msgid ""
 #| "The numerical value of the user's ID. This value must be unique, unless "
@@ -11416,12 +11666,12 @@ msgstr ""
 "option> et supérieure aux identifiants de tous les autres utilisateurs."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
@@ -11430,42 +11680,64 @@ msgstr ""
 "l'utilisateur à ce groupe."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 #, fuzzy
 #| msgid "-"
 msgid "-Z"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr "Modifier les valeurs par défaut"
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 #, fuzzy
 #| msgid ""
 #| "When invoked with only the <option>-D</option> option, <command>useradd</"
@@ -11486,7 +11758,7 @@ msgstr ""
 "précisées. Les options valables sont :"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 #, fuzzy
 #| msgid ""
 #| "The path prefix for a new user's home directory. The user's name will be "
@@ -11506,8 +11778,8 @@ msgstr ""
 "compte."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 #, fuzzy
 #| msgid ""
 #| "This option sets the <option>HOME</option> variable in <filename>/etc/"
@@ -11518,14 +11790,14 @@ msgstr ""
 "default/useradd</filename>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 #, fuzzy
 #| msgid "The date on which the user account is disabled."
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr "Date à laquelle le compte utilisateur sera désactivé."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -11533,7 +11805,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -11541,23 +11813,23 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "NOTES"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 #, fuzzy
 #| msgid ""
 #| "The system administrator is responsible for placing the default user "
@@ -11575,7 +11847,7 @@ msgstr ""
 "ligne de commande)."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
@@ -11584,7 +11856,7 @@ msgstr ""
 "être effectué sur le serveur correspondant."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 #, fuzzy
 #| msgid ""
 #| "Similarly, if the username already exists in an external user database "
@@ -11599,12 +11871,12 @@ msgstr ""
 "le compte d'utilisateur."
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -11615,60 +11887,60 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
-msgstr "Les noms d'utilisateur sont limités à 16 caractères."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
+msgstr "Les noms d'utilisateur sont limités à 256 caractères."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "Valeurs par défaut pour la création de comptes."
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "OPTIONS"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-pre.d"
 msgstr "useradd"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-post.d"
 msgstr "useradd"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -11678,46 +11950,46 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr "Répertoire contenant les fichiers par défaut."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr "impossible de mettre à jour le fichier des mots de passe"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr "UID déjà utilisé (et pas d'option <option>-o</option>)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "group name already in use"
 msgid "username or group name already in use"
 msgstr "nom de groupe déjà utilisé"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr "impossible de créer le répertoire personnel"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 msgid "14"
 msgstr "14"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr "Ne peut pas mettre à jour l'association à un utilisateur SELinux"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -12613,8 +12885,15 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
+msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
 #, fuzzy
 #| msgid ""
 #| "You must make certain that the named user is not executing any processes "
@@ -12637,17 +12916,17 @@ msgstr ""
 "architectures pour vérifier si l'utilisateur est connecté."
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "You must change the owner of any <command>crontab</command> files or "
@@ -12661,28 +12940,28 @@ msgstr ""
 "command>."
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr ""
 "Les modifications qui concernent NIS doivent être effectuées sur le serveur "
 "NIS."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
 msgstr "Informations sur les groupes."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
+msgid "Secure group account information"
 msgstr "Informations sécurisées sur les groupes."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 #, fuzzy
 #| msgid "Shadow password suite configuration."
 msgid "Shadow password suite configuration"
@@ -12690,28 +12969,28 @@ msgstr ""
 "Configuration de la suite des mots de passe cachés « shadow password »."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
 msgstr "Informations sur les comptes des utilisateurs."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
 msgstr "Informations sécurisées sur les comptes utilisateurs."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 #, fuzzy
 #| msgid "Per user subordinate group IDs."
 msgid "Per user subordinate group IDs"
 msgstr "IDs des groupes subalternes d'un utilisateur."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 #, fuzzy
 #| msgid "Per user subordinate user IDs."
 msgid "Per user subordinate user IDs"
@@ -12765,7 +13044,7 @@ msgstr "vipw"
 #| "envar>, and finally the default editor, <citerefentry><refentrytitle>vi</"
 #| "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -14570,6 +14849,34 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>sulogin</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
+#~ msgid ""
+#~ "Then, the password is tested for complexity. As a general guideline, "
+#~ "passwords should consist of 6 to 8 characters including one or more "
+#~ "characters from each of the following sets:"
+#~ msgstr ""
+#~ "La complexité de ce mot de passe est alors testée. Comme ligne de "
+#~ "conduite générale, un mot de passe doit toujours être constitué de 6 à 8 "
+#~ "caractères en en choisissant un ou plus parmi chacun des ensembles "
+#~ "suivants :"
+
+#~ msgid "lower case alphabetics"
+#~ msgstr "caractères alphabétiques minuscules"
+
+#~ msgid "digits 0 thru 9"
+#~ msgstr "chiffres de 0 à 9"
+
+#~ msgid "punctuation marks"
+#~ msgstr "marques de ponctuation"
+
+#~ msgid ""
+#~ "Care must be taken not to include the system default erase or kill "
+#~ "characters. <command>passwd</command> will reject any password which is "
+#~ "not suitably complex."
+#~ msgstr ""
+#~ "Il faudra faire attention à ne pas utiliser les caractères de suppression "
+#~ "ou d'effacement. <command>passwd</command> rejettera tout mot de passe "
+#~ "dont la complexité ne sera pas suffisante."
+
 #~ msgid "<option>-d</option>, <option>--delete</option>"
 #~ msgstr "<option>-d</option>, <option>--delete</option>"
 
@@ -14865,6 +15172,18 @@ msgstr ""
 #~ msgid "<option>-s</option>, <option>--sha-rounds</option>"
 #~ msgstr "<option>-s</option>, <option>--sha-rounds</option>"
 
+#~ msgid ""
+#~ "The value 0 means that the system will choose the default number of "
+#~ "rounds for the crypt method (5000)."
+#~ msgstr ""
+#~ "La valeur 0 signifie que le système choisira la valeur par défaut du "
+#~ "nombre de rounds pour la méthode de chiffrement (5 000)."
+
+#~ msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#~ msgstr ""
+#~ "Vous ne pouvez utiliser cette méthode qu'avec les méthodes de chiffrement "
+#~ "SHA256 ou SHA512."
+
 #~ msgid "PAM configuration for <command>newusers</command>."
 #~ msgstr "Configuration de PAM pour <command>newusers</command>."
 
@@ -15972,6 +16291,9 @@ msgstr ""
 #~ "<option>-c</option>, <option>--crypt-method</option>&nbsp;"
 #~ "<replaceable>MÉTHODE</replaceable>"
 
+#~ msgid "The available methods are DES, MD5, and NONE."
+#~ msgstr "Les méthodes disponibles sont DES, MD5 et NONE."
+
 #~ msgid "<option>-e</option>, <option>--encrypted</option>"
 #~ msgstr "<option>-e</option>, <option>--encrypted</option>"
 
@@ -15985,6 +16307,15 @@ msgstr ""
 #~ "<option>-s</option>, <option>--sha-rounds</option>&nbsp;"
 #~ "<replaceable>ROUNDS</replaceable>"
 
+#~ msgid ""
+#~ "By default, the number of rounds is defined by the "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> variables in <filename>/etc/login.defs</filename>."
+#~ msgstr ""
+#~ "Par défaut, le nombre de rounds est défini par les variables "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> et <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> dans <filename>/etc/login.defs</filename>."
+
 #~ msgid "PAM configuration for <command>chpasswd</command>."
 #~ msgstr "Configuration de PAM pour <command>chpasswd</command>."
 
diff --git a/man/po/it.po b/man/po/it.po
index b898a06..dbf0570 100644
--- a/man/po/it.po
+++ b/man/po/it.po
@@ -8,7 +8,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.5\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2013-08-23 01:38+0200\n"
 "Last-Translator: Giuseppe Sacco <eppesuig@debian.org>\n"
 "Language-Team: Italian <tp@lists.linux.it>\n"
@@ -18,12 +18,12 @@ msgstr ""
 "Content-Transfer-Encoding: 8-bit\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -31,12 +31,12 @@ msgid "Julianne Frances"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -49,14 +49,14 @@ msgid "Creation, 1990"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -65,14 +65,14 @@ msgid "Thomas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -81,14 +81,14 @@ msgid "KÅ‚oczko"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -97,14 +97,14 @@ msgid "kloczek@pld.org.pl"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -113,15 +113,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -130,15 +130,15 @@ msgid "Nicolas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -147,15 +147,15 @@ msgid "François"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -164,15 +164,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -187,9 +187,9 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -198,11 +198,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -210,44 +210,44 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr "Comandi utente"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -256,20 +256,20 @@ msgid "shadow-utils"
 msgstr "shadow-utils"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 # type: Plain text
@@ -280,10 +280,10 @@ msgstr "cambia le informazioni sulla scadenza della password"
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -297,7 +297,7 @@ msgstr "opzioni"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
@@ -305,15 +305,15 @@ msgstr "LOGIN"
 
 # type: SH
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -342,12 +342,12 @@ msgstr ""
 # type: SH
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -356,12 +356,12 @@ msgstr "OPZIONI"
 
 # type: TP
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>su</command> command are:"
@@ -370,9 +370,9 @@ msgstr "Il comando <command>su</command> accetta le seguenti opzioni:"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 #, fuzzy
 #| msgid "-"
 msgid "-d"
@@ -392,34 +392,34 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
@@ -427,10 +427,10 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
@@ -460,7 +460,7 @@ msgid "-E"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -468,7 +468,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -505,7 +505,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 #, fuzzy
 #| msgid "1"
 msgid "-1"
@@ -528,26 +528,26 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
@@ -555,34 +555,34 @@ msgstr ""
 # type: IP
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
@@ -590,18 +590,18 @@ msgstr "<option>-a</option>, <option>--all</option>"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "Mostra un messaggio di aiuto ed esce."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 #, fuzzy
 #| msgid "-"
 msgid "-i"
@@ -625,8 +625,8 @@ msgid "-I"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -634,8 +634,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -679,10 +679,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -700,11 +700,11 @@ msgstr "Visualizza le informazioni sulla scadenza dell'account."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 #, fuzzy
 #| msgid "-"
@@ -712,20 +712,20 @@ msgid "-m"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 #, fuzzy
 #| msgid ""
 #| "Set the minimum number of days between password changes to "
@@ -742,26 +742,26 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 msgid "-M"
 msgstr "-M"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 #, fuzzy
 #| msgid "-"
 msgid "-W"
@@ -793,7 +793,7 @@ msgstr ""
 "fornisce un preavviso all'utente."
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 #, fuzzy
 #| msgid ""
 #| "Passing the number <emphasis remap=\"I\">-1</emphasis> as "
@@ -808,12 +808,12 @@ msgstr ""
 "della password."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 #, fuzzy
 #| msgid "-"
@@ -821,12 +821,12 @@ msgid "-R"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -835,22 +835,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -859,12 +859,12 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 #| msgid ""
@@ -881,20 +881,59 @@ msgstr ""
 "replaceable>."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+#, fuzzy
+#| msgid "-"
+msgid "-P"
+msgstr "-"
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -912,13 +951,13 @@ msgstr ""
 "avvertito dell'imminente scadenza."
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 #, fuzzy
 #| msgid ""
 #| "If none of the options are selected, <command>chage</command> operates in "
@@ -941,14 +980,14 @@ msgstr ""
 
 # type: SH
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "NOTA"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -960,7 +999,7 @@ msgstr ""
 "disponibile."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -974,7 +1013,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -983,7 +1022,7 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -992,7 +1031,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> command is restricted to the root user, "
@@ -1010,52 +1049,54 @@ msgstr ""
 "dell'account."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr "CONFIGURAZIONE"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 #, fuzzy
 #| msgid ""
@@ -1070,135 +1111,135 @@ msgstr ""
 
 # type: SH
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "FILE"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "Informazioni sugli account utente."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "Informazioni sicure sugli account utente."
 
 # type: SH
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "VALORI RESTITUITI"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "successo"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "permesso negato"
 
 # type: IP
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr "sintassi del comando errata"
 
 # type: IP
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "non è possibile trovare il file delle password shadow"
 
 # type: TP
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1212,18 +1253,18 @@ msgstr ""
 
 # type: SH
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "VEDERE ANCHE"
 
@@ -1236,22 +1277,22 @@ msgstr "VEDERE ANCHE"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
@@ -1259,31 +1300,31 @@ msgstr "passwd"
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1296,20 +1337,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr "shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1321,10 +1362,10 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
@@ -1343,8 +1384,8 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 #, fuzzy
 #| msgid "-"
 msgid "-o"
@@ -1424,7 +1465,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1484,12 +1525,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1512,8 +1553,8 @@ msgstr "Cambia il numero della stanza dell'utente."
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 #, fuzzy
 #| msgid "-"
@@ -1521,7 +1562,7 @@ msgid "-u"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 #, fuzzy
 #| msgid "-"
 msgid "-w"
@@ -1569,11 +1610,11 @@ msgstr ""
 "<command>chfn</command> opera sull'account corrente."
 
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr "Configurazione del pacchetto password shadow"
 
@@ -1586,8 +1627,8 @@ msgstr "Configurazione del pacchetto password shadow"
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
@@ -1595,25 +1636,25 @@ msgstr "chsh"
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr ""
 
@@ -1622,19 +1663,19 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1647,31 +1688,31 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
@@ -1679,13 +1720,13 @@ msgstr "Comandi per la gestione del sistema"
 
 # type: Plain text
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr "aggiorna le password di gruppo in modalità non interattiva"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 #, fuzzy
 #| msgid ""
 #| "The <command>chgpasswd</command> command reads a list of group name and "
@@ -1703,12 +1744,12 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr "group_name"
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1717,13 +1758,13 @@ msgid "password"
 msgstr "passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 #, fuzzy
 #| msgid ""
 #| "By default the supplied password must be in clear-text, and is encrypted "
@@ -1736,8 +1777,8 @@ msgstr ""
 "da <command>chgpasswd</command>."
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "ENCRYPT_METHOD"
@@ -1745,9 +1786,9 @@ msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #, fuzzy
 #| msgid "-"
@@ -1757,16 +1798,16 @@ msgstr "-"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -1785,7 +1826,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
@@ -1794,32 +1835,87 @@ msgstr ""
 "necessità di creare molti account nello stesso momento."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr "Utilizza il metodo specificato per cifrare le password."
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
-msgstr "I metodi disponibili sono DES, MD5 e NONE (nessuno)."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr ""
+
+# type: SH
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "DESCRIZIONE"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
+msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
-"I metodi disponibili sono DES, MD5, NONE e SHA256 o SHA512 se la propria "
-"libc lo consente."
 
 # type: Plain text
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 #, fuzzy
 #| msgid "encrypted password"
 msgid "--encrypted"
@@ -1827,18 +1923,18 @@ msgstr "password cifrata"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr "Le password fornite sono in forma cifrata."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1847,75 +1943,124 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 #, fuzzy
 #| msgid "-"
 msgid "-s"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr "Usa il numero specificato di cicli per cifrare la password."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
+msgid ""
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
-"Il valore 0 indica che il sistema utilizzerà il numero predefinito di cicli "
-"per il metodo crypt (5000)."
+"Il numero di cicli predefinito è impostato con le variabili "
+"SHA_CRYPT_MIN_ROUNDS e SHA_CRYPT_MAX_ROUNDS nel file <filename>/etc/login."
+"defs</filename>."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr "I valori minimo di 1.000 e massimo di 999.999.999 sono forzati."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
-"Si può utilizzare questa opzione solo con i metodi di cifratura SHA256 o "
-"SHA512."
+"Il numero di cicli predefinito è impostato con le variabili "
+"SHA_CRYPT_MIN_ROUNDS e SHA_CRYPT_MAX_ROUNDS nel file <filename>/etc/login."
+"defs</filename>."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
+msgstr "I valori minimo di 1.000 e massimo di 999.999.999 sono forzati."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
 #| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
 #| "filename>."
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
 msgstr ""
 "Il numero di cicli predefinito è impostato con le variabili "
 "SHA_CRYPT_MIN_ROUNDS e SHA_CRYPT_MAX_ROUNDS nel file <filename>/etc/login."
 "defs</filename>."
 
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
+msgstr "I valori minimo di 1.000 e massimo di 999.999.999 sono forzati."
+
 # type: SH
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "AVVISI/CAVEAT"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
@@ -1924,7 +2069,7 @@ msgstr ""
 "in chiaro da parte di altri utenti."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1936,8 +2081,8 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1945,20 +2090,20 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "Informazioni sugli account di gruppo."
@@ -1966,8 +2111,8 @@ msgstr "Informazioni sugli account di gruppo."
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1975,18 +2120,18 @@ msgstr "Informazioni sugli account di gruppo."
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "Informazioni sicure sugli account di gruppo."
 
@@ -1996,12 +2141,12 @@ msgstr "Informazioni sicure sugli account di gruppo."
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -2011,19 +2156,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -2035,22 +2180,22 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
 # type: Plain text
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr "aggiorna le password in modo non interattivo"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 #, fuzzy
 #| msgid ""
 #| "The <command>chpasswd</command> command reads a list of user name and "
@@ -2068,14 +2213,14 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr "user_name"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "By default the passwords must be supplied in clear-text, and are "
@@ -2090,14 +2235,14 @@ msgstr ""
 "presenti, anche le informazioni sulla durata delle password."
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -2115,7 +2260,7 @@ msgstr ""
 "<option>-m</option> o <option>-c</option>."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 #, fuzzy
 #| msgid ""
 #| "By default, passwords are encrypted by PAM, but (even if not recommended) "
@@ -2131,14 +2276,14 @@ msgstr ""
 "le opzioni <option>-e</option>, <option>-m</option> e <option>-c</option>."
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 #, fuzzy
 #| msgid "By default, PAM is used to encrypt the passwords."
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr "PAM viene utilizzato, in maniera predefinita, per cifrare le password."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 #, fuzzy
 #| msgid ""
 #| "<phrase condition=\"pam\">Except when PAM is used to encrypt the "
@@ -2155,7 +2300,7 @@ msgstr ""
 "nessun utente."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "When PAM is used to encrypt the passwords (and update the passwords in "
@@ -2174,17 +2319,17 @@ msgstr ""
 "degli utenti seguenti, e restituisce un codice d'errore all'uscita."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr "PAM viene utilizzato, in maniera predefinita, per cifrare le password."
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 #, fuzzy
 #| msgid ""
 #| "By default (if none of the <option>-c</option>, <option>-m</option>, or "
@@ -2202,47 +2347,18 @@ msgstr ""
 "<option>MD5_CRYPT_ENAB</option> in <filename>/etc/login.defs</filename>."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-#, fuzzy
-#| msgid ""
-#| "By default, the number of rounds is defined by the "
-#| "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
-#| "option> variables in <filename>/etc/login.defs</filename>."
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
-"Il numero di cicli è definito dalle variabili <option>SHA_CRYPT_MIN_ROUNDS</"
-"option> e <option>SHA_CRYPT_MAX_ROUNDS</option> in <filename>/etc/login."
-"defs</filename>."
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/pam.d/chpasswd"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 #, fuzzy
 #| msgid "PAM configuration for <command>passwd</command>."
 msgid "PAM configuration for <_:command-1/>."
@@ -2254,17 +2370,17 @@ msgstr "configurazione PAM per <command>passwd</command>."
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -2274,21 +2390,21 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -2321,8 +2437,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 #, fuzzy
 #| msgid "pw_shell"
 msgid "--shell"
@@ -2330,8 +2446,8 @@ msgstr "pw_shell"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -2371,12 +2487,13 @@ msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2411,12 +2528,100 @@ msgstr ""
 "accidentalmente un utente selezionasse una shell limitata, non potrebbe più "
 "tornare alla shell di login che usava originariamente."
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 # type: Plain text
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr "Elenco delle shell di login ammesse."
 
+# type: Plain text
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "Elenco delle shell di login ammesse."
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+# type: Plain text
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "Directory containing default files."
+msgid "Directory for additional user defined configuration files."
+msgstr "Directory contenente i file predefiniti."
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2433,7 +2638,7 @@ msgid "check and enforce password expiration policy"
 msgstr "controlla e fa rispettare la scadenza della password"
 
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 msgid "option"
 msgstr "opzione"
 
@@ -2480,7 +2685,7 @@ msgstr ""
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr ""
@@ -2501,7 +2706,7 @@ msgstr "faillog"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 #, fuzzy
 #| msgid "File Formats and Conversions"
@@ -2622,8 +2827,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 #, fuzzy
 #| msgid "-"
@@ -2631,7 +2836,7 @@ msgid "-a"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -2956,8 +3161,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -2965,30 +3170,30 @@ msgid "login"
 msgstr "login"
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 #, fuzzy
 #| msgid "administer <placeholder-1/>"
 msgid "administer <_:filename-1/>"
 msgstr "amministra <placeholder-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 #, fuzzy
 #| msgid "administer <placeholder-1/> and <placeholder-2/>"
 msgid "administer <_:filename-1/> and <_:filename-2/>"
@@ -2998,9 +3203,9 @@ msgstr "amministra <placeholder-1/> e <placeholder-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -3009,19 +3214,19 @@ msgid "group"
 msgstr "gruppo"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 #, fuzzy
 #| msgid "administrators"
 msgid "administrators,"
 msgstr "amministratori"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -3029,7 +3234,7 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "-"
 msgid "-A"
@@ -3037,7 +3242,7 @@ msgstr "-"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 #, fuzzy
 #| msgid ""
 #| "System administrators can use the <option>-A</option> option to define "
@@ -3054,21 +3259,21 @@ msgstr ""
 "amministratori di gruppo e dei membri."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 #, fuzzy
 #| msgid "administrators"
 msgid "a group administrator"
 msgstr "amministratori"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 #, fuzzy
 #| msgid "administrators"
 msgid "a system administrator"
 msgstr "amministratori"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -3079,8 +3284,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -3090,7 +3295,7 @@ msgstr "newgrp"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 #, fuzzy
 #| msgid ""
 #| "If a password is set the members can still use "
@@ -3107,13 +3312,13 @@ msgstr ""
 
 # type: SS
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr "Note sulle password di gruppo"
 
 # type: Plain text
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -3125,7 +3330,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 #, fuzzy
 #| msgid ""
 #| "Except for the <option>-A</option> and <option>-M</option> options, the "
@@ -3138,27 +3343,27 @@ msgstr ""
 "non possono essere combinate."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr "Le opzioni non possono essere combinate."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "utente"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 #, fuzzy
 #| msgid ""
 #| "Add the <replaceable>user</replaceable> to the named <replaceable>group</"
@@ -3169,13 +3374,13 @@ msgstr ""
 "replaceable> indicato."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 #, fuzzy
 #| msgid ""
 #| "Remove the <replaceable>user</replaceable> from the named "
@@ -3186,19 +3391,19 @@ msgstr ""
 "replaceable> indicato."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #, fuzzy
 #| msgid "-"
 msgid "-Q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 #, fuzzy
 #| msgid ""
 #| "Remove the password from the named <replaceable>group</replaceable>. The "
@@ -3216,12 +3421,12 @@ msgstr ""
 "replaceable> indicato."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 #, fuzzy
 #| msgid ""
 #| "Restrict the access to the named <replaceable>group</replaceable>. The "
@@ -3239,49 +3444,49 @@ msgstr ""
 "<replaceable>gruppo</replaceable> indicato."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "administrators"
 msgid "--administrators"
 msgstr "amministratori"
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr "Imposta l'elenco degli utenti amministratori."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 #, fuzzy
 #| msgid "members"
 msgid "--members"
 msgstr "membri"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr "Definisce l'elenco dei membri del gruppo."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 msgid "and <_:filename-1/> files."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 #, fuzzy
 #| msgid "file"
 msgid "file."
 msgstr "file"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 #, fuzzy
 #| msgid ""
 #| "This tool only operates on the <filename>/etc/group</filename><phrase "
@@ -3305,11 +3510,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -3319,11 +3524,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -3333,10 +3538,10 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
@@ -3346,7 +3551,7 @@ msgstr "grpck"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -3354,12 +3559,12 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -3419,8 +3624,8 @@ msgstr "I nomi utente non possono eccedere i 32 caratteri di lunghezza."
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 #, fuzzy
 #| msgid "-"
@@ -3448,7 +3653,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -3457,8 +3662,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr ""
 
@@ -3499,7 +3704,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "See also the <option>-r</option> option and the <option>UID_MAX</option> "
@@ -3512,27 +3717,27 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 #, fuzzy
 #| msgid "-"
 msgid "-K"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr ""
 
 # type: SH
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 #, fuzzy
 #| msgid "EXIT VALUES"
 msgid "VALUE"
@@ -3540,7 +3745,7 @@ msgstr "VALORI RESTITUITI"
 
 # type: TP
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 #| msgid ""
 #| "<option>-u</option>, <option>--uid</option>&nbsp;<replaceable>UID</"
@@ -3566,14 +3771,14 @@ msgstr ""
 
 # type: IP
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 #, fuzzy
 #| msgid "10"
 msgid "100"
 msgstr "10"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -3595,7 +3800,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -3615,7 +3820,7 @@ msgstr ""
 "replaceable>=<replaceable>499</replaceable> non funziona ancora."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -3635,13 +3840,13 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 #, fuzzy
 #| msgid "passwd"
@@ -3649,7 +3854,7 @@ msgid "--password"
 msgstr "passwd"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -3658,8 +3863,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -3670,11 +3875,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3694,7 +3899,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3715,7 +3920,7 @@ msgstr ""
 "elencano i processi."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
@@ -3724,7 +3929,7 @@ msgstr ""
 "sistema."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -3763,44 +3968,10 @@ msgstr ""
 "option>-<option>GID_MAX</option>."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-#, fuzzy
-#| msgid "-"
-msgid "-P"
-msgstr "-"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 #, fuzzy
 #| msgid "-"
@@ -3824,7 +3995,7 @@ msgstr "Gli amministratori possono cambiare la password o i membri del gruppo."
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 #, fuzzy
 #| msgid "-"
 msgid "-N"
@@ -3832,15 +4003,15 @@ msgstr "-"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 #, fuzzy
 #| msgid ""
 #| "The default behavior (if the <option>-g</option>, <option>-N</option>, "
@@ -3882,14 +4053,14 @@ msgstr ""
 "gruppo."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "argomento non valido per l'opzione"
 
 # type: IP
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3901,7 +4072,7 @@ msgid "GID is already used (when called without <_:option-1/>)"
 msgstr "UID già in uso (e <option>-o</option> assente)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3914,7 +4085,7 @@ msgstr "nome di gruppo già in uso"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr "non è possibile aggiornare il file group"
@@ -3926,11 +4097,11 @@ msgstr "non è possibile aggiornare il file group"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
@@ -3941,11 +4112,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3973,8 +4144,8 @@ msgstr "rimuove un gruppo"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GRUPPO"
 
@@ -4032,14 +4203,14 @@ msgstr ""
 "rimanga alcun file avente questo ID di gruppo."
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "il gruppo specificato non esiste"
 
@@ -4085,7 +4256,7 @@ msgstr ""
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
@@ -4272,7 +4443,7 @@ msgstr ""
 #| "\t$ groupmems -g groups -a gk4\n"
 #| "    "
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "\n"
@@ -4399,7 +4570,7 @@ msgstr ""
 "<option>SYS_UID_MAX</option> dal file <filename>/etc/login.defs</filename>."
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 #, fuzzy
 #| msgid "-"
 msgid "-n"
@@ -4516,7 +4687,7 @@ msgstr ""
 
 # type: IP
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -4761,7 +4932,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr "file"
 
@@ -4807,7 +4978,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -4840,8 +5011,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 #, fuzzy
 #| msgid "-"
 msgid "-S"
@@ -5117,7 +5288,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -5131,7 +5302,7 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
@@ -5196,7 +5367,7 @@ msgstr ""
 "in <filename>/etc/passwd</filename>."
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 #, fuzzy
 #| msgid "-"
@@ -5623,7 +5794,7 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr "nome"
 
@@ -6285,8 +6456,8 @@ msgstr "chsh"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -6500,12 +6671,12 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr "configurazione del pacchetto password shadow"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 #, fuzzy
 #| msgid ""
 #| "The <filename>/etc/login.defs</filename> file defines the site-specific "
@@ -6523,7 +6694,7 @@ msgstr ""
 "probabilmente sarà causa di risultati non desiderati."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -6539,21 +6710,21 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 # type: IP
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 #, fuzzy
 #| msgid "0"
 msgid "0x"
 msgstr "0"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 #, fuzzy
 #| msgid ""
 #| "Parameter values may be of four types: strings, booleans, numbers, and "
@@ -6588,32 +6759,32 @@ msgstr ""
 "dalla macchina."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr "Sono forniti i seguenti parametri di configurazione:"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 #, fuzzy
 #| msgid ""
 #| "<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and "
@@ -6630,12 +6801,12 @@ msgstr ""
 "modifica gli account preesistenti."
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr "RIFERIMENTI INCROCIATI"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -6647,65 +6818,81 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr "USE_TCB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 #| msgid "CHSH_AUTH LOGIN_STRING"
 msgid "LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+#, fuzzy
+#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr "MAX_MEMBERS_PER_GROUP"
 
@@ -6713,29 +6900,29 @@ msgstr "MAX_MEMBERS_PER_GROUP"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 #, fuzzy
 #| msgid "SYSLOG_SG_ENAB"
 msgid "FAILLOG_ENAB"
@@ -6743,36 +6930,36 @@ msgstr "SYSLOG_SG_ENAB"
 
 # type: SH
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 #, fuzzy
 #| msgid "FILE"
 msgid "FTMP_FILE"
 msgstr "FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -6782,17 +6969,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr "newgrp / sg"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
@@ -6801,10 +6988,11 @@ msgstr "SYSLOG_SG_ENAB"
 #| "phrase> SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
 #| "UMASK"
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
 "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -6812,27 +7000,28 @@ msgstr ""
 "SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 #| "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 #, fuzzy
 #| msgid ""
 #| "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -6848,7 +7037,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -6861,7 +7050,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -6869,22 +7058,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -6892,28 +7081,22 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 msgid "sulogin"
 msgstr "sulogin"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 #, fuzzy
 #| msgid ""
 #| "CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS "
@@ -6933,12 +7116,12 @@ msgstr ""
 "USE_TCB</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB "
@@ -6951,7 +7134,7 @@ msgstr ""
 "<phrase condition=\"tcb\">TCB_SYMLINKS USE_TCB</phrase>"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
@@ -6966,20 +7149,20 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 # type: SH
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "ERRORI"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 #, fuzzy
 #| msgid ""
 #| "Much of the functionality that used to be provided by the shadow password "
@@ -7005,14 +7188,14 @@ msgstr ""
 "manvolnum></citerefentry>. Vedere la corrispondente configurazione di PAM."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #, fuzzy
 #| msgid "pw_name"
 msgid "pam"
 msgstr "pw_name"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -7171,12 +7354,12 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr "aggiorna e crea nuovi utenti in blocco"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 #, fuzzy
 #| msgid ""
 #| "The <command>newusers</command> command reads a <replaceable>file</"
@@ -7199,22 +7382,22 @@ msgstr ""
 "citerefentry>) con le seguenti eccezioni:"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr "pw_name"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr "Il nome dell'utente."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "It can be the name of a new user or the name of an existing user (or an "
@@ -7232,12 +7415,12 @@ msgstr ""
 "creato un nuovo utente."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_passwd"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
@@ -7246,17 +7429,17 @@ msgstr ""
 "cifrata."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
 msgstr "pw_uid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr "Definisce l'UID dell'utente."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 #, fuzzy
 #| msgid ""
 #| "If the field is empty, an new (unused) UID will be defined automatically "
@@ -7269,12 +7452,12 @@ msgstr ""
 "utilizzato) da parte di <command>newusers</command>."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr "Se questo campo contiene un numero, verrà utilizzato come UID."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing user (or the name of an "
@@ -7290,7 +7473,7 @@ msgstr ""
 "utilizzato l'UID dell'utente specificato."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
@@ -7299,17 +7482,17 @@ msgstr ""
 "proprietà dell'utente stesso andrà cambiata manualmente."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr "Definisce il l'ID del gruppo primario dell'utente."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing group (or a group created "
@@ -7325,7 +7508,7 @@ msgstr ""
 "gruppo primario di questo utente il GID del gruppo stesso."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -7336,7 +7519,7 @@ msgstr ""
 "viene creato uno con il nome dell'utente e il GID specificato."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 #, fuzzy
 #| msgid ""
 #| "If this field is empty, a new group will be created with the name of the "
@@ -7354,7 +7537,7 @@ msgstr ""
 "del nuovo gruppo."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of a group which does not exist (and was "
@@ -7375,32 +7558,32 @@ msgstr ""
 "primario dell'utente e come GID per il nuovo gruppo."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr "pw_gecos"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr "Questo campo viene copiato nel campo GECOS dell'utente."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr "pw_dir"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr "Questo campo è utilizzato per impostare la directory home dell'utente."
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -7413,7 +7596,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 #, fuzzy
 #| msgid ""
 #| "If the home directory of an existing user is changed, <command>newusers</"
@@ -7429,12 +7612,12 @@ msgstr ""
 "nuova. Questo va fatto manualmente."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr "pw_shell"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
@@ -7443,7 +7626,7 @@ msgstr ""
 "nessun controllo."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "<command>newusers</command> first tries to create or change all the "
@@ -7462,7 +7645,7 @@ msgstr ""
 "nessuna modifica viene scritta sui database."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -7477,7 +7660,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
@@ -7486,48 +7669,57 @@ msgstr ""
 "account sono aggiornati allo stesso tempo."
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+"I metodi disponibili sono DES, MD5, NONE e SHA256 o SHA512 se la propria "
+"libc lo consente."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr "Crea un account di sistema."
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 #, fuzzy
 #| msgid ""
 #| "System users will be created with no aging information in <filename>/etc/"
@@ -7550,65 +7742,98 @@ msgstr ""
 "option> (e la loro controparte <option>GID</option> per la creazione dei "
 "gruppi)."
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr "I valori minimo di 1.000 e massimo di 999.999.999 sono forzati."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr "I valori minimo di 1.000 e massimo di 999.999.999 sono forzati."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr "I valori minimo di 1.000 e massimo di 999.999.999 sono forzati."
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
 "Il file di input deve essere protetto poiché contiene password non cifrate."
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr "/etc/pam.d/newusers"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -7664,13 +7889,13 @@ msgstr "Il comando <command>nologin</command> è apparso in BSD 4.4."
 
 # type: Plain text
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "cambia la password utente"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 #, fuzzy
 #| msgid ""
 #| "The <command>passwd</command> command changes passwords for user "
@@ -7691,13 +7916,13 @@ msgstr ""
 
 # type: SS
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr "Modifiche delle password"
 
 # type: Plain text
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -7712,7 +7937,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 #, fuzzy
 #| msgid ""
 #| "After the password has been entered, password aging information is "
@@ -7731,7 +7956,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -7741,67 +7966,28 @@ msgstr ""
 "due password sono confrontate e devono essere uguali affinché la password "
 "venga accettata."
 
-# type: Plain text
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
-msgstr ""
-"Quindi viene misurata la complessità della password. In linea di massima le "
-"password dovrebbero contenere dai 6 agli 8 caratteri, includendovi uno o più "
-"caratteri da ciascuno dei seguenti insiemi:"
-
-# type: Plain text
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr "lettere minuscole"
-
-# type: Plain text
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr "numeri da 0 a 9"
-
-# type: Plain text
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr "segni di punteggiatura"
-
-# type: Plain text
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-#, fuzzy
-#| msgid ""
-#| "Care must be taken not to include the system default erase or kill "
-#| "characters. <command>passwd</command> will reject any password which is "
-#| "not suitably complex."
+#: passwd.1.xml.out:98
 msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
-"Si deve fare attenzione a non inserire il carattere di cancellazione o di "
-"kill (azzeramento della riga). <command>passwd</command> non accetta "
-"password non sufficientemente complesse."
 
 # type: SS
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr "Suggerimenti per password utente"
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 #, fuzzy
 #| msgid ""
 #| "The security of a password depends upon the strength of the encryption "
@@ -7826,7 +8012,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -7842,7 +8028,19 @@ msgstr ""
 "essere indovinato per violare la sicurezza del sistema."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 #, fuzzy
 #| msgid ""
 #| "You can find advices on how to choose a strong password on http://en."
@@ -7855,7 +8053,7 @@ msgstr ""
 "http://en.wikipedia.org/wiki/Password_strength"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 #, fuzzy
 #| msgid ""
 #| "This option can be used only with <option>-S</option> and causes show "
@@ -7868,7 +8066,7 @@ msgstr ""
 "lo stato per ogni utente."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
@@ -7878,14 +8076,14 @@ msgstr ""
 "senza password."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 #, fuzzy
 #| msgid "expiry"
 msgid "--expire"
 msgstr "expiry"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
@@ -7894,7 +8092,7 @@ msgstr ""
 "cambio password al successivo accesso da parte dell'utente."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 #, fuzzy
 #| msgid ""
 #| "This option is used to disable an account after the password has been "
@@ -7914,19 +8112,19 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 #, fuzzy
 #| msgid "-"
 msgid "-k"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
@@ -7937,12 +8135,12 @@ msgstr ""
 "scaduti."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
@@ -7953,12 +8151,12 @@ msgstr ""
 "(aggiunge un «!» all'inizio della password)."
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 #, fuzzy
 #| msgid ""
 #| "Note that this does not disable the account. The user may still be able "
@@ -7977,42 +8175,42 @@ msgstr ""
 "expiredate 1</command> (che imposta la data di scadenza al 2 gennaio 1970)."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr "Gli utenti con password bloccata non la possono cambiare."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 #, fuzzy
 #| msgid "-"
 msgid "-q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "Modalità silenziosa."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 #, fuzzy
 #| msgid "EDITOR"
 msgid "REPOSITORY"
 msgstr "EDITOR"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 #, fuzzy
 #| msgid "change password in <replaceable>REPOSITORY</replaceable> repository"
 msgid "change password in <_:replaceable-1/> repository"
@@ -8020,13 +8218,13 @@ msgstr ""
 "cambia la password nel repository <replaceable>REPOSITORY</replaceable>"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -8044,12 +8242,12 @@ msgstr ""
 "periodo di avviso e quello di inattività. Queste età sono espresse in giorni."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 #, fuzzy
 #| msgid ""
 #| "Unlock the password of the named account. This option re-enables a "
@@ -8066,7 +8264,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -8084,14 +8282,14 @@ msgstr ""
 "l'utente viene avvertito dell'imminente scadenza."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 #, fuzzy
 #| msgid "-"
 msgid "-x"
 msgstr "-"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 #, fuzzy
 #| msgid ""
 #| "Set the maximum number of days a password remains valid. After "
@@ -8105,9 +8303,21 @@ msgstr ""
 "<replaceable>MAX_GIORNI</replaceable> viene richiesto di cambiare la "
 "password."
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
@@ -8117,7 +8327,7 @@ msgstr ""
 "sufficientemente complessa."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
@@ -8126,7 +8336,7 @@ msgstr ""
 "NIS è abilitato ed essi non sono collegati al server NIS."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 #, fuzzy
 #| msgid ""
 #| "<command>passwd</command> uses PAM to authenticate users and to change "
@@ -8138,22 +8348,22 @@ msgstr ""
 "cambiare le loro password."
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/pam.d/passwd"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "combinazione di opzioni non valida"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "errore non previsto, nulla di fatto"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 #, fuzzy
 #| msgid "unexpected failure, <filename>passwd</filename> file missing"
 msgid "unexpected failure, <_:filename-1/> file missing"
@@ -8161,17 +8371,31 @@ msgstr "errore non previsto, file <filename>passwd</filename> mancante"
 
 # type: TP
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 #, fuzzy
 #| msgid "<filename>passwd</filename> file busy, try again"
 msgid "<_:filename-1/> file busy, try again"
 msgstr "file <filename>passwd</filename> occupato, provare di nuovo"
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:494
+msgid ""
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:517
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 # type: Plain text
@@ -10386,6 +10610,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -10859,7 +11088,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -10904,14 +11133,14 @@ msgstr ""
 "<option>USERGROUPS_ENAB</option>).\""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 msgid "BASE_DIR"
 msgstr ""
 
@@ -10943,7 +11172,7 @@ msgstr ""
 "option> non è usata, <replaceable>BASE_DIR</replaceable> deve esistere."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
@@ -10951,11 +11180,11 @@ msgstr ""
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -11066,7 +11295,7 @@ msgstr ""
 "specificata nel formato <emphasis remap=\"I\">AAAA-MM-GG</emphasis>."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -11116,7 +11345,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -11242,6 +11471,14 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+# type: TH
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GRUPPO"
+
 # type: Plain text
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
@@ -11257,7 +11494,9 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 "Una lista di gruppi supplementari di cui l'utente è altresì membro. Ciascun "
 "gruppo è separato dal successivo da una virgola, senza spazi bianchi "
@@ -11266,17 +11505,17 @@ msgstr ""
 "l'utente appartenga solo al gruppo iniziale."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "SKEL_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 #, fuzzy
 #| msgid ""
 #| "The skeleton directory, which contains files and directories to be copied "
@@ -11292,13 +11531,13 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 # type: IP
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 #, fuzzy
 #| msgid ""
 #| "This option is only valid if the <option>-m</option> (or <option>--create-"
@@ -11311,19 +11550,19 @@ msgstr ""
 "<option>--create-home</option>) è stata specificata."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "If this option is not set, the skeleton directory is defined by the "
@@ -11338,24 +11577,24 @@ msgstr ""
 "filename> o, altrimenti, vale <filename>/etc/skel</filename>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr "Se possibile vengono copiate le ACL e gli attributi estesi."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -11364,17 +11603,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr "Non aggiunge l'utente ai database «lastlog» e «faillog»."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 #, fuzzy
 #| msgid ""
 #| "By default, the user's entries in the lastlog and faillog databases are "
@@ -11388,12 +11627,12 @@ msgstr ""
 "precedenza."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -11401,7 +11640,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "Create the user's home directory if it does not exist. The files and "
@@ -11417,12 +11656,12 @@ msgstr ""
 "l'opzione <option>-k</option>) vengono copiati nella directory home."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 #, fuzzy
 #| msgid ""
 #| "By default, if this option is not specified and <option>CREATE_HOME</"
@@ -11435,7 +11674,7 @@ msgstr ""
 "<option>CREATE_HOME</option>, la directory non viene creata."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -11443,12 +11682,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 #, fuzzy
 #| msgid ""
 #| "Do no create the user's home directory, even if the system wide setting "
@@ -11463,12 +11702,12 @@ msgstr ""
 "option>) sia impostata a <replaceable>yes</replaceable>."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 #, fuzzy
 #| msgid ""
 #| "Do not create a group with the same name as the user, but add the user to "
@@ -11485,7 +11724,7 @@ msgstr ""
 "<option>GROUP</option> nel file <filename>/etc/default/useradd</filename>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 #, fuzzy
 #| msgid ""
 #| "Allow the creation of a user account with a duplicate (non-unique) UID."
@@ -11493,7 +11732,7 @@ msgid "allows the creation of an account with an already existing UID."
 msgstr "Permette la creazione di un utente con un UID duplicato (non unico)."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -11503,7 +11742,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -11511,7 +11750,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -11520,7 +11759,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 #, fuzzy
 #| msgid ""
 #| "<emphasis role=\"bold\">Note:</emphasis> This option is not recommended "
@@ -11535,7 +11774,7 @@ msgstr ""
 "elencano i processi."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -11556,7 +11795,7 @@ msgstr ""
 "account di sistema."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -11576,7 +11815,7 @@ msgstr ""
 "account di sistema."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -11585,18 +11824,18 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "UID"
 msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 #, fuzzy
 #| msgid ""
 #| "The numerical value of the user's ID. This value must be unique, unless "
@@ -11616,12 +11855,12 @@ msgstr ""
 "a qualunque altro utente."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
@@ -11630,44 +11869,66 @@ msgstr ""
 "stesso."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 #, fuzzy
 #| msgid "-"
 msgid "-Z"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 # type: SS
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr "Cambiare i valori predefiniti"
 
 # type: Plain text
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 #, fuzzy
 #| msgid ""
 #| "When invoked with only the <option>-D</option> option, <command>useradd</"
@@ -11689,7 +11950,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 #, fuzzy
 #| msgid ""
 #| "The path prefix for a new user's home directory. The user's name will be "
@@ -11708,8 +11969,8 @@ msgstr ""
 "l'opzione <option>-d</option> quando si crea un nuovo account."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 #, fuzzy
 #| msgid ""
 #| "This option sets the <option>HOME</option> variable in <filename>/etc/"
@@ -11721,14 +11982,14 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 #, fuzzy
 #| msgid "The date on which the user account is disabled."
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr "La data in cui l'account dell'utente verrà disabilitato."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -11736,7 +11997,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -11744,25 +12005,25 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 # type: SH
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "NOTE"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 #, fuzzy
 #| msgid ""
 #| "The system administrator is responsible for placing the default user "
@@ -11781,7 +12042,7 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
@@ -11790,7 +12051,7 @@ msgstr ""
 "essere fatto sul server corrispondente."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 #, fuzzy
 #| msgid ""
 #| "Similarly, if the username already exists in an external user database "
@@ -11804,12 +12065,12 @@ msgstr ""
 "LDAP, <command>useradd</command> bloccherà la creazione dell'account."
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -11820,62 +12081,62 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
-msgstr "I nomi utente non possono eccedere i 32 caratteri di lunghezza."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
+msgstr "I nomi utente non possono eccedere i 256 caratteri di lunghezza."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "Valori predefiniti per la creazione dell'account."
 
 # type: Plain text
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 # type: SH
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "OPZIONI"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-pre.d"
 msgstr "useradd"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-post.d"
 msgstr "useradd"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -11886,25 +12147,25 @@ msgstr ""
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr "Directory contenente i file predefiniti."
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr "impossibile aggiornare il file delle password"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr "UID già in uso (e <option>-o</option> assente)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "group name already in use"
 msgid "username or group name already in use"
@@ -11912,25 +12173,25 @@ msgstr "nome di gruppo già in uso"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr "non è possibile creare la directory home"
 
 # type: IP
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 #, fuzzy
 #| msgid "1"
 msgid "14"
 msgstr "1"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -12818,8 +13079,15 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
+msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
 #, fuzzy
 #| msgid ""
 #| "You must make certain that the named user is not executing any processes "
@@ -12841,17 +13109,17 @@ msgstr ""
 "sistemi controlla solo che non sia registrato come collegato in utmp."
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "You must change the owner of any <command>crontab</command> files or "
@@ -12864,14 +13132,14 @@ msgstr ""
 "<command>crontab</command> e compiti <command>at</command>."
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr ""
 "Si devono apportare tutte le modifiche che riguardano NIS sul server NIS."
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
@@ -12879,14 +13147,14 @@ msgstr "Informazioni sugli account di gruppo."
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
+msgid "Secure group account information"
 msgstr "Informazioni sicure sugli account di gruppo."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 #, fuzzy
 #| msgid "Shadow password suite configuration."
 msgid "Shadow password suite configuration"
@@ -12894,7 +13162,7 @@ msgstr "Configurazione del pacchetto password shadow"
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
@@ -12902,19 +13170,19 @@ msgstr "Informazioni sugli account utente."
 
 # type: Plain text
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
 msgstr "Informazioni sicure sugli account utente."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr ""
 
@@ -12970,7 +13238,7 @@ msgstr "vipw"
 #| "envar>, and finally the default editor, <citerefentry><refentrytitle>vi</"
 #| "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -14978,6 +15246,38 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>sulogin</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
+# type: Plain text
+#~ msgid ""
+#~ "Then, the password is tested for complexity. As a general guideline, "
+#~ "passwords should consist of 6 to 8 characters including one or more "
+#~ "characters from each of the following sets:"
+#~ msgstr ""
+#~ "Quindi viene misurata la complessità della password. In linea di massima "
+#~ "le password dovrebbero contenere dai 6 agli 8 caratteri, includendovi uno "
+#~ "o più caratteri da ciascuno dei seguenti insiemi:"
+
+# type: Plain text
+#~ msgid "lower case alphabetics"
+#~ msgstr "lettere minuscole"
+
+# type: Plain text
+#~ msgid "digits 0 thru 9"
+#~ msgstr "numeri da 0 a 9"
+
+# type: Plain text
+#~ msgid "punctuation marks"
+#~ msgstr "segni di punteggiatura"
+
+# type: Plain text
+#~ msgid ""
+#~ "Care must be taken not to include the system default erase or kill "
+#~ "characters. <command>passwd</command> will reject any password which is "
+#~ "not suitably complex."
+#~ msgstr ""
+#~ "Si deve fare attenzione a non inserire il carattere di cancellazione o di "
+#~ "kill (azzeramento della riga). <command>passwd</command> non accetta "
+#~ "password non sufficientemente complesse."
+
 # type: IP
 #~ msgid "<option>-d</option>, <option>--delete</option>"
 #~ msgstr "<option>-d</option>, <option>--delete</option>"
@@ -15284,6 +15584,18 @@ msgstr ""
 #~ msgid "<option>-s</option>, <option>--sha-rounds</option>"
 #~ msgstr "<option>-s</option>, <option>--sha-rounds</option>"
 
+#~ msgid ""
+#~ "The value 0 means that the system will choose the default number of "
+#~ "rounds for the crypt method (5000)."
+#~ msgstr ""
+#~ "Il valore 0 indica che il sistema utilizzerà il numero predefinito di "
+#~ "cicli per il metodo crypt (5000)."
+
+#~ msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#~ msgstr ""
+#~ "Si può utilizzare questa opzione solo con i metodi di cifratura SHA256 o "
+#~ "SHA512."
+
 #~ msgid "PAM configuration for <command>newusers</command>."
 #~ msgstr "Configurazione PAM per <command>newusers</command>."
 
@@ -16481,6 +16793,9 @@ msgstr ""
 #~ "<option>-c</option>, <option>--crypt-method</option>&nbsp;"
 #~ "<replaceable>METODO</replaceable>"
 
+#~ msgid "The available methods are DES, MD5, and NONE."
+#~ msgstr "I metodi disponibili sono DES, MD5 e NONE (nessuno)."
+
 # type: IP
 #~ msgid "<option>-e</option>, <option>--encrypted</option>"
 #~ msgstr "<option>-e</option>, <option>--encrypted</option>"
@@ -16497,6 +16812,15 @@ msgstr ""
 #~ "<option>-s</option>, <option>--sha-rounds</option>&nbsp;"
 #~ "<replaceable>CICLI</replaceable>"
 
+#~ msgid ""
+#~ "By default, the number of rounds is defined by the "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> variables in <filename>/etc/login.defs</filename>."
+#~ msgstr ""
+#~ "Il numero di cicli è definito dalle variabili "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> e <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> in <filename>/etc/login.defs</filename>."
+
 # type: Plain text
 #~ msgid "PAM configuration for <command>chpasswd</command>."
 #~ msgstr "Configurazione PAM per <command>chpasswd</command>."
diff --git a/man/po/pl.po b/man/po/pl.po
index 7db5471..219a57c 100644
--- a/man/po/pl.po
+++ b/man/po/pl.po
@@ -3,7 +3,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: man pages for shadow 4.0.16\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2013-08-23 01:38+0200\n"
 "Last-Translator: Tomasz KÅ‚oczko <kloczek@pld.org.pl>\n"
 "Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
@@ -13,12 +13,12 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -26,12 +26,12 @@ msgid "Julianne Frances"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -44,14 +44,14 @@ msgid "Creation, 1990"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -60,14 +60,14 @@ msgid "Thomas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -76,14 +76,14 @@ msgid "KÅ‚oczko"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -92,14 +92,14 @@ msgid "kloczek@pld.org.pl"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -108,15 +108,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -125,15 +125,15 @@ msgid "Nicolas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -142,15 +142,15 @@ msgid "François"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -159,15 +159,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -182,9 +182,9 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -192,11 +192,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -204,44 +204,44 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr "Polecenia użytkowników"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -252,20 +252,20 @@ msgid "shadow-utils"
 msgstr "gshadow"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -275,10 +275,10 @@ msgstr "zmiana informacji o terminie ważności hasła użytkownika"
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -291,22 +291,22 @@ msgstr "opcje"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
 msgstr "LOGIN"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -333,12 +333,12 @@ msgstr ""
 
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -346,12 +346,12 @@ msgid "OPTIONS"
 msgstr "OPCJE"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>su</command> command are:"
@@ -360,9 +360,9 @@ msgstr "Polecenie <command>su</command> posiada następujące opcje:"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 msgid "-d"
 msgstr "-d"
 
@@ -380,44 +380,44 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
@@ -446,7 +446,7 @@ msgid "-E"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -454,7 +454,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -490,7 +490,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 #, fuzzy
 #| msgid "1"
 msgid "-1"
@@ -512,78 +512,78 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
 msgstr "<option>-a</option>, <option>--all</option>"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "Wyświetlenie komunikatu pomocy i zakończenie działania."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 #, fuzzy
 #| msgid "-"
 msgid "-i"
@@ -607,8 +607,8 @@ msgid "-I"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -616,8 +616,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -660,10 +660,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -680,11 +680,11 @@ msgstr "Wyświetlenie informacji o terminach ważności konta i hasła."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 #, fuzzy
 #| msgid "-"
@@ -692,19 +692,19 @@ msgid "-m"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 #, fuzzy
 #| msgid ""
 #| "Set the minimum number of days between password changes to "
@@ -721,28 +721,28 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 #, fuzzy
 #| msgid "-"
 msgid "-M"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 #, fuzzy
 #| msgid "-"
 msgid "-W"
@@ -773,7 +773,7 @@ msgstr ""
 "zawczasu użytkownika o zbliżającym się terminie zmiany."
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 #, fuzzy
 #| msgid ""
 #| "Passing the number <emphasis remap=\"I\">-1</emphasis> as "
@@ -787,24 +787,24 @@ msgstr ""
 "replaceable> usuwa sprawdzanie wazności hasła."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 #, fuzzy
 msgid "-R"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -813,22 +813,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -836,12 +836,12 @@ msgid "CHROOT_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 msgid ""
@@ -853,19 +853,58 @@ msgstr ""
 "<replaceable>NOWA_GRUPA</replaceable>."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+#, fuzzy
+#| msgid "-"
+msgid "-P"
+msgstr "-"
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -882,12 +921,12 @@ msgstr ""
 "terminie zmiany hasła."
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 #, fuzzy
 #| msgid ""
 #| "If none of the options are selected, <command>chage</command> operates in "
@@ -909,13 +948,13 @@ msgstr ""
 "jest w nawiasach <emphasis>[ ]</emphasis>."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "UWAGI"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -927,7 +966,7 @@ msgstr ""
 "użytkowników (shadow)."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -941,7 +980,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -950,7 +989,7 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -958,7 +997,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> command is restricted to the root user, "
@@ -975,52 +1014,54 @@ msgstr ""
 "stwierdzenia, kiedy wygasa jego własne hasło lub konto."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 msgid ""
 "The following configuration variables in <_:filename-1/> change the behavior "
@@ -1028,126 +1069,126 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "PLIKI"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "Informacja o kontach użytkowników."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "Informacje chronione o użytkownikach."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "KOD ZAKOŃCZENIA"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "poprawne zakończenie działania programu"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "brak dostępu"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr "niepoprawna składnia polecenia"
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "nie można znaleźć pliku shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1160,18 +1201,18 @@ msgstr ""
 "wartościami kodów zakończenia: <placeholder-1/>"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "ZOBACZ TAKŻE"
 
@@ -1184,53 +1225,53 @@ msgstr "ZOBACZ TAKŻE"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1243,20 +1284,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1268,10 +1309,10 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
@@ -1289,8 +1330,8 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 msgid "-o"
 msgstr "-o"
 
@@ -1328,7 +1369,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1390,12 +1431,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1420,8 +1461,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 #, fuzzy
 #| msgid "-"
@@ -1429,7 +1470,7 @@ msgid "-u"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 #, fuzzy
 #| msgid "-"
 msgid "-w"
@@ -1476,11 +1517,11 @@ msgstr ""
 "jest w nawiasach <emphasis>[ ]</emphasis>."
 
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr "Konfiguracja pakietu shadow."
 
@@ -1493,8 +1534,8 @@ msgstr "Konfiguracja pakietu shadow."
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
@@ -1502,25 +1543,25 @@ msgstr "chsh"
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr ""
 
@@ -1529,19 +1570,19 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1554,43 +1595,43 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
 msgstr "Polecenia ZarzÄ…dzania Systemem"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr "wsadowa aktualizacja haseł grup"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 #, fuzzy
 #| msgid ""
 #| "The <command>chgpasswd</command> command reads a list of group name and "
@@ -1609,12 +1650,12 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1623,12 +1664,12 @@ msgid "password"
 msgstr "passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 #, fuzzy
 msgid ""
 "By default the supplied password must be in clear-text, and is encrypted by "
@@ -1638,16 +1679,16 @@ msgstr ""
 "haseł używany jest domyślnie algorytm DES."
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 msgid "ENCRYPT_METHOD"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #, fuzzy
 #| msgid "-"
@@ -1657,16 +1698,16 @@ msgstr "-"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> variable of <_:filename-2/>, and can be overwritten with the <_:"
@@ -1674,7 +1715,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
@@ -1683,45 +1724,103 @@ msgstr ""
 "aktualizuje siÄ™ wiele kont naraz."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr ""
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+#, fuzzy
+#| msgid "-K <placeholder-1/>=<placeholder-2/>"
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr "-K <placeholder-1/>=<placeholder-2/>"
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "OPIS"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 msgid "--encrypted"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr ""
 "Dostarczone na standardowe wejście hasła są traktowane jako już zakodowane."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1731,60 +1830,85 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 msgid "-s"
 msgstr "-s"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
+msgid ""
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
+msgid ""
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "OSTRZEŻENIA"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
@@ -1793,7 +1917,7 @@ msgstr ""
 "wejście polecenia."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1803,8 +1927,8 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1812,19 +1936,19 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "Informacje o grupach użytkowników."
@@ -1832,8 +1956,8 @@ msgstr "Informacje o grupach użytkowników."
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1841,17 +1965,17 @@ msgstr "Informacje o grupach użytkowników."
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "Informacje chronione o grupach użytkowników."
 
@@ -1861,12 +1985,12 @@ msgstr "Informacje chronione o grupach użytkowników."
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -1876,19 +2000,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -1900,20 +2024,20 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr "wsadowa aktualizacja haseł użytkowników"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 #, fuzzy
 #| msgid ""
 #| "The <command>chpasswd</command> command reads a list of user name and "
@@ -1932,13 +2056,13 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr "user_name"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 #, fuzzy
 msgid ""
 "By default the passwords must be supplied in clear-text, and are encrypted "
@@ -1949,12 +2073,12 @@ msgstr ""
 "aktualizowany jest także wiek hasła."
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 msgid "MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> or <_:option-2/> variables of <_:filename-3/>, and can be "
@@ -1962,7 +2086,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 msgid ""
 "By default, passwords are encrypted by PAM, but (even if not recommended) "
 "you can select a different encryption method with the <_:option-1/>, <_:"
@@ -1970,19 +2094,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 msgid ""
 "<_:phrase-1/> <_:command-2/> first updates all the passwords in memory, and "
 "then commits all the changes to disk if no errors occurred for any user."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 msgid ""
 "When PAM is used to encrypt the passwords (and update the passwords in the "
 "system database) then if a password cannot be updated <_:command-1/> "
@@ -1991,17 +2115,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 msgid ""
 "By default (if none of the <_:option-1/>, <_:option-2/>, or <_:option-3/> "
 "options are specified), the encryption method is defined by the <_:option-4/"
@@ -2009,36 +2133,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 #, fuzzy
 #| msgid "/etc/passwd"
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 msgid "PAM configuration for <_:command-1/>."
 msgstr ""
 
@@ -2048,17 +2155,17 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -2068,21 +2175,21 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -2113,15 +2220,15 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 msgid "--shell"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -2159,12 +2266,13 @@ msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2198,11 +2306,95 @@ msgstr ""
 "zmiana na powłokę ograniczoną uniemożliwi użytkownikowi jakąkolwiek zmianę "
 "powłoki logowania, nawet z powrotem na dotychczasową."
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr "Lista dozwolonych powłok zgłoszeniowych."
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "Lista dozwolonych powłok zgłoszeniowych."
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+msgid "Directory for additional user defined configuration files."
+msgstr ""
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2218,7 +2410,7 @@ msgid "check and enforce password expiration policy"
 msgstr "sprawdzenie ważności i wymuszenie zmiany hasła"
 
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 #, fuzzy
 msgid "option"
 msgstr "opcje"
@@ -2264,7 +2456,7 @@ msgstr ""
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr ""
@@ -2285,7 +2477,7 @@ msgstr "faillog"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 msgid "File Formats and Configuration Files"
 msgstr ""
@@ -2372,14 +2564,14 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 msgid "-a"
 msgstr "-a"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -2596,8 +2788,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -2605,30 +2797,30 @@ msgid "login"
 msgstr "login"
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 #, fuzzy
 #| msgid "-r <placeholder-1/>"
 msgid "administer <_:filename-1/>"
 msgstr "-r <placeholder-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 #, fuzzy
 msgid "administer <_:filename-1/> and <_:filename-2/>"
 msgstr "-K <placeholder-1/>=<placeholder-2/>"
@@ -2637,9 +2829,9 @@ msgstr "-K <placeholder-1/>=<placeholder-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -2648,17 +2840,17 @@ msgid "group"
 msgstr "group"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 msgid "administrators,"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -2666,14 +2858,14 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "-"
 msgid "-A"
 msgstr "-"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 msgid ""
 "System administrators can use the <_:option-1/> option to define group "
 "administrator(s) and the <_:option-2/> option to define members. They have "
@@ -2681,17 +2873,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 msgid "a group administrator"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 msgid "a system administrator"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -2702,8 +2894,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -2712,7 +2904,7 @@ msgid "newgrp"
 msgstr "newgrp"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 #, fuzzy
 msgid ""
 "If a password is set the members can still use <_:citerefentry-1/> without a "
@@ -2723,12 +2915,12 @@ msgstr ""
 "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -2736,7 +2928,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 #, fuzzy
 msgid ""
 "Except for the <_:option-1/> and <_:option-2/> options, the options cannot "
@@ -2744,26 +2936,26 @@ msgid ""
 msgstr "<option>-</option>, <option>-l</option>, <option>--login</option>"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 #, fuzzy
 msgid "Add the <_:replaceable-1/> to the named <_:replaceable-2/>."
 msgstr ""
@@ -2771,12 +2963,12 @@ msgstr ""
 "<replaceable>NOWA_GRUPA</replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 #, fuzzy
 msgid "Remove the <_:replaceable-1/> from the named <_:replaceable-2/>."
 msgstr ""
@@ -2784,19 +2976,19 @@ msgstr ""
 "<replaceable>NOWA_GRUPA</replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #, fuzzy
 #| msgid "-"
 msgid "-Q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 msgid ""
 "Remove the password from the named <_:replaceable-1/>. The group password "
 "will be empty. Only group members will be allowed to use <_:command-2/> to "
@@ -2804,12 +2996,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 msgid ""
 "Restrict the access to the named <_:replaceable-1/>. The group password is "
 "set to \"!\". Only group members with a password will be allowed to use <_:"
@@ -2817,12 +3009,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 msgid "--administrators"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 #, fuzzy
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
@@ -2830,33 +3022,33 @@ msgstr ""
 "replaceable>"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 msgid "--members"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 #, fuzzy
 msgid "and <_:filename-1/> files."
 msgstr "-a <placeholder-1/>"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 msgid "file."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 msgid ""
 "This tool only operates on the <_:filename-1/> <_:phrase-2/> <_:phrase-3/> "
 "Thus you cannot change any NIS or LDAP group. This must be performed on the "
@@ -2869,11 +3061,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -2883,11 +3075,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -2897,10 +3089,10 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
@@ -2910,7 +3102,7 @@ msgstr "grpck"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -2918,12 +3110,12 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -2969,8 +3161,8 @@ msgstr ""
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 msgid "-g"
 msgstr "-g"
@@ -2986,7 +3178,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -2995,8 +3187,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr "GID"
 
@@ -3028,7 +3220,7 @@ msgid "GID_MAX"
 msgstr "GID_MAX GID_MIN"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 msgid "See also the <_:option-1/> option and the <_:option-2/> description."
 msgstr "<option>-</option>, <option>-l</option>, <option>--login</option>"
@@ -3036,31 +3228,31 @@ msgstr "<option>-</option>, <option>-l</option>, <option>--login</option>"
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 #, fuzzy
 #| msgid "-"
 msgid "-K"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr "KLUCZ"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "VALUE"
 msgstr "WARTOŚĆ"
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>=<_:replaceable-4/>"
 msgstr ""
@@ -3075,14 +3267,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 #, fuzzy
 #| msgid "10"
 msgid "100"
 msgstr "10"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -3099,7 +3291,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -3111,7 +3303,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -3131,13 +3323,13 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 #, fuzzy
 #| msgid "passwd"
@@ -3145,7 +3337,7 @@ msgid "--password"
 msgstr "passwd"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -3154,8 +3346,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -3165,11 +3357,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3189,7 +3381,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3202,14 +3394,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -3241,44 +3433,10 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-#, fuzzy
-#| msgid "-"
-msgid "-P"
-msgstr "-"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 #, fuzzy
 #| msgid "-"
@@ -3300,7 +3458,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 #, fuzzy
 #| msgid "-"
 msgid "-N"
@@ -3308,15 +3466,15 @@ msgstr "-"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 msgid ""
 "The default behavior (if the <_:option-1/>, <_:option-2/>, and <_:option-3/> "
 "options are not specified) is defined by the <_:option-4/> variable in <_:"
@@ -3338,13 +3496,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "nieprawidłowy argument opcji"
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3356,7 +3514,7 @@ msgid "GID is already used (when called without <_:option-1/>)"
 msgstr "UID juz jest używany (i nie uzyto opcji <option>-o</option>)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3368,7 +3526,7 @@ msgid "group name is already used"
 msgstr "nazwa grupy już jest w użyciu"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr "nie można zaktualizować pliku z grupami"
@@ -3380,11 +3538,11 @@ msgstr "nie można zaktualizować pliku z grupami"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
@@ -3395,11 +3553,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3425,8 +3583,8 @@ msgstr ""
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GRUPA"
 
@@ -3472,13 +3630,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr ""
 
@@ -3523,7 +3681,7 @@ msgstr ""
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
@@ -3660,7 +3818,7 @@ msgstr ""
 #| "\t$ groupmems -g groups -a gk4\n"
 #| "    "
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "\n"
@@ -3764,7 +3922,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 #, fuzzy
 #| msgid "-"
 msgid "-n"
@@ -3869,7 +4027,7 @@ msgid "E_CLEANUP_SERVICE: can't setup cleanup service"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -4036,7 +4194,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr ""
 
@@ -4067,7 +4225,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -4092,8 +4250,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 #, fuzzy
 #| msgid "-"
 msgid "-S"
@@ -4306,7 +4464,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -4320,7 +4478,7 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
@@ -4380,7 +4538,7 @@ msgstr ""
 "passwd</filename>."
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 #, fuzzy
 #| msgid "-"
@@ -4759,7 +4917,7 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr ""
 
@@ -5205,8 +5363,8 @@ msgstr "chsh"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -5363,12 +5521,12 @@ msgid "<_:citerefentry-1/>."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 msgid ""
 "The <_:filename-1/> file defines the site-specific configuration for the "
 "shadow password suite. This file is required. Absence of this file will not "
@@ -5376,7 +5534,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -5387,20 +5545,20 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 #, fuzzy
 #| msgid "0"
 msgid "0x"
 msgstr "0"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 msgid ""
 "Parameter values may be of four types: strings, booleans, numbers, and long "
 "numbers. A string is comprised of any printable characters. A boolean should "
@@ -5413,32 +5571,32 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 msgid ""
 "<_:option-1/>, <_:option-2/> and <_:option-3/> are only used at the time of "
 "account creation. Any changes to these settings won't affect existing "
@@ -5446,12 +5604,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -5461,53 +5619,67 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr "CHFN_AUTH"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 msgid "LOGIN_STRING"
 msgstr "CHFN_AUTH CHFN_RESTRICT"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr ""
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 #, fuzzy
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHFN_AUTH CHFN_RESTRICT"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 #, fuzzy
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr ""
@@ -5515,8 +5687,8 @@ msgstr ""
 "UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr ""
 
@@ -5524,63 +5696,63 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 msgid "FAILLOG_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 #, fuzzy
 #| msgid "FILE"
 msgid "FTMP_FILE"
 msgstr "FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -5590,43 +5762,45 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 #, fuzzy
 #| msgid "newgrp"
 msgid "newgrp / sg"
 msgstr "newgrp"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 #, fuzzy
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "GID_MAX GID_MIN PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UID_MAX UID_MIN "
 "UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 #, fuzzy
 #| msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE"
 msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
@@ -5638,7 +5812,7 @@ msgstr "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -5651,7 +5825,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -5659,22 +5833,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -5682,29 +5856,23 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 #, fuzzy
 msgid "sulogin"
 msgstr "login"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 #, fuzzy
 msgid ""
 "CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR "
@@ -5717,19 +5885,19 @@ msgstr ""
 "UMASK"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 msgid ""
 "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB <_:"
 "phrase-1/>"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 msgid "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 msgstr ""
 
@@ -5738,18 +5906,18 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "B�ĘDY"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 #, fuzzy
 #| msgid ""
 #| "<citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</"
@@ -5772,14 +5940,14 @@ msgstr ""
 "refentrytitle><manvolnum>8</manvolnum></citerefentry>."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #, fuzzy
 #| msgid "*name"
 msgid "pam"
 msgstr "*name"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -5888,12 +6056,12 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr "wsadowa aktualizacja i tworzenie nowych użytkowników"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 #, fuzzy
 #| msgid ""
 #| "The <command>newusers</command> command reads a file of user name and "
@@ -5916,24 +6084,24 @@ msgstr ""
 "citerefentry>), z następującymi wyjątkami:"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 #, fuzzy
 #| msgid "*name"
 msgid "pw_name"
 msgstr "*name"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 msgid ""
 "It can be the name of a new user or the name of an existing user (or a user "
 "created before by <_:command-1/>). In case of an existing user, the user's "
@@ -5941,12 +6109,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_passwd"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
@@ -5954,31 +6122,31 @@ msgstr ""
 "To pole zostanie zakodowane i użyte jako nowa wartość zakodowanego hasła."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 #, fuzzy
 #| msgid "pw_gid"
 msgid "pw_uid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 msgid ""
 "If the field is empty, a new (unused) UID will be defined automatically by "
 "<_:command-1/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 msgid ""
 "If this field contains the name of an existing user (or the name of a user "
 "created before by <_:command-1/>), the UID of the specified user will be "
@@ -5986,24 +6154,24 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 msgid ""
 "If this field contains the name of an existing group (or a group created "
 "before by <_:command-1/>), the GID of this group will be used as the primary "
@@ -6011,7 +6179,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -6019,7 +6187,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 msgid ""
 "If this field is empty, a new group will be created with the name of the "
 "user and a GID will be automatically defined by <_:command-1/> to be used as "
@@ -6027,7 +6195,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 msgid ""
 "If this field contains the name of a group which does not exist (and was not "
 "created before by <_:command-1/>), a new group will be created with the "
@@ -6036,32 +6204,32 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr "pw_dir"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -6074,7 +6242,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 msgid ""
 "If the home directory of an existing user is changed, <_:command-1/> does "
 "not move or copy the content of the old directory to the new location. This "
@@ -6082,19 +6250,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 msgid ""
 "<_:command-1/> first tries to create or change all the specified users, and "
 "then write these changes to the user or group databases. If an error occurs "
@@ -6103,7 +6271,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -6112,55 +6280,62 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
 msgstr ""
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 msgid ""
 "System users will be created with no aging information in <_:filename-1/>, "
 "and their numeric identifiers are chosen in the <_:option-2/>-<_:option-3/> "
@@ -6168,14 +6343,35 @@ msgid ""
 "(and their <_:option-7/> counterparts for the creation of groups)."
 msgstr ""
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 #, fuzzy
 #| msgid "/etc/passwd"
 msgid "/etc/pam.d/newusers"
@@ -6183,51 +6379,51 @@ msgstr "/etc/passwd"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -6270,12 +6466,12 @@ msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "zmiana hasła użytkownika"
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 msgid ""
 "The <_:command-1/> command changes passwords for user accounts. A normal "
 "user may only change the password for their own account, while the superuser "
@@ -6284,12 +6480,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -6298,7 +6494,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 msgid ""
 "After the password has been entered, password aging information is checked "
 "to see if the user is permitted to change the password at this time. If not, "
@@ -6306,7 +6502,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -6314,48 +6510,25 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr ""
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
+#: passwd.1.xml.out:98
 msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 msgid ""
 "The security of a password depends upon the strength of the encryption "
 "algorithm and the size of the key space. The legacy <_:emphasis-1/> System "
@@ -6365,7 +6538,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -6375,42 +6548,54 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 msgid ""
 "You can find advice on how to choose a strong password on http://en."
 "wikipedia.org/wiki/Password_strength"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 msgid ""
 "This option can be used only with <_:option-1/> and causes show status for "
 "all users."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 #, fuzzy
 #| msgid "expiry"
 msgid "--expire"
 msgstr "expiry"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 msgid ""
 "This option is used to disable an account after the password has been "
 "expired for a number of days. After a user account has had an expired "
@@ -6420,19 +6605,19 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 #, fuzzy
 #| msgid "-"
 msgid "-k"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
@@ -6440,12 +6625,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
@@ -6453,12 +6638,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 msgid ""
 "Note that this does not disable the account. The user may still be able to "
 "login using another authentication token (e.g. an SSH key). To disable the "
@@ -6467,48 +6652,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "-q"
 msgstr "-q"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "Cichy tryb pracy."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 msgid "REPOSITORY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 msgid "change password in <_:replaceable-1/> repository"
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -6520,12 +6705,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 msgid ""
 "Unlock the password of the named account. This option re-enables a password "
 "by changing the password back to its previous value (to the value before "
@@ -6533,7 +6718,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -6550,71 +6735,97 @@ msgstr ""
 "terminie zmiany hasła."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 #, fuzzy
 #| msgid "-"
 msgid "-x"
 msgstr "-"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 msgid ""
 "Set the maximum number of days a password remains valid. After <_:"
 "replaceable-1/>, the password is required to be changed."
 msgstr ""
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 msgid ""
 "<_:command-1/> uses PAM to authenticate users and to change their passwords."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 #, fuzzy
 #| msgid "/etc/passwd"
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "nieprawidłowa kombinacja opcji"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 msgid "<_:filename-1/> file busy, try again"
 msgstr ""
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:494
+msgid ""
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:517
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -8108,6 +8319,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -8399,7 +8615,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -8421,14 +8637,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 #, fuzzy
 #| msgid "MAIL_DIR"
 msgid "BASE_DIR"
@@ -8452,18 +8668,18 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -8543,7 +8759,7 @@ msgstr ""
 "jest w formacie <emphasis remap=\"I\">MM/DD/RR</emphasis>."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -8574,7 +8790,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -8674,6 +8890,13 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GRUPA"
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
 #, fuzzy
@@ -8682,7 +8905,9 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 "Lista dodatkowych grup, do których również należy użytkownik. Każda grupa "
 "oddzielona jest od następnej przecinkiem, bez wtrąconej spacji. Do grup "
@@ -8691,19 +8916,19 @@ msgstr ""
 "której nie podano na liście, to zostanie z niej usunięty."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 #, fuzzy
 #| msgid "MAIL_DIR"
 msgid "SKEL_DIR"
 msgstr "MAIL_DIR"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by <_:"
@@ -8712,12 +8937,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 #, fuzzy
 #| msgid "<option>-m</option>, <option>--create-home</option>"
 msgid ""
@@ -8726,43 +8951,43 @@ msgid ""
 msgstr "<option>-m</option>, <option>--create-home</option>"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 msgid ""
 "If this option is not set, the skeleton directory is defined by the <_:"
 "option-1/> variable in <_:filename-2/> or, by default, <_:filename-3/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -8771,29 +8996,29 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 msgid ""
 "By default, the user's entries in the lastlog and faillog databases are "
 "reset to avoid reusing the entry from a previously deleted user."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -8801,7 +9026,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 msgid ""
 "Create the user's home directory if it does not exist. The files and "
 "directories contained in the skeleton directory (which can be defined with "
@@ -8809,19 +9034,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 msgid ""
 "By default, if this option is not specified and <_:option-1/> is not "
 "enabled, no home directories are created."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -8829,24 +9054,24 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 msgid ""
 "Do not create the user's home directory, even if the system wide setting "
 "from <_:filename-1/> (<_:option-2/>) is set to <_:replaceable-3/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 msgid ""
 "Do not create a group with the same name as the user, but add the user to "
 "the group specified by the <_:option-1/> option or by the <_:option-2/> "
@@ -8854,12 +9079,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 msgid "allows the creation of an account with an already existing UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -8869,7 +9094,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -8877,7 +9102,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -8886,14 +9111,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 msgid ""
 "<_:emphasis-1/>Avoid this option on the command line because the password "
 "(or encrypted password) will be visible by users listing the processes."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 msgid ""
 "Note that <_:command-1/> will not create a home directory for such a user, "
 "regardless of the default setting in <_:filename-2/> (<_:option-3/>). You "
@@ -8902,7 +9127,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 msgid ""
 "Note that this option will not update <_:filename-1/> and <_:filename-2/>. "
 "You have to specify the <_:option-3/> options if you want to update the "
@@ -8910,7 +9135,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -8919,19 +9144,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 #, fuzzy
 #| msgid "GID"
 msgid "UID"
 msgstr "GID"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 msgid ""
 "The numerical value of the user's ID. This value must be unique, unless the "
 "<_:option-1/> option is used. The value must be non-negative. The default is "
@@ -8940,54 +9165,76 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 #, fuzzy
 #| msgid "-"
 msgid "-Z"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 msgid ""
 "When invoked with only the <_:option-1/> option, <_:command-2/> will display "
 "the current default values. When invoked with <_:option-3/> plus other "
@@ -8996,7 +9243,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 msgid ""
 "sets the path prefix for a new user's home directory. The user's name will "
 "be affixed to the end of <_:replaceable-1/> to form the new user's home "
@@ -9005,18 +9252,18 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 msgid "This option sets the <_:option-1/> variable in <_:filename-2/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -9024,7 +9271,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -9032,23 +9279,23 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "UWAGI"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 msgid ""
 "The system administrator is responsible for placing the default user files "
 "in the <_:filename-1/> directory (or any other skeleton directory specified "
@@ -9056,26 +9303,26 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 msgid ""
 "Similarly, if the username already exists in an external user database such "
 "as NIS or LDAP, <_:command-1/> will deny the user account creation request."
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -9086,60 +9333,60 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "OPCJE"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-pre.d"
 msgstr "useradd"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-post.d"
 msgstr "useradd"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -9149,48 +9396,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr "nie można zaktualizować pliku z hasłami"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr "UID juz jest używany (i nie uzyto opcji <option>-o</option>)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "group name already in use"
 msgid "username or group name already in use"
 msgstr "nazwa grupy już jest w użyciu"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 #, fuzzy
 #| msgid "1"
 msgid "14"
 msgstr "1"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -9886,9 +10133,16 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
 msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
+msgid ""
 "You must make certain that the named user is not executing any processes "
 "when this command is being executed if the user's numerical user ID, the "
 "user's name, or the user's home directory is being changed. <_:command-1/> "
@@ -9897,69 +10151,69 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 msgid ""
 "You must change the owner of any <_:command-1/> files or <_:command-2/> jobs "
 "manually."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
 msgstr "Informacje o grupach użytkowników."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
+msgid "Secure group account information"
 msgstr "Informacje chronione o grupach użytkowników."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 #, fuzzy
 #| msgid "Shadow password suite configuration."
 msgid "Shadow password suite configuration"
 msgstr "Konfiguracja pakietu shadow."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
 msgstr "Informacja o kontach użytkowników."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
 msgstr "Informacje chronione o użytkownikach."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr ""
 
@@ -10007,7 +10261,7 @@ msgstr "vipw"
 #| "envar>, and finally the default editor, <citerefentry><refentrytitle>vi</"
 #| "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -12609,9 +12863,6 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>5</"
 #~ "manvolnum></citerefentry>."
 
-#~ msgid "-K <placeholder-1/>=<placeholder-2/>"
-#~ msgstr "-K <placeholder-1/>=<placeholder-2/>"
-
 #, fuzzy
 #~ msgid "<option>-M</option>&nbsp;<replaceable>user</replaceable>,..."
 #~ msgstr ""
diff --git a/man/po/ru.po b/man/po/ru.po
index c9bb37e..02417b0 100644
--- a/man/po/ru.po
+++ b/man/po/ru.po
@@ -4,7 +4,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 1:4.0.18.2-1\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2013-08-23 01:39+0200\n"
 "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
 "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
@@ -17,12 +17,12 @@ msgstr ""
 "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -30,12 +30,12 @@ msgid "Julianne Frances"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -48,14 +48,14 @@ msgid "Creation, 1990"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -64,14 +64,14 @@ msgid "Thomas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -80,14 +80,14 @@ msgid "KÅ‚oczko"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -96,14 +96,14 @@ msgid "kloczek@pld.org.pl"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -112,15 +112,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -129,15 +129,15 @@ msgid "Nicolas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -146,15 +146,15 @@ msgid "François"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -163,15 +163,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -187,9 +187,9 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -198,11 +198,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -210,46 +210,46 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 # type: Content of: <refentry><refmeta><refmiscinfo>
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr "Пользователь�кие команды"
 
 # type: Content of: <refentry><refsect1><para><emphasis>
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -258,20 +258,20 @@ msgid "shadow-utils"
 msgstr "shadow-utils"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 # type: Content of: <refentry><refnamediv><refpurpose>
@@ -283,10 +283,10 @@ msgstr "измен�ет информацию об у�таревании пар
 # type: Content of: <refentry><refsynopsisdiv><cmdsynopsis><arg><replaceable>
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -300,7 +300,7 @@ msgstr "параметры"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
@@ -308,15 +308,15 @@ msgstr "УЧ�Т��Я_З�ПИСЬ"
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -346,12 +346,12 @@ msgstr ""
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -360,12 +360,12 @@ msgstr "П�Р�МЕТРЫ"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>su</command> command are:"
@@ -375,9 +375,9 @@ msgstr "Параметры команды <command>su</command>:"
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 msgid "-d"
 msgstr "-d"
 
@@ -395,34 +395,34 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
@@ -430,10 +430,10 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
@@ -464,7 +464,7 @@ msgid "-E"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -472,7 +472,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -509,7 +509,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 #, fuzzy
 #| msgid "1"
 msgid "-1"
@@ -533,60 +533,60 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
@@ -594,19 +594,19 @@ msgstr "<option>-a</option>, <option>--all</option>"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "Показать краткую �правку и закончить работу."
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 #, fuzzy
 #| msgid "-"
 msgid "-i"
@@ -631,8 +631,8 @@ msgid "-I"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -640,8 +640,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -685,10 +685,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -707,11 +707,11 @@ msgstr "Показать информацию об у�таревании учё
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 #, fuzzy
 #| msgid "-"
@@ -719,20 +719,20 @@ msgid "-m"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 #, fuzzy
 #| msgid ""
 #| "Set the minimum number of days between password changes to "
@@ -750,27 +750,27 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 msgid "-M"
 msgstr "-M"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 #, fuzzy
 #| msgid "-"
 msgid "-W"
@@ -802,7 +802,7 @@ msgstr ""
 "активирует выдачу предупреждени� о �мене парол� пользовател� заранее."
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 #, fuzzy
 #| msgid ""
 #| "Passing the number <emphasis remap=\"I\">-1</emphasis> as "
@@ -817,24 +817,24 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 #, fuzzy
 msgid "-R"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -843,22 +843,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -866,12 +866,12 @@ msgid "CHROOT_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 #| msgid ""
@@ -887,21 +887,61 @@ msgstr ""
 "и�пользовать файлы на�тройки из каталога <replaceable>К�Т_CHROOT</"
 "replaceable>."
 
+# type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+#, fuzzy
+#| msgid "-"
+msgid "-P"
+msgstr "-"
+
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -919,13 +959,13 @@ msgstr ""
 "у�таревании парол�, перед тем как �то �лучит��."
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 #, fuzzy
 #| msgid ""
 #| "If none of the options are selected, <command>chage</command> operates in "
@@ -948,14 +988,14 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "З�МЕЧ��ИЕ"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -966,7 +1006,7 @@ msgstr ""
 "Программа <command>chage</command> требует наличи� файла теневых паролей."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -981,7 +1021,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -990,7 +1030,7 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -999,7 +1039,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> command is restricted to the root user, "
@@ -1017,53 +1057,55 @@ msgstr ""
 "у�таревани� �воего парол�."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr "��СТРОЙК�"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 #, fuzzy
 #| msgid ""
@@ -1078,138 +1120,138 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "Ф�ЙЛЫ"
 
 # type: Content of: <refentry><refsect1><para><filename>
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "�одержит информацию о пользовател�х"
 
 # type: Content of: <refentry><refsect1><para><filename>
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "�одержит защищаемую информацию о пользовател�х"
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "ВОЗВР�Щ�ЕМЫЕ З��ЧЕ�ИЯ"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "у�пешное выполнение"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "до�туп запрещён"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr "ошибка в параметрах команды"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "не удало�ь найти файл теневых паролей"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1223,18 +1265,18 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "СМОТРИТЕ Т�КЖЕ"
 
@@ -1248,22 +1290,22 @@ msgstr "СМОТРИТЕ Т�КЖЕ"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
@@ -1271,31 +1313,31 @@ msgstr "passwd"
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1309,20 +1351,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr "shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1335,10 +1377,10 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
@@ -1358,8 +1400,8 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 msgid "-o"
 msgstr "-o"
 
@@ -1437,7 +1479,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1507,12 +1549,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1539,8 +1581,8 @@ msgstr "Измен�ет номер комнаты пользовател�."
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 #, fuzzy
 #| msgid "-"
@@ -1549,7 +1591,7 @@ msgstr "-"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 #, fuzzy
 #| msgid "-"
 msgid "-w"
@@ -1602,11 +1644,11 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr "�одержит конфигурацию под�и�темы теневых паролей"
 
@@ -1620,8 +1662,8 @@ msgstr "Ñ�одержит конфигурацию подÑ�иÑ�темы тенеÐ
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
@@ -1630,25 +1672,25 @@ msgstr "chsh"
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr ""
 
@@ -1658,9 +1700,9 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
@@ -1668,10 +1710,10 @@ msgstr "chgpasswd"
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1684,32 +1726,32 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 # type: Content of: <refentry><refmeta><refmiscinfo>
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
@@ -1717,13 +1759,13 @@ msgstr "Команды управлени� �и�темой"
 
 # type: Content of: <refentry><refnamediv><refpurpose>
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr "обновл�ет пароли групп в пакетном режиме"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 #, fuzzy
 #| msgid ""
 #| "The <command>chgpasswd</command> command reads a list of group name and "
@@ -1742,13 +1784,13 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr "им�_группы"
 
 # type: Content of: <refentry><refsect1><para><emphasis>
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1757,13 +1799,13 @@ msgid "password"
 msgstr "passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 #, fuzzy
 #| msgid ""
 #| "By default the supplied password must be in clear-text, and is encrypted "
@@ -1776,8 +1818,8 @@ msgstr ""
 "шифрует�� командой <command>chgpasswd</command>."
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "ENCRYPT_METHOD"
@@ -1786,9 +1828,9 @@ msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #, fuzzy
 #| msgid "-"
@@ -1799,16 +1841,16 @@ msgstr "-"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -1827,7 +1869,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
@@ -1836,32 +1878,89 @@ msgstr ""
 "один раз заводит�� не�колько учётных запи�ей."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr "И�пользовать указанный метод дл� шифровани� паролей."
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
-msgstr "Возможные методы: DES, MD5 и NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+#, fuzzy
+#| msgid "-K <placeholder-1/>=<placeholder-2/>"
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr "-K <placeholder-1/>=<placeholder-2/>"
+
+# type: Content of: <refentry><refsect1><title>
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "ОПИС��ИЕ"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
+msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
-"Возможные методы: DES, MD5, NONE и SHA256 или SHA512, е�ли �ти методы "
-"поддерживает�� libc."
 
 # type: Content of: <refentry><refsect1><itemizedlist><listitem><para>
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 #, fuzzy
 #| msgid "encrypted password"
 msgid "--encrypted"
@@ -1869,18 +1968,18 @@ msgstr "шифрованный пароль"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr "Передаваемые пароли заданы в шифрованном виде."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1891,75 +1990,126 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 msgid "-s"
 msgstr "-s"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr "И�пользовать указанное количе�тво раундов шифровани� паролей."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
-"Значение 0 означает, что �и�тема выберет количе�тво раундов по умолчанию дл� "
-"выбранного метода шифровани� (5000)."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+"По умолчанию, количе�тво раундов определ�ет�� переменными "
+"SHA_CRYPT_MIN_ROUNDS и SHA_CRYPT_MAX_ROUNDS из <filename>/etc/login.defs</"
+"filename>."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr ""
 "Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+"По умолчанию, количе�тво раундов определ�ет�� переменными "
+"SHA_CRYPT_MIN_ROUNDS и SHA_CRYPT_MAX_ROUNDS из <filename>/etc/login.defs</"
+"filename>."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
 msgstr ""
-"Вы можете и�пользовать �тот параметр только при методе шифровани� SHA256 или "
-"SHA512."
+"Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
 #| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
 #| "filename>."
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
 msgstr ""
 "По умолчанию, количе�тво раундов определ�ет�� переменными "
 "SHA_CRYPT_MIN_ROUNDS и SHA_CRYPT_MAX_ROUNDS из <filename>/etc/login.defs</"
 "filename>."
 
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
+msgstr ""
+"Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999."
+
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "ПРЕДОСТЕРЕЖЕ�ИЯ"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
@@ -1968,7 +2118,7 @@ msgstr ""
 "шифрованных файлов другими пользовател�ми."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1981,8 +2131,8 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1990,20 +2140,20 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "�одержит информацию о группах"
@@ -2012,8 +2162,8 @@ msgstr "�одержит информацию о группах"
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -2021,18 +2171,18 @@ msgstr "�одержит информацию о группах"
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "�одержит защищаемую информацию о группах"
 
@@ -2043,12 +2193,12 @@ msgstr "�одержит защищаемую информацию о групп
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -2059,19 +2209,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -2084,22 +2234,22 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
 # type: Content of: <refentry><refnamediv><refpurpose>
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr "обновл�ет пароли в пакетном режиме"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 #, fuzzy
 #| msgid ""
 #| "The <command>chpasswd</command> command reads a list of user name and "
@@ -2118,14 +2268,14 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr "им�_пользовател�"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "By default the passwords must be supplied in clear-text, and are "
@@ -2140,14 +2290,14 @@ msgstr ""
 "дей�тви� парол�, то он будет обновлён."
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -2165,7 +2315,7 @@ msgstr ""
 "<option>-m</option> или <option>-c</option>."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 #, fuzzy
 #| msgid ""
 #| "By default, passwords are encrypted by PAM, but (even if not recommended) "
@@ -2181,14 +2331,14 @@ msgstr ""
 "option>, <option>-m</option> или <option>-c</option>."
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 #, fuzzy
 #| msgid "By default, PAM is used to encrypt the passwords."
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr "По умолчанию, дл� шифровани� паролей и�пользует�� PAM."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 #, fuzzy
 #| msgid ""
 #| "<phrase condition=\"pam\">Except when PAM is used to encrypt the "
@@ -2205,7 +2355,7 @@ msgstr ""
 "никаких ошибок."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "When PAM is used to encrypt the passwords (and update the passwords in "
@@ -2224,17 +2374,17 @@ msgstr ""
 "работу � кодом ошибки."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr "По умолчанию, дл� шифровани� паролей и�пользует�� PAM."
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 #, fuzzy
 #| msgid ""
 #| "By default (if none of the <option>-c</option>, <option>-m</option>, or "
@@ -2252,47 +2402,18 @@ msgstr ""
 "<filename>/etc/login.defs</filename>."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-#, fuzzy
-#| msgid ""
-#| "By default, the number of rounds is defined by the "
-#| "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
-#| "option> variables in <filename>/etc/login.defs</filename>."
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
-"По умолчанию, количе�тво раундов определ�ет�� переменными "
-"<option>SHA_CRYPT_MIN_ROUNDS</option> и <option>SHA_CRYPT_MAX_ROUNDS</"
-"option> в <filename>/etc/login.defs</filename>."
 
 # type: Content of: <refentry><refsect1><para><filename>
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/pam.d/chpasswd"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 #, fuzzy
 #| msgid "PAM configuration for <command>passwd</command>."
 msgid "PAM configuration for <_:command-1/>."
@@ -2305,17 +2426,17 @@ msgstr "на�тройки PAM дл� <command>passwd</command>"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -2326,21 +2447,21 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -2374,8 +2495,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 #, fuzzy
 #| msgid "pw_shell"
 msgid "--shell"
@@ -2383,8 +2504,8 @@ msgstr "pw_shell"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -2425,12 +2546,13 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2464,12 +2586,103 @@ msgstr ""
 "как, е�ли пользователь �лучайно изменит �вою реги�трационную оболочку на �ту "
 "ограниченную оболочку, то не �может во��тановить её первоначальное значение."
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+# type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+# type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr "�одержит �пи�ок разрешённых реги�трационных оболочек"
 
+# type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "�одержит �пи�ок разрешённых реги�трационных оболочек"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+# type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+# type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "Directory containing default files."
+msgid "Directory for additional user defined configuration files."
+msgstr "каталог, �одержащий файлы по умолчанию"
+
 # type: Content of: <refentry><refsect1><para><command>
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
@@ -2488,7 +2701,7 @@ msgstr "проверÑ�ет и изменÑ�ет пароль Ñ�оглаÑ�но пÐ
 
 # type: Content of: <refentry><refsynopsisdiv><cmdsynopsis><arg><replaceable>
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 msgid "option"
 msgstr "параметр"
 
@@ -2533,7 +2746,7 @@ msgstr "Принудительно мен�ет пароль, е�ли его �
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr ""
@@ -2556,7 +2769,7 @@ msgstr "faillog"
 # type: Content of: <refentry><refmeta><refmiscinfo>
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 #, fuzzy
 #| msgid "File Formats and Conversions"
@@ -2681,14 +2894,14 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 msgid "-a"
 msgstr "-a"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -3004,8 +3217,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -3013,31 +3226,31 @@ msgid "login"
 msgstr "login"
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr ""
 
 # type: Content of: <refentry><refnamediv><refpurpose>
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 #, fuzzy
 #| msgid "administer <placeholder-1/>"
 msgid "administer <_:filename-1/>"
 msgstr "управление <placeholder-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 #, fuzzy
 #| msgid "administer <placeholder-1/> and <placeholder-2/>"
 msgid "administer <_:filename-1/> and <_:filename-2/>"
@@ -3048,9 +3261,9 @@ msgstr "управление <placeholder-1/> и <placeholder-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -3059,19 +3272,19 @@ msgid "group"
 msgstr "группа"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 #, fuzzy
 #| msgid "administrators"
 msgid "administrators,"
 msgstr "админи�траторы"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -3080,14 +3293,14 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "-"
 msgid "-A"
 msgstr "-"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 #, fuzzy
 #| msgid ""
 #| "System administrators can use the <option>-A</option> option to define "
@@ -3104,21 +3317,21 @@ msgstr ""
 "группы."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 #, fuzzy
 #| msgid "administrators"
 msgid "a group administrator"
 msgstr "админи�траторы"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 #, fuzzy
 #| msgid "administrators"
 msgid "a system administrator"
 msgstr "админи�траторы"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -3130,8 +3343,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -3140,7 +3353,7 @@ msgid "newgrp"
 msgstr "newgrp"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 #, fuzzy
 #| msgid ""
 #| "If a password is set the members can still use "
@@ -3157,13 +3370,13 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><title>
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr "Замечани� о парол�х групп"
 
 # type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -3174,7 +3387,7 @@ msgstr ""
 "�овме�тной работы различных пользователей."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 #, fuzzy
 #| msgid ""
 #| "Except for the <option>-A</option> and <option>-M</option> options, the "
@@ -3187,12 +3400,12 @@ msgstr ""
 "параметры нельз� и�пользовать вме�те."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr "Параметры не могут быть указаны одновременно."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
@@ -3200,14 +3413,14 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "им�"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 #, fuzzy
 #| msgid ""
 #| "Add the <replaceable>user</replaceable> to the named <replaceable>group</"
@@ -3218,12 +3431,12 @@ msgstr ""
 "<replaceable>группу</replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 #, fuzzy
 #| msgid ""
 #| "Remove the <replaceable>user</replaceable> from the named "
@@ -3235,19 +3448,19 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #, fuzzy
 #| msgid "-"
 msgid "-Q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 #, fuzzy
 #| msgid ""
 #| "Remove the password from the named <replaceable>group</replaceable>. The "
@@ -3264,12 +3477,12 @@ msgstr ""
 "command> дл� входа в указанную <replaceable>группу</replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 #, fuzzy
 #| msgid ""
 #| "Restrict the access to the named <replaceable>group</replaceable>. The "
@@ -3287,14 +3500,14 @@ msgstr ""
 "<replaceable>группу</replaceable>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "administrators"
 msgid "--administrators"
 msgstr "админи�траторы"
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 #, fuzzy
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
@@ -3303,12 +3516,12 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><itemizedlist><listitem><para>
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr "Задать �пи�ок админи�траторов группы."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 #, fuzzy
 #| msgid "members"
 msgid "--members"
@@ -3316,25 +3529,25 @@ msgstr "члены"
 
 # type: Content of: <refentry><refsect1><itemizedlist><listitem><para>
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr "Задать �пи�ок членов группы."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 #, fuzzy
 msgid "and <_:filename-1/> files."
 msgstr "-a <placeholder-1/>"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 #, fuzzy
 #| msgid "file"
 msgid "file."
 msgstr "файл"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 #, fuzzy
 #| msgid ""
 #| "This tool only operates on the <filename>/etc/group</filename><phrase "
@@ -3359,11 +3572,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -3374,11 +3587,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -3389,10 +3602,10 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
@@ -3403,7 +3616,7 @@ msgstr "grpck"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -3411,12 +3624,12 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -3476,8 +3689,8 @@ msgstr "Имена пользователей могут быть длиной Ð
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 msgid "-g"
 msgstr "-g"
@@ -3503,7 +3716,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -3513,8 +3726,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr "GID"
 
@@ -3559,7 +3772,7 @@ msgid "GID_MAX"
 msgstr "GID_MAX GID_MIN"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "See also the <option>-r</option> option and the <option>UID_MAX</option> "
@@ -3572,33 +3785,33 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 #, fuzzy
 #| msgid "-"
 msgid "-K"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr "КЛЮЧ"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "VALUE"
 msgstr "З��ЧЕ�ИЕ"
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>=<_:replaceable-4/>"
 msgstr ""
@@ -3622,14 +3835,14 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 #, fuzzy
 #| msgid "10"
 msgid "100"
 msgstr "10"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -3650,7 +3863,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -3670,7 +3883,7 @@ msgstr ""
 "replaceable>=<replaceable>499</replaceable> пока не работает."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -3691,14 +3904,14 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 # type: Content of: <refentry><refsect1><para><emphasis>
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 #, fuzzy
 #| msgid "passwd"
@@ -3706,7 +3919,7 @@ msgid "--password"
 msgstr "passwd"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -3715,8 +3928,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -3727,11 +3940,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3751,7 +3964,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3772,7 +3985,7 @@ msgstr ""
 "другими пользовател�м в �пи�ке проце��ов."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
@@ -3780,7 +3993,7 @@ msgstr ""
 "Вы должны проверить, что пароль �оответ�твует политике �и�темных паролей."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -3823,45 +4036,10 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-#, fuzzy
-#| msgid "-"
-msgid "-P"
-msgstr "-"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-
-# type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 #, fuzzy
 #| msgid "-"
@@ -3887,7 +4065,7 @@ msgstr "�дмини�траторы могут мен�ть пароль или
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 #, fuzzy
 #| msgid "-"
 msgid "-N"
@@ -3895,15 +4073,15 @@ msgstr "-"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 #, fuzzy
 #| msgid ""
 #| "The default behavior (if the <option>-g</option>, <option>-N</option>, "
@@ -3946,14 +4124,14 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "недопу�тимое значение параметра"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3967,7 +4145,7 @@ msgstr "такой UID уже Ñ�ущеÑ�твует (и не задан параÐ
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3981,7 +4159,7 @@ msgstr "такое им� группы уже и�пользует��"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr "не удало�ь изменить файл групп"
@@ -3994,11 +4172,11 @@ msgstr "не удало�ь изменить файл групп"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
@@ -4010,11 +4188,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -4041,8 +4219,8 @@ msgstr "удал�ет группу"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "ГРУПП�"
 
@@ -4100,14 +4278,14 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "указанна� группа не �уще�твует"
 
@@ -4154,7 +4332,7 @@ msgstr ""
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
@@ -4350,7 +4528,7 @@ msgstr ""
 #| "\t$ groupmems -g groups -a gk4\n"
 #| "    "
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "\n"
@@ -4476,7 +4654,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 #, fuzzy
 #| msgid "-"
 msgid "-n"
@@ -4595,7 +4773,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -4838,7 +5016,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr "файл"
 
@@ -4883,7 +5061,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -4917,8 +5095,8 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 #, fuzzy
 #| msgid "-"
 msgid "-S"
@@ -5193,7 +5371,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -5208,7 +5386,7 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
@@ -5276,7 +5454,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 #, fuzzy
 #| msgid "-"
@@ -5724,7 +5902,7 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr "им�_пользовател�"
 
@@ -6402,8 +6580,8 @@ msgstr "chsh"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -6627,13 +6805,13 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr "�одержит конфигурацию под�и�темы теневых паролей"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 #, fuzzy
 #| msgid ""
 #| "The <filename>/etc/login.defs</filename> file defines the site-specific "
@@ -6652,7 +6830,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -6668,14 +6846,14 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 #, fuzzy
 #| msgid "0"
 msgid "0x"
@@ -6683,7 +6861,7 @@ msgstr "0"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 #, fuzzy
 #| msgid ""
 #| "Parameter values may be of four types: strings, booleans, numbers, and "
@@ -6719,33 +6897,33 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr "Возможны �ледующие параметры на�тройки:"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 #, fuzzy
 #| msgid ""
 #| "<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and "
@@ -6763,13 +6941,13 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr "ПЕРЕКР�СТ�ЫЕ ССЫЛКИ"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -6781,8 +6959,8 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
@@ -6790,60 +6968,76 @@ msgstr "USE_TCB"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr "CHFN_AUTH"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 #| msgid "CHSH_AUTH LOGIN_STRING"
 msgid "LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+#, fuzzy
+#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr "MAX_MEMBERS_PER_GROUP"
 
@@ -6852,29 +7046,29 @@ msgstr "MAX_MEMBERS_PER_GROUP"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 #, fuzzy
 #| msgid "SYSLOG_SG_ENAB"
 msgid "FAILLOG_ENAB"
@@ -6882,36 +7076,36 @@ msgstr "SYSLOG_SG_ENAB"
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 #, fuzzy
 #| msgid "FILE"
 msgid "FTMP_FILE"
 msgstr "Ф�ЙЛ"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -6922,18 +7116,18 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><citerefentry><refentrytitle>
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr "newgrp / sg"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
@@ -6942,10 +7136,11 @@ msgstr "SYSLOG_SG_ENAB"
 #| "phrase> SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
 #| "UMASK"
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
 "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -6953,28 +7148,29 @@ msgstr ""
 "SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 #| "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 #, fuzzy
 #| msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE"
 msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
@@ -6987,7 +7183,7 @@ msgstr "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -7001,7 +7197,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -7009,22 +7205,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -7033,29 +7229,23 @@ msgstr ""
 # type: Content of: <refentry><refsect1><para><citerefentry><refentrytitle>
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 msgid "sulogin"
 msgstr "sulogin"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 #, fuzzy
 #| msgid ""
 #| "CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS "
@@ -7075,12 +7265,12 @@ msgstr ""
 "USE_TCB</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB "
@@ -7093,7 +7283,7 @@ msgstr ""
 "condition=\"tcb\">TCB_SYMLINKS USE_TCB</phrase>"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
@@ -7109,19 +7299,19 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "ОШИБКИ РЕ�ЛИЗ�ЦИИ"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 #, fuzzy
 #| msgid ""
 #| "Much of the functionality that used to be provided by the shadow password "
@@ -7149,14 +7339,14 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #, fuzzy
 #| msgid "pw_name"
 msgid "pam"
 msgstr "pw_name"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -7320,14 +7510,14 @@ msgstr ""
 
 # type: Content of: <refentry><refnamediv><refpurpose>
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr ""
 "обновл�ет и �оздаёт новые учётные запи�и пользователей в пакетном режиме"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 #, fuzzy
 #| msgid ""
 #| "The <command>newusers</command> command reads a <replaceable>file</"
@@ -7350,23 +7540,23 @@ msgstr ""
 "citerefentry>) за и�ключением:"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr "pw_name"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr "Им� пользовател�."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "It can be the name of a new user or the name of an existing user (or an "
@@ -7385,13 +7575,13 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><emphasis>
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_passwd"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
@@ -7401,17 +7591,17 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
 msgstr " pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr "Это поле и�пользует�� дл� определени� UID пользовател�."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 #, fuzzy
 #| msgid ""
 #| "If the field is empty, an new (unused) UID will be defined automatically "
@@ -7424,13 +7614,13 @@ msgstr ""
 "определ�ет�� новый (неи�пользованный) UID."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr ""
 "Е�ли в �том поле указано чи�ло, то оно будет и�пользовано в каче�тве UID."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing user (or the name of an "
@@ -7446,7 +7636,7 @@ msgstr ""
 "пользовател�."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
@@ -7456,18 +7646,18 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr ""
 "Это поле и�пользует�� дл� определени� ID первичной группы пользовател�."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing group (or a group created "
@@ -7483,7 +7673,7 @@ msgstr ""
 "пользовател� будет и�пользован GID �той группы."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -7494,7 +7684,7 @@ msgstr ""
 "�оздана нова� группа � �тим GID и именем пользовател�."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 #, fuzzy
 #| msgid ""
 #| "If this field is empty, a new group will be created with the name of the "
@@ -7512,7 +7702,7 @@ msgstr ""
 "группы)."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of a group which does not exist (and was "
@@ -7533,33 +7723,33 @@ msgstr ""
 "и GID новой группы)."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr "pw_gecos"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr "Это поле копирует�� в поле GECOS запи�и пользовател�."
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><emphasis>
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr "pw_dir"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr "Это поле и�пользует�� дл� определени� домашнего каталога пользовател�."
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -7572,7 +7762,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 #, fuzzy
 #| msgid ""
 #| "If the home directory of an existing user is changed, <command>newusers</"
@@ -7588,12 +7778,12 @@ msgstr ""
 "каталога в новое ме�то. Это нужно выполнить вручную."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr "pw_shell"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
@@ -7602,7 +7792,7 @@ msgstr ""
 "делает��."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "<command>newusers</command> first tries to create or change all the "
@@ -7621,7 +7811,7 @@ msgstr ""
 "запи�и в базы данных), то изменени� в базы не �охран�ют��."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -7635,7 +7825,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
@@ -7644,48 +7834,57 @@ msgstr ""
 "один раз обновл�ет�� не�колько учётных запи�ей."
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+"Возможные методы: DES, MD5, NONE и SHA256 или SHA512, е�ли �ти методы "
+"поддерживает�� libc."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr "Создать �и�темную учётную запи�ь."
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 #, fuzzy
 #| msgid ""
 #| "System users will be created with no aging information in <filename>/etc/"
@@ -7707,9 +7906,45 @@ msgstr ""
 "<option>UID_MAX</option> (�то же ка�ает�� и ча�ти � <option>GID</option> при "
 "�оздании групп)."
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr ""
+"Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr ""
+"Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr ""
+"Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999."
+
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
@@ -7718,44 +7953,44 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><filename>
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr "/etc/pam.d/newusers"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subgid"
@@ -7763,16 +7998,16 @@ msgstr "/etc/suauth"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -7831,13 +8066,13 @@ msgstr "Программа <command>nologin</command> впервые поÑ�виÐ
 
 # type: Content of: <refentry><refnamediv><refpurpose>
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "измен�ет пароль пользовател�"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 #, fuzzy
 #| msgid ""
 #| "The <command>passwd</command> command changes passwords for user "
@@ -7859,13 +8094,13 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><title>
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr "Изменение парол�"
 
 # type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -7879,7 +8114,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 #, fuzzy
 #| msgid ""
 #| "After the password has been entered, password aging information is "
@@ -7898,7 +8133,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -7908,67 +8143,28 @@ msgstr ""
 "ввода �равнивает�� � первым и дл� изменени� пароли из обеих попыток должны "
 "�овпа�ть."
 
-# type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
-msgstr ""
-"Затем пароль те�тирует�� на �ложно�ть подбора. Согла�но общим принципам, "
-"пароли должны быть длиной от 6 до 8 �имволов и включать один или более "
-"�имволов каждого типа:"
-
-# type: Content of: <refentry><refsect1><refsect2><itemizedlist><listitem><para>
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr "�трочные буквы"
-
-# type: Content of: <refentry><refsect1><refsect2><itemizedlist><listitem><para>
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr "цифры от 0 до 9"
-
-# type: Content of: <refentry><refsect1><refsect2><itemizedlist><listitem><para>
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr "знаки пунктуации"
-
-# type: Content of: <refentry><refsect1><refsect2><para>
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-#, fuzzy
-#| msgid ""
-#| "Care must be taken not to include the system default erase or kill "
-#| "characters. <command>passwd</command> will reject any password which is "
-#| "not suitably complex."
+#: passwd.1.xml.out:98
 msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
-"�е включайте �и�темные �имволы �тирани� и удалени�. Программа "
-"<command>passwd</command> не примет пароль, который не имеет до�таточной "
-"�ложно�ти."
 
 # type: Content of: <refentry><refsect1><refsect2><title>
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr "Выбор парол�"
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 #, fuzzy
 #| msgid ""
 #| "The security of a password depends upon the strength of the encryption "
@@ -7992,7 +8188,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -8008,7 +8204,19 @@ msgstr ""
 "�том легко догадать��, что приведёт к нарушению безопа�но�ти �и�темы."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 #, fuzzy
 #| msgid ""
 #| "You can find advices on how to choose a strong password on http://en."
@@ -8021,7 +8229,7 @@ msgstr ""
 "Сложно�ть_парол�."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 #, fuzzy
 #| msgid ""
 #| "This option can be used only with <option>-S</option> and causes show "
@@ -8035,7 +8243,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
@@ -8046,7 +8254,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><command>
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 #, fuzzy
 #| msgid "expiry"
 msgid "--expire"
@@ -8054,7 +8262,7 @@ msgstr "expiry"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
@@ -8064,7 +8272,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 #, fuzzy
 #| msgid ""
 #| "This option is used to disable an account after the password has been "
@@ -8085,20 +8293,20 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 #, fuzzy
 #| msgid "-"
 msgid "-k"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
@@ -8109,13 +8317,13 @@ msgstr ""
 "ключи нетронутыми."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
@@ -8126,12 +8334,12 @@ msgstr ""
 "паролем (добавл�ет�� �имвол «!» в начало парол�)."
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 #, fuzzy
 #| msgid ""
 #| "Note that this does not disable the account. The user may still be able "
@@ -8151,56 +8359,56 @@ msgstr ""
 "у�тановит дату у�таревани� учётной запи�ь равной 2 �нвар� 1970 года)."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr "По�етитель � заблокированным паролем не может изменить �вой пароль."
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><option>
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "-q"
 msgstr "-q"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "�е выводить �ообщений при работе."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 #, fuzzy
 #| msgid "EDITOR"
 msgid "REPOSITORY"
 msgstr "EDITOR"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 #, fuzzy
 #| msgid "change password in <replaceable>REPOSITORY</replaceable> repository"
 msgid "change password in <_:replaceable-1/> repository"
 msgstr "Изменить пароль в <replaceable>РЕПОЗИТОРИИ</replaceable>."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -8218,13 +8426,13 @@ msgstr ""
 "предупреждени� и период неактивно�ти парол�. Эти �роки измер�ют�� в дн�х."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 #, fuzzy
 #| msgid ""
 #| "Unlock the password of the named account. This option re-enables a "
@@ -8241,7 +8449,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -8260,7 +8468,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 #, fuzzy
 #| msgid "-"
 msgid "-x"
@@ -8268,7 +8476,7 @@ msgstr "-"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 #, fuzzy
 #| msgid ""
 #| "Set the maximum number of days a password remains valid. After "
@@ -8281,9 +8489,21 @@ msgstr ""
 "У�тановить мак�имальное количе�тво дней, в течении которых пароль о�таёт�� "
 "рабочим. По�ле <replaceable>М�КС_Д�ЕЙ</replaceable> пароль нужно изменить."
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
@@ -8293,7 +8513,7 @@ msgstr ""
 "нормально работало�ь."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
@@ -8302,7 +8522,7 @@ msgstr ""
 "не вошли на �ервер NIS."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 #, fuzzy
 #| msgid ""
 #| "<command>passwd</command> uses PAM to authenticate users and to change "
@@ -8315,25 +8535,25 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><filename>
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/pam.d/passwd"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "недопу�тима� комбинаци� параметров"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "неожиданна� ошибка при работе, ничего не �делано"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 #, fuzzy
 #| msgid "unexpected failure, <filename>passwd</filename> file missing"
 msgid "unexpected failure, <_:filename-1/> file missing"
@@ -8342,18 +8562,33 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 #, fuzzy
 #| msgid "<filename>passwd</filename> file busy, try again"
 msgid "<_:filename-1/> file busy, try again"
 msgstr ""
 "файл <filename>passwd</filename> зан�т другой программой, попробуйте ещё раз"
 
+# type: Content of: <refentry><refsect1><para><emphasis>
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:494
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:517
+msgid ""
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 # type: Content of: <refentry><refnamediv><refpurpose>
@@ -10585,6 +10820,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -11070,7 +11310,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -11115,7 +11355,7 @@ msgstr ""
 "<option>USERGROUPS_ENAB</option>)."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
@@ -11123,7 +11363,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 #, fuzzy
 #| msgid "MAIL_DIR"
 msgid "BASE_DIR"
@@ -11161,7 +11401,7 @@ msgstr ""
 "�уще�твовать."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
@@ -11169,11 +11409,11 @@ msgstr ""
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -11288,7 +11528,7 @@ msgstr ""
 "формате <emphasis remap=\"I\">ГГГГ-ММ-ДД</emphasis>."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -11339,7 +11579,7 @@ msgstr ""
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -11463,6 +11703,13 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "ГРУПП�"
+
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
@@ -11478,7 +11725,9 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 "Спи�ок дополнительных групп, в которых чи�лит�� пользователь. Перечи�ление "
 "групп о�уще�твл�ет�� через зап�тую, без промежуточных пробелов. �а указанные "
@@ -11487,20 +11736,20 @@ msgstr ""
 "группу."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><emphasis>
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 #, fuzzy
 #| msgid "MAIL_DIR"
 msgid "SKEL_DIR"
 msgstr "MAIL_DIR"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 #, fuzzy
 #| msgid ""
 #| "The skeleton directory, which contains files and directories to be copied "
@@ -11517,12 +11766,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 #, fuzzy
 #| msgid ""
 #| "This option is only valid if the <option>-m</option> (or <option>--create-"
@@ -11535,20 +11784,20 @@ msgstr ""
 "(или <option>--create-home</option>)."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "If this option is not set, the skeleton directory is defined by the "
@@ -11563,24 +11812,24 @@ msgstr ""
 "или равен <filename>/etc/skel</filename> (по умолчанию)."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr "Е�ли возможно, выполн�ет�� копирование ACL и ра�ширенных атрибутов."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -11589,17 +11838,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr "�е добавл�ть пользовател� в базы данных lastlog и faillog."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 #, fuzzy
 #| msgid ""
 #| "By default, the user's entries in the lastlog and faillog databases are "
@@ -11613,12 +11862,12 @@ msgstr ""
 "ранее удалённого пользовател�."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -11626,7 +11875,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "Create the user's home directory if it does not exist. The files and "
@@ -11643,12 +11892,12 @@ msgstr ""
 "каталог."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 #, fuzzy
 #| msgid ""
 #| "By default, if this option is not specified and <option>CREATE_HOME</"
@@ -11661,7 +11910,7 @@ msgstr ""
 "<option>CREATE_HOME</option>, домашний каталог не �оздаёт��."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -11669,12 +11918,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 #, fuzzy
 #| msgid ""
 #| "Do no create the user's home directory, even if the system wide setting "
@@ -11689,12 +11938,12 @@ msgstr ""
 "(<option>CREATE_HOME</option>) равно <replaceable>yes</replaceable>."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 #, fuzzy
 #| msgid ""
 #| "Do not create a group with the same name as the user, but add the user to "
@@ -11713,7 +11962,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 #, fuzzy
 #| msgid ""
 #| "Allow the creation of a user account with a duplicate (non-unique) UID."
@@ -11721,7 +11970,7 @@ msgid "allows the creation of an account with an already existing UID."
 msgstr "Разрешить �оздание учётной запи�и � уже имеющим�� (не уникальным) UID."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -11731,7 +11980,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -11739,7 +11988,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -11748,7 +11997,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 #, fuzzy
 #| msgid ""
 #| "<emphasis role=\"bold\">Note:</emphasis> This option is not recommended "
@@ -11763,7 +12012,7 @@ msgstr ""
 "другими пользовател�м в �пи�ке проце��ов."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -11784,7 +12033,7 @@ msgstr ""
 "option>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -11804,7 +12053,7 @@ msgstr ""
 "option>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -11813,13 +12062,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><replaceable>
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 #, fuzzy
 #| msgid "GID"
 msgid "UID"
@@ -11827,7 +12076,7 @@ msgstr "GID"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 #, fuzzy
 #| msgid ""
 #| "The numerical value of the user's ID. This value must be unique, unless "
@@ -11847,12 +12096,12 @@ msgstr ""
 "пользователей."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
@@ -11862,44 +12111,66 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para><option>
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 #, fuzzy
 #| msgid "-"
 msgid "-Z"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 # type: Content of: <refentry><refsect1><refsect2><title>
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr "Изменение значений по умолчанию"
 
 # type: Content of: <refentry><refsect1><refsect2><para>
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 #, fuzzy
 #| msgid ""
 #| "When invoked with only the <option>-D</option> option, <command>useradd</"
@@ -11920,7 +12191,7 @@ msgstr ""
 "�тих указанных параметров. Измен�емые параметры:"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 #, fuzzy
 #| msgid ""
 #| "The path prefix for a new user's home directory. The user's name will be "
@@ -11939,8 +12210,8 @@ msgstr ""
 "учётной запи�и не указан параметр <option>-d</option>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 #, fuzzy
 #| msgid ""
 #| "This option sets the <option>HOME</option> variable in <filename>/etc/"
@@ -11952,14 +12223,14 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 #, fuzzy
 #| msgid "The date on which the user account is disabled."
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr "Дата, когда учётна� запи�ь пользовател� заблокирована."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -11968,7 +12239,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 #, fuzzy
 #| msgid ""
 #| "The group name or ID for a new user's initial group. The named group must "
@@ -11983,26 +12254,26 @@ msgstr ""
 "запи�ь."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "З�МЕЧ��ИЯ"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 #, fuzzy
 #| msgid ""
 #| "The system administrator is responsible for placing the default user "
@@ -12021,7 +12292,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
@@ -12031,7 +12302,7 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 #, fuzzy
 #| msgid ""
 #| "Similarly, if the username already exists in an external user database "
@@ -12046,12 +12317,12 @@ msgstr ""
 "запи�ь пользовател�."
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -12063,50 +12334,50 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><para>
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
-msgstr "Имена пользователей могут быть длиной не более 32 знаков."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
+msgstr "Имена пользователей могут быть длиной не более 256 знаков."
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "значени� по умолчанию дл� �оздаваемой учётной запи�и"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><term><filename>
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><title>
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "П�Р�МЕТРЫ"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 # type: Content of: <refentry><refsect1><para><citerefentry><refentrytitle>
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-pre.d"
@@ -12114,14 +12385,14 @@ msgstr "useradd"
 
 # type: Content of: <refentry><refsect1><para><citerefentry><refentrytitle>
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-post.d"
 msgstr "useradd"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -12132,19 +12403,19 @@ msgstr ""
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr "каталог, �одержащий файлы по умолчанию"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr "не удало�ь изменить файл паролей"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
@@ -12152,7 +12423,7 @@ msgstr "такой UID уже Ñ�ущеÑ�твует (и не задан параÐ
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "group name already in use"
 msgid "username or group name already in use"
@@ -12160,25 +12431,25 @@ msgstr "такое им� группы уже и�пользует��"
 
 # type: Content of: <refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr "не удало�ь �оздать домашний каталог"
 
 # type: Content of: <refentry><refmeta><manvolnum>
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 #, fuzzy
 #| msgid "1"
 msgid "14"
 msgstr "1"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -13080,8 +13351,15 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
+msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
 #, fuzzy
 #| msgid ""
 #| "You must make certain that the named user is not executing any processes "
@@ -13104,17 +13382,17 @@ msgstr ""
 "�огла�но данным utmp."
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "You must change the owner of any <command>crontab</command> files or "
@@ -13127,13 +13405,13 @@ msgstr ""
 "или заданий <command>at</command>."
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr "Вы должны �делать в�е изменени� NIS на �ервере NIS �амо�то�тельно."
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
@@ -13141,15 +13419,15 @@ msgstr "�одержит информацию о группах"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
+msgid "Secure group account information"
 msgstr "�одержит защищаемую информацию о группах"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 #, fuzzy
 #| msgid "Shadow password suite configuration."
 msgid "Shadow password suite configuration"
@@ -13157,7 +13435,7 @@ msgstr "Ñ�одержит конфигурацию подÑ�иÑ�темы тенеÐ
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
@@ -13165,19 +13443,19 @@ msgstr "�одержит информацию о пользовател�х"
 
 # type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
 msgstr "�одержит защищаемую информацию о пользовател�х"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr ""
 
@@ -13235,7 +13513,7 @@ msgstr "vipw"
 #| "envar>, and finally the default editor, <citerefentry><refentrytitle>vi</"
 #| "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -15181,6 +15459,38 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>sulogin</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
+# type: Content of: <refentry><refsect1><refsect2><para>
+#~ msgid ""
+#~ "Then, the password is tested for complexity. As a general guideline, "
+#~ "passwords should consist of 6 to 8 characters including one or more "
+#~ "characters from each of the following sets:"
+#~ msgstr ""
+#~ "Затем пароль те�тирует�� на �ложно�ть подбора. Согла�но общим принципам, "
+#~ "пароли должны быть длиной от 6 до 8 �имволов и включать один или более "
+#~ "�имволов каждого типа:"
+
+# type: Content of: <refentry><refsect1><refsect2><itemizedlist><listitem><para>
+#~ msgid "lower case alphabetics"
+#~ msgstr "�трочные буквы"
+
+# type: Content of: <refentry><refsect1><refsect2><itemizedlist><listitem><para>
+#~ msgid "digits 0 thru 9"
+#~ msgstr "цифры от 0 до 9"
+
+# type: Content of: <refentry><refsect1><refsect2><itemizedlist><listitem><para>
+#~ msgid "punctuation marks"
+#~ msgstr "знаки пунктуации"
+
+# type: Content of: <refentry><refsect1><refsect2><para>
+#~ msgid ""
+#~ "Care must be taken not to include the system default erase or kill "
+#~ "characters. <command>passwd</command> will reject any password which is "
+#~ "not suitably complex."
+#~ msgstr ""
+#~ "�е включайте �и�темные �имволы �тирани� и удалени�. Программа "
+#~ "<command>passwd</command> не примет пароль, который не имеет до�таточной "
+#~ "�ложно�ти."
+
 #~ msgid "<option>-d</option>, <option>--delete</option>"
 #~ msgstr "<option>-d</option>, <option>--delete</option>"
 
@@ -15472,6 +15782,18 @@ msgstr ""
 #~ msgid "<option>-s</option>, <option>--sha-rounds</option>"
 #~ msgstr "<option>-s</option>, <option>--sha-rounds</option>"
 
+#~ msgid ""
+#~ "The value 0 means that the system will choose the default number of "
+#~ "rounds for the crypt method (5000)."
+#~ msgstr ""
+#~ "Значение 0 означает, что �и�тема выберет количе�тво раундов по умолчанию "
+#~ "дл� выбранного метода шифровани� (5000)."
+
+#~ msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#~ msgstr ""
+#~ "Вы можете и�пользовать �тот параметр только при методе шифровани� SHA256 "
+#~ "или SHA512."
+
 #~ msgid "PAM configuration for <command>newusers</command>."
 #~ msgstr "на�тройки PAM дл� <command>newusers</command>"
 
@@ -16629,6 +16951,9 @@ msgstr ""
 #~ "<option>-c</option>, <option>--crypt-method</option>&nbsp;"
 #~ "<replaceable>МЕТОД</replaceable>"
 
+#~ msgid "The available methods are DES, MD5, and NONE."
+#~ msgstr "Возможные методы: DES, MD5 и NONE."
+
 #~ msgid "<option>-e</option>, <option>--encrypted</option>"
 #~ msgstr "<option>-e</option>, <option>--encrypted</option>"
 
@@ -16642,6 +16967,15 @@ msgstr ""
 #~ "<option>-s</option>, <option>--sha-rounds</option>&nbsp;"
 #~ "<replaceable>Р�У�ДОВ</replaceable>"
 
+#~ msgid ""
+#~ "By default, the number of rounds is defined by the "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> variables in <filename>/etc/login.defs</filename>."
+#~ msgstr ""
+#~ "По умолчанию, количе�тво раундов определ�ет�� переменными "
+#~ "<option>SHA_CRYPT_MIN_ROUNDS</option> и <option>SHA_CRYPT_MAX_ROUNDS</"
+#~ "option> в <filename>/etc/login.defs</filename>."
+
 #~ msgid "PAM configuration for <command>chpasswd</command>."
 #~ msgstr "на�тройки PAM дл� <command>chpasswd</command>"
 
@@ -17315,9 +17649,6 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>5</"
 #~ "manvolnum></citerefentry>."
 
-#~ msgid "-K <placeholder-1/>=<placeholder-2/>"
-#~ msgstr "-K <placeholder-1/>=<placeholder-2/>"
-
 #, fuzzy
 #~ msgid "<option>-M</option>&nbsp;<replaceable>user</replaceable>,..."
 #~ msgstr ""
diff --git a/man/po/shadow-man-pages.pot b/man/po/shadow-man-pages.pot
index b2ab03c..e4634bc 100644
--- a/man/po/shadow-man-pages.pot
+++ b/man/po/shadow-man-pages.pot
@@ -1,7 +1,8 @@
+# To re-generate, run "cd man/po; make update-po"
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -12,7 +13,7 @@ msgstr ""
 #. (itstool) path: author/firstname
 #: chage.1.xml.out:16
 #: chfn.1.xml.out:18
-#: chpasswd.8.xml.out:19
+#: chpasswd.8.xml.out:21
 #: chsh.1.xml.out:18
 #: expiry.1.xml.out:19
 #: faillog.5.xml.out:15
@@ -24,11 +25,11 @@ msgstr ""
 #: grpck.8.xml.out:15
 #: lastlog.8.xml.out:17
 #: login.1.xml.out:48
-#: login.defs.5.xml.out:84
+#: login.defs.5.xml.out:86
 #: logoutd.8.xml.out:15
 #: newgrp.1.xml.out:16
-#: newusers.8.xml.out:31
-#: passwd.1.xml.out:22
+#: newusers.8.xml.out:33
+#: passwd.1.xml.out:24
 #: passwd.5.xml.out:15
 #: porttime.5.xml.out:15
 #: pwck.8.xml.out:22
@@ -45,7 +46,7 @@ msgstr ""
 #. (itstool) path: author/surname
 #: chage.1.xml.out:17
 #: chfn.1.xml.out:19
-#: chpasswd.8.xml.out:20
+#: chpasswd.8.xml.out:22
 #: chsh.1.xml.out:19
 #: expiry.1.xml.out:20
 #: faillog.5.xml.out:16
@@ -57,11 +58,11 @@ msgstr ""
 #: grpck.8.xml.out:16
 #: lastlog.8.xml.out:18
 #: login.1.xml.out:49
-#: login.defs.5.xml.out:85
+#: login.defs.5.xml.out:87
 #: logoutd.8.xml.out:16
 #: newgrp.1.xml.out:17
-#: newusers.8.xml.out:32
-#: passwd.1.xml.out:23
+#: newusers.8.xml.out:34
+#: passwd.1.xml.out:25
 #: passwd.5.xml.out:16
 #: porttime.5.xml.out:16
 #: pwck.8.xml.out:23
@@ -86,13 +87,13 @@ msgstr ""
 #. (itstool) path: author/firstname
 #: chage.1.xml.out:21
 #: chfn.1.xml.out:23
-#: chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24
+#: chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26
 #: chsh.1.xml.out:23
 #: expiry.1.xml.out:24
 #: faillog.5.xml.out:20
 #: faillog.8.xml.out:20
-#: gpasswd.1.xml.out:25
+#: gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23
 #: groupdel.8.xml.out:21
 #: groupmems.8.xml.out:24
@@ -103,11 +104,11 @@ msgstr ""
 #: limits.5.xml.out:22
 #: login.1.xml.out:53
 #: login.access.5.xml.out:21
-#: login.defs.5.xml.out:89
+#: login.defs.5.xml.out:91
 #: logoutd.8.xml.out:20
 #: newgrp.1.xml.out:21
-#: newusers.8.xml.out:36
-#: passwd.1.xml.out:27
+#: newusers.8.xml.out:38
+#: passwd.1.xml.out:29
 #: passwd.5.xml.out:20
 #: porttime.5.xml.out:20
 #: pwck.8.xml.out:27
@@ -127,13 +128,13 @@ msgstr ""
 #. (itstool) path: author/surname
 #: chage.1.xml.out:22
 #: chfn.1.xml.out:24
-#: chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25
+#: chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27
 #: chsh.1.xml.out:24
 #: expiry.1.xml.out:25
 #: faillog.5.xml.out:21
 #: faillog.8.xml.out:21
-#: gpasswd.1.xml.out:26
+#: gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24
 #: groupdel.8.xml.out:22
 #: groupmems.8.xml.out:25
@@ -144,11 +145,11 @@ msgstr ""
 #: limits.5.xml.out:23
 #: login.1.xml.out:54
 #: login.access.5.xml.out:22
-#: login.defs.5.xml.out:90
+#: login.defs.5.xml.out:92
 #: logoutd.8.xml.out:21
 #: newgrp.1.xml.out:22
-#: newusers.8.xml.out:37
-#: passwd.1.xml.out:28
+#: newusers.8.xml.out:39
+#: passwd.1.xml.out:30
 #: passwd.5.xml.out:21
 #: porttime.5.xml.out:21
 #: pwck.8.xml.out:28
@@ -168,13 +169,13 @@ msgstr ""
 #. (itstool) path: author/email
 #: chage.1.xml.out:23
 #: chfn.1.xml.out:25
-#: chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26
+#: chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28
 #: chsh.1.xml.out:25
 #: expiry.1.xml.out:26
 #: faillog.5.xml.out:22
 #: faillog.8.xml.out:22
-#: gpasswd.1.xml.out:27
+#: gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25
 #: groupdel.8.xml.out:23
 #: groupmems.8.xml.out:26
@@ -185,11 +186,11 @@ msgstr ""
 #: limits.5.xml.out:24
 #: login.1.xml.out:55
 #: login.access.5.xml.out:23
-#: login.defs.5.xml.out:91
+#: login.defs.5.xml.out:93
 #: logoutd.8.xml.out:22
 #: newgrp.1.xml.out:23
-#: newusers.8.xml.out:38
-#: passwd.1.xml.out:29
+#: newusers.8.xml.out:40
+#: passwd.1.xml.out:31
 #: passwd.5.xml.out:22
 #: porttime.5.xml.out:22
 #: pwck.8.xml.out:29
@@ -209,12 +210,12 @@ msgstr ""
 #. (itstool) path: author/contrib
 #: chage.1.xml.out:24
 #: chfn.1.xml.out:26
-#: chpasswd.8.xml.out:27
+#: chpasswd.8.xml.out:29
 #: chsh.1.xml.out:26
 #: expiry.1.xml.out:27
 #: faillog.5.xml.out:23
 #: faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28
+#: gpasswd.1.xml.out:30
 #: groupadd.8.xml.out:26
 #: groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27
@@ -225,11 +226,11 @@ msgstr ""
 #: limits.5.xml.out:25
 #: login.1.xml.out:56
 #: login.access.5.xml.out:24
-#: login.defs.5.xml.out:92
+#: login.defs.5.xml.out:94
 #: logoutd.8.xml.out:23
 #: newgrp.1.xml.out:24
-#: newusers.8.xml.out:39
-#: passwd.1.xml.out:30
+#: newusers.8.xml.out:41
+#: passwd.1.xml.out:32
 #: passwd.5.xml.out:23
 #: porttime.5.xml.out:23
 #: pwck.8.xml.out:30
@@ -249,13 +250,13 @@ msgstr ""
 #. (itstool) path: author/firstname
 #: chage.1.xml.out:27
 #: chfn.1.xml.out:29
-#: chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30
+#: chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32
 #: chsh.1.xml.out:29
 #: expiry.1.xml.out:30
 #: faillog.5.xml.out:26
 #: faillog.8.xml.out:26
-#: gpasswd.1.xml.out:31
+#: gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29
 #: groupdel.8.xml.out:27
 #: groupmems.8.xml.out:30
@@ -267,12 +268,12 @@ msgstr ""
 #: limits.5.xml.out:28
 #: login.1.xml.out:59
 #: login.access.5.xml.out:27
-#: login.defs.5.xml.out:95
+#: login.defs.5.xml.out:97
 #: logoutd.8.xml.out:26
 #: newgrp.1.xml.out:27
-#: newusers.8.xml.out:42
+#: newusers.8.xml.out:44
 #: nologin.8.xml.out:15
-#: passwd.1.xml.out:33
+#: passwd.1.xml.out:35
 #: passwd.5.xml.out:26
 #: porttime.5.xml.out:26
 #: pwck.8.xml.out:33
@@ -292,13 +293,13 @@ msgstr ""
 #. (itstool) path: author/surname
 #: chage.1.xml.out:28
 #: chfn.1.xml.out:30
-#: chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31
+#: chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33
 #: chsh.1.xml.out:30
 #: expiry.1.xml.out:31
 #: faillog.5.xml.out:27
 #: faillog.8.xml.out:27
-#: gpasswd.1.xml.out:32
+#: gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30
 #: groupdel.8.xml.out:28
 #: groupmems.8.xml.out:31
@@ -310,12 +311,12 @@ msgstr ""
 #: limits.5.xml.out:29
 #: login.1.xml.out:60
 #: login.access.5.xml.out:28
-#: login.defs.5.xml.out:96
+#: login.defs.5.xml.out:98
 #: logoutd.8.xml.out:27
 #: newgrp.1.xml.out:28
-#: newusers.8.xml.out:43
+#: newusers.8.xml.out:45
 #: nologin.8.xml.out:16
-#: passwd.1.xml.out:34
+#: passwd.1.xml.out:36
 #: passwd.5.xml.out:27
 #: porttime.5.xml.out:27
 #: pwck.8.xml.out:34
@@ -335,13 +336,13 @@ msgstr ""
 #. (itstool) path: author/email
 #: chage.1.xml.out:29
 #: chfn.1.xml.out:31
-#: chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32
+#: chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34
 #: chsh.1.xml.out:31
 #: expiry.1.xml.out:32
 #: faillog.5.xml.out:28
 #: faillog.8.xml.out:28
-#: gpasswd.1.xml.out:33
+#: gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31
 #: groupdel.8.xml.out:29
 #: groupmems.8.xml.out:32
@@ -353,12 +354,12 @@ msgstr ""
 #: limits.5.xml.out:30
 #: login.1.xml.out:61
 #: login.access.5.xml.out:29
-#: login.defs.5.xml.out:97
+#: login.defs.5.xml.out:99
 #: logoutd.8.xml.out:28
 #: newgrp.1.xml.out:29
-#: newusers.8.xml.out:44
+#: newusers.8.xml.out:46
 #: nologin.8.xml.out:17
-#: passwd.1.xml.out:35
+#: passwd.1.xml.out:37
 #: passwd.5.xml.out:28
 #: porttime.5.xml.out:28
 #: pwck.8.xml.out:35
@@ -378,13 +379,13 @@ msgstr ""
 #. (itstool) path: author/contrib
 #: chage.1.xml.out:30
 #: chfn.1.xml.out:32
-#: chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33
+#: chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35
 #: chsh.1.xml.out:32
 #: expiry.1.xml.out:33
 #: faillog.5.xml.out:29
 #: faillog.8.xml.out:29
-#: gpasswd.1.xml.out:34
+#: gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32
 #: groupdel.8.xml.out:30
 #: groupmems.8.xml.out:33
@@ -396,12 +397,12 @@ msgstr ""
 #: limits.5.xml.out:31
 #: login.1.xml.out:62
 #: login.access.5.xml.out:30
-#: login.defs.5.xml.out:98
+#: login.defs.5.xml.out:100
 #: logoutd.8.xml.out:29
 #: newgrp.1.xml.out:30
-#: newusers.8.xml.out:45
+#: newusers.8.xml.out:47
 #: nologin.8.xml.out:18
-#: passwd.1.xml.out:36
+#: passwd.1.xml.out:38
 #: passwd.5.xml.out:29
 #: porttime.5.xml.out:29
 #: pwck.8.xml.out:36
@@ -429,12 +430,12 @@ msgstr ""
 #: chage.1.xml.out:46
 #: chage.1.xml.out:59
 #: chage.1.xml.out:69
-#: chage.1.xml.out:216
-#: chage.1.xml.out:226
-#: chage.1.xml.out:236
+#: chage.1.xml.out:231
 #: chage.1.xml.out:241
-#: chage.1.xml.out:285
-#: login.defs.5.xml.out:233
+#: chage.1.xml.out:251
+#: chage.1.xml.out:256
+#: chage.1.xml.out:300
+#: login.defs.5.xml.out:237
 #: shadow.5.xml.out:262
 msgid "chage"
 msgstr ""
@@ -444,19 +445,19 @@ msgstr ""
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:35
-#: chage.1.xml.out:294
+#: chage.1.xml.out:309
 #: chfn.1.xml.out:37
 #: chfn.1.xml.out:65
 #: chfn.1.xml.out:205
-#: chgpasswd.8.xml.out:217
-#: chpasswd.8.xml.out:265
+#: chgpasswd.8.xml.out:245
+#: chpasswd.8.xml.out:307
 #: chsh.1.xml.out:37
-#: chsh.1.xml.out:171
+#: chsh.1.xml.out:212
 #: expiry.1.xml.out:38
 #: faillog.8.xml.out:235
-#: gpasswd.1.xml.out:39
-#: gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277
+#: gpasswd.1.xml.out:41
+#: gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279
 #: groupadd.8.xml.out:345
 #: groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351
@@ -482,22 +483,23 @@ msgstr ""
 #: login.1.xml.out:383
 #: login.1.xml.out:386
 #: login.access.5.xml.out:112
-#: login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518
-#: login.defs.5.xml.out:520
-#: login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533
-#: login.defs.5.xml.out:536
+#: login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537
+#: login.defs.5.xml.out:539
+#: login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552
+#: login.defs.5.xml.out:555
 #: newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130
 #: newgrp.1.xml.out:133
 #: newgrp.1.xml.out:136
 #: newgrp.1.xml.out:139
 #: newgrp.1.xml.out:142
-#: newusers.8.xml.out:456
+#: newusers.8.xml.out:477
 #: nologin.8.xml.out:60
-#: passwd.1.xml.out:41
-#: passwd.1.xml.out:431
+#: passwd.1.xml.out:43
+#: passwd.1.xml.out:453
+#: passwd.1.xml.out:499
 #: passwd.5.xml.out:118
 #: passwd.5.xml.out:173
 #: passwd.5.xml.out:179
@@ -521,19 +523,19 @@ msgstr ""
 #: su.1.xml.out:421
 #: su.1.xml.out:424
 #: suauth.5.xml.out:201
-#: useradd.8.xml.out:817
-#: useradd.8.xml.out:878
-#: useradd.8.xml.out:881
-#: useradd.8.xml.out:884
+#: useradd.8.xml.out:837
+#: useradd.8.xml.out:898
+#: useradd.8.xml.out:901
+#: useradd.8.xml.out:904
 #: userdel.8.xml.out:241
 #: userdel.8.xml.out:310
 #: userdel.8.xml.out:313
 #: userdel.8.xml.out:316
 #: usermod.8.xml.out:105
 #: usermod.8.xml.out:244
-#: usermod.8.xml.out:605
-#: usermod.8.xml.out:608
-#: usermod.8.xml.out:611
+#: usermod.8.xml.out:622
+#: usermod.8.xml.out:625
+#: usermod.8.xml.out:628
 #: vipw.8.xml.out:78
 #: vipw.8.xml.out:205
 msgid "1"
@@ -544,11 +546,11 @@ msgstr ""
 #: chfn.1.xml.out:38
 #: chsh.1.xml.out:38
 #: expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40
+#: gpasswd.1.xml.out:42
 #: groups.1.xml.out:35
 #: login.1.xml.out:68
 #: newgrp.1.xml.out:36
-#: passwd.1.xml.out:42
+#: passwd.1.xml.out:44
 #: sg.1.xml.out:36
 #: su.1.xml.out:52
 msgid "User Commands"
@@ -557,13 +559,13 @@ msgstr ""
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:37
 #: chfn.1.xml.out:39
-#: chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40
+#: chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42
 #: chsh.1.xml.out:39
 #: expiry.1.xml.out:40
 #: faillog.5.xml.out:36
 #: faillog.8.xml.out:36
-#: gpasswd.1.xml.out:41
+#: gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39
 #: groupdel.8.xml.out:37
 #: groupmems.8.xml.out:40
@@ -575,12 +577,12 @@ msgstr ""
 #: limits.5.xml.out:38
 #: login.1.xml.out:69
 #: login.access.5.xml.out:37
-#: login.defs.5.xml.out:105
+#: login.defs.5.xml.out:107
 #: logoutd.8.xml.out:36
 #: newgrp.1.xml.out:37
-#: newusers.8.xml.out:52
+#: newusers.8.xml.out:54
 #: nologin.8.xml.out:25
-#: passwd.1.xml.out:43
+#: passwd.1.xml.out:45
 #: passwd.5.xml.out:36
 #: porttime.5.xml.out:36
 #: pwck.8.xml.out:43
@@ -600,13 +602,13 @@ msgstr ""
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:38
 #: chfn.1.xml.out:40
-#: chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43
 #: chsh.1.xml.out:40
 #: expiry.1.xml.out:41
 #: faillog.5.xml.out:37
 #: faillog.8.xml.out:37
-#: gpasswd.1.xml.out:42
+#: gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40
 #: groupdel.8.xml.out:38
 #: groupmems.8.xml.out:41
@@ -618,12 +620,12 @@ msgstr ""
 #: limits.5.xml.out:39
 #: login.1.xml.out:70
 #: login.access.5.xml.out:38
-#: login.defs.5.xml.out:106
+#: login.defs.5.xml.out:108
 #: logoutd.8.xml.out:37
 #: newgrp.1.xml.out:38
-#: newusers.8.xml.out:53
+#: newusers.8.xml.out:55
 #: nologin.8.xml.out:26
-#: passwd.1.xml.out:44
+#: passwd.1.xml.out:46
 #: passwd.5.xml.out:37
 #: porttime.5.xml.out:37
 #: pwck.8.xml.out:44
@@ -637,7 +639,7 @@ msgstr ""
 #: userdel.8.xml.out:43
 #: usermod.8.xml.out:44
 #: vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -649,16 +651,16 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/arg
 #: chage.1.xml.out:48
 #: chfn.1.xml.out:51
-#: chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52
+#: chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54
 #: chsh.1.xml.out:51
 #: faillog.8.xml.out:48
 #: groupdel.8.xml.out:49
 #: groupmod.8.xml.out:49
 #: grpck.8.xml.out:47
 #: lastlog.8.xml.out:50
-#: newusers.8.xml.out:64
-#: passwd.1.xml.out:55
+#: newusers.8.xml.out:66
+#: passwd.1.xml.out:57
 #: pwck.8.xml.out:54
 #: pwconv.8.xml.out:57
 #: pwconv.8.xml.out:63
@@ -683,7 +685,7 @@ msgstr ""
 #: chsh.1.xml.out:54
 #: faillog.8.xml.out:180
 #: lastlog.8.xml.out:139
-#: passwd.1.xml.out:58
+#: passwd.1.xml.out:60
 #: useradd.8.xml.out:68
 #: useradd.8.xml.out:158
 #: userdel.8.xml.out:54
@@ -697,13 +699,13 @@ msgstr ""
 #. (itstool) path: refsect1/title
 #: chage.1.xml.out:57
 #: chfn.1.xml.out:60
-#: chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58
+#: chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60
 #: chsh.1.xml.out:60
 #: expiry.1.xml.out:58
 #: faillog.5.xml.out:45
 #: faillog.8.xml.out:54
-#: gpasswd.1.xml.out:70
+#: gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60
 #: groupdel.8.xml.out:56
 #: groupmems.8.xml.out:61
@@ -715,12 +717,12 @@ msgstr ""
 #: limits.5.xml.out:48
 #: login.1.xml.out:101
 #: login.access.5.xml.out:46
-#: login.defs.5.xml.out:114
+#: login.defs.5.xml.out:116
 #: logoutd.8.xml.out:51
 #: newgrp.1.xml.out:53
-#: newusers.8.xml.out:73
+#: newusers.8.xml.out:75
 #: nologin.8.xml.out:40
-#: passwd.1.xml.out:64
+#: passwd.1.xml.out:66
 #: passwd.5.xml.out:45
 #: porttime.5.xml.out:45
 #: pwck.8.xml.out:69
@@ -747,12 +749,12 @@ msgstr ""
 #. (itstool) path: arg/replaceable
 #: chage.1.xml.out:67
 #: chfn.1.xml.out:87
-#: chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106
+#: chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108
 #: chsh.1.xml.out:71
 #: expiry.1.xml.out:67
 #: faillog.8.xml.out:65
-#: gpasswd.1.xml.out:110
+#: gpasswd.1.xml.out:112
 #: groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80
 #: groupdel.8.xml.out:64
@@ -761,8 +763,8 @@ msgstr ""
 #: grpck.8.xml.out:122
 #: lastlog.8.xml.out:68
 #: login.1.xml.out:186
-#: newusers.8.xml.out:250
-#: passwd.1.xml.out:150
+#: newusers.8.xml.out:252
+#: passwd.1.xml.out:146
 #: pwck.8.xml.out:153
 #: pwconv.8.xml.out:163
 #: su.1.xml.out:120
@@ -776,20 +778,20 @@ msgstr ""
 #. (itstool) path: refsect1/para
 #: chage.1.xml.out:68
 #: chfn.1.xml.out:88
-#: chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109
 #: chsh.1.xml.out:72
 #: expiry.1.xml.out:68
 #: faillog.8.xml.out:66
-#: gpasswd.1.xml.out:118
+#: gpasswd.1.xml.out:120
 #: groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65
 #: groupmems.8.xml.out:77
 #: groupmod.8.xml.out:66
 #: grpck.8.xml.out:127
 #: lastlog.8.xml.out:69
-#: newusers.8.xml.out:251
-#: passwd.1.xml.out:151
+#: newusers.8.xml.out:253
+#: passwd.1.xml.out:147
 #: pwck.8.xml.out:158
 #: su.1.xml.out:121
 #: useradd.8.xml.out:103
@@ -801,12 +803,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chage.1.xml.out:74
-#: gpasswd.1.xml.out:137
+#: gpasswd.1.xml.out:139
 #: groupmems.8.xml.out:94
-#: passwd.1.xml.out:168
+#: passwd.1.xml.out:164
 #: useradd.8.xml.out:123
 #: useradd.8.xml.out:151
-#: useradd.8.xml.out:599
+#: useradd.8.xml.out:619
 #: usermod.8.xml.out:112
 #: usermod.8.xml.out:260
 msgid "-d"
@@ -833,25 +835,27 @@ msgstr ""
 #: chage.1.xml.out:168
 #: chage.1.xml.out:189
 #: chage.1.xml.out:202
+#: chage.1.xml.out:217
 #: chfn.1.xml.out:93
 #: chfn.1.xml.out:101
 #: chfn.1.xml.out:109
 #: chfn.1.xml.out:121
 #: chfn.1.xml.out:129
 #: chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122
-#: chpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177
+#: chgpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183
+#: chpasswd.8.xml.out:198
 #: chsh.1.xml.out:83
 #: chsh.1.xml.out:96
 #: faillog.8.xml.out:104
 #: faillog.8.xml.out:119
 #: faillog.8.xml.out:156
 #: faillog.8.xml.out:169
-#: gpasswd.1.xml.out:123
-#: gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157
+#: gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138
+#: gpasswd.1.xml.out:159
 #: groupadd.8.xml.out:101
 #: groupadd.8.xml.out:157
 #: groupadd.8.xml.out:200
@@ -872,13 +876,14 @@ msgstr ""
 #: lastlog.8.xml.out:74
 #: lastlog.8.xml.out:103
 #: lastlog.8.xml.out:127
-#: newusers.8.xml.out:305
-#: passwd.1.xml.out:196
-#: passwd.1.xml.out:245
-#: passwd.1.xml.out:267
-#: passwd.1.xml.out:277
-#: passwd.1.xml.out:321
-#: passwd.1.xml.out:334
+#: newusers.8.xml.out:307
+#: passwd.1.xml.out:192
+#: passwd.1.xml.out:241
+#: passwd.1.xml.out:263
+#: passwd.1.xml.out:273
+#: passwd.1.xml.out:286
+#: passwd.1.xml.out:332
+#: passwd.1.xml.out:345
 #: pwck.8.xml.out:196
 #: pwconv.8.xml.out:177
 #: su.1.xml.out:125
@@ -889,18 +894,18 @@ msgstr ""
 #: useradd.8.xml.out:178
 #: useradd.8.xml.out:195
 #: useradd.8.xml.out:229
-#: useradd.8.xml.out:277
-#: useradd.8.xml.out:424
-#: useradd.8.xml.out:488
-#: useradd.8.xml.out:501
-#: useradd.8.xml.out:516
-#: useradd.8.xml.out:530
-#: useradd.8.xml.out:565
-#: useradd.8.xml.out:591
-#: useradd.8.xml.out:609
-#: useradd.8.xml.out:621
-#: useradd.8.xml.out:638
-#: useradd.8.xml.out:654
+#: useradd.8.xml.out:279
+#: useradd.8.xml.out:426
+#: useradd.8.xml.out:490
+#: useradd.8.xml.out:503
+#: useradd.8.xml.out:518
+#: useradd.8.xml.out:532
+#: useradd.8.xml.out:567
+#: useradd.8.xml.out:611
+#: useradd.8.xml.out:629
+#: useradd.8.xml.out:641
+#: useradd.8.xml.out:658
+#: useradd.8.xml.out:674
 #: userdel.8.xml.out:122
 #: userdel.8.xml.out:135
 #: usermod.8.xml.out:98
@@ -923,16 +928,16 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:82
-#: chage.1.xml.out:288
+#: chage.1.xml.out:303
 #: groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168
 #: groupmod.8.xml.out:259
 #: grpck.8.xml.out:237
-#: login.defs.5.xml.out:138
-#: passwd.1.xml.out:425
+#: login.defs.5.xml.out:140
+#: passwd.1.xml.out:447
 #: pwck.8.xml.out:287
 #: su.1.xml.out:385
-#: useradd.8.xml.out:811
+#: useradd.8.xml.out:831
 #: userdel.8.xml.out:235
 msgid "0"
 msgstr ""
@@ -950,7 +955,7 @@ msgstr ""
 #. (itstool) path: term/option
 #: chage.1.xml.out:89
 #: useradd.8.xml.out:179
-#: useradd.8.xml.out:610
+#: useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -960,7 +965,7 @@ msgstr ""
 #: chage.1.xml.out:89
 #: chage.1.xml.out:109
 #: useradd.8.xml.out:179
-#: useradd.8.xml.out:610
+#: useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #: usermod.8.xml.out:243
 #: usermod.8.xml.out:416
@@ -987,8 +992,8 @@ msgstr ""
 #: chage.1.xml.out:108
 #: chage.1.xml.out:139
 #: chage.1.xml.out:182
-#: passwd.1.xml.out:344
-#: useradd.8.xml.out:315
+#: passwd.1.xml.out:355
+#: useradd.8.xml.out:317
 msgid "-1"
 msgstr ""
 
@@ -1001,12 +1006,12 @@ msgstr ""
 #. (itstool) path: para/option
 #: chage.1.xml.out:115
 #: chfn.1.xml.out:102
-#: chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147
+#: chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153
 #: chsh.1.xml.out:77
 #: expiry.1.xml.out:88
 #: faillog.8.xml.out:98
-#: gpasswd.1.xml.out:149
+#: gpasswd.1.xml.out:151
 #: groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82
 #: groupmems.8.xml.out:118
@@ -1015,11 +1020,11 @@ msgstr ""
 #: lastlog.8.xml.out:96
 #: login.1.xml.out:204
 #: login.1.xml.out:229
-#: newusers.8.xml.out:280
-#: passwd.1.xml.out:190
+#: newusers.8.xml.out:282
+#: passwd.1.xml.out:186
 #: pwck.8.xml.out:173
 #: pwconv.8.xml.out:171
-#: useradd.8.xml.out:271
+#: useradd.8.xml.out:273
 #: userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "-h"
@@ -1029,24 +1034,24 @@ msgstr ""
 #. (itstool) path: para/option
 #: chage.1.xml.out:115
 #: chfn.1.xml.out:143
-#: chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147
+#: chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153
 #: chsh.1.xml.out:77
 #: expiry.1.xml.out:88
 #: faillog.8.xml.out:98
-#: gpasswd.1.xml.out:149
+#: gpasswd.1.xml.out:151
 #: groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82
 #: groupmems.8.xml.out:118
 #: groupmod.8.xml.out:114
 #: grpck.8.xml.out:132
 #: lastlog.8.xml.out:96
-#: newusers.8.xml.out:280
-#: passwd.1.xml.out:190
+#: newusers.8.xml.out:282
+#: passwd.1.xml.out:186
 #: pwck.8.xml.out:173
 #: pwconv.8.xml.out:171
 #: su.1.xml.out:387
-#: useradd.8.xml.out:271
+#: useradd.8.xml.out:273
 #: userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
@@ -1057,14 +1062,14 @@ msgstr ""
 #: chage.1.xml.out:121
 #: chage.1.xml.out:146
 #: chfn.1.xml.out:142
-#: chgpasswd.8.xml.out:88
-#: chgpasswd.8.xml.out:101
+#: chgpasswd.8.xml.out:90
 #: chgpasswd.8.xml.out:107
 #: chgpasswd.8.xml.out:113
-#: chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139
-#: chpasswd.8.xml.out:147
-#: chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119
+#: chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145
+#: chpasswd.8.xml.out:153
+#: chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77
 #: expiry.1.xml.out:73
 #: expiry.1.xml.out:79
@@ -1072,9 +1077,9 @@ msgstr ""
 #: faillog.8.xml.out:72
 #: faillog.8.xml.out:98
 #: faillog.8.xml.out:144
-#: gpasswd.1.xml.out:149
-#: gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188
+#: gpasswd.1.xml.out:151
+#: gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190
 #: groupadd.8.xml.out:87
 #: groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144
@@ -1095,19 +1100,20 @@ msgstr ""
 #: lastlog.8.xml.out:84
 #: lastlog.8.xml.out:95
 #: lastlog.8.xml.out:116
-#: newusers.8.xml.out:268
-#: newusers.8.xml.out:280
-#: newusers.8.xml.out:286
-#: newusers.8.xml.out:320
-#: passwd.1.xml.out:156
-#: passwd.1.xml.out:167
-#: passwd.1.xml.out:179
-#: passwd.1.xml.out:190
-#: passwd.1.xml.out:209
-#: passwd.1.xml.out:221
-#: passwd.1.xml.out:257
-#: passwd.1.xml.out:290
-#: passwd.1.xml.out:308
+#: newusers.8.xml.out:270
+#: newusers.8.xml.out:282
+#: newusers.8.xml.out:288
+#: newusers.8.xml.out:322
+#: passwd.1.xml.out:152
+#: passwd.1.xml.out:163
+#: passwd.1.xml.out:175
+#: passwd.1.xml.out:186
+#: passwd.1.xml.out:205
+#: passwd.1.xml.out:217
+#: passwd.1.xml.out:253
+#: passwd.1.xml.out:301
+#: passwd.1.xml.out:319
+#: passwd.1.xml.out:362
 #: pwck.8.xml.out:173
 #: pwck.8.xml.out:179
 #: pwck.8.xml.out:188
@@ -1115,14 +1121,14 @@ msgstr ""
 #: pwconv.8.xml.out:171
 #: useradd.8.xml.out:168
 #: useradd.8.xml.out:217
-#: useradd.8.xml.out:271
-#: useradd.8.xml.out:330
-#: useradd.8.xml.out:349
-#: useradd.8.xml.out:372
-#: useradd.8.xml.out:385
-#: useradd.8.xml.out:404
-#: useradd.8.xml.out:455
-#: useradd.8.xml.out:548
+#: useradd.8.xml.out:273
+#: useradd.8.xml.out:332
+#: useradd.8.xml.out:351
+#: useradd.8.xml.out:374
+#: useradd.8.xml.out:387
+#: useradd.8.xml.out:406
+#: useradd.8.xml.out:457
+#: useradd.8.xml.out:550
 #: userdel.8.xml.out:75
 #: userdel.8.xml.out:99
 #: userdel.8.xml.out:105
@@ -1146,23 +1152,23 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:117
 #: chfn.1.xml.out:146
-#: chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149
+#: chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155
 #: chsh.1.xml.out:79
 #: expiry.1.xml.out:90
 #: faillog.8.xml.out:100
-#: gpasswd.1.xml.out:151
+#: gpasswd.1.xml.out:153
 #: groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84
 #: groupmems.8.xml.out:120
 #: groupmod.8.xml.out:116
 #: grpck.8.xml.out:134
 #: lastlog.8.xml.out:99
-#: newusers.8.xml.out:282
-#: passwd.1.xml.out:192
+#: newusers.8.xml.out:284
+#: passwd.1.xml.out:188
 #: pwck.8.xml.out:175
 #: pwconv.8.xml.out:173
-#: useradd.8.xml.out:273
+#: useradd.8.xml.out:275
 #: userdel.8.xml.out:101
 #: vipw.8.xml.out:98
 msgid "Display help message and exit."
@@ -1170,7 +1176,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:121
-#: passwd.1.xml.out:197
+#: passwd.1.xml.out:193
 msgid "-i"
 msgstr ""
 
@@ -1191,9 +1197,9 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:128
-#: passwd.1.xml.out:197
+#: passwd.1.xml.out:193
 #: useradd.8.xml.out:196
-#: useradd.8.xml.out:622
+#: useradd.8.xml.out:642
 #: usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
@@ -1204,12 +1210,12 @@ msgstr ""
 #: chage.1.xml.out:128
 #: chage.1.xml.out:134
 #: chage.1.xml.out:140
-#: passwd.1.xml.out:197
-#: passwd.1.xml.out:203
+#: passwd.1.xml.out:193
+#: passwd.1.xml.out:199
 #: useradd.8.xml.out:196
 #: useradd.8.xml.out:211
-#: useradd.8.xml.out:622
-#: useradd.8.xml.out:632
+#: useradd.8.xml.out:642
+#: useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -1228,18 +1234,18 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
 #: chage.1.xml.out:147
-#: chage.1.xml.out:242
+#: chage.1.xml.out:257
 #: faillog.8.xml.out:88
 #: faillog.8.xml.out:105
 #: faillog.8.xml.out:185
 #: faillog.8.xml.out:202
 #: groupmems.8.xml.out:55
 #: groupmems.8.xml.out:124
-#: passwd.1.xml.out:222
-#: passwd.1.xml.out:316
+#: passwd.1.xml.out:218
+#: passwd.1.xml.out:327
 #: su.1.xml.out:144
 #: su.1.xml.out:156
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr ""
@@ -1258,20 +1264,20 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chage.1.xml.out:157
-#: chgpasswd.8.xml.out:72
-#: chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84
-#: chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:74
+#: chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86
+#: chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161
 #: faillog.8.xml.out:88
 #: faillog.8.xml.out:120
 #: faillog.8.xml.out:185
 #: faillog.8.xml.out:202
 #: su.1.xml.out:207
-#: useradd.8.xml.out:287
-#: useradd.8.xml.out:350
-#: useradd.8.xml.out:476
+#: useradd.8.xml.out:289
+#: useradd.8.xml.out:352
+#: useradd.8.xml.out:478
 #: usermod.8.xml.out:119
 #: usermod.8.xml.out:250
 msgid "-m"
@@ -1279,7 +1285,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:157
-#: passwd.1.xml.out:246
+#: passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
@@ -1287,31 +1293,31 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:157
 #: chage.1.xml.out:162
-#: passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:160
-#: passwd.1.xml.out:249
+#: passwd.1.xml.out:245
 msgid "Set the minimum number of days between password changes to <_:replaceable-1/>. A value of zero for this field indicates that the user may change their password at any time."
 msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chage.1.xml.out:169
-#: gpasswd.1.xml.out:81
-#: gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:83
+#: gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219
 #: useradd.8.xml.out:162
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "-M"
 msgstr ""
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:169
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
@@ -1320,16 +1326,16 @@ msgstr ""
 #: chage.1.xml.out:169
 #: chage.1.xml.out:174
 #: chage.1.xml.out:183
-#: passwd.1.xml.out:335
-#: passwd.1.xml.out:340
-#: passwd.1.xml.out:345
+#: passwd.1.xml.out:346
+#: passwd.1.xml.out:351
+#: passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: chage.1.xml.out:178
-#: chage.1.xml.out:203
+#: chage.1.xml.out:218
 #: usermod.8.xml.out:481
 msgid "-W"
 msgstr ""
@@ -1341,29 +1347,29 @@ msgstr ""
 
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:181
-#: passwd.1.xml.out:343
+#: passwd.1.xml.out:354
 msgid "Passing the number <_:emphasis-1/> as <_:replaceable-2/> will remove checking a password's validity."
 msgstr ""
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:190
 #: chfn.1.xml.out:130
-#: chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165
+#: chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171
 #: chsh.1.xml.out:84
 #: faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 #: groupadd.8.xml.out:201
 #: groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142
 #: groupmod.8.xml.out:164
 #: grpck.8.xml.out:149
 #: lastlog.8.xml.out:104
-#: newusers.8.xml.out:306
-#: passwd.1.xml.out:278
+#: newusers.8.xml.out:308
+#: passwd.1.xml.out:274
 #: pwck.8.xml.out:197
 #: pwconv.8.xml.out:178
-#: useradd.8.xml.out:489
+#: useradd.8.xml.out:491
 #: userdel.8.xml.out:123
 #: usermod.8.xml.out:328
 #: vipw.8.xml.out:115
@@ -1373,22 +1379,22 @@ msgstr ""
 #. (itstool) path: term/option
 #: chage.1.xml.out:190
 #: chfn.1.xml.out:130
-#: chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165
+#: chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171
 #: chsh.1.xml.out:84
 #: faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #: groupadd.8.xml.out:201
 #: groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142
 #: groupmod.8.xml.out:164
 #: grpck.8.xml.out:149
 #: lastlog.8.xml.out:104
-#: newusers.8.xml.out:306
-#: passwd.1.xml.out:278
+#: newusers.8.xml.out:308
+#: passwd.1.xml.out:274
 #: pwck.8.xml.out:197
 #: pwconv.8.xml.out:178
-#: useradd.8.xml.out:489
+#: useradd.8.xml.out:491
 #: userdel.8.xml.out:123
 #: usermod.8.xml.out:328
 #: vipw.8.xml.out:115
@@ -1403,21 +1409,21 @@ msgstr ""
 #: chfn.1.xml.out:130
 #: chfn.1.xml.out:134
 #: chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123
-#: chgpasswd.8.xml.out:127
 #: chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165
-#: chpasswd.8.xml.out:169
+#: chgpasswd.8.xml.out:133
+#: chgpasswd.8.xml.out:135
 #: chpasswd.8.xml.out:171
+#: chpasswd.8.xml.out:175
+#: chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84
 #: chsh.1.xml.out:88
 #: chsh.1.xml.out:90
 #: faillog.8.xml.out:157
 #: faillog.8.xml.out:161
 #: faillog.8.xml.out:163
-#: gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162
+#: gpasswd.1.xml.out:160
 #: gpasswd.1.xml.out:164
+#: gpasswd.1.xml.out:166
 #: groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205
 #: groupadd.8.xml.out:207
@@ -1436,21 +1442,21 @@ msgstr ""
 #: lastlog.8.xml.out:104
 #: lastlog.8.xml.out:108
 #: lastlog.8.xml.out:110
-#: newusers.8.xml.out:306
-#: newusers.8.xml.out:310
+#: newusers.8.xml.out:308
 #: newusers.8.xml.out:312
+#: newusers.8.xml.out:314
+#: passwd.1.xml.out:274
 #: passwd.1.xml.out:278
-#: passwd.1.xml.out:282
-#: passwd.1.xml.out:284
+#: passwd.1.xml.out:280
 #: pwck.8.xml.out:197
 #: pwck.8.xml.out:201
 #: pwck.8.xml.out:203
 #: pwconv.8.xml.out:178
 #: pwconv.8.xml.out:182
 #: pwconv.8.xml.out:184
-#: useradd.8.xml.out:489
-#: useradd.8.xml.out:493
+#: useradd.8.xml.out:491
 #: useradd.8.xml.out:495
+#: useradd.8.xml.out:497
 #: userdel.8.xml.out:123
 #: userdel.8.xml.out:127
 #: userdel.8.xml.out:129
@@ -1466,22 +1472,22 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:193
 #: chfn.1.xml.out:133
-#: chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174
 #: chsh.1.xml.out:87
 #: faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161
+#: gpasswd.1.xml.out:163
 #: groupadd.8.xml.out:204
 #: groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145
 #: groupmod.8.xml.out:167
 #: grpck.8.xml.out:152
 #: lastlog.8.xml.out:107
-#: newusers.8.xml.out:309
-#: passwd.1.xml.out:281
+#: newusers.8.xml.out:311
+#: passwd.1.xml.out:277
 #: pwck.8.xml.out:200
 #: pwconv.8.xml.out:181
-#: useradd.8.xml.out:492
+#: useradd.8.xml.out:494
 #: userdel.8.xml.out:126
 #: usermod.8.xml.out:331
 #: vipw.8.xml.out:118
@@ -1490,38 +1496,99 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: chage.1.xml.out:203
-#: passwd.1.xml.out:322
-msgid "--warndays"
+#: chpasswd.8.xml.out:184
+#: groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102
+#: groupmod.8.xml.out:177
+#: passwd.1.xml.out:287
+#: useradd.8.xml.out:504
+#: userdel.8.xml.out:136
+#: usermod.8.xml.out:341
+msgid "-P"
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203
+#: chpasswd.8.xml.out:184
+#: groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102
+#: groupmod.8.xml.out:177
+#: passwd.1.xml.out:287
+#: useradd.8.xml.out:504
+#: userdel.8.xml.out:136
+#: usermod.8.xml.out:341
+msgid "--prefix"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:203
 #: chage.1.xml.out:208
-#: passwd.1.xml.out:322
-#: passwd.1.xml.out:327
-msgid "WARN_DAYS"
+#: chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189
+#: groupadd.8.xml.out:214
+#: groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102
+#: groupdel.8.xml.out:106
+#: groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177
+#: groupmod.8.xml.out:181
+#: groupmod.8.xml.out:183
+#: passwd.1.xml.out:287
+#: passwd.1.xml.out:292
+#: useradd.8.xml.out:504
+#: useradd.8.xml.out:509
+#: userdel.8.xml.out:136
+#: userdel.8.xml.out:140
+#: userdel.8.xml.out:142
+#: usermod.8.xml.out:341
+#: usermod.8.xml.out:346
+msgid "PREFIX_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
 #: chage.1.xml.out:206
+#: chpasswd.8.xml.out:187
+#: groupadd.8.xml.out:217
+#: passwd.1.xml.out:290
+#: useradd.8.xml.out:507
+msgid "Apply changes to configuration files under the root filesystem found under the directory <_:replaceable-1/>. This option does not chroot and is intended for preparing a cross-compilation target. Some limitations: NIS and LDAP users/groups are not verified. PAM authentication is using the host files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218
+#: passwd.1.xml.out:333
+msgid "--warndays"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:218
+#: chage.1.xml.out:223
+#: passwd.1.xml.out:333
+#: passwd.1.xml.out:338
+msgid "WARN_DAYS"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:221
 msgid "Set the number of days of warning before a password change is required. The <_:replaceable-1/> option is the number of days prior to the password expiring that a user will be warned their password is about to expire."
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220
+#: chage.1.xml.out:235
 #: chfn.1.xml.out:163
 #: chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 msgid "If none of the options are selected, <_:command-1/> operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of <_:emphasis-2/> marks."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224
+#: chage.1.xml.out:239
 #: chsh.1.xml.out:117
 #: groups.1.xml.out:65
 #: lastlog.8.xml.out:170
@@ -1529,12 +1596,12 @@ msgid "NOTE"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 msgid "The <_:command-1/> program requires a shadow password file to be available."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid "The chage program will report only the information from the shadow password file. This implies that configuration from other sources (e.g. LDAP or empty password hash field from the passwd file) that affect the user's login will not be shown in the chage output."
 msgstr ""
 
@@ -1544,9 +1611,9 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238
+#: chage.1.xml.out:253
 #: grpck.8.xml.out:294
-#: login.defs.5.xml.out:410
+#: login.defs.5.xml.out:429
 #: passwd.5.xml.out:185
 #: pwck.8.xml.out:40
 #: pwck.8.xml.out:47
@@ -1564,22 +1631,22 @@ msgid "pwck"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid "The <_:command-1/> program will also not report any inconsistency between the shadow and passwd files (e.g. missing x in the passwd file). The <_:command-2/> can be used to check for this kind of inconsistencies."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 msgid "The <_:command-1/> command is restricted to the root user, except for the <_:option-2/> option, which may be used by an unprivileged user to determine when their password or account is due to expire."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249
+#: chage.1.xml.out:264
 #: chfn.1.xml.out:170
-#: chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216
-#: chsh.1.xml.out:131
-#: gpasswd.1.xml.out:241
+#: chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256
+#: chsh.1.xml.out:150
+#: gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247
 #: groupdel.8.xml.out:133
 #: groupmems.8.xml.out:176
@@ -1588,37 +1655,41 @@ msgstr ""
 #: lastlog.8.xml.out:182
 #: login.1.xml.out:270
 #: newgrp.1.xml.out:85
-#: newusers.8.xml.out:360
-#: passwd.1.xml.out:372
+#: newusers.8.xml.out:381
+#: passwd.1.xml.out:394
 #: pwck.8.xml.out:240
 #: pwconv.8.xml.out:204
 #: sg.1.xml.out:74
 #: su.1.xml.out:314
-#: useradd.8.xml.out:710
+#: useradd.8.xml.out:730
 #: userdel.8.xml.out:165
-#: usermod.8.xml.out:536
+#: usermod.8.xml.out:553
 #: vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252
+#: chage.1.xml.out:267
 #: chfn.1.xml.out:68
 #: chfn.1.xml.out:173
 #: chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70
-#: chgpasswd.8.xml.out:155
-#: chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205
-#: chpasswd.8.xml.out:77
-#: chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200
-#: chpasswd.8.xml.out:219
-#: chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134
-#: chsh.1.xml.out:159
-#: gpasswd.1.xml.out:244
+#: chgpasswd.8.xml.out:72
+#: chgpasswd.8.xml.out:159
+#: chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177
+#: chgpasswd.8.xml.out:204
+#: chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79
+#: chpasswd.8.xml.out:140
+#: chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227
+#: chpasswd.8.xml.out:236
+#: chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289
+#: chsh.1.xml.out:153
+#: chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246
 #: groupadd.8.xml.out:129
 #: groupadd.8.xml.out:239
 #: groupadd.8.xml.out:250
@@ -1634,14 +1705,16 @@ msgstr ""
 #: login.1.xml.out:273
 #: login.1.xml.out:365
 #: login.access.5.xml.out:100
-#: login.defs.5.xml.out:116
-#: login.defs.5.xml.out:515
+#: login.defs.5.xml.out:118
+#: login.defs.5.xml.out:534
 #: newgrp.1.xml.out:88
 #: newusers.8.xml.out:340
-#: newusers.8.xml.out:363
-#: newusers.8.xml.out:423
-#: passwd.1.xml.out:375
-#: passwd.1.xml.out:405
+#: newusers.8.xml.out:349
+#: newusers.8.xml.out:357
+#: newusers.8.xml.out:384
+#: newusers.8.xml.out:444
+#: passwd.1.xml.out:397
+#: passwd.1.xml.out:427
 #: pwck.8.xml.out:243
 #: pwconv.8.xml.out:148
 #: pwconv.8.xml.out:207
@@ -1654,32 +1727,32 @@ msgstr ""
 #: su.1.xml.out:317
 #: su.1.xml.out:357
 #: useradd.8.xml.out:241
-#: useradd.8.xml.out:307
-#: useradd.8.xml.out:378
-#: useradd.8.xml.out:399
-#: useradd.8.xml.out:467
-#: useradd.8.xml.out:474
-#: useradd.8.xml.out:560
-#: useradd.8.xml.out:713
-#: useradd.8.xml.out:797
+#: useradd.8.xml.out:309
+#: useradd.8.xml.out:380
+#: useradd.8.xml.out:401
+#: useradd.8.xml.out:469
+#: useradd.8.xml.out:476
+#: useradd.8.xml.out:562
+#: useradd.8.xml.out:733
+#: useradd.8.xml.out:817
 #: userdel.8.xml.out:87
 #: userdel.8.xml.out:168
 #: userdel.8.xml.out:191
 #: userdel.8.xml.out:297
 #: usermod.8.xml.out:399
-#: usermod.8.xml.out:539
-#: usermod.8.xml.out:569
+#: usermod.8.xml.out:556
+#: usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250
+#: chage.1.xml.out:265
 #: chfn.1.xml.out:171
-#: chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217
-#: chsh.1.xml.out:132
-#: gpasswd.1.xml.out:242
+#: chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257
+#: chsh.1.xml.out:151
+#: gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248
 #: groupdel.8.xml.out:134
 #: groupmems.8.xml.out:177
@@ -1688,28 +1761,28 @@ msgstr ""
 #: lastlog.8.xml.out:183
 #: login.1.xml.out:271
 #: newgrp.1.xml.out:86
-#: newusers.8.xml.out:361
-#: passwd.1.xml.out:373
+#: newusers.8.xml.out:382
+#: passwd.1.xml.out:395
 #: pwck.8.xml.out:241
 #: sg.1.xml.out:75
 #: su.1.xml.out:315
-#: useradd.8.xml.out:711
+#: useradd.8.xml.out:731
 #: userdel.8.xml.out:166
-#: usermod.8.xml.out:537
+#: usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 msgid "The following configuration variables in <_:filename-1/> change the behavior of this tool:"
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261
+#: chage.1.xml.out:276
 #: chfn.1.xml.out:184
-#: chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232
-#: chsh.1.xml.out:144
+#: chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274
+#: chsh.1.xml.out:163
 #: expiry.1.xml.out:97
 #: faillog.5.xml.out:72
 #: faillog.8.xml.out:220
-#: gpasswd.1.xml.out:256
+#: gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261
 #: groupdel.8.xml.out:145
 #: groupmems.8.xml.out:188
@@ -1723,8 +1796,8 @@ msgstr ""
 #: login.access.5.xml.out:97
 #: logoutd.8.xml.out:65
 #: newgrp.1.xml.out:97
-#: newusers.8.xml.out:396
-#: passwd.1.xml.out:390
+#: newusers.8.xml.out:417
+#: passwd.1.xml.out:412
 #: passwd.5.xml.out:139
 #: porttime.5.xml.out:106
 #: pwck.8.xml.out:258
@@ -1734,19 +1807,19 @@ msgstr ""
 #: sg.1.xml.out:86
 #: su.1.xml.out:342
 #: suauth.5.xml.out:169
-#: useradd.8.xml.out:740
+#: useradd.8.xml.out:760
 #: userdel.8.xml.out:182
-#: usermod.8.xml.out:554
+#: usermod.8.xml.out:571
 #: vipw.8.xml.out:172
 msgid "FILES"
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265
+#: chage.1.xml.out:280
 #: chfn.1.xml.out:193
-#: chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147
+#: chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166
 #: expiry.1.xml.out:100
 #: groupmod.8.xml.out:245
 #: grpck.8.xml.out:223
@@ -1756,8 +1829,8 @@ msgstr ""
 #: newgrp.1.xml.out:65
 #: newgrp.1.xml.out:70
 #: newgrp.1.xml.out:100
-#: newusers.8.xml.out:399
-#: passwd.1.xml.out:393
+#: newusers.8.xml.out:420
+#: passwd.1.xml.out:415
 #: passwd.5.xml.out:47
 #: passwd.5.xml.out:89
 #: passwd.5.xml.out:142
@@ -1772,36 +1845,36 @@ msgstr ""
 #: su.1.xml.out:185
 #: su.1.xml.out:197
 #: su.1.xml.out:345
-#: useradd.8.xml.out:524
-#: useradd.8.xml.out:743
+#: useradd.8.xml.out:526
+#: useradd.8.xml.out:763
 #: userdel.8.xml.out:197
 #: usermod.8.xml.out:103
 #: usermod.8.xml.out:305
 #: usermod.8.xml.out:362
-#: usermod.8.xml.out:575
+#: usermod.8.xml.out:592
 #: vipw.8.xml.out:68
 #: vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268
+#: chage.1.xml.out:283
 #: chfn.1.xml.out:195
-#: chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149
+#: chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168
 #: expiry.1.xml.out:102
 #: groupmod.8.xml.out:247
 #: grpck.8.xml.out:225
 #: login.1.xml.out:331
 #: newgrp.1.xml.out:102
-#: newusers.8.xml.out:401
-#: passwd.1.xml.out:395
+#: newusers.8.xml.out:422
+#: passwd.1.xml.out:417
 #: passwd.5.xml.out:144
 #: pwck.8.xml.out:269
 #: shadow.5.xml.out:236
 #: sg.1.xml.out:91
 #: su.1.xml.out:347
-#: useradd.8.xml.out:745
+#: useradd.8.xml.out:765
 #: userdel.8.xml.out:199
 #: vipw.8.xml.out:189
 msgid "User account information."
@@ -1809,15 +1882,15 @@ msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273
-#: chpasswd.8.xml.out:241
+#: chage.1.xml.out:288
+#: chpasswd.8.xml.out:283
 #: expiry.1.xml.out:106
 #: login.1.xml.out:335
 #: newgrp.1.xml.out:68
 #: newgrp.1.xml.out:106
-#: newusers.8.xml.out:295
-#: newusers.8.xml.out:405
-#: passwd.1.xml.out:399
+#: newusers.8.xml.out:297
+#: newusers.8.xml.out:426
+#: passwd.1.xml.out:421
 #: passwd.5.xml.out:82
 #: passwd.5.xml.out:148
 #: pwck.8.xml.out:73
@@ -1834,75 +1907,75 @@ msgstr ""
 #: shadow.5.xml.out:240
 #: sg.1.xml.out:95
 #: su.1.xml.out:351
-#: useradd.8.xml.out:439
-#: useradd.8.xml.out:464
-#: useradd.8.xml.out:749
+#: useradd.8.xml.out:441
+#: useradd.8.xml.out:466
+#: useradd.8.xml.out:769
 #: userdel.8.xml.out:203
 #: usermod.8.xml.out:144
 #: usermod.8.xml.out:145
 #: usermod.8.xml.out:166
 #: usermod.8.xml.out:167
 #: usermod.8.xml.out:306
-#: usermod.8.xml.out:581
+#: usermod.8.xml.out:598
 #: vipw.8.xml.out:71
 #: vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276
-#: chpasswd.8.xml.out:243
+#: chage.1.xml.out:291
+#: chpasswd.8.xml.out:285
 #: expiry.1.xml.out:108
 #: login.1.xml.out:337
 #: newgrp.1.xml.out:108
-#: newusers.8.xml.out:407
-#: passwd.1.xml.out:401
+#: newusers.8.xml.out:428
+#: passwd.1.xml.out:423
 #: pwck.8.xml.out:275
 #: shadow.3.xml.out:207
 #: shadow.5.xml.out:242
 #: sg.1.xml.out:97
 #: su.1.xml.out:353
-#: useradd.8.xml.out:751
+#: useradd.8.xml.out:771
 #: userdel.8.xml.out:205
 #: vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283
+#: chage.1.xml.out:298
 #: groupadd.8.xml.out:298
 #: groupdel.8.xml.out:163
 #: groupmod.8.xml.out:254
 #: grpck.8.xml.out:232
-#: passwd.1.xml.out:420
+#: passwd.1.xml.out:442
 #: pwck.8.xml.out:282
 #: su.1.xml.out:366
-#: useradd.8.xml.out:806
+#: useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290
+#: chage.1.xml.out:305
 #: groupadd.8.xml.out:305
 #: groupdel.8.xml.out:170
 #: grpck.8.xml.out:239
-#: passwd.1.xml.out:427
+#: passwd.1.xml.out:449
 #: pwck.8.xml.out:289
-#: useradd.8.xml.out:813
+#: useradd.8.xml.out:833
 #: userdel.8.xml.out:237
 msgid "success"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296
-#: passwd.1.xml.out:433
+#: chage.1.xml.out:311
+#: passwd.1.xml.out:455
 msgid "permission denied"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300
+#: chage.1.xml.out:315
 #: groupadd.8.xml.out:309
 #: groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265
@@ -1914,57 +1987,57 @@ msgstr ""
 #: limits.5.xml.out:101
 #: limits.5.xml.out:188
 #: limits.5.xml.out:191
-#: passwd.1.xml.out:437
+#: passwd.1.xml.out:459
 #: pwck.8.xml.out:299
-#: useradd.8.xml.out:823
+#: useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302
+#: chage.1.xml.out:317
 #: groupadd.8.xml.out:311
 #: groupdel.8.xml.out:176
 #: grpck.8.xml.out:245
 #: pwck.8.xml.out:295
-#: useradd.8.xml.out:825
+#: useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284
+#: chage.1.xml.out:299
 #: groupadd.8.xml.out:299
 #: groupdel.8.xml.out:164
 #: groupmod.8.xml.out:255
 #: grpck.8.xml.out:233
-#: passwd.1.xml.out:421
+#: passwd.1.xml.out:443
 #: pwck.8.xml.out:283
-#: useradd.8.xml.out:807
+#: useradd.8.xml.out:827
 #: userdel.8.xml.out:231
 msgid "The <_:command-1/> command exits with the following values: <_:variablelist-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316
+#: chage.1.xml.out:331
 #: chfn.1.xml.out:202
-#: chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262
-#: chsh.1.xml.out:168
+#: chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304
+#: chsh.1.xml.out:209
 #: expiry.1.xml.out:115
 #: faillog.5.xml.out:84
 #: faillog.8.xml.out:232
-#: gpasswd.1.xml.out:274
+#: gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343
 #: groupdel.8.xml.out:202
 #: groupmems.8.xml.out:206
@@ -1975,11 +2048,11 @@ msgstr ""
 #: limits.5.xml.out:182
 #: login.1.xml.out:374
 #: login.access.5.xml.out:109
-#: login.defs.5.xml.out:527
+#: login.defs.5.xml.out:546
 #: newgrp.1.xml.out:127
-#: newusers.8.xml.out:450
+#: newusers.8.xml.out:471
 #: nologin.8.xml.out:57
-#: passwd.1.xml.out:471
+#: passwd.1.xml.out:493
 #: passwd.5.xml.out:167
 #: porttime.5.xml.out:118
 #: pwck.8.xml.out:333
@@ -1989,9 +2062,9 @@ msgstr ""
 #: sg.1.xml.out:116
 #: su.1.xml.out:413
 #: suauth.5.xml.out:198
-#: useradd.8.xml.out:875
+#: useradd.8.xml.out:895
 #: userdel.8.xml.out:308
-#: usermod.8.xml.out:602
+#: usermod.8.xml.out:619
 #: vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr ""
@@ -2005,10 +2078,10 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319
+#: chage.1.xml.out:334
 #: chfn.1.xml.out:211
-#: chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177
+#: chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218
 #: expiry.1.xml.out:118
 #: groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211
@@ -2019,26 +2092,26 @@ msgstr ""
 #: login.1.xml.out:128
 #: login.1.xml.out:380
 #: login.1.xml.out:395
-#: login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516
-#: login.defs.5.xml.out:533
-#: login.defs.5.xml.out:539
-#: newusers.8.xml.out:79
-#: newusers.8.xml.out:456
-#: passwd.1.xml.out:40
-#: passwd.1.xml.out:47
-#: passwd.1.xml.out:53
-#: passwd.1.xml.out:66
-#: passwd.1.xml.out:69
-#: passwd.1.xml.out:86
-#: passwd.1.xml.out:116
-#: passwd.1.xml.out:152
-#: passwd.1.xml.out:366
-#: passwd.1.xml.out:413
-#: passwd.1.xml.out:422
-#: passwd.1.xml.out:451
-#: passwd.1.xml.out:457
-#: passwd.1.xml.out:477
+#: login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535
+#: login.defs.5.xml.out:552
+#: login.defs.5.xml.out:558
+#: newusers.8.xml.out:81
+#: newusers.8.xml.out:477
+#: passwd.1.xml.out:42
+#: passwd.1.xml.out:49
+#: passwd.1.xml.out:55
+#: passwd.1.xml.out:68
+#: passwd.1.xml.out:71
+#: passwd.1.xml.out:88
+#: passwd.1.xml.out:100
+#: passwd.1.xml.out:148
+#: passwd.1.xml.out:388
+#: passwd.1.xml.out:435
+#: passwd.1.xml.out:444
+#: passwd.1.xml.out:473
+#: passwd.1.xml.out:479
+#: passwd.1.xml.out:502
 #: passwd.5.xml.out:33
 #: passwd.5.xml.out:40
 #: passwd.5.xml.out:182
@@ -2049,9 +2122,9 @@ msgstr ""
 #: pwconv.8.xml.out:99
 #: shadow.5.xml.out:268
 #: shadow.5.xml.out:271
-#: useradd.8.xml.out:884
+#: useradd.8.xml.out:904
 #: userdel.8.xml.out:316
-#: usermod.8.xml.out:611
+#: usermod.8.xml.out:628
 #: vipw.8.xml.out:217
 msgid "passwd"
 msgstr ""
@@ -2059,20 +2132,20 @@ msgstr ""
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319
-#: chage.1.xml.out:322
+#: chage.1.xml.out:334
+#: chage.1.xml.out:337
 #: chfn.1.xml.out:208
 #: chfn.1.xml.out:211
-#: chgpasswd.8.xml.out:223
-#: chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174
-#: chsh.1.xml.out:177
+#: chgpasswd.8.xml.out:251
+#: chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215
+#: chsh.1.xml.out:218
 #: expiry.1.xml.out:118
 #: expiry.1.xml.out:121
 #: faillog.5.xml.out:34
 #: faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292
-#: gpasswd.1.xml.out:295
+#: gpasswd.1.xml.out:294
+#: gpasswd.1.xml.out:297
 #: groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344
 #: grpck.8.xml.out:267
@@ -2089,21 +2162,21 @@ msgstr ""
 #: login.1.xml.out:395
 #: login.1.xml.out:398
 #: login.access.5.xml.out:35
-#: login.defs.5.xml.out:103
-#: login.defs.5.xml.out:539
-#: login.defs.5.xml.out:542
+#: login.defs.5.xml.out:105
+#: login.defs.5.xml.out:558
+#: login.defs.5.xml.out:561
 #: newgrp.1.xml.out:145
 #: newgrp.1.xml.out:148
-#: newusers.8.xml.out:79
-#: newusers.8.xml.out:453
-#: newusers.8.xml.out:460
-#: newusers.8.xml.out:463
+#: newusers.8.xml.out:81
+#: newusers.8.xml.out:474
+#: newusers.8.xml.out:481
+#: newusers.8.xml.out:484
 #: nologin.8.xml.out:48
 #: nologin.8.xml.out:63
-#: passwd.1.xml.out:455
 #: passwd.1.xml.out:477
-#: passwd.1.xml.out:480
-#: passwd.1.xml.out:484
+#: passwd.1.xml.out:502
+#: passwd.1.xml.out:505
+#: passwd.1.xml.out:509
 #: passwd.5.xml.out:34
 #: passwd.5.xml.out:80
 #: passwd.5.xml.out:194
@@ -2122,17 +2195,17 @@ msgstr ""
 #: suauth.5.xml.out:34
 #: suauth.5.xml.out:91
 #: useradd.8.xml.out:205
-#: useradd.8.xml.out:628
-#: useradd.8.xml.out:899
-#: useradd.8.xml.out:906
-#: useradd.8.xml.out:909
+#: useradd.8.xml.out:648
+#: useradd.8.xml.out:919
+#: useradd.8.xml.out:926
+#: useradd.8.xml.out:929
 #: userdel.8.xml.out:319
 #: userdel.8.xml.out:335
 #: userdel.8.xml.out:338
 #: usermod.8.xml.out:162
-#: usermod.8.xml.out:629
-#: usermod.8.xml.out:633
-#: usermod.8.xml.out:636
+#: usermod.8.xml.out:646
+#: usermod.8.xml.out:650
+#: usermod.8.xml.out:653
 #: vipw.8.xml.out:208
 #: vipw.8.xml.out:211
 #: vipw.8.xml.out:214
@@ -2150,13 +2223,13 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322
+#: chage.1.xml.out:337
 #: expiry.1.xml.out:121
 #: grpck.8.xml.out:51
 #: grpck.8.xml.out:190
 #: grpck.8.xml.out:297
-#: login.defs.5.xml.out:542
-#: passwd.1.xml.out:480
+#: login.defs.5.xml.out:561
+#: passwd.1.xml.out:505
 #: passwd.5.xml.out:79
 #: passwd.5.xml.out:194
 #: pwck.8.xml.out:229
@@ -2174,14 +2247,14 @@ msgstr ""
 #: shadow.5.xml.out:40
 #: shadow.5.xml.out:47
 #: useradd.8.xml.out:205
-#: useradd.8.xml.out:628
+#: useradd.8.xml.out:648
 #: usermod.8.xml.out:162
 #: vipw.8.xml.out:223
 msgid "shadow"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317
+#: chage.1.xml.out:332
 #: expiry.1.xml.out:116
 #: faillog.8.xml.out:233
 #: nologin.8.xml.out:58
@@ -2202,16 +2275,16 @@ msgstr ""
 #: chfn.1.xml.out:89
 #: chfn.1.xml.out:159
 #: chfn.1.xml.out:164
-#: chsh.1.xml.out:171
+#: chsh.1.xml.out:212
 #: groupadd.8.xml.out:345
 #: groupdel.8.xml.out:205
 #: groupmems.8.xml.out:209
 #: groupmod.8.xml.out:326
-#: login.defs.5.xml.out:239
-#: useradd.8.xml.out:878
+#: login.defs.5.xml.out:243
+#: useradd.8.xml.out:898
 #: userdel.8.xml.out:310
 #: usermod.8.xml.out:105
-#: usermod.8.xml.out:605
+#: usermod.8.xml.out:622
 msgid "chfn"
 msgstr ""
 
@@ -2235,9 +2308,9 @@ msgstr ""
 #: groupadd.8.xml.out:323
 #: groupmod.8.xml.out:93
 #: groupmod.8.xml.out:132
-#: useradd.8.xml.out:405
-#: useradd.8.xml.out:536
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:407
+#: useradd.8.xml.out:538
+#: useradd.8.xml.out:857
 #: usermod.8.xml.out:271
 #: usermod.8.xml.out:377
 msgid "-o"
@@ -2271,7 +2344,7 @@ msgstr ""
 #: login.1.xml.out:190
 #: login.1.xml.out:229
 #: useradd.8.xml.out:196
-#: useradd.8.xml.out:622
+#: useradd.8.xml.out:642
 #: userdel.8.xml.out:76
 #: userdel.8.xml.out:287
 #: userdel.8.xml.out:302
@@ -2331,20 +2404,20 @@ msgstr ""
 #: faillog.8.xml.out:144
 #: faillog.8.xml.out:186
 #: faillog.8.xml.out:203
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112
 #: groupadd.8.xml.out:185
 #: grpck.8.xml.out:124
 #: grpck.8.xml.out:138
 #: login.1.xml.out:220
 #: login.1.xml.out:229
-#: newusers.8.xml.out:287
-#: passwd.1.xml.out:268
+#: newusers.8.xml.out:289
+#: passwd.1.xml.out:264
 #: pwck.8.xml.out:155
 #: pwck.8.xml.out:188
 #: useradd.8.xml.out:224
-#: useradd.8.xml.out:456
-#: useradd.8.xml.out:542
+#: useradd.8.xml.out:458
+#: useradd.8.xml.out:544
 #: userdel.8.xml.out:106
 #: usermod.8.xml.out:317
 msgid "-r"
@@ -2374,9 +2447,9 @@ msgstr ""
 #: lastlog.8.xml.out:90
 #: lastlog.8.xml.out:122
 #: lastlog.8.xml.out:139
-#: passwd.1.xml.out:309
-#: useradd.8.xml.out:414
-#: useradd.8.xml.out:531
+#: passwd.1.xml.out:320
+#: useradd.8.xml.out:416
+#: useradd.8.xml.out:533
 #: usermod.8.xml.out:279
 #: usermod.8.xml.out:369
 #: vipw.8.xml.out:133
@@ -2385,7 +2458,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: chfn.1.xml.out:151
-#: passwd.1.xml.out:322
+#: passwd.1.xml.out:333
 #: usermod.8.xml.out:463
 msgid "-w"
 msgstr ""
@@ -2412,18 +2485,18 @@ msgstr ""
 
 #. (itstool) path: listitem/para
 #: chfn.1.xml.out:189
-#: chgpasswd.8.xml.out:207
-#: chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161
+#: chgpasswd.8.xml.out:235
+#: chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202
 #: groupadd.8.xml.out:278
 #: groupmod.8.xml.out:241
 #: login.1.xml.out:367
 #: login.access.5.xml.out:102
-#: newusers.8.xml.out:425
-#: passwd.1.xml.out:407
+#: newusers.8.xml.out:446
+#: passwd.1.xml.out:429
 #: pwconv.8.xml.out:232
 #: su.1.xml.out:359
-#: useradd.8.xml.out:799
+#: useradd.8.xml.out:819
 #: userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr ""
@@ -2445,10 +2518,10 @@ msgstr ""
 #: groupdel.8.xml.out:208
 #: groupmems.8.xml.out:212
 #: groupmod.8.xml.out:329
-#: login.defs.5.xml.out:270
-#: useradd.8.xml.out:881
+#: login.defs.5.xml.out:280
+#: useradd.8.xml.out:901
 #: userdel.8.xml.out:313
-#: usermod.8.xml.out:608
+#: usermod.8.xml.out:625
 msgid "chsh"
 msgstr ""
 
@@ -2457,41 +2530,41 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #: chfn.1.xml.out:208
-#: chgpasswd.8.xml.out:223
-#: chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174
+#: chgpasswd.8.xml.out:251
+#: chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215
 #: groupadd.8.xml.out:194
 #: groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344
 #: login.1.xml.out:389
-#: login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109
-#: newusers.8.xml.out:298
-#: newusers.8.xml.out:453
-#: passwd.1.xml.out:484
+#: login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111
+#: newusers.8.xml.out:300
+#: newusers.8.xml.out:474
+#: passwd.1.xml.out:509
 #: pwconv.8.xml.out:92
 #: pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108
 #: pwconv.8.xml.out:245
 #: su.1.xml.out:418
-#: useradd.8.xml.out:899
+#: useradd.8.xml.out:919
 #: userdel.8.xml.out:117
 #: userdel.8.xml.out:319
-#: usermod.8.xml.out:629
+#: usermod.8.xml.out:646
 #: vipw.8.xml.out:214
 msgid "login.defs"
 msgstr ""
 
 #. (itstool) path: refsect1/para
 #: chfn.1.xml.out:203
-#: chgpasswd.8.xml.out:215
-#: chsh.1.xml.out:169
+#: chgpasswd.8.xml.out:243
+#: chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr ""
 
@@ -2500,30 +2573,30 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33
-#: chgpasswd.8.xml.out:40
-#: chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56
-#: chgpasswd.8.xml.out:66
-#: chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35
+#: chgpasswd.8.xml.out:42
+#: chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58
+#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr ""
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34
-#: chgpasswd.8.xml.out:220
-#: chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268
-#: chpasswd.8.xml.out:276
+#: chgpasswd.8.xml.out:36
+#: chgpasswd.8.xml.out:248
+#: chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310
+#: chpasswd.8.xml.out:318
 #: faillog.5.xml.out:87
 #: faillog.8.xml.out:34
-#: gpasswd.1.xml.out:280
-#: gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286
-#: gpasswd.1.xml.out:289
+#: gpasswd.1.xml.out:282
+#: gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288
+#: gpasswd.1.xml.out:291
 #: groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354
 #: groupadd.8.xml.out:357
@@ -2563,13 +2636,13 @@ msgstr ""
 #: login.1.xml.out:249
 #: login.1.xml.out:251
 #: login.1.xml.out:401
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #: logoutd.8.xml.out:34
-#: newusers.8.xml.out:50
-#: newusers.8.xml.out:467
+#: newusers.8.xml.out:52
+#: newusers.8.xml.out:488
 #: nologin.8.xml.out:23
-#: passwd.1.xml.out:474
-#: passwd.1.xml.out:488
+#: passwd.1.xml.out:496
+#: passwd.1.xml.out:513
 #: passwd.5.xml.out:185
 #: passwd.5.xml.out:188
 #: passwd.5.xml.out:191
@@ -2588,13 +2661,14 @@ msgstr ""
 #: shadow.5.xml.out:286
 #: suauth.5.xml.out:192
 #: useradd.8.xml.out:53
-#: useradd.8.xml.out:574
-#: useradd.8.xml.out:890
-#: useradd.8.xml.out:893
-#: useradd.8.xml.out:896
-#: useradd.8.xml.out:902
+#: useradd.8.xml.out:576
+#: useradd.8.xml.out:590
+#: useradd.8.xml.out:910
 #: useradd.8.xml.out:913
 #: useradd.8.xml.out:916
+#: useradd.8.xml.out:922
+#: useradd.8.xml.out:933
+#: useradd.8.xml.out:936
 #: userdel.8.xml.out:40
 #: userdel.8.xml.out:259
 #: userdel.8.xml.out:322
@@ -2604,19 +2678,20 @@ msgstr ""
 #: userdel.8.xml.out:342
 #: userdel.8.xml.out:345
 #: usermod.8.xml.out:41
-#: usermod.8.xml.out:617
-#: usermod.8.xml.out:620
-#: usermod.8.xml.out:623
-#: usermod.8.xml.out:626
+#: usermod.8.xml.out:522
+#: usermod.8.xml.out:634
+#: usermod.8.xml.out:637
 #: usermod.8.xml.out:640
 #: usermod.8.xml.out:643
+#: usermod.8.xml.out:657
+#: usermod.8.xml.out:660
 #: vipw.8.xml.out:36
 msgid "8"
 msgstr ""
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35
-#: chpasswd.8.xml.out:39
+#: chgpasswd.8.xml.out:37
+#: chpasswd.8.xml.out:41
 #: faillog.8.xml.out:35
 #: groupadd.8.xml.out:38
 #: groupdel.8.xml.out:36
@@ -2625,7 +2700,7 @@ msgstr ""
 #: grpck.8.xml.out:35
 #: lastlog.8.xml.out:37
 #: logoutd.8.xml.out:35
-#: newusers.8.xml.out:51
+#: newusers.8.xml.out:53
 #: nologin.8.xml.out:24
 #: pwck.8.xml.out:42
 #: pwconv.8.xml.out:41
@@ -2637,27 +2712,27 @@ msgid "System Management Commands"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 msgid "The <_:command-1/> command reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups. Each line is of the format:"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61
+#: chgpasswd.8.xml.out:63
 #: groupmems.8.xml.out:54
 #: groupmems.8.xml.out:110
 msgid "group_name"
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62
-#: chpasswd.8.xml.out:66
+#: chgpasswd.8.xml.out:64
+#: chpasswd.8.xml.out:68
 #: passwd.5.xml.out:77
 #: passwd.5.xml.out:86
 #: passwd.5.xml.out:91
@@ -2667,35 +2742,35 @@ msgid "password"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60
-#: chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62
+#: chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 msgid "By default the supplied password must be in clear-text, and is encrypted by <_:command-1/>."
 msgstr ""
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70
-#: chpasswd.8.xml.out:75
-#: chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72
+#: chpasswd.8.xml.out:77
+#: chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 msgid "ENCRYPT_METHOD"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71
-#: chgpasswd.8.xml.out:101
-#: chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84
-#: chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180
+#: chgpasswd.8.xml.out:73
+#: chgpasswd.8.xml.out:107
+#: chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86
+#: chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176
 #: useradd.8.xml.out:179
-#: useradd.8.xml.out:610
+#: useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "-e"
 msgstr ""
@@ -2703,15 +2778,15 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72
-#: chgpasswd.8.xml.out:88
-#: chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84
-#: chpasswd.8.xml.out:114
-#: chpasswd.8.xml.out:129
+#: chgpasswd.8.xml.out:74
+#: chgpasswd.8.xml.out:90
+#: chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86
+#: chpasswd.8.xml.out:116
+#: chpasswd.8.xml.out:135
 #: expiry.1.xml.out:60
 #: expiry.1.xml.out:73
-#: newusers.8.xml.out:268
+#: newusers.8.xml.out:270
 #: sg.1.xml.out:50
 #: su.1.xml.out:86
 #: su.1.xml.out:126
@@ -2722,81 +2797,147 @@ msgid "-c"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 msgid "The default encryption algorithm can be defined for the system with the <_:option-1/> variable of <_:filename-2/>, and can be overwritten with the <_:option-3/>, <_:option-4/>, or <_:option-5/> options."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74
-#: chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76
+#: chpasswd.8.xml.out:101
 msgid "This command is intended to be used in a large system environment where many accounts are created at a single time."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88
-#: chpasswd.8.xml.out:114
-#: newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90
+#: chpasswd.8.xml.out:116
+#: newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90
-#: chpasswd.8.xml.out:117
-#: newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92
+#: chpasswd.8.xml.out:119
+#: newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr ""
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91
-#: chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95
+#: chgpasswd.8.xml.out:149
+#: chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208
+#: newusers.8.xml.out:330
+msgid "BCRYPT"
 msgstr ""
 
-#. (itstool) path: listitem/para
+#. (itstool) path: para/phrase
 #: chgpasswd.8.xml.out:94
 #: chpasswd.8.xml.out:121
-#: newusers.8.xml.out:271
-msgid "The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods."
+msgid "<_:replaceable-1/>,"
 msgstr ""
 
-#. (itstool) path: term/option
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96
+#: chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97
+#: chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98
+#: chgpasswd.8.xml.out:151
+#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210
+#: newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:152
+#: chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211
+#: newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97
+#: chpasswd.8.xml.out:124
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100
+#: chgpasswd.8.xml.out:154
+#: chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213
+#: newusers.8.xml.out:335
+msgid "YESCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99
+#: chpasswd.8.xml.out:126
+msgid ", <_:replaceable-1/>"
+msgstr ""
+
+#. (itstool) path: para/replaceable
 #: chgpasswd.8.xml.out:101
-#: chpasswd.8.xml.out:139
+#: chpasswd.8.xml.out:128
+msgid "NONE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:120
+msgid "The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports these methods."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chgpasswd.8.xml.out:107
+#: chpasswd.8.xml.out:145
 msgid "--encrypted"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103
-#: chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109
+#: chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115
-#: chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121
+#: chpasswd.8.xml.out:163
 msgid "Use MD5 encryption instead of DES when the supplied passwords are not encrypted."
 msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:178
+#: chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:199
 #: chsh.1.xml.out:97
 #: chsh.1.xml.out:108
 #: grpck.8.xml.out:124
 #: grpck.8.xml.out:161
-#: newusers.8.xml.out:320
+#: newusers.8.xml.out:322
+#: passwd.1.xml.out:363
 #: pwck.8.xml.out:155
 #: pwck.8.xml.out:209
 #: su.1.xml.out:163
-#: useradd.8.xml.out:517
-#: useradd.8.xml.out:655
+#: useradd.8.xml.out:519
+#: useradd.8.xml.out:675
 #: usermod.8.xml.out:357
 #: vipw.8.xml.out:70
 #: vipw.8.xml.out:127
@@ -2804,74 +2945,93 @@ msgid "-s"
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:178
-#: newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:199
+#: newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137
-#: chpasswd.8.xml.out:181
-#: newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143
+#: chpasswd.8.xml.out:202
+#: newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140
-#: chpasswd.8.xml.out:184
-#: newusers.8.xml.out:325
-msgid "The value 0 means that the system will choose the default number of rounds for the crypt method (5000)."
+#: chgpasswd.8.xml.out:146
+#: chpasswd.8.xml.out:205
+#: newusers.8.xml.out:327
+msgid "You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144
-#: chpasswd.8.xml.out:188
-#: newusers.8.xml.out:329
-msgid "A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+#: chgpasswd.8.xml.out:156
+#: chpasswd.8.xml.out:215
+#: newusers.8.xml.out:337
+msgid "By default, the number of rounds for BCRYPT is defined by the BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148
-#: chpasswd.8.xml.out:192
-#: newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:161
+#: chpasswd.8.xml.out:220
+msgid "A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. The default number of rounds is 13."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152
-#: newusers.8.xml.out:337
-msgid "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+#: chgpasswd.8.xml.out:165
+#: chpasswd.8.xml.out:224
+#: newusers.8.xml.out:346
+msgid "By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:229
+msgid "A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512. The default number of rounds is 5000."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:175
+#: chpasswd.8.xml.out:234
+#: newusers.8.xml.out:355
+msgid "By default, the number of rounds for YESCRYPT is defined by the YESCRYPT_COST_FACTOR in <_:filename-1/>."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179
+#: chpasswd.8.xml.out:238
+msgid "A minimal value of 1 and a maximal value of 11 will be enforced for YESCRYPT. The default number of rounds is 5."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163
-#: chpasswd.8.xml.out:208
+#: chgpasswd.8.xml.out:189
+#: chpasswd.8.xml.out:248
 #: faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229
+#: gpasswd.1.xml.out:231
 #: groupadd.8.xml.out:285
 #: groupdel.8.xml.out:121
 #: lastlog.8.xml.out:206
 #: login.1.xml.out:236
-#: newusers.8.xml.out:348
-#: passwd.1.xml.out:354
+#: newusers.8.xml.out:369
+#: passwd.1.xml.out:376
 #: shadow.3.xml.out:194
 #: su.1.xml.out:306
-#: useradd.8.xml.out:682
+#: useradd.8.xml.out:702
 #: userdel.8.xml.out:281
-#: usermod.8.xml.out:517
+#: usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190
+#: chpasswd.8.xml.out:249
 msgid "Remember to set permissions or umask to prevent readability of unencrypted files by other users."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168
-#: newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194
+#: newusers.8.xml.out:374
 msgid "You should make sure the passwords and the encryption method respect the system's password policy."
 msgstr ""
 
@@ -2879,12 +3039,12 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193
-#: gpasswd.1.xml.out:48
-#: gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73
-#: gpasswd.1.xml.out:231
-#: gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221
+#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75
+#: gpasswd.1.xml.out:233
+#: gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170
 #: groupadd.8.xml.out:264
 #: groupdel.8.xml.out:148
@@ -2906,22 +3066,22 @@ msgstr ""
 #: gshadow.5.xml.out:135
 #: newgrp.1.xml.out:80
 #: newgrp.1.xml.out:112
-#: newusers.8.xml.out:411
+#: newusers.8.xml.out:432
 #: pwck.8.xml.out:261
 #: pwconv.8.xml.out:128
 #: sg.1.xml.out:101
 #: suauth.5.xml.out:90
-#: useradd.8.xml.out:755
+#: useradd.8.xml.out:775
 #: userdel.8.xml.out:185
-#: usermod.8.xml.out:557
+#: usermod.8.xml.out:574
 #: vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195
-#: gpasswd.1.xml.out:261
+#: chgpasswd.8.xml.out:223
+#: gpasswd.1.xml.out:263
 #: groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150
 #: groupmems.8.xml.out:193
@@ -2930,10 +3090,10 @@ msgstr ""
 #: grpck.8.xml.out:213
 #: gshadow.5.xml.out:137
 #: newgrp.1.xml.out:114
-#: newusers.8.xml.out:413
+#: newusers.8.xml.out:434
 #: pwck.8.xml.out:263
 #: sg.1.xml.out:103
-#: useradd.8.xml.out:757
+#: useradd.8.xml.out:777
 #: userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
@@ -2942,11 +3102,11 @@ msgstr ""
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199
-#: gpasswd.1.xml.out:52
-#: gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232
-#: gpasswd.1.xml.out:265
+#: chgpasswd.8.xml.out:227
+#: gpasswd.1.xml.out:54
+#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:267
 #: groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270
 #: groupdel.8.xml.out:154
@@ -2969,28 +3129,28 @@ msgstr ""
 #: gshadow.5.xml.out:141
 #: newgrp.1.xml.out:78
 #: newgrp.1.xml.out:118
-#: newusers.8.xml.out:417
+#: newusers.8.xml.out:438
 #: pwconv.8.xml.out:129
 #: sg.1.xml.out:107
-#: useradd.8.xml.out:761
-#: usermod.8.xml.out:563
+#: useradd.8.xml.out:781
+#: usermod.8.xml.out:580
 #: vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201
-#: gpasswd.1.xml.out:267
+#: chgpasswd.8.xml.out:229
+#: gpasswd.1.xml.out:269
 #: groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156
 #: groupmod.8.xml.out:235
 #: grpck.8.xml.out:219
 #: gshadow.5.xml.out:143
 #: newgrp.1.xml.out:120
-#: newusers.8.xml.out:419
+#: newusers.8.xml.out:440
 #: sg.1.xml.out:109
-#: useradd.8.xml.out:763
+#: useradd.8.xml.out:783
 #: vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr ""
@@ -3001,22 +3161,22 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217
-#: gpasswd.1.xml.out:38
-#: gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59
-#: gpasswd.1.xml.out:72
-#: gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119
+#: chgpasswd.8.xml.out:245
+#: gpasswd.1.xml.out:40
+#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61
+#: gpasswd.1.xml.out:74
+#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121
 #: groupadd.8.xml.out:354
 #: groupdel.8.xml.out:214
 #: groupmod.8.xml.out:335
 #: gshadow.5.xml.out:153
-#: login.defs.5.xml.out:280
+#: login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142
 #: sg.1.xml.out:131
 #: userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr ""
 
@@ -3026,8 +3186,8 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220
-#: gpasswd.1.xml.out:280
+#: chgpasswd.8.xml.out:248
+#: gpasswd.1.xml.out:282
 #: groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43
 #: groupadd.8.xml.out:49
@@ -3038,23 +3198,23 @@ msgstr ""
 #: groupdel.8.xml.out:217
 #: groupmems.8.xml.out:218
 #: groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290
-#: useradd.8.xml.out:890
+#: login.defs.5.xml.out:303
+#: useradd.8.xml.out:910
 #: userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21
+#: chpasswd.8.xml.out:23
 #: groupadd.8.xml.out:20
 #: groupdel.8.xml.out:18
 #: groupmod.8.xml.out:18
 #: groups.1.xml.out:17
-#: login.defs.5.xml.out:86
+#: login.defs.5.xml.out:88
 #: logoutd.8.xml.out:17
 #: newgrp.1.xml.out:18
-#: newusers.8.xml.out:33
+#: newusers.8.xml.out:35
 #: sg.1.xml.out:18
 #: useradd.8.xml.out:36
 #: userdel.8.xml.out:23
@@ -3068,34 +3228,34 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:44
-#: chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60
-#: chpasswd.8.xml.out:70
-#: chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96
-#: chpasswd.8.xml.out:108
-#: chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259
-#: passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:46
+#: chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62
+#: chpasswd.8.xml.out:72
+#: chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98
+#: chpasswd.8.xml.out:110
+#: chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266
+#: passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 msgid "The <_:command-1/> command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format:"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65
+#: chpasswd.8.xml.out:67
 #: groupmems.8.xml.out:52
 #: groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83
@@ -3104,85 +3264,70 @@ msgid "user_name"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 msgid "By default the passwords must be supplied in clear-text, and are encrypted by <_:command-1/>. Also the password age will be updated, if present."
 msgstr ""
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76
-#: chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78
+#: chpasswd.8.xml.out:139
 msgid "MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 msgid "The default encryption algorithm can be defined for the system with the <_:option-1/> or <_:option-2/> variables of <_:filename-3/>, and can be overwritten with the <_:option-4/>, <_:option-5/>, or <_:option-6/> options."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 msgid "By default, passwords are encrypted by PAM, but (even if not recommended) you can select a different encryption method with the <_:option-1/>, <_:option-2/>, or <_:option-3/> options."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 msgid "<_:phrase-1/> <_:command-2/> first updates all the passwords in memory, and then commits all the changes to disk if no errors occurred for any user."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 msgid "When PAM is used to encrypt the passwords (and update the passwords in the system database) then if a password cannot be updated <_:command-1/> continues updating the passwords of the next users, and will return an error code on exit."
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 msgid "By default (if none of the <_:option-1/>, <_:option-2/>, or <_:option-3/> options are specified), the encryption method is defined by the <_:option-4/> or <_:option-5/> variables of <_:filename-6/>."
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-msgid "By default, the number of rounds is defined by the <_:option-1/> and <_:option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255
-#: newusers.8.xml.out:431
-#: passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297
+#: newusers.8.xml.out:452
+#: passwd.1.xml.out:435
 msgid "PAM configuration for <_:command-1/>."
 msgstr ""
 
@@ -3192,31 +3337,31 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268
-#: login.defs.5.xml.out:380
-#: newusers.8.xml.out:49
-#: newusers.8.xml.out:56
-#: newusers.8.xml.out:62
-#: newusers.8.xml.out:75
-#: newusers.8.xml.out:96
-#: newusers.8.xml.out:123
-#: newusers.8.xml.out:132
-#: newusers.8.xml.out:151
-#: newusers.8.xml.out:164
-#: newusers.8.xml.out:170
+#: chpasswd.8.xml.out:310
+#: login.defs.5.xml.out:393
+#: newusers.8.xml.out:51
+#: newusers.8.xml.out:58
+#: newusers.8.xml.out:64
+#: newusers.8.xml.out:77
+#: newusers.8.xml.out:98
+#: newusers.8.xml.out:125
+#: newusers.8.xml.out:134
+#: newusers.8.xml.out:153
+#: newusers.8.xml.out:166
 #: newusers.8.xml.out:172
-#: newusers.8.xml.out:210
-#: newusers.8.xml.out:230
-#: newusers.8.xml.out:252
-#: newusers.8.xml.out:431
-#: useradd.8.xml.out:902
+#: newusers.8.xml.out:174
+#: newusers.8.xml.out:212
+#: newusers.8.xml.out:232
+#: newusers.8.xml.out:254
+#: newusers.8.xml.out:452
+#: useradd.8.xml.out:922
 msgid "newusers"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270
+#: chpasswd.8.xml.out:312
 #: grpck.8.xml.out:285
-#: passwd.1.xml.out:482
+#: passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -3226,13 +3371,13 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276
+#: chpasswd.8.xml.out:318
 #: groupadd.8.xml.out:366
 #: groupdel.8.xml.out:223
 #: groupmems.8.xml.out:224
 #: groupmod.8.xml.out:347
-#: login.defs.5.xml.out:462
-#: newusers.8.xml.out:467
+#: login.defs.5.xml.out:481
+#: newusers.8.xml.out:488
 #: useradd.8.xml.out:52
 #: useradd.8.xml.out:59
 #: useradd.8.xml.out:64
@@ -3245,21 +3390,21 @@ msgstr ""
 #: useradd.8.xml.out:187
 #: useradd.8.xml.out:209
 #: useradd.8.xml.out:239
-#: useradd.8.xml.out:284
-#: useradd.8.xml.out:341
-#: useradd.8.xml.out:472
-#: useradd.8.xml.out:584
-#: useradd.8.xml.out:586
-#: useradd.8.xml.out:690
-#: useradd.8.xml.out:808
+#: useradd.8.xml.out:286
+#: useradd.8.xml.out:343
+#: useradd.8.xml.out:474
+#: useradd.8.xml.out:604
+#: useradd.8.xml.out:606
+#: useradd.8.xml.out:710
+#: useradd.8.xml.out:828
 #: userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263
-#: newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305
+#: newusers.8.xml.out:472
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
 
@@ -3278,8 +3423,8 @@ msgstr ""
 #: chsh.1.xml.out:97
 #: su.1.xml.out:163
 #: su.1.xml.out:199
-#: useradd.8.xml.out:517
-#: useradd.8.xml.out:655
+#: useradd.8.xml.out:519
+#: useradd.8.xml.out:675
 #: usermod.8.xml.out:357
 msgid "--shell"
 msgstr ""
@@ -3288,10 +3433,10 @@ msgstr ""
 #. (itstool) path: para/option
 #: chsh.1.xml.out:97
 #: su.1.xml.out:163
-#: useradd.8.xml.out:517
-#: useradd.8.xml.out:522
-#: useradd.8.xml.out:655
-#: useradd.8.xml.out:662
+#: useradd.8.xml.out:519
+#: useradd.8.xml.out:524
+#: useradd.8.xml.out:675
+#: useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -3310,13 +3455,17 @@ msgstr ""
 #. (itstool) path: term/filename
 #: chsh.1.xml.out:120
 #: chsh.1.xml.out:124
-#: chsh.1.xml.out:153
+#: chsh.1.xml.out:130
+#: chsh.1.xml.out:143
+#: chsh.1.xml.out:172
+#: chsh.1.xml.out:184
 #: su.1.xml.out:198
 msgid "/etc/shells"
 msgstr ""
 
 #. (itstool) path: para/filename
 #: chsh.1.xml.out:123
+#: chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -3325,11 +3474,78 @@ msgstr ""
 msgid "The only restriction placed on the login shell is that the command name must be listed in <_:filename-1/>, unless the invoker is the superuser, and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing <_:filename-2/> in <_:filename-3/> is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value."
 msgstr ""
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132
+#: chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+msgid "/etc/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+msgid "/etc/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid "The only restriction placed on the login shell is that the command name must be listed in <_:filename-1/>. If this file does not exist, the definitions are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be used. If the invoker is the superuser any value may be added regardless what is defined in the configuration files. An account with a restricted login shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid "For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value."
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr ""
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+msgid "User defined list of valid login shells."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+msgid "/etc/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+msgid "Directory for additional user defined configuration files."
+msgstr ""
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -3349,7 +3565,7 @@ msgstr ""
 
 #. (itstool) path: arg/replaceable
 #: expiry.1.xml.out:52
-#: gpasswd.1.xml.out:61
+#: gpasswd.1.xml.out:63
 msgid "option"
 msgstr ""
 
@@ -3385,7 +3601,7 @@ msgstr ""
 #: faillog.5.xml.out:17
 #: faillog.8.xml.out:17
 #: login.1.xml.out:50
-#: passwd.1.xml.out:24
+#: passwd.1.xml.out:26
 #: passwd.5.xml.out:17
 #: porttime.5.xml.out:17
 #: shadow.3.xml.out:17
@@ -3421,7 +3637,7 @@ msgstr ""
 #: gshadow.5.xml.out:24
 #: limits.5.xml.out:37
 #: login.access.5.xml.out:36
-#: login.defs.5.xml.out:104
+#: login.defs.5.xml.out:106
 #: passwd.5.xml.out:35
 #: porttime.5.xml.out:35
 #: shadow.5.xml.out:35
@@ -3486,10 +3702,10 @@ msgstr ""
 #. (itstool) path: para/option
 #: faillog.8.xml.out:72
 #: faillog.8.xml.out:215
-#: gpasswd.1.xml.out:124
+#: gpasswd.1.xml.out:126
 #: groupmems.8.xml.out:83
 #: groupmod.8.xml.out:73
-#: passwd.1.xml.out:157
+#: passwd.1.xml.out:153
 #: usermod.8.xml.out:78
 #: usermod.8.xml.out:210
 msgid "-a"
@@ -3497,7 +3713,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: faillog.8.xml.out:72
-#: passwd.1.xml.out:157
+#: passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -3713,9 +3929,9 @@ msgstr ""
 #: login.1.xml.out:253
 #: login.1.xml.out:259
 #: login.access.5.xml.out:112
-#: login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518
-#: login.defs.5.xml.out:530
+#: login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537
+#: login.defs.5.xml.out:549
 #: newgrp.1.xml.out:133
 #: nologin.8.xml.out:60
 #: passwd.5.xml.out:125
@@ -3729,17 +3945,17 @@ msgid "login"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22
+#: gpasswd.1.xml.out:24
 #: login.access.5.xml.out:18
 #: pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
@@ -3747,12 +3963,12 @@ msgid "Creation, 1996"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 msgid "administer <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 msgid "administer <_:filename-1/> and <_:filename-2/>"
 msgstr ""
 
@@ -3760,15 +3976,15 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64
-#: gpasswd.1.xml.out:89
-#: gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142
-#: gpasswd.1.xml.out:177
-#: gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193
-#: gpasswd.1.xml.out:197
-#: gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66
+#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144
+#: gpasswd.1.xml.out:179
+#: gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195
+#: gpasswd.1.xml.out:199
+#: gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49
 #: grpck.8.xml.out:188
 #: grpck.8.xml.out:280
@@ -3786,45 +4002,45 @@ msgid "group"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 msgid "administrators,"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/>. Every group can have <_:phrase-4/> members and a password."
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80
-#: gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82
+#: gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:207
 msgid "-A"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 msgid "System administrators can use the <_:option-1/> option to define group administrator(s) and the <_:option-2/> option to define members. They have all rights of group administrators and members."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 msgid "a group administrator"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 msgid "a system administrator"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only prompts for the new password of the <_:replaceable-4/>."
 msgstr ""
 
@@ -3833,10 +4049,10 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:180
-#: gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277
+#: gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:182
+#: gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279
 #: groups.1.xml.out:71
 #: groups.1.xml.out:92
 #: gshadow.5.xml.out:76
@@ -3856,32 +4072,32 @@ msgid "newgrp"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 msgid "If a password is set the members can still use <_:citerefentry-1/> without a password, and non-members must supply the password."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid "Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 msgid "Except for the <_:option-1/> and <_:option-2/> options, the options cannot be combined."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124
+#: gpasswd.1.xml.out:126
 #: groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
@@ -3889,97 +4105,97 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124
-#: gpasswd.1.xml.out:128
-#: gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141
-#: gpasswd.1.xml.out:205
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126
+#: gpasswd.1.xml.out:130
+#: gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143
+#: gpasswd.1.xml.out:207
+#: gpasswd.1.xml.out:219
 #: groups.1.xml.out:48
 #: groups.1.xml.out:59
 msgid "user"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 msgid "Add the <_:replaceable-1/> to the named <_:replaceable-2/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137
+#: gpasswd.1.xml.out:139
 #: groupmems.8.xml.out:94
-#: passwd.1.xml.out:168
+#: passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 msgid "Remove the <_:replaceable-1/> from the named <_:replaceable-2/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 msgid "-Q"
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 msgid "Remove the password from the named <_:replaceable-1/>. The group password will be empty. Only group members will be allowed to use <_:command-2/> to join the named <_:replaceable-3/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 msgid "Restrict the access to the named <_:replaceable-1/>. The group password is set to \"!\". Only group members with a password will be allowed to use <_:command-2/> to join the named <_:replaceable-3/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 msgid "--administrators"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204
-#: gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206
+#: gpasswd.1.xml.out:218
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 msgid "--members"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 msgid "and <_:filename-1/> files."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 msgid "file."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 msgid "This tool only operates on the <_:filename-1/> <_:phrase-2/> <_:phrase-3/> Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server."
 msgstr ""
 
@@ -3989,7 +4205,7 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283
+#: gpasswd.1.xml.out:285
 #: groupadd.8.xml.out:357
 #: groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41
@@ -3999,10 +4215,10 @@ msgstr ""
 #: groupdel.8.xml.out:165
 #: groupmems.8.xml.out:221
 #: groupmod.8.xml.out:341
-#: login.defs.5.xml.out:299
-#: useradd.8.xml.out:893
+#: login.defs.5.xml.out:312
+#: useradd.8.xml.out:913
 #: userdel.8.xml.out:328
-#: usermod.8.xml.out:623
+#: usermod.8.xml.out:640
 msgid "groupdel"
 msgstr ""
 
@@ -4012,7 +4228,7 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286
+#: gpasswd.1.xml.out:288
 #: groupadd.8.xml.out:360
 #: groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34
@@ -4023,10 +4239,10 @@ msgstr ""
 #: groupmod.8.xml.out:256
 #: grpck.8.xml.out:107
 #: grpck.8.xml.out:283
-#: login.defs.5.xml.out:311
-#: useradd.8.xml.out:896
+#: login.defs.5.xml.out:324
+#: useradd.8.xml.out:916
 #: userdel.8.xml.out:331
-#: usermod.8.xml.out:626
+#: usermod.8.xml.out:643
 msgid "groupmod"
 msgstr ""
 
@@ -4036,7 +4252,7 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289
+#: gpasswd.1.xml.out:291
 #: grpck.8.xml.out:33
 #: grpck.8.xml.out:40
 #: grpck.8.xml.out:46
@@ -4047,7 +4263,7 @@ msgstr ""
 #: grpck.8.xml.out:184
 #: grpck.8.xml.out:234
 #: gshadow.5.xml.out:159
-#: login.defs.5.xml.out:318
+#: login.defs.5.xml.out:331
 #: pwck.8.xml.out:339
 #: pwconv.8.xml.out:198
 #: pwconv.8.xml.out:242
@@ -4059,7 +4275,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295
+#: gpasswd.1.xml.out:297
 #: grpck.8.xml.out:95
 #: grpck.8.xml.out:287
 #: gshadow.5.xml.out:22
@@ -4075,14 +4291,14 @@ msgid "gshadow"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293
+#: gpasswd.1.xml.out:295
 #: newgrp.1.xml.out:146
 #: sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275
+#: gpasswd.1.xml.out:277
 #: newgrp.1.xml.out:128
 #: sg.1.xml.out:117
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -4128,10 +4344,10 @@ msgstr ""
 #: useradd.8.xml.out:96
 #: useradd.8.xml.out:230
 #: useradd.8.xml.out:264
-#: useradd.8.xml.out:391
-#: useradd.8.xml.out:396
-#: useradd.8.xml.out:557
-#: useradd.8.xml.out:639
+#: useradd.8.xml.out:393
+#: useradd.8.xml.out:398
+#: useradd.8.xml.out:559
+#: useradd.8.xml.out:659
 #: usermod.8.xml.out:174
 #: vipw.8.xml.out:90
 msgid "-g"
@@ -4146,7 +4362,7 @@ msgstr ""
 #: groupadd.8.xml.out:102
 #: groupmod.8.xml.out:82
 #: useradd.8.xml.out:230
-#: useradd.8.xml.out:639
+#: useradd.8.xml.out:659
 #: usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
@@ -4162,8 +4378,8 @@ msgstr ""
 #: groupmod.8.xml.out:87
 #: groupmod.8.xml.out:91
 #: groupmod.8.xml.out:137
-#: newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr ""
 
@@ -4194,7 +4410,7 @@ msgstr ""
 
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:111
-#: useradd.8.xml.out:541
+#: useradd.8.xml.out:543
 msgid "See also the <_:option-1/> option and the <_:option-2/> description."
 msgstr ""
 
@@ -4205,35 +4421,35 @@ msgstr ""
 #: groupadd.8.xml.out:134
 #: groupadd.8.xml.out:135
 #: groupadd.8.xml.out:138
-#: useradd.8.xml.out:303
-#: useradd.8.xml.out:314
-#: useradd.8.xml.out:317
+#: useradd.8.xml.out:305
+#: useradd.8.xml.out:316
 #: useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 msgid "-K"
 msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:125
-#: useradd.8.xml.out:303
+#: useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:125
-#: useradd.8.xml.out:303
+#: useradd.8.xml.out:305
 msgid "KEY"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:125
-#: useradd.8.xml.out:303
+#: useradd.8.xml.out:305
 msgid "VALUE"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: groupadd.8.xml.out:124
-#: useradd.8.xml.out:302
+#: useradd.8.xml.out:304
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>=<_:replaceable-4/>"
 msgstr ""
 
@@ -4244,14 +4460,14 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #: groupadd.8.xml.out:134
-#: useradd.8.xml.out:320
+#: useradd.8.xml.out:322
 msgid "100"
 msgstr ""
 
 #. (itstool) path: para/replaceable
 #: groupadd.8.xml.out:135
 #: groupadd.8.xml.out:138
-#: useradd.8.xml.out:321
+#: useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -4266,7 +4482,7 @@ msgstr ""
 #: groupadd.8.xml.out:333
 #: groupdel.8.xml.out:192
 #: groupmod.8.xml.out:295
-#: useradd.8.xml.out:853
+#: useradd.8.xml.out:873
 #: userdel.8.xml.out:265
 msgid "10"
 msgstr ""
@@ -4279,7 +4495,7 @@ msgstr ""
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:145
 #: groupmod.8.xml.out:132
-#: useradd.8.xml.out:405
+#: useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -4302,7 +4518,7 @@ msgstr ""
 #: login.1.xml.out:95
 #: login.1.xml.out:212
 #: su.1.xml.out:207
-#: useradd.8.xml.out:425
+#: useradd.8.xml.out:427
 #: usermod.8.xml.out:237
 #: usermod.8.xml.out:290
 #: usermod.8.xml.out:411
@@ -4313,7 +4529,7 @@ msgstr ""
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:158
 #: groupmod.8.xml.out:143
-#: useradd.8.xml.out:425
+#: useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "--password"
 msgstr ""
@@ -4321,7 +4537,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:158
 #: groupmod.8.xml.out:143
-#: useradd.8.xml.out:425
+#: useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -4336,10 +4552,10 @@ msgstr ""
 #: passwd.5.xml.out:170
 #: shadow.5.xml.out:88
 #: shadow.5.xml.out:94
-#: useradd.8.xml.out:430
-#: useradd.8.xml.out:887
+#: useradd.8.xml.out:432
+#: useradd.8.xml.out:907
 #: usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -4355,7 +4571,7 @@ msgstr ""
 #: grpck.8.xml.out:255
 #: gshadow.5.xml.out:63
 #: gshadow.5.xml.out:69
-#: passwd.1.xml.out:443
+#: passwd.1.xml.out:465
 #: passwd.5.xml.out:104
 #: passwd.5.xml.out:110
 #: passwd.5.xml.out:170
@@ -4365,11 +4581,11 @@ msgstr ""
 #: shadow.3.xml.out:217
 #: shadow.5.xml.out:89
 #: shadow.5.xml.out:95
-#: useradd.8.xml.out:431
-#: useradd.8.xml.out:829
-#: useradd.8.xml.out:887
+#: useradd.8.xml.out:433
+#: useradd.8.xml.out:849
+#: useradd.8.xml.out:907
 #: usermod.8.xml.out:296
-#: usermod.8.xml.out:614
+#: usermod.8.xml.out:631
 msgid "3"
 msgstr ""
 
@@ -4386,7 +4602,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #: groupadd.8.xml.out:173
 #: groupmod.8.xml.out:152
-#: useradd.8.xml.out:444
+#: useradd.8.xml.out:446
 #: userdel.8.xml.out:93
 #: usermod.8.xml.out:299
 msgid "Note:"
@@ -4401,15 +4617,15 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:177
 #: groupmod.8.xml.out:156
-#: useradd.8.xml.out:448
+#: useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid "You should make sure the password respects the system's password policy."
 msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:185
-#: newusers.8.xml.out:287
-#: useradd.8.xml.out:456
+#: newusers.8.xml.out:289
+#: useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -4436,61 +4652,15 @@ msgid "The numeric identifiers of new system groups are chosen in the <_:option-
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214
-#: groupdel.8.xml.out:102
-#: groupmod.8.xml.out:177
-#: useradd.8.xml.out:502
-#: userdel.8.xml.out:136
-#: usermod.8.xml.out:341
-msgid "-P"
-msgstr ""
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214
-#: groupdel.8.xml.out:102
-#: groupmod.8.xml.out:177
-#: useradd.8.xml.out:502
-#: userdel.8.xml.out:136
-#: usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214
-#: groupadd.8.xml.out:219
-#: groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106
-#: groupdel.8.xml.out:108
-#: groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181
-#: groupmod.8.xml.out:183
-#: useradd.8.xml.out:502
-#: useradd.8.xml.out:507
-#: userdel.8.xml.out:136
-#: userdel.8.xml.out:140
-#: userdel.8.xml.out:142
-#: usermod.8.xml.out:341
-#: usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217
-#: useradd.8.xml.out:505
-msgid "Apply changes to configuration files under the root filesystem found under the directory <_:replaceable-1/>. This option does not chroot and is intended for preparing a cross-compilation target. Some limitations: NIS and LDAP users/groups are not verified. PAM authentication is using the host files. No SELINUX support."
-msgstr ""
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229
 #: groupadd.8.xml.out:237
 #: groupmod.8.xml.out:194
 #: groupmod.8.xml.out:202
 #: useradd.8.xml.out:96
-#: useradd.8.xml.out:397
-#: useradd.8.xml.out:549
-#: useradd.8.xml.out:558
+#: useradd.8.xml.out:399
+#: useradd.8.xml.out:551
+#: useradd.8.xml.out:560
 #: usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 msgid "-U"
@@ -4513,9 +4683,9 @@ msgstr ""
 #: groupadd.8.xml.out:237
 #: groupmod.8.xml.out:202
 #: useradd.8.xml.out:96
-#: useradd.8.xml.out:386
-#: useradd.8.xml.out:397
-#: useradd.8.xml.out:558
+#: useradd.8.xml.out:388
+#: useradd.8.xml.out:399
+#: useradd.8.xml.out:560
 msgid "-N"
 msgstr ""
 
@@ -4523,11 +4693,11 @@ msgstr ""
 #. (itstool) path: para/phrase
 #: groupadd.8.xml.out:238
 #: groupmod.8.xml.out:203
-#: login.defs.5.xml.out:448
+#: login.defs.5.xml.out:467
 #: useradd.8.xml.out:97
 #: useradd.8.xml.out:240
-#: useradd.8.xml.out:398
-#: useradd.8.xml.out:559
+#: useradd.8.xml.out:400
+#: useradd.8.xml.out:561
 #: userdel.8.xml.out:86
 #: userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
@@ -4536,8 +4706,8 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:235
 #: groupmod.8.xml.out:200
-#: useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 msgid "The default behavior (if the <_:option-1/>, <_:option-2/>, and <_:option-3/> options are not specified) is defined by the <_:option-4/> variable in <_:filename-5/>."
 msgstr ""
 
@@ -4553,8 +4723,8 @@ msgstr ""
 
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:317
-#: passwd.1.xml.out:463
-#: useradd.8.xml.out:831
+#: passwd.1.xml.out:485
+#: useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr ""
 
@@ -4562,9 +4732,9 @@ msgstr ""
 #: groupadd.8.xml.out:321
 #: groupmod.8.xml.out:277
 #: grpck.8.xml.out:261
-#: passwd.1.xml.out:449
+#: passwd.1.xml.out:471
 #: pwck.8.xml.out:311
-#: useradd.8.xml.out:835
+#: useradd.8.xml.out:855
 msgid "4"
 msgstr ""
 
@@ -4576,7 +4746,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:327
 #: groupmod.8.xml.out:289
-#: useradd.8.xml.out:847
+#: useradd.8.xml.out:867
 msgid "9"
 msgstr ""
 
@@ -4588,7 +4758,7 @@ msgstr ""
 #. (itstool) path: listitem/para
 #: groupadd.8.xml.out:335
 #: groupdel.8.xml.out:194
-#: useradd.8.xml.out:855
+#: useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr ""
@@ -4603,8 +4773,8 @@ msgstr ""
 #: groupdel.8.xml.out:226
 #: groupmems.8.xml.out:227
 #: groupmod.8.xml.out:350
-#: login.defs.5.xml.out:480
-#: useradd.8.xml.out:913
+#: login.defs.5.xml.out:499
+#: useradd.8.xml.out:933
 #: userdel.8.xml.out:39
 #: userdel.8.xml.out:46
 #: userdel.8.xml.out:51
@@ -4616,7 +4786,7 @@ msgstr ""
 #: userdel.8.xml.out:283
 #: userdel.8.xml.out:298
 #: userdel.8.xml.out:300
-#: usermod.8.xml.out:643
+#: usermod.8.xml.out:660
 msgid "userdel"
 msgstr ""
 
@@ -4630,11 +4800,11 @@ msgstr ""
 #: groupdel.8.xml.out:229
 #: groupmems.8.xml.out:230
 #: groupmod.8.xml.out:353
-#: login.defs.5.xml.out:490
-#: passwd.1.xml.out:488
+#: login.defs.5.xml.out:509
+#: passwd.1.xml.out:513
 #: pwck.8.xml.out:140
 #: pwck.8.xml.out:348
-#: useradd.8.xml.out:916
+#: useradd.8.xml.out:936
 #: userdel.8.xml.out:345
 #: usermod.8.xml.out:40
 #: usermod.8.xml.out:47
@@ -4642,7 +4812,7 @@ msgstr ""
 #: usermod.8.xml.out:64
 #: usermod.8.xml.out:72
 #: usermod.8.xml.out:263
-#: usermod.8.xml.out:522
+#: usermod.8.xml.out:539
 msgid "usermod"
 msgstr ""
 
@@ -4673,9 +4843,9 @@ msgstr ""
 #: suauth.5.xml.out:87
 #: useradd.8.xml.out:230
 #: useradd.8.xml.out:249
-#: useradd.8.xml.out:392
-#: useradd.8.xml.out:639
-#: useradd.8.xml.out:648
+#: useradd.8.xml.out:394
+#: useradd.8.xml.out:659
+#: useradd.8.xml.out:668
 #: usermod.8.xml.out:174
 msgid "GROUP"
 msgstr ""
@@ -4710,16 +4880,16 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #: groupdel.8.xml.out:180
 #: groupmod.8.xml.out:283
-#: passwd.1.xml.out:461
+#: passwd.1.xml.out:483
 #: pwck.8.xml.out:323
-#: useradd.8.xml.out:841
+#: useradd.8.xml.out:861
 #: userdel.8.xml.out:253
 msgid "6"
 msgstr ""
 
 #. (itstool) path: listitem/para
 #: groupdel.8.xml.out:182
-#: useradd.8.xml.out:843
+#: useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr ""
 
@@ -4769,7 +4939,7 @@ msgstr ""
 #: groupmems.8.xml.out:78
 #: groupmems.8.xml.out:159
 #: groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr ""
 
@@ -4882,7 +5052,7 @@ msgstr ""
 
 #. (itstool) path: refsect1/programlisting
 #: groupmems.8.xml.out:167
-msgid "$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ groupmems -g groups -a gk4"
+msgid "$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ groupmems -g groups -a gk4"
 msgstr ""
 
 #. (itstool) path: listitem/para
@@ -4944,7 +5114,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupmod.8.xml.out:121
-#: passwd.1.xml.out:246
+#: passwd.1.xml.out:242
 msgid "-n"
 msgstr ""
 
@@ -5022,7 +5192,7 @@ msgstr ""
 
 #. (itstool) path: term/replaceable
 #: groupmod.8.xml.out:307
-#: useradd.8.xml.out:859
+#: useradd.8.xml.out:879
 #: userdel.8.xml.out:271
 msgid "12"
 msgstr ""
@@ -5179,8 +5349,8 @@ msgstr ""
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
 #: grpck.8.xml.out:113
-#: newusers.8.xml.out:67
-#: newusers.8.xml.out:75
+#: newusers.8.xml.out:69
+#: newusers.8.xml.out:77
 msgid "file"
 msgstr ""
 
@@ -5209,8 +5379,8 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: grpck.8.xml.out:143
-#: login.defs.5.xml.out:134
 #: login.defs.5.xml.out:136
+#: login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -5235,8 +5405,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: grpck.8.xml.out:172
 #: lastlog.8.xml.out:117
-#: passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 msgid "-S"
 msgstr ""
 
@@ -5418,7 +5588,7 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: gshadow.5.xml.out:162
-#: login.defs.5.xml.out:324
+#: login.defs.5.xml.out:337
 #: pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67
 #: pwconv.8.xml.out:113
@@ -5440,7 +5610,7 @@ msgstr ""
 #: lastlog.8.xml.out:58
 #: lastlog.8.xml.out:70
 #: lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr ""
 
@@ -5480,7 +5650,7 @@ msgstr ""
 #. (itstool) path: term/option
 #: lastlog.8.xml.out:75
 #: useradd.8.xml.out:118
-#: useradd.8.xml.out:592
+#: useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 msgid "-b"
 msgstr ""
@@ -5778,7 +5948,7 @@ msgstr ""
 #: su.1.xml.out:95
 #: su.1.xml.out:153
 #: su.1.xml.out:155
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "username"
 msgstr ""
 
@@ -6167,9 +6337,9 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: login.1.xml.out:386
-#: login.defs.5.xml.out:436
-#: login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536
+#: login.defs.5.xml.out:455
+#: login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555
 #: newgrp.1.xml.out:136
 #: passwd.5.xml.out:197
 #: shadow.5.xml.out:283
@@ -6330,81 +6500,81 @@ msgid "<_:citerefentry-1/>."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 msgid "The <_:filename-1/> file defines the site-specific configuration for the shadow password suite. This file is required. Absence of this file will not prevent system operation, but will probably result in undesirable operation."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid "This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace. Blank lines and comment lines are ignored. Comments are introduced with a \"#\" pound sign and the pound sign must be the first non-white character of the line."
 msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133
+#: login.defs.5.xml.out:135
 #: useradd.8.xml.out:242
-#: useradd.8.xml.out:380
+#: useradd.8.xml.out:382
 #: userdel.8.xml.out:87
 #: userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 msgid "0x"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 msgid "Parameter values may be of four types: strings, booleans, numbers, and long numbers. A string is comprised of any printable characters. A boolean should be either the value <_:replaceable-1/> or <_:replaceable-2/>. An undefined boolean parameter or one with a value other than these will be given a <_:replaceable-3/> value. Numbers (both regular and long) may be either decimal values, octal values (precede the value with <_:replaceable-4/>) or hexadecimal values (precede the value with <_:replaceable-5/>). The maximum value of the regular and long numeric parameters is machine-dependent."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193
+#: login.defs.5.xml.out:196
 #: pwconv.8.xml.out:146
-#: useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193
+#: login.defs.5.xml.out:196
 #: pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194
+#: login.defs.5.xml.out:197
 #: pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 msgid "<_:option-1/>, <_:option-2/> and <_:option-3/> are only used at the time of account creation. Any changes to these settings won't affect existing accounts."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid "The following cross references show which programs in the shadow password suite use which parameters."
 msgstr ""
 
@@ -6412,10 +6582,10 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235
-#: login.defs.5.xml.out:423
-#: login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503
+#: login.defs.5.xml.out:239
+#: login.defs.5.xml.out:442
+#: login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522
 #: pwck.8.xml.out:75
 #: pwck.8.xml.out:216
 #: pwck.8.xml.out:232
@@ -6428,58 +6598,76 @@ msgid "USE_TCB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244
-#: login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248
+#: login.defs.5.xml.out:372
 msgid "LOGIN_STRING"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253
-#: login.defs.5.xml.out:264
-#: login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388
-#: login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256
+#: login.defs.5.xml.out:269
+#: login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396
+#: login.defs.5.xml.out:418
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259
+#: login.defs.5.xml.out:273
+#: login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403
+#: login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr ""
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261
+#: login.defs.5.xml.out:275
+#: login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409
+#: login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251
-#: login.defs.5.xml.out:282
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+#: login.defs.5.xml.out:255
+#: login.defs.5.xml.out:292
+msgid "<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-2/> <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301
-#: login.defs.5.xml.out:307
-#: login.defs.5.xml.out:313
+#: login.defs.5.xml.out:314
 #: login.defs.5.xml.out:320
 #: login.defs.5.xml.out:326
-#: login.defs.5.xml.out:332
+#: login.defs.5.xml.out:333
+#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr ""
 
@@ -6487,7 +6675,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330
+#: login.defs.5.xml.out:343
 #: pwconv.8.xml.out:49
 #: pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119
@@ -6498,84 +6686,84 @@ msgid "grpunconv"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346
-#: login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359
+#: login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 msgid "FAILLOG_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 msgid "FTMP_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY <_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR <_:phrase-6/> LOGIN_RETRIES <_:phrase-7/> LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB <_:phrase-8/> TTYGROUP TTYPERM TTYTYPE_FILE <_:phrase-9/> USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
-msgid "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+#: login.defs.5.xml.out:395
+msgid "<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
-msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+#: login.defs.5.xml.out:417
+msgid "<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412
-#: login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431
+#: login.defs.5.xml.out:440
 msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
 msgstr ""
 
@@ -6585,7 +6773,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419
+#: login.defs.5.xml.out:438
 #: passwd.5.xml.out:188
 #: pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46
@@ -6606,7 +6794,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428
+#: login.defs.5.xml.out:447
 #: passwd.5.xml.out:191
 #: pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61
@@ -6621,68 +6809,61 @@ msgid "pwunconv"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH <_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453
+#: login.defs.5.xml.out:472
 #: passwd.5.xml.out:200
 #: shadow.5.xml.out:286
 msgid "sulogin"
 msgstr ""
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457
-#: su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 msgid "CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK <_:phrase-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485
-#: login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504
+#: login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 msgid "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB <_:phrase-1/>"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 msgid "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 msgstr ""
 
@@ -6691,7 +6872,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500
+#: login.defs.5.xml.out:519
 #: vipw.8.xml.out:35
 #: vipw.8.xml.out:42
 #: vipw.8.xml.out:51
@@ -6701,24 +6882,24 @@ msgid "vipw"
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511
+#: login.defs.5.xml.out:530
 #: pwconv.8.xml.out:193
 #: suauth.5.xml.out:179
 msgid "BUGS"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 msgid "Much of the functionality that used to be provided by the shadow password suite is now handled by PAM. Thus, <_:filename-1/> is no longer used by <_:citerefentry-2/>, or less used by <_:citerefentry-3/>, and <_:citerefentry-4/>. Please refer to the corresponding PAM configuration files instead."
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 msgid "pam"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
 msgstr ""
 
@@ -6792,167 +6973,167 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 msgid "The <_:command-1/> command reads a <_:replaceable-2/> (or the standard input by default) and uses this information to update a set of existing users or to create new users. Each line is in the same format as the standard password file (see <_:citerefentry-3/>) with the exceptions explained below:"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 msgid "It can be the name of a new user or the name of an existing user (or a user created before by <_:command-1/>). In case of an existing user, the user's information will be changed, otherwise a new user will be created."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid "This field will be encrypted and used as the new value of the encrypted password."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 msgid "If the field is empty, a new (unused) UID will be defined automatically by <_:command-1/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 msgid "If this field contains the name of an existing user (or the name of a user created before by <_:command-1/>), the UID of the specified user will be used."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid "If the UID of an existing user is changed, the files ownership of the user's file should be fixed manually."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 msgid "If this field contains the name of an existing group (or a group created before by <_:command-1/>), the GID of this group will be used as the primary group ID for the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid "If this field is a number, this number will be used as the primary group ID of the user. If no groups exist with this GID, a new group will be created with this GID, and the name of the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 msgid "If this field is empty, a new group will be created with the name of the user and a GID will be automatically defined by <_:command-1/> to be used as the primary group ID for the user and as the GID for the new group."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 msgid "If this field contains the name of a group which does not exist (and was not created before by <_:command-1/>), a new group will be created with the specified name and a GID will be automatically defined by <_:command-2/> to be used as the primary group ID for the user and GID for the new group."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid "If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group. Note that <_:emphasis-1/> of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 msgid "If the home directory of an existing user is changed, <_:command-1/> does not move or copy the content of the old directory to the new location. This should be done manually."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid "This field defines the shell of the user. No checks are performed on this field."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 msgid "<_:command-1/> first tries to create or change all the specified users, and then write these changes to the user or group databases. If an error occurs (except in the final writes to the databases), no changes are committed to the databases."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid "During this first pass, users are created with a locked password (and passwords are not changed for the users which are not created). A second pass is used to update the passwords using PAM. Failures to update a password are reported, but will not stop the other password updates."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid "This command is intended to be used in a large system environment where many accounts are updated at a single time."
 msgstr ""
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257
+#: newusers.8.xml.out:259
 #: pwck.8.xml.out:164
 #: useradd.8.xml.out:108
 #: usermod.8.xml.out:89
@@ -6960,7 +7141,7 @@ msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260
+#: newusers.8.xml.out:262
 #: pwck.8.xml.out:167
 #: useradd.8.xml.out:111
 #: usermod.8.xml.out:92
@@ -6968,120 +7149,140 @@ msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290
-#: useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid "The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292
+#: useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297
-#: useradd.8.xml.out:466
+#: newusers.8.xml.out:299
+#: useradd.8.xml.out:468
 #: usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297
-#: useradd.8.xml.out:466
+#: newusers.8.xml.out:299
+#: useradd.8.xml.out:468
 #: usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299
-#: useradd.8.xml.out:308
-#: useradd.8.xml.out:319
-#: useradd.8.xml.out:468
-#: useradd.8.xml.out:538
+#: newusers.8.xml.out:301
+#: useradd.8.xml.out:310
+#: useradd.8.xml.out:321
+#: useradd.8.xml.out:470
+#: useradd.8.xml.out:540
 #: usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299
-#: useradd.8.xml.out:308
-#: useradd.8.xml.out:321
-#: useradd.8.xml.out:468
-#: useradd.8.xml.out:543
+#: newusers.8.xml.out:301
+#: useradd.8.xml.out:310
+#: useradd.8.xml.out:323
+#: useradd.8.xml.out:470
+#: useradd.8.xml.out:545
 #: usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293
-#: useradd.8.xml.out:462
+#: newusers.8.xml.out:295
+#: useradd.8.xml.out:464
 msgid "System users will be created with no aging information in <_:filename-1/>, and their numeric identifiers are chosen in the <_:option-2/>-<_:option-3/> range, defined in <_:filename-4/>, instead of <_:option-5/>-<_:option-6/> (and their <_:option-7/> counterparts for the creation of groups)."
 msgstr ""
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+msgid "A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. The default is 13."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+msgid "A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512. The default is 5000."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+msgid "A minimal value of 1 and a maximal value of 11 will be enforced for YESCRYPT. The default is 5."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435
+#: newusers.8.xml.out:456
 #: useradd.8.xml.out:222
-#: useradd.8.xml.out:481
-#: useradd.8.xml.out:785
+#: useradd.8.xml.out:483
+#: useradd.8.xml.out:805
 #: userdel.8.xml.out:215
-#: usermod.8.xml.out:587
+#: usermod.8.xml.out:604
 msgid "/etc/subgid"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437
-#: useradd.8.xml.out:787
+#: newusers.8.xml.out:458
+#: useradd.8.xml.out:807
 #: userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441
+#: newusers.8.xml.out:462
 #: useradd.8.xml.out:222
-#: useradd.8.xml.out:480
-#: useradd.8.xml.out:791
+#: useradd.8.xml.out:482
+#: useradd.8.xml.out:811
 #: userdel.8.xml.out:221
-#: usermod.8.xml.out:593
+#: usermod.8.xml.out:610
 msgid "/etc/subuid"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443
-#: useradd.8.xml.out:793
+#: newusers.8.xml.out:464
+#: useradd.8.xml.out:813
 #: userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460
-#: useradd.8.xml.out:906
+#: newusers.8.xml.out:481
+#: useradd.8.xml.out:926
 #: userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: usermod.8.xml.out:650
 msgid "subgid"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463
-#: useradd.8.xml.out:909
+#: newusers.8.xml.out:484
+#: useradd.8.xml.out:929
 #: userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: usermod.8.xml.out:653
 msgid "subuid"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458
-#: useradd.8.xml.out:904
+#: newusers.8.xml.out:479
+#: useradd.8.xml.out:924
 #: userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -7121,270 +7322,275 @@ msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 msgid "The <_:command-1/> command changes passwords for user accounts. A normal user may only change the password for their own account, while the superuser may change the password for any account. <_:command-2/> also changes the account or associated password validity period."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid "The user is first prompted for their old password, if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The superuser is permitted to bypass this step so that forgotten passwords may be changed."
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 msgid "After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time. If not, <_:command-1/> refuses to change the password and exits."
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid "The user is then prompted twice for a replacement password. The second entry is compared against the first and both are required to match in order for the password to be changed."
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid "Then, the password is tested for complexity. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr ""
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-msgid "Care must be taken not to include the system default erase or kill characters. <_:command-1/> will reject any password which is not suitably complex."
+#: passwd.1.xml.out:98
+msgid "Then, the password is tested for complexity. <_:command-1/> will reject any password which is not suitably complex. Care must be taken not to include the system default erase or kill characters."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 msgid "The security of a password depends upon the strength of the encryption algorithm and the size of the key space. The legacy <_:emphasis-1/> System encryption method is based on the NBS DES algorithm. More recent methods are now recommended (see <_:option-2/>). The size of the key space depends upon the randomness of the password which is selected."
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid "Compromises in password security normally result from careless password selection or handling. For this reason, you should not select a password which appears in a dictionary or which must be written down. The password should also not be a proper name, your license number, birth date, or street address. Any of these may be used as guesses to violate system security."
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid "As a general guideline, passwords should be long and random. It's fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations. Being an exponential equation, it's apparent that the exponent (the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 msgid "You can find advice on how to choose a strong password on http://en.wikipedia.org/wiki/Password_strength"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 msgid "This option can be used only with <_:option-1/> and causes show status for all users."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid "Delete a user's password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 msgid "--expire"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid "Immediately expire an account's password. This in effect can force a user to change their password at the user's next login."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 msgid "This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for <_:replaceable-1/> days, the user may no longer sign on to the account."
 msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210
-#: useradd.8.xml.out:278
-#: useradd.8.xml.out:356
+#: passwd.1.xml.out:206
+#: useradd.8.xml.out:280
+#: useradd.8.xml.out:358
 msgid "-k"
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid "Indicate password change should be performed only for expired authentication tokens (passwords). The user wishes to keep their non-expired tokens as before."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222
+#: passwd.1.xml.out:218
 #: usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid "Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password)."
 msgstr ""
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 msgid "Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use <_:command-1/> (this set the account's expire date to Jan 2, 1970)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258
+#: passwd.1.xml.out:254
 #: pwck.8.xml.out:179
 #: vipw.8.xml.out:108
 msgid "-q"
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258
+#: passwd.1.xml.out:254
 #: pwck.8.xml.out:179
 #: vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261
+#: passwd.1.xml.out:257
 #: vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
+#: passwd.1.xml.out:264
 #: passwd.1.xml.out:268
-#: passwd.1.xml.out:272
 msgid "REPOSITORY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 msgid "change password in <_:replaceable-1/> repository"
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid "Display account status information. The status information consists of 7 fields. The first field is the user's login name. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P). The third field gives the date of the last password change. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password. These ages are expressed in days."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309
+#: passwd.1.xml.out:320
 #: usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 msgid "Unlock the password of the named account. This option re-enables a password by changing the password back to its previous value (to the value before using the <_:option-1/> option)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 msgid "Set the number of days of warning before a password change is required. The <_:replaceable-1/> option is the number of days prior to the password expiring that a user will be warned that their password is about to expire."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 msgid "-x"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 msgid "Set the maximum number of days a password remains valid. After <_:replaceable-1/>, the password is required to be changed."
 msgstr ""
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid "This option is used to indicate that passwd should read the new password from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid "Password complexity checking may vary from site to site. The user is urged to select a password as complex as he or she feels comfortable with."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid "Users may not be able to change their password on a system if NIS is enabled and they are not logged into the NIS server."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 msgid "<_:command-1/> uses PAM to authenticate users and to change their passwords."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 msgid "<_:filename-1/> file busy, try again"
 msgstr ""
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+msgid "makepasswd"
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
-msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> <_:citerefentry-5/>."
+#: passwd.1.xml.out:494
+msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:517
+msgid "The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -8603,6 +8809,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -8841,8 +9052,8 @@ msgstr ""
 #: useradd.8.xml.out:76
 #: useradd.8.xml.out:86
 #: useradd.8.xml.out:169
-#: useradd.8.xml.out:583
-#: useradd.8.xml.out:585
+#: useradd.8.xml.out:603
+#: useradd.8.xml.out:605
 msgid "-D"
 msgstr ""
 
@@ -8858,7 +9069,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: useradd.8.xml.out:118
-#: useradd.8.xml.out:592
+#: useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
@@ -8867,8 +9078,8 @@ msgstr ""
 #: useradd.8.xml.out:118
 #: useradd.8.xml.out:124
 #: useradd.8.xml.out:159
-#: useradd.8.xml.out:592
-#: useradd.8.xml.out:598
+#: useradd.8.xml.out:612
+#: useradd.8.xml.out:618
 msgid "BASE_DIR"
 msgstr ""
 
@@ -8889,7 +9100,7 @@ msgstr ""
 
 #. (itstool) path: para/option
 #: useradd.8.xml.out:131
-#: useradd.8.xml.out:603
+#: useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
@@ -8899,17 +9110,18 @@ msgstr ""
 #: useradd.8.xml.out:189
 #: useradd.8.xml.out:212
 #: useradd.8.xml.out:250
-#: useradd.8.xml.out:293
-#: useradd.8.xml.out:343
-#: useradd.8.xml.out:393
-#: useradd.8.xml.out:523
-#: useradd.8.xml.out:604
-#: useradd.8.xml.out:616
-#: useradd.8.xml.out:633
-#: useradd.8.xml.out:649
-#: useradd.8.xml.out:663
-#: useradd.8.xml.out:677
-#: useradd.8.xml.out:767
+#: useradd.8.xml.out:267
+#: useradd.8.xml.out:295
+#: useradd.8.xml.out:345
+#: useradd.8.xml.out:395
+#: useradd.8.xml.out:525
+#: useradd.8.xml.out:624
+#: useradd.8.xml.out:636
+#: useradd.8.xml.out:653
+#: useradd.8.xml.out:669
+#: useradd.8.xml.out:683
+#: useradd.8.xml.out:697
+#: useradd.8.xml.out:787
 #: usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr ""
@@ -8974,7 +9186,7 @@ msgstr ""
 
 #. (itstool) path: para/option
 #: useradd.8.xml.out:188
-#: useradd.8.xml.out:615
+#: useradd.8.xml.out:635
 #: usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
@@ -8997,7 +9209,7 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: useradd.8.xml.out:218
-#: useradd.8.xml.out:482
+#: useradd.8.xml.out:484
 msgid "-F"
 msgstr ""
 
@@ -9070,411 +9282,443 @@ msgstr ""
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>[<_:emphasis-4/>[<_:emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+msgid "GROUPS"
+msgstr ""
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
-msgid "A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the <_:option-1/> option. The default is for the user to belong only to the initial group."
+msgid "A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the <_:option-1/> option. The default is for the user to belong only to the initial group. In addition to passing in the -G flag, you can add the option <_:option-2/> to the file <_:filename-3/> which in turn will add all users to those supplementary groups."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "SKEL_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 msgid "The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by <_:command-1/>."
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288
-#: useradd.8.xml.out:350
+#: useradd.8.xml.out:290
+#: useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288
+#: useradd.8.xml.out:592
+#: usermod.8.xml.out:524
 msgid "This option is only valid if the <_:option-1/> (or <_:option-2/>) option is specified."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 msgid "/etc/skel"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 msgid "If this option is not set, the skeleton directory is defined by the <_:option-1/> variable in <_:filename-2/> or, by default, <_:filename-3/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used when creating an account to turn off password aging. Multiple <_:option-4/> options can be specified, e.g.: <_:option-5/> <_:replaceable-6/> =<_:replaceable-7/> <_:option-8/> <_:replaceable-9/>=<_:replaceable-10/>"
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 msgid "By default, the user's entries in the lastlog and faillog databases are reset to avoid reusing the entry from a previously deleted user."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid "If this option is not specified, <_:command-1/> will also consult the variable <_:option-2/> in the <_:filename-3/> if set to no the user will not be added to the lastlog and faillog databases."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 msgid "Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the <_:option-1/> option) will be copied to the home directory."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361
-#: useradd.8.xml.out:379
-#: useradd.8.xml.out:475
+#: useradd.8.xml.out:363
+#: useradd.8.xml.out:381
+#: useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 msgid "By default, if this option is not specified and <_:option-1/> is not enabled, no home directories are created."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid "The directory where the user's home directory is created must exist and have proper SELinux context and permissions. Otherwise the user's home directory cannot be created or accessed."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 msgid "Do not create the user's home directory, even if the system wide setting from <_:filename-1/> (<_:option-2/>) is set to <_:replaceable-3/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 msgid "Do not create a group with the same name as the user, but add the user to the group specified by the <_:option-1/> option or by the <_:option-2/> variable in <_:filename-3/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 msgid "allows the creation of an account with an already existing UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412
+#: useradd.8.xml.out:414
 #: usermod.8.xml.out:277
 msgid "This option is only valid in combination with the <_:option-1/> option. As a user identity serves as key to map between users on one hand and permissions, file ownerships and other aspects that determine the system's behavior on the other hand, more than one login name will access the account of the given UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid "defines an initial password for the account. PASSWORD is expected to be encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this option allows to create efficiently batches of users."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid "Without this option, the new account will be locked and with no password defined, i.e. a single exclamation mark in the respective field of <_:filename-1/>. This is a state where the user won't be able to access the account or to define a password himself."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 msgid "<_:emphasis-1/>Avoid this option on the command line because the password (or encrypted password) will be visible by users listing the processes."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 msgid "Note that <_:command-1/> will not create a home directory for such a user, regardless of the default setting in <_:filename-2/> (<_:option-3/>). You have to specify the <_:option-4/> options if you want a home directory for a system account to be created."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 msgid "Note that this option will not update <_:filename-1/> and <_:filename-2/>. You have to specify the <_:option-3/> options if you want to update the files for a system account to be created."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid "sets the path to the user's login shell. Without this option, the system will use the <_:option-1/> variable specified in <_:filename-2/>, or, if that is as well not set, the field for the login shell in <_:filename-3/> remains empty."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531
+#: useradd.8.xml.out:533
 #: usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531
+#: useradd.8.xml.out:533
 #: usermod.8.xml.out:369
 msgid "UID"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 msgid "The numerical value of the user's ID. This value must be unique, unless the <_:option-1/> option is used. The value must be non-negative. The default is to use the smallest ID value greater than or equal to <_:option-2/> and greater than every other user."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid "Create a group with the same name as the user, and add the user to this group."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568
+#: useradd.8.xml.out:593
 #: userdel.8.xml.out:153
 #: usermod.8.xml.out:501
+#: usermod.8.xml.out:525
 msgid "-Z"
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568
+#: useradd.8.xml.out:594
 #: userdel.8.xml.out:153
 #: usermod.8.xml.out:501
+#: usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566
+#: useradd.8.xml.out:568
 #: usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575
+#: useradd.8.xml.out:589
+#: usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
-msgid "defines the SELinux user for the new account. Without this option, a SELinux uses the default user. Note that the shadow system doesn't store the selinux-user, it uses <_:citerefentry-1/> for that."
+#: useradd.8.xml.out:571
+msgid "defines the SELinux user for the new account. Without this option, SELinux uses the default user. Note that the shadow system doesn't store the selinux-user, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582
+#: usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582
+#: usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid "defines the SELinux MLS range for the new account. Without this option, SELinux uses the default range. Note that the shadow system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 msgid "When invoked with only the <_:option-1/> option, <_:command-2/> will display the current default values. When invoked with <_:option-3/> plus other options, <_:command-4/> will update the default values for the specified options. Valid default-changing options are:"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 msgid "sets the path prefix for a new user's home directory. The user's name will be affixed to the end of <_:replaceable-1/> to form the new user's home directory name, if the <_:option-2/> option is not used when creating a new account."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602
-#: useradd.8.xml.out:614
-#: useradd.8.xml.out:631
-#: useradd.8.xml.out:647
-#: useradd.8.xml.out:661
+#: useradd.8.xml.out:622
+#: useradd.8.xml.out:634
+#: useradd.8.xml.out:651
+#: useradd.8.xml.out:667
+#: useradd.8.xml.out:681
 msgid "This option sets the <_:option-1/> variable in <_:filename-2/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid "defines the number of days after the password exceeded its maximum age where the user is expected to replace this password. See <_:citerefentry-1/>for more information."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid "sets the default primary group for newly created users, accepting group names or a numerical group ID. The named group must exist, and the GID must have an existing entry."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675
-#: useradd.8.xml.out:779
+#: useradd.8.xml.out:695
+#: useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 msgid "The system administrator is responsible for placing the default user files in the <_:filename-1/> directory (or any other skeleton directory specified in <_:filename-2/> or on the command line)."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid "You may not add a user to a NIS or LDAP group. This must be performed on the corresponding server."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 msgid "Similarly, if the username already exists in an external user database such as NIS or LDAP, <_:command-1/> will deny the user account creation request."
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid "Usernames may contain only lower and upper case letters, digits, underscores, or dashes. They can end with a dollar sign. Dashes are not allowed at the beginning of the username. Fully numeric usernames and usernames . or .. are also disallowed. It is not recommended to use usernames beginning with . character as their home directories will be hidden in the <_:command-1/> output."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr ""
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #: userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #: userdel.8.xml.out:211
 msgid "ACTION"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #: userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "useradd-pre.d"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "useradd-post.d"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "Run-part files to execute during user addition. The environment variable <_:command-1/> will be populated with useradd and <_:command-2/> with the <_:command-3/>. <_:filename-4/> will be executed prior to any user addition. <_:filename-5/> will execute after user addition. If a script exits non-zero then execution will terminate."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819
+#: useradd.8.xml.out:839
 #: userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 msgid "username or group name already in use"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 msgid "14"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876
-#: usermod.8.xml.out:603
+#: useradd.8.xml.out:896
+#: usermod.8.xml.out:620
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:citerefentry-7/>, <_:citerefentry-8/>, <_:citerefentry-9/>, <_:phrase-10/> <_:citerefentry-11/>, <_:citerefentry-12/>."
 msgstr ""
 
@@ -9949,63 +10193,68 @@ msgstr ""
 msgid "defines the SELinux user to be mapped with <_:replaceable-1/>. An empty string (\"\") will remove the respective entry (if any). Note that the shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
+msgid "defines the SELinux MLS range for the new account. Note that the shadow system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
 msgid "You must make certain that the named user is not executing any processes when this command is being executed if the user's numerical user ID, the user's name, or the user's home directory is being changed. <_:command-1/> checks this on Linux. On other operating systems it only uses utmp to check if the user is logged in."
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 msgid "You must change the owner of any <_:command-1/> files or <_:command-2/> jobs manually."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 msgid "Group account information"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
-msgid "Secure group account informatio."
+#: usermod.8.xml.out:582
+msgid "Secure group account information"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 msgid "Shadow password suite configuration"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 msgid "User account information"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 msgid "Secure user account information"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr ""
 
@@ -10042,7 +10291,7 @@ msgstr ""
 
 #. (itstool) path: refsect1/para
 #: vipw.8.xml.out:66
-msgid "The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/>, respectively. The programs will set the appropriate locks to prevent file corruption. When looking for an editor, the programs will first try the environment variable <_:envar-8/>, then the environment variable <_:envar-9/>, and finally the default editor, <_:citerefentry-10/>."
+msgid "The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/>, respectively. The programs will set the appropriate locks to prevent file corruption. When looking for an editor, the programs will first try the environment variable <_:envar-8/>, then the environment variable <_:envar-9/>, and finally the default editor, <_:citerefentry-10/>."
 msgstr ""
 
 #. (itstool) path: refsect1/para
diff --git a/man/po/sv.po b/man/po/sv.po
index 8fdf1c1..818a296 100644
--- a/man/po/sv.po
+++ b/man/po/sv.po
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: man pages for shadow 4.0.18\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2013-08-23 01:41+0200\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
 "Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
@@ -11,12 +11,12 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -24,12 +24,12 @@ msgid "Julianne Frances"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -42,14 +42,14 @@ msgid "Creation, 1990"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -58,14 +58,14 @@ msgid "Thomas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -74,14 +74,14 @@ msgid "KÅ‚oczko"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -90,14 +90,14 @@ msgid "kloczek@pld.org.pl"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -106,15 +106,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -123,15 +123,15 @@ msgid "Nicolas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -140,15 +140,15 @@ msgid "François"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -157,15 +157,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -180,9 +180,9 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -190,11 +190,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -202,44 +202,44 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr "Användarkommandon"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -250,20 +250,20 @@ msgid "shadow-utils"
 msgstr "shadow"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -273,10 +273,10 @@ msgstr "ändra åldringsinformation för användarlösenord"
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -289,22 +289,22 @@ msgstr "flaggor"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
 msgstr "INLOGGNINGSNAMN"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -322,12 +322,12 @@ msgstr ""
 
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -335,12 +335,12 @@ msgid "OPTIONS"
 msgstr "FLAGGOR"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>su</command> command are:"
@@ -349,9 +349,9 @@ msgstr "Flaggorna som gäller för kommandot <command>su</command> är:"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 msgid "-d"
 msgstr "-d"
 
@@ -369,44 +369,44 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
@@ -427,7 +427,7 @@ msgid "-E"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -435,7 +435,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -465,7 +465,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 #, fuzzy
 #| msgid "1"
 msgid "-1"
@@ -480,78 +480,78 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
 msgstr "<option>-a</option>, <option>--all</option>"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "Visa hjälpmeddelande och avsluta."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 #, fuzzy
 #| msgid "-"
 msgid "-i"
@@ -575,8 +575,8 @@ msgid "-I"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -584,8 +584,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -609,10 +609,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -629,11 +629,11 @@ msgstr "Visa kontots åldringsinformation"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 #, fuzzy
 #| msgid "-"
@@ -641,19 +641,19 @@ msgid "-m"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 #, fuzzy
 #| msgid ""
 #| "Set the minimum number of days between password changes to "
@@ -670,28 +670,28 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 #, fuzzy
 #| msgid "-"
 msgid "-M"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 #, fuzzy
 #| msgid "-"
 msgid "-W"
@@ -708,31 +708,31 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 msgid ""
 "Passing the number <_:emphasis-1/> as <_:replaceable-2/> will remove "
 "checking a password's validity."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 #, fuzzy
 msgid "-R"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -741,22 +741,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -764,12 +764,12 @@ msgid "CHROOT_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 msgid ""
 "Apply changes in the <_:replaceable-1/> directory and use the configuration "
@@ -778,19 +778,58 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+#, fuzzy
+#| msgid "-"
+msgid "-P"
+msgstr "-"
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -807,12 +846,12 @@ msgstr ""
 "varnas om att lösenordet är på väg att bli utgånget."
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 msgid ""
 "If none of the options are selected, <_:command-1/> operates in an "
 "interactive fashion, prompting the user with the current values for all of "
@@ -822,13 +861,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "NOTERA"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -840,7 +879,7 @@ msgstr ""
 "tillgänglig."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -854,7 +893,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -863,7 +902,7 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -871,7 +910,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 msgid ""
 "The <_:command-1/> command is restricted to the root user, except for the <_:"
 "option-2/> option, which may be used by an unprivileged user to determine "
@@ -879,52 +918,54 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 msgid ""
 "The following configuration variables in <_:filename-1/> change the behavior "
@@ -932,126 +973,126 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "FILER"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "Användarkontoinformation."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "Säker användarkontoinformation."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "AVSLUTNINGSVÄRDEN"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "lyckad"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "Ã¥tkomst nekad"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr "ogiltig kommandosyntax"
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "kan inte hitta skugglösenordsfilen"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1064,18 +1105,18 @@ msgstr ""
 "<placeholder-1/>"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "SE OCKSÃ…"
 
@@ -1088,53 +1129,53 @@ msgstr "SE OCKSÃ…"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1147,20 +1188,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr "shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1172,10 +1213,10 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
@@ -1193,8 +1234,8 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 msgid "-o"
 msgstr "-o"
 
@@ -1232,7 +1273,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1296,12 +1337,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1326,8 +1367,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 #, fuzzy
 #| msgid "-"
@@ -1335,7 +1376,7 @@ msgid "-u"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 #, fuzzy
 #| msgid "-"
 msgid "-w"
@@ -1370,11 +1411,11 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr ""
 
@@ -1387,8 +1428,8 @@ msgstr ""
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
@@ -1396,25 +1437,25 @@ msgstr "chsh"
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr ""
 
@@ -1423,19 +1464,19 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1448,43 +1489,43 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
 msgstr "Systemhanteringskommandon"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr "uppdatera grupplösenord i satsläge"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 #, fuzzy
 msgid ""
 "The <_:command-1/> command reads a list of group name and password pairs "
@@ -1498,12 +1539,12 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr "gruppnamn"
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1512,12 +1553,12 @@ msgid "password"
 msgstr "passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 #, fuzzy
 msgid ""
 "By default the supplied password must be in clear-text, and is encrypted by "
@@ -1527,16 +1568,16 @@ msgstr ""
 "Standardkrypteringsalgoritmen är DES."
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 msgid "ENCRYPT_METHOD"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #, fuzzy
 #| msgid "-"
@@ -1546,16 +1587,16 @@ msgstr "-"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> variable of <_:filename-2/>, and can be overwritten with the <_:"
@@ -1563,53 +1604,111 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr ""
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+#, fuzzy
+#| msgid "-K <placeholder-1/>=<placeholder-2/>"
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr "-K <placeholder-1/>=<placeholder-2/>"
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "BESKRIVNING"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 #, fuzzy
 #| msgid "encrypted password"
 msgid "--encrypted"
 msgstr "krypterat lösenord"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr "Insända lösenord är i ett krypterat format."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1619,60 +1718,85 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 msgid "-s"
 msgstr "-s"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
+msgid ""
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+msgid ""
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "TÄNK PÅ"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
@@ -1681,7 +1805,7 @@ msgstr ""
 "okrypterade filer för andra användare."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1691,8 +1815,8 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1700,19 +1824,19 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "Gruppkontoinformation."
@@ -1720,8 +1844,8 @@ msgstr "Gruppkontoinformation."
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1729,17 +1853,17 @@ msgstr "Gruppkontoinformation."
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "Säker gruppkontoinformation."
 
@@ -1749,12 +1873,12 @@ msgstr "Säker gruppkontoinformation."
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -1764,19 +1888,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -1788,20 +1912,20 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr "uppdatera lösenord i satsläge"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 #, fuzzy
 msgid ""
 "The <_:command-1/> command reads a list of user name and password pairs from "
@@ -1815,13 +1939,13 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr "användarnamn"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 #, fuzzy
 msgid ""
 "By default the passwords must be supplied in clear-text, and are encrypted "
@@ -1831,12 +1955,12 @@ msgstr ""
 "Standardkrypteringsalgoritmen är DES."
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 msgid "MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> or <_:option-2/> variables of <_:filename-3/>, and can be "
@@ -1844,7 +1968,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 msgid ""
 "By default, passwords are encrypted by PAM, but (even if not recommended) "
 "you can select a different encryption method with the <_:option-1/>, <_:"
@@ -1852,19 +1976,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 msgid ""
 "<_:phrase-1/> <_:command-2/> first updates all the passwords in memory, and "
 "then commits all the changes to disk if no errors occurred for any user."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 msgid ""
 "When PAM is used to encrypt the passwords (and update the passwords in the "
 "system database) then if a password cannot be updated <_:command-1/> "
@@ -1873,17 +1997,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 msgid ""
 "By default (if none of the <_:option-1/>, <_:option-2/>, or <_:option-3/> "
 "options are specified), the encryption method is defined by the <_:option-4/"
@@ -1891,36 +2015,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 #, fuzzy
 #| msgid "/etc/passwd"
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 msgid "PAM configuration for <_:command-1/>."
 msgstr ""
 
@@ -1930,17 +2037,17 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -1950,21 +2057,21 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -1985,15 +2092,15 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 msgid "--shell"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -2017,12 +2124,13 @@ msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2038,11 +2146,97 @@ msgid ""
 "original value."
 msgstr ""
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr "Lista på giltiga inloggningsskal."
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "Lista på giltiga inloggningsskal."
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "Directory containing default files."
+msgid "Directory for additional user defined configuration files."
+msgstr "Katalog som innehåller standardfiler."
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2058,7 +2252,7 @@ msgid "check and enforce password expiration policy"
 msgstr "kontrollera och upprätthåll policy för lösenordsutgång"
 
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 #, fuzzy
 msgid "option"
 msgstr "flaggor"
@@ -2096,7 +2290,7 @@ msgstr ""
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr ""
@@ -2117,7 +2311,7 @@ msgstr "faillog"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 #, fuzzy
 #| msgid "File Formats and Conversions"
@@ -2206,14 +2400,14 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 msgid "-a"
 msgstr "-a"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -2442,8 +2636,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -2451,30 +2645,30 @@ msgid "login"
 msgstr "login"
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 #, fuzzy
 #| msgid "-r <placeholder-1/>"
 msgid "administer <_:filename-1/>"
 msgstr "-r <placeholder-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 #, fuzzy
 msgid "administer <_:filename-1/> and <_:filename-2/>"
 msgstr "-K <placeholder-1/>=<placeholder-2/>"
@@ -2483,9 +2677,9 @@ msgstr "-K <placeholder-1/>=<placeholder-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -2494,17 +2688,17 @@ msgid "group"
 msgstr "grupp"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 msgid "administrators,"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -2512,14 +2706,14 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "-"
 msgid "-A"
 msgstr "-"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 msgid ""
 "System administrators can use the <_:option-1/> option to define group "
 "administrator(s) and the <_:option-2/> option to define members. They have "
@@ -2527,19 +2721,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 #, fuzzy
 #| msgid "comma-separated list of group administrators"
 msgid "a group administrator"
 msgstr "kommaseparerad lista med gruppadministratörer"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 msgid "a system administrator"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -2550,8 +2744,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -2560,7 +2754,7 @@ msgid "newgrp"
 msgstr "newgrp"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 #, fuzzy
 msgid ""
 "If a password is set the members can still use <_:citerefentry-1/> without a "
@@ -2571,12 +2765,12 @@ msgstr ""
 "denna sträng tolkas."
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr "Noteringar angående grupplösenord"
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -2584,7 +2778,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 #, fuzzy
 msgid ""
 "Except for the <_:option-1/> and <_:option-2/> options, the options cannot "
@@ -2594,53 +2788,53 @@ msgstr ""
 "används endast när <command>login</command> har startats av root."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "användare"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 msgid "Add the <_:replaceable-1/> to the named <_:replaceable-2/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 msgid "Remove the <_:replaceable-1/> from the named <_:replaceable-2/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #, fuzzy
 #| msgid "-"
 msgid "-Q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 msgid ""
 "Remove the password from the named <_:replaceable-1/>. The group password "
 "will be empty. Only group members will be allowed to use <_:command-2/> to "
@@ -2648,12 +2842,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 msgid ""
 "Restrict the access to the named <_:replaceable-1/>. The group password is "
 "set to \"!\". Only group members with a password will be allowed to use <_:"
@@ -2661,12 +2855,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 msgid "--administrators"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 #, fuzzy
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
@@ -2674,35 +2868,35 @@ msgstr ""
 "replaceable>"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 #, fuzzy
 msgid "Set the list of administrative users."
 msgstr "kommaseparerad lista med gruppadministratörer"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 msgid "--members"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 #, fuzzy
 msgid "Set the list of group members."
 msgstr "kommaseparerad lista med gruppmedlemmar"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 #, fuzzy
 msgid "and <_:filename-1/> files."
 msgstr "-a <placeholder-1/>"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 msgid "file."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 #, fuzzy
 msgid ""
 "This tool only operates on the <_:filename-1/> <_:phrase-2/> <_:phrase-3/> "
@@ -2718,11 +2912,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -2732,11 +2926,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -2746,10 +2940,10 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
@@ -2759,7 +2953,7 @@ msgstr "grpck"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -2767,12 +2961,12 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -2818,8 +3012,8 @@ msgstr ""
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 msgid "-g"
 msgstr "-g"
@@ -2835,7 +3029,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -2844,8 +3038,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr "GID"
 
@@ -2877,7 +3071,7 @@ msgid "GID_MAX"
 msgstr "GID_MAX GID_MIN"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 msgid "See also the <_:option-1/> option and the <_:option-2/> description."
 msgstr ""
@@ -2887,31 +3081,31 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 #, fuzzy
 #| msgid "-"
 msgid "-K"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr "NYCKEL"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "VALUE"
 msgstr "VÄRDE"
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>=<_:replaceable-4/>"
 msgstr ""
@@ -2932,14 +3126,14 @@ msgstr ""
 "GID_MAX och andra). Flera flaggor av <option>-K</option> kan anges."
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 #, fuzzy
 #| msgid "10"
 msgid "100"
 msgstr "10"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -2953,7 +3147,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -2973,7 +3167,7 @@ msgstr ""
 "replaceable>=<replaceable>499</replaceable> fungerar ännu inte."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -2993,13 +3187,13 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 #, fuzzy
 #| msgid "passwd"
@@ -3007,7 +3201,7 @@ msgid "--password"
 msgstr "passwd"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -3016,8 +3210,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -3027,11 +3221,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3051,7 +3245,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3064,14 +3258,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -3103,44 +3297,10 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-#, fuzzy
-#| msgid "-"
-msgid "-P"
-msgstr "-"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 #, fuzzy
 #| msgid "-"
@@ -3162,7 +3322,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 #, fuzzy
 #| msgid "-"
 msgid "-N"
@@ -3170,15 +3330,15 @@ msgstr "-"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 msgid ""
 "The default behavior (if the <_:option-1/>, <_:option-2/>, and <_:option-3/> "
 "options are not specified) is defined by the <_:option-4/> variable in <_:"
@@ -3203,13 +3363,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "ogiltigt argument till flagga"
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3221,7 +3381,7 @@ msgid "GID is already used (when called without <_:option-1/>)"
 msgstr "UID används redan (och inget <option>-o</option>)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3233,7 +3393,7 @@ msgid "group name is already used"
 msgstr "gruppnamnet används redan"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr "kan inte uppdatera gruppfilen"
@@ -3245,11 +3405,11 @@ msgstr "kan inte uppdatera gruppfilen"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
@@ -3260,11 +3420,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3290,8 +3450,8 @@ msgstr "ta bort en grupp"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GRUPP"
 
@@ -3340,13 +3500,13 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "angiven grupp finns inte"
 
@@ -3391,7 +3551,7 @@ msgstr ""
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
@@ -3534,7 +3694,7 @@ msgstr ""
 #| "\t$ groupmems -g groups -a gk4\n"
 #| "    "
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "\n"
@@ -3617,7 +3777,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 #, fuzzy
 #| msgid "-"
 msgid "-n"
@@ -3718,7 +3878,7 @@ msgid "E_CLEANUP_SERVICE: can't setup cleanup service"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -3889,7 +4049,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr ""
 
@@ -3922,7 +4082,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -3947,8 +4107,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 #, fuzzy
 #| msgid "-"
 msgid "-S"
@@ -4179,7 +4339,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -4193,7 +4353,7 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
@@ -4239,7 +4399,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 #, fuzzy
 #| msgid "-"
@@ -4579,7 +4739,7 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr "användarnamn"
 
@@ -5033,8 +5193,8 @@ msgstr "chsh"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -5191,12 +5351,12 @@ msgid "<_:citerefentry-1/>."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 msgid ""
 "The <_:filename-1/> file defines the site-specific configuration for the "
 "shadow password suite. This file is required. Absence of this file will not "
@@ -5204,7 +5364,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -5215,20 +5375,20 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 #, fuzzy
 #| msgid "0"
 msgid "0x"
 msgstr "0"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 msgid ""
 "Parameter values may be of four types: strings, booleans, numbers, and long "
 "numbers. A string is comprised of any printable characters. A boolean should "
@@ -5241,32 +5401,32 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr "Följande konfigurationsposter tillhandahålls:"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 #, fuzzy
 msgid ""
 "<_:option-1/>, <_:option-2/> and <_:option-3/> are only used at the time of "
@@ -5278,12 +5438,12 @@ msgstr ""
 "konton."
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -5293,53 +5453,67 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr "CHFN_AUTH"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 msgid "LOGIN_STRING"
 msgstr "CHFN_AUTH CHFN_RESTRICT"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr ""
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 #, fuzzy
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHFN_AUTH CHFN_RESTRICT"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 #, fuzzy
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr ""
@@ -5347,8 +5521,8 @@ msgstr ""
 "UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr ""
 
@@ -5356,63 +5530,63 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 msgid "FAILLOG_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 #, fuzzy
 #| msgid "FILE"
 msgid "FTMP_FILE"
 msgstr "FIL"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -5422,43 +5596,45 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 #, fuzzy
 #| msgid "newgrp"
 msgid "newgrp / sg"
 msgstr "newgrp"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 #, fuzzy
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "GID_MAX GID_MIN PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UID_MAX UID_MIN "
 "UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 #, fuzzy
 #| msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE"
 msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
@@ -5470,7 +5646,7 @@ msgstr "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -5483,7 +5659,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -5491,22 +5667,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -5514,29 +5690,23 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 #, fuzzy
 msgid "sulogin"
 msgstr "login"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 #, fuzzy
 msgid ""
 "CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR "
@@ -5549,19 +5719,19 @@ msgstr ""
 "UMASK"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 msgid ""
 "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB <_:"
 "phrase-1/>"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 msgid "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 msgstr ""
 
@@ -5575,18 +5745,18 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "FEL"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 #, fuzzy
 #| msgid ""
 #| "<citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</"
@@ -5609,14 +5779,14 @@ msgstr ""
 "refentrytitle><manvolnum>8</manvolnum></citerefentry>."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #, fuzzy
 #| msgid "group_name"
 msgid "pam"
 msgstr "gruppnamn"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -5710,12 +5880,12 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr "uppdatera och skapa nya användare satsvis"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 msgid ""
 "The <_:command-1/> command reads a <_:replaceable-2/> (or the standard input "
 "by default) and uses this information to update a set of existing users or "
@@ -5724,24 +5894,24 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 #, fuzzy
 #| msgid "group_name"
 msgid "pw_name"
 msgstr "gruppnamn"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 msgid ""
 "It can be the name of a new user or the name of an existing user (or a user "
 "created before by <_:command-1/>). In case of an existing user, the user's "
@@ -5749,12 +5919,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_passwd"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
@@ -5763,31 +5933,31 @@ msgstr ""
 "krypterade lösenordet."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 #, fuzzy
 #| msgid "pw_gid"
 msgid "pw_uid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 msgid ""
 "If the field is empty, a new (unused) UID will be defined automatically by "
 "<_:command-1/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 msgid ""
 "If this field contains the name of an existing user (or the name of a user "
 "created before by <_:command-1/>), the UID of the specified user will be "
@@ -5795,24 +5965,24 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 msgid ""
 "If this field contains the name of an existing group (or a group created "
 "before by <_:command-1/>), the GID of this group will be used as the primary "
@@ -5820,7 +5990,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -5828,7 +5998,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 msgid ""
 "If this field is empty, a new group will be created with the name of the "
 "user and a GID will be automatically defined by <_:command-1/> to be used as "
@@ -5836,7 +6006,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 msgid ""
 "If this field contains the name of a group which does not exist (and was not "
 "created before by <_:command-1/>), a new group will be created with the "
@@ -5845,32 +6015,32 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr "pw_dir"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -5883,7 +6053,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 msgid ""
 "If the home directory of an existing user is changed, <_:command-1/> does "
 "not move or copy the content of the old directory to the new location. This "
@@ -5891,19 +6061,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 msgid ""
 "<_:command-1/> first tries to create or change all the specified users, and "
 "then write these changes to the user or group databases. If an error occurs "
@@ -5912,7 +6082,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -5921,7 +6091,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
@@ -5930,48 +6100,55 @@ msgstr ""
 "uppdateras på samma gång."
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 msgid ""
 "System users will be created with no aging information in <_:filename-1/>, "
 "and their numeric identifiers are chosen in the <_:option-2/>-<_:option-3/> "
@@ -5979,15 +6156,36 @@ msgid ""
 "(and their <_:option-7/> counterparts for the creation of groups)."
 msgstr ""
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
 "Inmatningsfilen måste skyddas eftersom den innehåller okrypterade lösenord."
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 #, fuzzy
 #| msgid "/etc/passwd"
 msgid "/etc/pam.d/newusers"
@@ -5995,51 +6193,51 @@ msgstr "/etc/passwd"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -6090,12 +6288,12 @@ msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr "Kommandot <command>nologin</command> dök upp i BSD 4.4."
 
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "ändra användarlösenord"
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 #, fuzzy
 msgid ""
 "The <_:command-1/> command changes passwords for user accounts. A normal "
@@ -6111,12 +6309,12 @@ msgstr ""
 "lösenordet och intervall."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr "Lösenordsändringar"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 #, fuzzy
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
@@ -6131,7 +6329,7 @@ msgstr ""
 "ändras."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 #, fuzzy
 #| msgid ""
 #| "After the password has been entered, password aging information is "
@@ -6149,7 +6347,7 @@ msgstr ""
 "och avslutas."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -6160,59 +6358,25 @@ msgstr ""
 "lösenordet ska ändras."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
-msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
-msgstr ""
-"Sedan testas lösenordet för sin komplexitet. Som en allmän riktlinje bör "
-"lösenord innehålla 6 till 8 tecken och inkluderas ett eller flera tecken "
-"från var och en av följande punkter:"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr "gemena bokstäver ur alfabetet"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr "siffrorna 0 till 9"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr "skiljetecken"
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-#, fuzzy
-#| msgid ""
-#| "Care must be taken not to include the system default erase or kill "
-#| "characters. <command>passwd</command> will reject any password which is "
-#| "not suitably complex."
+#: passwd.1.xml.out:98
 msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
-"Tänk på att inte inkludera systemets standardtecken för radering eller döda. "
-"<command>passwd</command> kommer att neka alla lösenord som inte har lämplig "
-"komplexitet."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr "Tips för användarlösenord"
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 #, fuzzy
 #| msgid ""
 #| "The security of a password depends upon the strength of the encryption "
@@ -6233,7 +6397,7 @@ msgstr ""
 "beroende på slumpmässigheten för det valda lösenordet."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -6248,14 +6412,26 @@ msgstr ""
 "gatuadress. Dessa kan användas som gissningar för att ta sig in i systemet."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 msgid ""
 "You can find advice on how to choose a strong password on http://en."
 "wikipedia.org/wiki/Password_strength"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 #, fuzzy
 #| msgid ""
 #| "This option can be used only with <option>-S</option> and causes show "
@@ -6268,7 +6444,7 @@ msgstr ""
 "visas för alla användare."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
@@ -6278,14 +6454,14 @@ msgstr ""
 "angivna kontots lösenord."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 #, fuzzy
 #| msgid "expiry"
 msgid "--expire"
 msgstr "expiry"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
@@ -6294,7 +6470,7 @@ msgstr ""
 "användare att ändra sitt lösenord vid nästa inloggningsförsök."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 #, fuzzy
 #| msgid ""
 #| "This option is used to disable an account after the password has been "
@@ -6314,19 +6490,19 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 #, fuzzy
 #| msgid "-"
 msgid "-k"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 #, fuzzy
 msgid ""
 "Indicate password change should be performed only for expired authentication "
@@ -6338,12 +6514,12 @@ msgstr ""
 "lösenord som tidigare."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 #, fuzzy
 msgid ""
 "Lock the password of the named account. This option disables a password by "
@@ -6354,12 +6530,12 @@ msgstr ""
 "lösenordet till ett värde som inte matchar något möjligt krypterat värde."
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 msgid ""
 "Note that this does not disable the account. The user may still be able to "
 "login using another authentication token (e.g. an SSH key). To disable the "
@@ -6368,51 +6544,51 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr ""
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "-q"
 msgstr "-q"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "Tyst läge."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 #, fuzzy
 #| msgid "HYSTORY"
 msgid "REPOSITORY"
 msgstr "HISTORIK"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 #, fuzzy
 msgid "change password in <_:replaceable-1/> repository"
 msgstr "ändra lösenord i förrådet <replaceable>FÖRRÅD</replaceable>"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 #, fuzzy
 #| msgid ""
 #| "Display account status information. The status information consists of 7 "
@@ -6440,12 +6616,12 @@ msgstr ""
 "dagar."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 #, fuzzy
 msgid ""
 "Unlock the password of the named account. This option re-enables a password "
@@ -6457,7 +6633,7 @@ msgstr ""
 "flaggan <option>-l</option>)."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -6474,14 +6650,14 @@ msgstr ""
 "varnas om att lösenordet är på väg att bli utgånget."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 #, fuzzy
 #| msgid "-"
 msgid "-x"
 msgstr "-"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 #, fuzzy
 #| msgid ""
 #| "Set the maximum number of days a password remains valid. After "
@@ -6494,8 +6670,20 @@ msgstr ""
 "Sätter maximalt antal dagar som ett lösenord ska vara giltigt. Efter "
 "<replaceable>MAX_DAGAR</replaceable> krävs det att lösenordet ändras."
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 #, fuzzy
 #| msgid ""
 #| "Not all options may be supported. Password complexity checking may vary "
@@ -6514,54 +6702,68 @@ msgstr ""
 "inte är inloggade mot NIS-servern."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 msgid ""
 "<_:command-1/> uses PAM to authenticate users and to change their passwords."
 msgstr ""
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 #, fuzzy
 #| msgid "/etc/passwd"
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "ogiltig kombination av flaggor"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "oväntat fel, ingenting har genomförts"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 #, fuzzy
 #| msgid "unexpected failure, <filename>passwd</filename> file missing"
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr "oväntat fel, filen <filename>passwd</filename> saknas"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 #, fuzzy
 #| msgid "<filename>passwd</filename> file busy, try again"
 msgid "<_:filename-1/> file busy, try again"
 msgstr "Filen <filename>passwd</filename> är upptagen, försök igen"
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:494
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:517
+msgid ""
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -8178,6 +8380,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -8556,7 +8763,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -8578,14 +8785,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 #, fuzzy
 #| msgid "MAIL_DIR"
 msgid "BASE_DIR"
@@ -8609,18 +8816,18 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -8697,7 +8904,7 @@ msgid ""
 msgstr "Datumet när användarkontot blir inaktiverat."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -8728,7 +8935,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -8820,6 +9027,13 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GRUPP"
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
 msgid ""
@@ -8827,23 +9041,25 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 #, fuzzy
 #| msgid "MAIL_DIR"
 msgid "SKEL_DIR"
 msgstr "MAIL_DIR"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by <_:"
@@ -8852,12 +9068,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 #, fuzzy
 #| msgid "<option>-m</option>, <option>--create-home</option>"
 msgid ""
@@ -8866,43 +9082,43 @@ msgid ""
 msgstr "<option>-m</option>, <option>--create-home</option>"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 msgid ""
 "If this option is not set, the skeleton directory is defined by the <_:"
 "option-1/> variable in <_:filename-2/> or, by default, <_:filename-3/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -8911,29 +9127,29 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 msgid ""
 "By default, the user's entries in the lastlog and faillog databases are "
 "reset to avoid reusing the entry from a previously deleted user."
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -8941,7 +9157,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 msgid ""
 "Create the user's home directory if it does not exist. The files and "
 "directories contained in the skeleton directory (which can be defined with "
@@ -8949,19 +9165,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 msgid ""
 "By default, if this option is not specified and <_:option-1/> is not "
 "enabled, no home directories are created."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -8969,24 +9185,24 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 msgid ""
 "Do not create the user's home directory, even if the system wide setting "
 "from <_:filename-1/> (<_:option-2/>) is set to <_:replaceable-3/>."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 msgid ""
 "Do not create a group with the same name as the user, but add the user to "
 "the group specified by the <_:option-1/> option or by the <_:option-2/> "
@@ -8994,12 +9210,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 msgid "allows the creation of an account with an already existing UID."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -9009,7 +9225,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -9017,7 +9233,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -9026,14 +9242,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 msgid ""
 "<_:emphasis-1/>Avoid this option on the command line because the password "
 "(or encrypted password) will be visible by users listing the processes."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 msgid ""
 "Note that <_:command-1/> will not create a home directory for such a user, "
 "regardless of the default setting in <_:filename-2/> (<_:option-3/>). You "
@@ -9042,7 +9258,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 msgid ""
 "Note that this option will not update <_:filename-1/> and <_:filename-2/>. "
 "You have to specify the <_:option-3/> options if you want to update the "
@@ -9050,7 +9266,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -9059,19 +9275,19 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 #, fuzzy
 #| msgid "GID"
 msgid "UID"
 msgstr "GID"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 msgid ""
 "The numerical value of the user's ID. This value must be unique, unless the "
 "<_:option-1/> option is used. The value must be non-negative. The default is "
@@ -9080,54 +9296,76 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 #, fuzzy
 #| msgid "-"
 msgid "-Z"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr "Ändrar standardvärden"
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 msgid ""
 "When invoked with only the <_:option-1/> option, <_:command-2/> will display "
 "the current default values. When invoked with <_:option-3/> plus other "
@@ -9136,7 +9374,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 msgid ""
 "sets the path prefix for a new user's home directory. The user's name will "
 "be affixed to the end of <_:replaceable-1/> to form the new user's home "
@@ -9145,20 +9383,20 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 msgid "This option sets the <_:option-1/> variable in <_:filename-2/>."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 #, fuzzy
 #| msgid "The date on which the user account is disabled."
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr "Datumet när användarkontot blir inaktiverat."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -9166,7 +9404,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -9174,23 +9412,23 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "NOTERINGAR"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 #, fuzzy
 #| msgid ""
 #| "The system administrator is responsible for placing the default user "
@@ -9204,7 +9442,7 @@ msgstr ""
 "katalogen <filename>/etc/skel/</filename>."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 #, fuzzy
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
@@ -9214,19 +9452,19 @@ msgstr ""
 "genomföras på NIS-servern."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 msgid ""
 "Similarly, if the username already exists in an external user database such "
 "as NIS or LDAP, <_:command-1/> will deny the user account creation request."
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -9237,60 +9475,60 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "Standardvärden för skapande av konto."
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "FLAGGOR"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-pre.d"
 msgstr "useradd"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-post.d"
 msgstr "useradd"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -9300,48 +9538,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr "Katalog som innehåller standardfiler."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr "kan inte uppdatera lösenordsfilen"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr "UID används redan (och inget <option>-o</option>)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "group name already in use"
 msgid "username or group name already in use"
 msgstr "gruppnamnet används redan"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr "kan inte skapa hemkatalog"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 #, fuzzy
 #| msgid "1"
 msgid "14"
 msgstr "1"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -10008,9 +10246,16 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
 msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
+msgid ""
 "You must make certain that the named user is not executing any processes "
 "when this command is being executed if the user's numerical user ID, the "
 "user's name, or the user's home directory is being changed. <_:command-1/> "
@@ -10019,67 +10264,67 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 msgid ""
 "You must change the owner of any <_:command-1/> files or <_:command-2/> jobs "
 "manually."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
 msgstr "Gruppkontoinformation."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
+msgid "Secure group account information"
 msgstr "Säker gruppkontoinformation."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 msgid "Shadow password suite configuration"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
 msgstr "Användarkontoinformation."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
 msgstr "Säker användarkontoinformation."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr ""
 
@@ -10123,7 +10368,7 @@ msgstr "vipw"
 #: vipw.8.xml.out:66
 #, fuzzy
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -11318,6 +11563,33 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
+#~ msgid ""
+#~ "Then, the password is tested for complexity. As a general guideline, "
+#~ "passwords should consist of 6 to 8 characters including one or more "
+#~ "characters from each of the following sets:"
+#~ msgstr ""
+#~ "Sedan testas lösenordet för sin komplexitet. Som en allmän riktlinje bör "
+#~ "lösenord innehålla 6 till 8 tecken och inkluderas ett eller flera tecken "
+#~ "från var och en av följande punkter:"
+
+#~ msgid "lower case alphabetics"
+#~ msgstr "gemena bokstäver ur alfabetet"
+
+#~ msgid "digits 0 thru 9"
+#~ msgstr "siffrorna 0 till 9"
+
+#~ msgid "punctuation marks"
+#~ msgstr "skiljetecken"
+
+#~ msgid ""
+#~ "Care must be taken not to include the system default erase or kill "
+#~ "characters. <command>passwd</command> will reject any password which is "
+#~ "not suitably complex."
+#~ msgstr ""
+#~ "Tänk på att inte inkludera systemets standardtecken för radering eller "
+#~ "döda. <command>passwd</command> kommer att neka alla lösenord som inte "
+#~ "har lämplig komplexitet."
+
 #~ msgid "<option>-d</option>, <option>--delete</option>"
 #~ msgstr "<option>-d</option>, <option>--delete</option>"
 
@@ -12835,9 +13107,6 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>5</"
 #~ "manvolnum></citerefentry>."
 
-#~ msgid "-K <placeholder-1/>=<placeholder-2/>"
-#~ msgstr "-K <placeholder-1/>=<placeholder-2/>"
-
 #, fuzzy
 #~ msgid "<option>-M</option>&nbsp;<replaceable>user</replaceable>,..."
 #~ msgstr ""
diff --git a/man/po/uk.po b/man/po/uk.po
index d0fe0d8..307245f 100644
--- a/man/po/uk.po
+++ b/man/po/uk.po
@@ -5,7 +5,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2022-05-21 20:43+0300\n"
 "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 "Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
@@ -18,12 +18,12 @@ msgstr ""
 "X-Generator: Lokalize 20.12.0\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -31,12 +31,12 @@ msgid "Julianne Frances"
 msgstr "Julianne Frances"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -49,14 +49,14 @@ msgid "Creation, 1990"
 msgstr "Створенн�, 1990"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -65,14 +65,14 @@ msgid "Thomas"
 msgstr "Thomas"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -81,14 +81,14 @@ msgid "KÅ‚oczko"
 msgstr "KÅ‚oczko"
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -97,14 +97,14 @@ msgid "kloczek@pld.org.pl"
 msgstr "kloczek@pld.org.pl"
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -113,15 +113,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr "Супровідник shadow-utils, 2000 - 2007"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -130,15 +130,15 @@ msgid "Nicolas"
 msgstr "Nicolas"
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -147,15 +147,15 @@ msgid "François"
 msgstr "François"
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -164,15 +164,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr "nicolas.francois@centraliens.net"
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -187,9 +187,9 @@ msgstr "Супровідник shadow-utils, 2007 - до �ьогодні"
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -197,11 +197,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -209,44 +209,44 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr "Команди кори�тувача"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -255,20 +255,20 @@ msgid "shadow-utils"
 msgstr "shadow-utils"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -278,10 +278,10 @@ msgstr "зміна даних щодо завершенн� �троку дії
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -294,22 +294,22 @@ msgstr "параметри"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
 msgstr "З�ПИС"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -330,12 +330,12 @@ msgstr ""
 
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -343,21 +343,21 @@ msgid "OPTIONS"
 msgstr "П�Р�МЕТРИ"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 msgid "The options which apply to the <_:command-1/> command are:"
 msgstr "Параметри, �кі за�то�овують до команди <_:command-1/>, є такими:"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 msgid "-d"
 msgstr "-d"
 
@@ -375,44 +375,44 @@ msgstr "ОСТ���ІЙ_ДЕ�Ь"
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
@@ -436,7 +436,7 @@ msgid "-E"
 msgstr "-E"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr "--expiredate"
@@ -444,7 +444,7 @@ msgstr "--expiredate"
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr "Д�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ"
@@ -481,7 +481,7 @@ msgstr "chage -E $(date -d +180days +%Y-%m-%d)"
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 msgid "-1"
 msgstr "-1"
 
@@ -496,76 +496,76 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr "--help"
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 msgid "<_:option-1/>, <_:option-2/>"
 msgstr "<_:option-1/>, <_:option-2/>"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "Показати довідкове повідомленн� і завершити роботу."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 msgid "-i"
 msgstr "-i"
 
@@ -585,8 +585,8 @@ msgid "-I"
 msgstr "-I"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr "--inactive"
 
@@ -594,8 +594,8 @@ msgstr "--inactive"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr "�Е�КТИВ�ИЙ"
@@ -626,10 +626,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -646,29 +646,29 @@ msgstr "Показати відомо�ті щодо за�таріванн� о
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 msgid "-m"
 msgstr "-m"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr "--mindays"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr "Д�І"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 msgid ""
 "Set the minimum number of days between password changes to <_:replaceable-1/"
 ">. A value of zero for this field indicates that the user may change their "
@@ -680,26 +680,26 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 msgid "-M"
 msgstr "-M"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr "--maxdays"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr "М�КСИМ�ЛЬ�О_Д�ІВ"
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 msgid "-W"
 msgstr "-W"
 
@@ -720,7 +720,7 @@ msgstr ""
 "�и�тема заздалегідь попереджуватиме кори�тувача про потребу змінити пароль."
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 msgid ""
 "Passing the number <_:emphasis-1/> as <_:replaceable-2/> will remove "
 "checking a password's validity."
@@ -729,23 +729,23 @@ msgstr ""
 "вилученн� перевірки чинно�ті паролів."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "-R"
 msgstr "-R"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr "--root"
@@ -754,22 +754,22 @@ msgstr "--root"
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -777,12 +777,12 @@ msgid "CHROOT_DIR"
 msgstr "К�Т�ЛОГ_CHROOT"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 #| msgid ""
@@ -797,19 +797,62 @@ msgstr ""
 "налаштувань з каталогу <_:replaceable-2/>."
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "-P"
+msgstr "-P"
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr "--prefix"
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr "К�Т�ЛОГ_ПРЕФІКС�"
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+"За�то�увати зміни до файлів налаштувань у кореневій файловій �и�темі з "
+"каталогу <_:replaceable-1/>. Викори�танн� цього параметра не змінює "
+"кореневої теки. Параметр призначено лише дл� приготуванн� цілі дл� "
+"компіл�ції коду дл� іншої операційної �и�теми. Обмеженн�: не буде виконано "
+"перевірку кори�тувачів/груп NIS і LDAP. При розпізнаванні у PAM буде "
+"викори�тано файли о�новної �и�теми. Підтримки SELINUX не передбачено."
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr "--warndays"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr "Д�І"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 msgid ""
 "Set the number of days of warning before a password change is required. The "
 "<_:replaceable-1/> option is the number of days prior to the password "
@@ -821,12 +864,12 @@ msgstr ""
 "кори�тувача про те, що пароль невдовзі доведеть�� змінити."
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr "[ ]"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 msgid ""
 "If none of the options are selected, <_:command-1/> operates in an "
 "interactive fashion, prompting the user with the current values for all of "
@@ -841,13 +884,13 @@ msgstr ""
 "(<_:emphasis-2/>)."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "З�УВ�ЖЕ��Я"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 msgid ""
 "The <_:command-1/> program requires a shadow password file to be available."
 msgstr ""
@@ -855,7 +898,7 @@ msgstr ""
 "паролів."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -873,7 +916,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -882,7 +925,7 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -894,7 +937,7 @@ msgstr ""
 "command-2/>."
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 msgid ""
 "The <_:command-1/> command is restricted to the root user, except for the <_:"
 "option-2/> option, which may be used by an unprivileged user to determine "
@@ -906,52 +949,54 @@ msgstr ""
 "облікового запи�у."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr "��Л�ШТУВ���Я"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 msgid ""
 "The following configuration variables in <_:filename-1/> change the behavior "
@@ -961,126 +1006,126 @@ msgstr ""
 "ін�трумента:"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "Ф�ЙЛИ"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "Відомо�ті щодо облікових запи�ів кори�тувача."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "Відомо�ті щодо захищених облікових запи�ів кори�тувачів."
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "З��ЧЕ��Я ВИХОДУ"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "у�піх"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "відмовлено у до�тупі"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr "некоректний �интак�и� команди"
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "не вдало�� знайти файл прихованих паролів"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 msgid ""
 "The <_:command-1/> command exits with the following values: <_:"
 "variablelist-2/>"
@@ -1089,18 +1134,18 @@ msgstr ""
 "variablelist-2/>"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "ДИВ. Т�КОЖ"
 
@@ -1113,53 +1158,53 @@ msgstr "ДИВ. Т�КОЖ"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1172,20 +1217,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr "shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr "<_:citerefentry-1/>, <_:citerefentry-2/>."
@@ -1197,10 +1242,10 @@ msgstr "<_:citerefentry-1/>, <_:citerefentry-2/>."
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
@@ -1218,8 +1263,8 @@ msgstr "finger"
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 msgid "-o"
 msgstr "-o"
 
@@ -1271,7 +1316,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1330,12 +1375,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1358,14 +1403,14 @@ msgstr "Змінити номер кімнати кори�тувача."
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 msgid "-u"
 msgstr "-u"
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 msgid "-w"
 msgstr "-w"
 
@@ -1402,11 +1447,11 @@ msgstr ""
 "обліковий запи� кори�тувача.."
 
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr "�алаштуванн� комплек�у дл� роботи з прихованими парол�ми."
 
@@ -1419,8 +1464,8 @@ msgstr "Ð�алаштуваннÑ� комплекÑ�у длÑ� роботи з прÐ
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
@@ -1428,25 +1473,25 @@ msgstr "chsh"
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr "Створенн�, 2006"
 
@@ -1455,19 +1500,19 @@ msgstr "Створенн�, 2006"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1480,43 +1525,43 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
 msgstr "Команди керуванн� �и�темою"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr "оновленн� паролів груп у пакетному режимі"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 msgid ""
 "The <_:command-1/> command reads a list of group name and password pairs "
 "from standard input and uses this information to update a set of existing "
@@ -1529,24 +1574,24 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr "назва_групи"
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 msgid "password"
 msgstr "пароль"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr "<_:emphasis-1/>:<_:emphasis-2/>"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 msgid ""
 "By default the supplied password must be in clear-text, and is encrypted by "
 "<_:command-1/>."
@@ -1555,16 +1600,16 @@ msgstr ""
 "допомогою <_:command-1/>."
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 msgid "ENCRYPT_METHOD"
 msgstr "ENCRYPT_METHOD"
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "-e"
 msgstr "-e"
@@ -1572,16 +1617,16 @@ msgstr "-e"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> variable of <_:filename-2/>, and can be overwritten with the <_:"
@@ -1592,7 +1637,7 @@ msgstr ""
 "допомогою параметрів <_:option-3/>, <_:option-4/> або <_:option-5/>."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
@@ -1601,46 +1646,106 @@ msgstr ""
 "одноча�но �творюють багато облікових запи�ів."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr "--crypt-method"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr "Скори�тати�� дл� шифруванн� паролів вказаним методом."
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
-msgstr "До�тупними методами є DES, MD5 і NONE."
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-a <_:replaceable-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-a <_:replaceable-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr "DES"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr "MD5"
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr "SHA256"
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr "SHA512"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr ", <_:replaceable-1/>, <_:replaceable-2/>"
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "ОПИС"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-a <_:replaceable-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-a <_:replaceable-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
+msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
+#, fuzzy
+#| msgid ""
+#| "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> <_:option-4/"
+#| "> <_:replaceable-5/>=<_:replaceable-6/>"
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
-"До�тупними методами є DES, MD5, NONE і SHA256 або SHA512, �кщо у вашій libc "
-"передбачено підтримку цих методів."
+"Приклад: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> <_:option-4/> "
+"<_:replaceable-5/>=<_:replaceable-6/>"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 msgid "--encrypted"
 msgstr "--encrypted"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr "�адані паролі подано у зашифрованій формі."
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr "--md5"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1649,68 +1754,121 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 msgid "-s"
 msgstr "-s"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr "--sha-rounds"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr "Викори�тати вказану кількі�ть циклів шифруванн� паролів."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
+msgid ""
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
-"Значенн� 0 означає, що �и�тема вибере типову кількі�ть проходів дл� методу "
-"шифруванн� (5000)."
+"Типово, кількі�ть проходів визначаєть�� за допомогою змінних "
+"SHA_CRYPT_MIN_ROUNDS і SHA_CRYPT_MAX_ROUNDS у <_:filename-1/>."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr ""
 "Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� "
 "999999999."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
 msgstr ""
-"Ви можете �кори�тати�� цим параметром у поєднанні із методами шифруванн� "
-"SHA256 або SHA512."
+"Типово, кількі�ть проходів визначаєть�� за допомогою змінних "
+"SHA_CRYPT_MIN_ROUNDS і SHA_CRYPT_MAX_ROUNDS у <_:filename-1/>."
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
+msgstr ""
+"Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� "
+"999999999."
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgid ""
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
 msgstr ""
 "Типово, кількі�ть проходів визначаєть�� за допомогою змінних "
 "SHA_CRYPT_MIN_ROUNDS і SHA_CRYPT_MAX_ROUNDS у <_:filename-1/>."
 
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
+msgstr ""
+"Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� "
+"999999999."
+
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "З�СТЕРЕЖЕ��Я"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
@@ -1719,7 +1877,7 @@ msgstr ""
 "читанн� нешифрованих файлів �торонніми кори�тувачами."
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1731,8 +1889,8 @@ msgstr ""
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1740,19 +1898,19 @@ msgstr ""
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "Відомо�ті щодо груп облікових запи�ів."
@@ -1760,8 +1918,8 @@ msgstr "Відомо�ті щодо груп облікових запи�ів."
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1769,17 +1927,17 @@ msgstr "Відомо�ті щодо груп облікових запи�ів."
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "Відомо�ті щодо захищених груп облікових запи�ів."
 
@@ -1789,12 +1947,12 @@ msgstr "Відомо�ті щодо захищених груп облікови
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -1804,19 +1962,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -1828,20 +1986,20 @@ msgstr "Створенн�, 1991"
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr "оновленн� паролів у пакетному режимі"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 msgid ""
 "The <_:command-1/> command reads a list of user name and password pairs from "
 "standard input and uses this information to update a group of existing "
@@ -1855,13 +2013,13 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr "ім'�_кори�тувача"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 msgid ""
 "By default the passwords must be supplied in clear-text, and are encrypted "
 "by <_:command-1/>. Also the password age will be updated, if present."
@@ -1871,12 +2029,12 @@ msgstr ""
 "такі збережено."
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 msgid "MD5_CRYPT_ENAB"
 msgstr "MD5_CRYPT_ENAB"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 msgid ""
 "The default encryption algorithm can be defined for the system with the <_:"
 "option-1/> or <_:option-2/> variables of <_:filename-3/>, and can be "
@@ -1888,7 +2046,7 @@ msgstr ""
 "option-6/>."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 msgid ""
 "By default, passwords are encrypted by PAM, but (even if not recommended) "
 "you can select a different encryption method with the <_:option-1/>, <_:"
@@ -1899,12 +2057,12 @@ msgstr ""
 "option-2/> або <_:option-3/>."
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr "Окрім випадків, коли дл� шифруванн� паролів викори�тано PAM,"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 msgid ""
 "<_:phrase-1/> <_:command-2/> first updates all the passwords in memory, and "
 "then commits all the changes to disk if no errors occurred for any user."
@@ -1914,7 +2072,7 @@ msgstr ""
 "кори�тувачів."
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 msgid ""
 "When PAM is used to encrypt the passwords (and update the passwords in the "
 "system database) then if a password cannot be updated <_:command-1/> "
@@ -1927,17 +2085,17 @@ msgstr ""
 "кори�тувачів і поверне код помилки при виході з програми."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr "METHOD"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr "Типово, дл� шифруванн� паролів буде викори�тано PAM."
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 msgid ""
 "By default (if none of the <_:option-1/>, <_:option-2/>, or <_:option-3/> "
 "options are specified), the encryption method is defined by the <_:option-4/"
@@ -1948,36 +2106,17 @@ msgstr ""
 "або <_:option-5/> у <_:filename-6/>."
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
+#: chpasswd.8.xml.out:199
 msgid "ROUNDS"
 msgstr "ROUNDS"
 
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr "SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:199
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS"
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
-msgstr ""
-"Типово, кількі�ть проходів визначено змінними <_:option-1/> і <_:option-2/> "
-"у <_:filename-3/>."
-
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/pam.d/chpasswd"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 msgid "PAM configuration for <_:command-1/>."
 msgstr "�алаштуванн� PAM дл� <_:command-1/>."
 
@@ -1987,17 +2126,17 @@ msgstr "�алаштуванн� PAM дл� <_:command-1/>."
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr "<_:citerefentry-1/>,"
 
@@ -2007,21 +2146,21 @@ msgstr "<_:citerefentry-1/>,"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -2047,15 +2186,15 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 msgid "--shell"
 msgstr "--shell"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr "ОБОЛО�К�"
@@ -2087,12 +2226,13 @@ msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr "/bin/rsh"
 
@@ -2116,11 +2256,120 @@ msgstr ""
 "призведе до повної заборони дл� кори�тувача змінювати оболонку входу та "
 "початкову."
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+#, fuzzy
+#| msgid ""
+#| "The only restriction placed on the login shell is that the command name "
+#| "must be listed in <_:filename-1/>, unless the invoker is the superuser, "
+#| "and then any value may be added. An account with a restricted login shell "
+#| "may not change her login shell. For this reason, placing <_:filename-2/> "
+#| "in <_:filename-3/> is discouraged since accidentally changing to a "
+#| "restricted shell would prevent the user from ever changing her login "
+#| "shell back to its original value."
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+"Єдиним обмеженн�м, �ке накладають на оболонку входу є те, що назва команди "
+"має бути ча�тиною �пи�ку у <_:filename-1/>, �кщо команду не викликано від "
+"імені надкори�тувача. �адкори�тувач може додавати будь-�ке значенн�. "
+"Вла�ники облікових запи�ів із обмеженою оболонкою дл� входу не може "
+"змінювати вла�ну оболонку. З цієї причини не варто додавати <_:filename-2/> "
+"у <_:filename-3/>, о�кільки випадкова зміна обмеженої командної оболонки "
+"призведе до повної заборони дл� кори�тувача змінювати оболонку входу та "
+"початкову."
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr "Спи�ок чинних оболонок входу."
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "Спи�ок чинних оболонок входу."
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+#, fuzzy
+#| msgid ""
+#| "The following configuration variables in <_:filename-1/> change the "
+#| "behavior of this tool:"
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+"Вказані нижче змінні налаштувань у <_:filename-1/> змінюють поведінку цього "
+"ін�трумента:"
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "File Formats and Configuration Files"
+msgid "Directory for additional user defined configuration files."
+msgstr "Формати файлів і файли налаштувань"
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2136,7 +2385,7 @@ msgid "check and enforce password expiration policy"
 msgstr "перевірка і в�тановленн� правил за�таріванн� паролів"
 
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 msgid "option"
 msgstr "параметр"
 
@@ -2176,7 +2425,7 @@ msgstr ""
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr "Створенн�, 1989"
@@ -2197,7 +2446,7 @@ msgstr "faillog"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 msgid "File Formats and Configuration Files"
 msgstr "Формати файлів і файли налаштувань"
@@ -2283,14 +2532,14 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 msgid "-a"
 msgstr "-a"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr "--all"
 
@@ -2528,8 +2777,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -2537,28 +2786,28 @@ msgid "login"
 msgstr "login"
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr "Rafal"
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr "Maszkowski"
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr "Створенн�, 1996"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 msgid "administer <_:filename-1/>"
 msgstr "адміні�труванн� <_:filename-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 msgid "administer <_:filename-1/> and <_:filename-2/>"
 msgstr "адміні�труванн� <_:filename-1/> і <_:filename-2/>"
 
@@ -2566,9 +2815,9 @@ msgstr "адміні�труванн� <_:filename-1/> і <_:filename-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -2577,17 +2826,17 @@ msgid "group"
 msgstr "група"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr " Ñ– <_:filename-1/>"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 msgid "administrators,"
 msgstr "адміні�траторів,"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -2598,12 +2847,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 msgid "-A"
 msgstr "-A"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 msgid ""
 "System administrators can use the <_:option-1/> option to define group "
 "administrator(s) and the <_:option-2/> option to define members. They have "
@@ -2614,17 +2863,17 @@ msgstr ""
 "уча�ників. Вони мають у�і права адміні�траторів і уча�ників груп."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 msgid "a group administrator"
 msgstr "адміні�тратор групи"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 msgid "a system administrator"
 msgstr "адміні�тратор �и�теми"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -2638,8 +2887,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -2648,7 +2897,7 @@ msgid "newgrp"
 msgstr "newgrp"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 msgid ""
 "If a password is set the members can still use <_:citerefentry-1/> without a "
 "password, and non-members must supply the password."
@@ -2658,12 +2907,12 @@ msgstr ""
 "пароль."
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr "�отатки щодо паролів груп"
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -2674,7 +2923,7 @@ msgstr ""
 "взаємодії між різними кори�тувачами."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 msgid ""
 "Except for the <_:option-1/> and <_:option-2/> options, the options cannot "
 "be combined."
@@ -2683,51 +2932,51 @@ msgstr ""
 "поєднувати."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr "Параметри не можна поєднувати."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr "--add"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "кори�тувач"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 msgid "Add the <_:replaceable-1/> to the named <_:replaceable-2/>."
 msgstr "Додати <_:replaceable-1/> до іменованого <_:replaceable-2/>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr "--delete"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 msgid "Remove the <_:replaceable-1/> from the named <_:replaceable-2/>."
 msgstr "Вилучити <_:replaceable-1/> з іменованого <_:replaceable-2/>."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 msgid "-Q"
 msgstr "-Q"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr "--remove-password"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 msgid ""
 "Remove the password from the named <_:replaceable-1/>. The group password "
 "will be empty. Only group members will be allowed to use <_:command-2/> to "
@@ -2738,12 +2987,12 @@ msgstr ""
 "групи <_:replaceable-3/> зможуть лише уча�ники групи."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr "--restrict"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 msgid ""
 "Restrict the access to the named <_:replaceable-1/>. The group password is "
 "set to \"!\". Only group members with a password will be allowed to use <_:"
@@ -2755,42 +3004,42 @@ msgstr ""
 "з паролем."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 msgid "--administrators"
 msgstr "--administrators"
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr "В�тановити �пи�ок адміні�тративних кори�тувачів."
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 msgid "--members"
 msgstr "--members"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr "В�тановити �пи�ок уча�ників групи."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 msgid "and <_:filename-1/> files."
 msgstr "Ñ– <_:filename-1/>."
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 msgid "file."
 msgstr "."
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 msgid ""
 "This tool only operates on the <_:filename-1/> <_:phrase-2/> <_:phrase-3/> "
 "Thus you cannot change any NIS or LDAP group. This must be performed on the "
@@ -2806,11 +3055,11 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -2820,11 +3069,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -2834,10 +3083,10 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
@@ -2847,7 +3096,7 @@ msgstr "grpck"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -2855,12 +3104,12 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ", <_:citerefentry-1/>"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -2909,8 +3158,8 @@ msgstr "Довжина назв груп не може перевищувати
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 msgid "-g"
 msgstr "-g"
@@ -2930,7 +3179,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr "--gid"
 
@@ -2939,8 +3188,8 @@ msgstr "--gid"
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr "GID"
 
@@ -2973,36 +3222,36 @@ msgid "GID_MAX"
 msgstr "М�КСИМ�ЛЬ�ИЙ_GID"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 msgid "See also the <_:option-1/> option and the <_:option-2/> description."
 msgstr "Див. також опи�и параметрів <_:option-1/> і <_:option-2/>."
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 msgid "-K"
 msgstr "-K"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr "--key"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr "КЛЮЧ"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "VALUE"
 msgstr "З��ЧЕ��Я"
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>=<_:replaceable-4/>"
 msgstr "<_:option-1/>, <_:option-2/> <_:replaceable-3/>=<_:replaceable-4/>"
 
@@ -3016,12 +3265,12 @@ msgstr ""
 "іншими). Може бути вказано декілька параметрів <_:option-2/>."
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 msgid "100"
 msgstr "100"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr "499"
 
@@ -3037,7 +3286,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -3051,7 +3300,7 @@ msgstr ""
 "replaceable-4/>=<_:replaceable-5/> ще не працює."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr "--non-unique"
@@ -3074,19 +3323,19 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "--password"
 msgstr "--password"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr "П�РОЛЬ"
@@ -3095,8 +3344,8 @@ msgstr "П�РОЛЬ"
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr "crypt"
 
@@ -3106,11 +3355,11 @@ msgstr "crypt"
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3136,7 +3385,7 @@ msgstr ""
 "оклику."
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr "Зауваженн�:"
@@ -3152,7 +3401,7 @@ msgstr ""
 "до�туп до �пи�ку проце�ів."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
@@ -3161,7 +3410,7 @@ msgstr ""
 "�и�теми."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr "--system"
 
@@ -3192,48 +3441,10 @@ msgstr ""
 "діапазону <_:option-4/>-<_:option-5/>."
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "-P"
-msgstr "-P"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr "--prefix"
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr "К�Т�ЛОГ_ПРЕФІКС�"
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-"За�то�увати зміни до файлів налаштувань у кореневій файловій �и�темі з "
-"каталогу <_:replaceable-1/>. Викори�танн� цього параметра не змінює "
-"кореневої теки. Параметр призначено лише дл� приготуванн� цілі дл� "
-"компіл�ції коду дл� іншої операційної �и�теми. Обмеженн�: не буде виконано "
-"перевірку кори�тувачів/груп NIS і LDAP. При розпізнаванні у PAM буде "
-"викори�тано файли о�новної �и�теми. Підтримки SELINUX не передбачено."
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 msgid "-U"
 msgstr "-U"
@@ -3251,21 +3462,21 @@ msgstr "Спи�ок імен кори�тувачів, �ких �лід дод
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 msgid "-N"
 msgstr "-N"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr "USERGROUPS_ENAB"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 msgid ""
 "The default behavior (if the <_:option-1/>, <_:option-2/>, and <_:option-3/> "
 "options are not specified) is defined by the <_:option-4/> variable in <_:"
@@ -3293,13 +3504,13 @@ msgstr ""
 "LDAP, <_:command-1/> відмовить у запиті щодо �творенн� групи."
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "некоректний аргумент параметра"
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3309,7 +3520,7 @@ msgid "GID is already used (when called without <_:option-1/>)"
 msgstr "GID вже викори�тано (�кщо викликано без <_:option-1/>)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3319,7 +3530,7 @@ msgid "group name is already used"
 msgstr "назву групи вже викори�тано"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr "не вдало�� оновити файл груп"
@@ -3331,11 +3542,11 @@ msgstr "не вдало�� оновити файл груп"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
@@ -3346,11 +3557,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3380,8 +3591,8 @@ msgstr "вилученн� групи"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GROUP"
 
@@ -3439,13 +3650,13 @@ msgstr ""
 "щоб не лишило�� жодних файлів, �кі належать цій групі."
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "вказаної групи не і�нує"
 
@@ -3493,7 +3704,7 @@ msgstr "Створенн�, 2000"
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
@@ -3632,8 +3843,12 @@ msgstr ""
 
 #. (itstool) path: refsect1/programlisting
 #: groupmems.8.xml.out:167
+#, fuzzy
+#| msgid ""
+#| "$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems "
+#| "$ groupmems -g groups -a gk4"
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
@@ -3730,7 +3945,7 @@ msgstr ""
 "з <_:filename-5/> виконано не буде."
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 msgid "-n"
 msgstr "-n"
 
@@ -3812,7 +4027,7 @@ msgid "E_CLEANUP_SERVICE: can't setup cleanup service"
 msgstr "E_CLEANUP_SERVICE: не вдало�� налаштувати �лужбу чищенн�"
 
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -4004,7 +4219,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr "файл"
 
@@ -4036,7 +4251,7 @@ msgstr "--read-only"
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr "no"
@@ -4064,8 +4279,8 @@ msgstr "УпорÑ�дкувати запиÑ�и у <_:filename-1/> <_:phrase-2/> Ð
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 msgid "-S"
 msgstr "-S"
 
@@ -4292,7 +4507,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -4306,7 +4521,7 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
@@ -4353,7 +4568,7 @@ msgstr ""
 ">."
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 msgid "-b"
 msgstr "-b"
@@ -4707,7 +4922,7 @@ msgstr "username L2D2048N5 username L2 D2048 N5"
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr "кори�тувач"
 
@@ -5207,8 +5422,8 @@ msgstr "sh"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -5385,12 +5600,12 @@ msgid "<_:citerefentry-1/>."
 msgstr "<_:citerefentry-1/>."
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr "�алаштуванн� комплек�у дл� роботи з прихованими парол�ми"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 msgid ""
 "The <_:filename-1/> file defines the site-specific configuration for the "
 "shadow password suite. This file is required. Absence of this file will not "
@@ -5402,7 +5617,7 @@ msgstr ""
 "на�лідків."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -5418,18 +5633,18 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr "так"
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 msgid "0x"
 msgstr "0x"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 msgid ""
 "Parameter values may be of four types: strings, booleans, numbers, and long "
 "numbers. A string is comprised of any printable characters. A boolean should "
@@ -5452,32 +5667,32 @@ msgstr ""
 "з подвійною точні�тю визначаєть�� характери�тиками �и�теми."
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr "У ваше розпор�дженн� надано такі пункти налаштувань:"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr "PASS_MAX_DAYS"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr "PASS_MIN_DAYS"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr "PASS_WARN_AGE"
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 msgid ""
 "<_:option-1/>, <_:option-2/> and <_:option-3/> are only used at the time of "
 "account creation. Any changes to these settings won't affect existing "
@@ -5488,12 +5703,12 @@ msgstr ""
 "на�вні облікові запи�и."
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr "ПЕРЕХРЕС�І ПОСИЛ���Я"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -5505,57 +5720,75 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr "USE_TCB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr "CHFN_AUTH"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 msgid "LOGIN_STRING"
 msgstr "LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+#, fuzzy
+#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
+#, fuzzy
+#| msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr "MAX_MEMBERS_PER_GROUP"
 
@@ -5563,49 +5796,49 @@ msgstr "MAX_MEMBERS_PER_GROUP"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr "LASTLOG_UID_MAX"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr "CONSOLE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 msgid "FAILLOG_ENAB"
 msgstr "FAILLOG_ENAB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 msgid "FTMP_FILE"
 msgstr "FTMP_FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr "ISSUE_FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr "LASTLOG_ENAB LASTLOG_UID_MAX"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
@@ -5614,12 +5847,12 @@ msgstr ""
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr "ULIMIT UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -5634,22 +5867,30 @@ msgstr ""
 "USERGROUPS_ENAB"
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr "newgrp / sg"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
-msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+#: login.defs.5.xml.out:395
+#, fuzzy
+#| msgid ""
+#| "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
+#| "HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
+#| "SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+#| "SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX "
+#| "UID_MIN UMASK"
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
 "HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
@@ -5657,21 +5898,26 @@ msgstr ""
 "SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
+#, fuzzy
+#| msgid ""
+#| "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
+#| "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
 msgstr "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
 
@@ -5681,7 +5927,7 @@ msgstr "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/>"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -5694,7 +5940,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -5702,22 +5948,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr "ENV_HZ ENVIRON_FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr "SU_WHEEL_ONLY"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -5727,28 +5973,24 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 msgid "sulogin"
 msgstr "sulogin"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr "ENV_TZ"
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
-msgstr "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+#, fuzzy
+#| msgid "ENV_HZ ENVIRON_FILE"
+msgid "ENV_HZ ENV_TZ"
+msgstr "ENV_HZ ENVIRON_FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 msgid ""
 "CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR "
 "MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE "
@@ -5763,12 +6005,12 @@ msgstr ""
 "phrase-1/>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr "TCB_SYMLINKS USE_TCB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 msgid ""
 "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB <_:"
 "phrase-1/>"
@@ -5777,7 +6019,7 @@ msgstr ""
 "phrase-1/>"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 msgid "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 msgstr "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 
@@ -5786,18 +6028,18 @@ msgstr "LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <_:phrase-1/>"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "В�ДИ"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 msgid ""
 "Much of the functionality that used to be provided by the shadow password "
 "suite is now handled by PAM. Thus, <_:filename-1/> is no longer used by <_:"
@@ -5812,12 +6054,12 @@ msgstr ""
 "налаштувань PAM."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 msgid "pam"
 msgstr "pam"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -5933,12 +6175,12 @@ msgid "id"
 msgstr "id"
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr "пакетне оновленн� і �творенн� облікових запи�ів кори�тувачів"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 msgid ""
 "The <_:command-1/> command reads a <_:replaceable-2/> (or the standard input "
 "by default) and uses this information to update a set of existing users or "
@@ -5952,22 +6194,22 @@ msgstr ""
 "citerefentry-3/>). Вин�тки з цього правила опи�ано нижче:"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr "pw_name"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr "Це ім'� кори�тувача."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 msgid ""
 "It can be the name of a new user or the name of an existing user (or a user "
 "created before by <_:command-1/>). In case of an existing user, the user's "
@@ -5979,12 +6221,12 @@ msgstr ""
 "кори�тувача не і�нуватиме, його буде �творено."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_passwd"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
@@ -5992,17 +6234,17 @@ msgstr ""
 "Це поле буде зашифровано і викори�тано �к нове значенн� зашифрованого парол�."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
 msgstr "pw_uid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr "Це поле буде викори�тано дл� визначенн� UID кори�тувача."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 msgid ""
 "If the field is empty, a new (unused) UID will be defined automatically by "
 "<_:command-1/>."
@@ -6011,12 +6253,12 @@ msgstr ""
 "> автоматично."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr "Якщо у цьому полі мі�тить�� чи�ло, це чи�ло буде викори�тано �к UID."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 msgid ""
 "If this field contains the name of an existing user (or the name of a user "
 "created before by <_:command-1/>), the UID of the specified user will be "
@@ -6027,7 +6269,7 @@ msgstr ""
 "викори�тано UID вказаного кори�тувача."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
@@ -6036,19 +6278,19 @@ msgstr ""
 "кори�тувача має бути виправлено вручну."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr ""
 "Це поле викори�товують дл� визначенн� ідентифікатора о�новної групи "
 "кори�тувача."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 msgid ""
 "If this field contains the name of an existing group (or a group created "
 "before by <_:command-1/>), the GID of this group will be used as the primary "
@@ -6059,7 +6301,7 @@ msgstr ""
 "ідентифікатор о�новної групи кори�тувача."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -6070,7 +6312,7 @@ msgstr ""
 "нову групу з цим GID і назвою, �ка збігаєть�� із іменем кори�тувача."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 msgid ""
 "If this field is empty, a new group will be created with the name of the "
 "user and a GID will be automatically defined by <_:command-1/> to be used as "
@@ -6082,7 +6324,7 @@ msgstr ""
 "кори�тувача і �к GID дл� нової групи."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 msgid ""
 "If this field contains the name of a group which does not exist (and was not "
 "created before by <_:command-1/>), a new group will be created with the "
@@ -6096,32 +6338,32 @@ msgstr ""
 "дл� нової групи."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr "pw_gecos"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr "Це поле буде �копійовано до пол� GECOS кори�тувача."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr "pw_dir"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr "Це поле призначено дл� визначенн� домашнього каталогу кори�тувача."
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr "newusers не �творює батьків�ьких каталогів"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -6143,7 +6385,7 @@ msgstr ""
 "нових кори�тувачів."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 msgid ""
 "If the home directory of an existing user is changed, <_:command-1/> does "
 "not move or copy the content of the old directory to the new location. This "
@@ -6154,12 +6396,12 @@ msgstr ""
 "доведеть�� зробити вручну."
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr "pw_shell"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
@@ -6168,7 +6410,7 @@ msgstr ""
 "пол� не виконують��."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 msgid ""
 "<_:command-1/> first tries to create or change all the specified users, and "
 "then write these changes to the user or group databases. If an error occurs "
@@ -6181,7 +6423,7 @@ msgstr ""
 "даних не вно�итимуть��."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -6195,7 +6437,7 @@ msgstr ""
 "буде зупинено."
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
@@ -6204,48 +6446,57 @@ msgstr ""
 "одноча�но оновлюють багато облікових запи�ів."
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr "--badname"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr "Дозволити назви, �кі не відповідають �тандартам."
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+"До�тупними методами є DES, MD5, NONE і SHA256 або SHA512, �кщо у вашій libc "
+"передбачено підтримку цих методів."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr "Створити загально�и�темний обліковий запи�."
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr "SYS_UID_MIN"
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr "SYS_UID_MAX"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr "UID_MIN"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr "UID_MAX"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 msgid ""
 "System users will be created with no aging information in <_:filename-1/>, "
 "and their numeric identifiers are chosen in the <_:option-2/>-<_:option-3/> "
@@ -6258,8 +6509,47 @@ msgstr ""
 "не у <_:option-5/>-<_:option-6/> (та їхніх відповідників <_:option-7/> дл� "
 "�творенн� груп)."
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr ""
+"Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� "
+"999999999."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr ""
+"Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� "
+"999999999."
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr ""
+"Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� "
+"999999999."
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr ""
@@ -6267,49 +6557,49 @@ msgstr ""
 "незашифровані паролі."
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr "/etc/pam.d/newusers"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 msgid "/etc/subgid"
 msgstr "/etc/subgid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr "Окремі дл� кори�тувачів ідентифікатори підлеглих груп."
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 msgid "/etc/subuid"
 msgstr "/etc/subuid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr "Окремі дл� кори�тувачів ідентифікатори підлеглих кори�тувачів."
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 msgid "subgid"
 msgstr "subgid"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 msgid "subuid"
 msgstr "subuid"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 
@@ -6358,12 +6648,12 @@ msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr "Команда <_:command-1/> з'�вила�� у BSD 4.4."
 
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "зміна парол� кори�тувача"
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 msgid ""
 "The <_:command-1/> command changes passwords for user accounts. A normal "
 "user may only change the password for their own account, while the superuser "
@@ -6377,12 +6667,12 @@ msgstr ""
 "пов'�заного з ним парол�."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr "Зміни паролів"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -6395,7 +6685,7 @@ msgstr ""
 "�адкори�тувач може обійти цей крок, тому може змінювати забуті паролі."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 msgid ""
 "After the password has been entered, password aging information is checked "
 "to see if the user is permitted to change the password at this time. If not, "
@@ -6407,7 +6697,7 @@ msgstr ""
 "роботу."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -6418,53 +6708,25 @@ msgstr ""
 "пароль було змінено."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
+#: passwd.1.xml.out:98
 msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
-"Далі, пароль буде перевірено на �кладні�ть. Загальним правилом є те, що "
-"пароль має �кладати�� з від 6 до 8 �имволів, включаючи один або декілька "
-"�имволів з кожного з таких наборів:"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr "малі літери латин�ької абетки"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr "цифри від 0 до 9"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr "�имволи пунктуації"
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
-msgstr ""
-"До парол� не можна включати типові �имволи вилученн� або витиранн� �и�теми. "
-"<_:command-1/> не прийме парол�, �кий не є до�татньо �кладним."
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr "Підказки дл� паролів кори�тувача"
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr "UNIX"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 msgid ""
 "The security of a password depends upon the strength of the encryption "
 "algorithm and the size of the key space. The legacy <_:emphasis-1/> System "
@@ -6479,7 +6741,7 @@ msgstr ""
 "парол�, �ку було вибрано."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -6495,7 +6757,19 @@ msgstr ""
 "вгадуванн� парол� і компрометації захи�ту �и�теми."
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 msgid ""
 "You can find advice on how to choose a strong password on http://en."
 "wikipedia.org/wiki/Password_strength"
@@ -6504,7 +6778,7 @@ msgstr ""
 "wikipedia.org/wiki/�адійні�ть_парол�"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 msgid ""
 "This option can be used only with <_:option-1/> and causes show status for "
 "all users."
@@ -6513,7 +6787,7 @@ msgstr ""
 "викори�танн� призведе до показу �тану дл� у�іх кори�тувачів."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
@@ -6523,12 +6797,12 @@ msgstr ""
 "запи� безпарольним."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 msgid "--expire"
 msgstr "--expire"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
@@ -6538,7 +6812,7 @@ msgstr ""
 "до �и�теми."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 msgid ""
 "This option is used to disable an account after the password has been "
 "expired for a number of days. After a user account has had an expired "
@@ -6552,17 +6826,17 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 msgid "-k"
 msgstr "-k"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr "--keep-tokens"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
@@ -6573,12 +6847,12 @@ msgstr ""
 "дію жетонів, �трок дії �ких не вичерпано."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr "--lock"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
@@ -6589,12 +6863,12 @@ msgstr ""
 "відповідає зашифрованому значенню (буде додано ´!´ на початку парол�)."
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr "usermod --expiredate 1"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 msgid ""
 "Note that this does not disable the account. The user may still be able to "
 "login using another authentication token (e.g. an SSH key). To disable the "
@@ -6608,49 +6882,49 @@ msgstr ""
 "запи�у значенн� 2 �ічн� 1970 року)."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr ""
 "Кори�тувачі із заблокованим паролем не зможуть змінювати вла�ний пароль."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "-q"
 msgstr "-q"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr "--quiet"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "Режим без повідомлень."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr "--repository"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 msgid "REPOSITORY"
 msgstr "СХОВИЩЕ"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 msgid "change password in <_:replaceable-1/> repository"
 msgstr "змінити пароль у �ховищі <_:replaceable-1/>"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr "--status"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -6669,12 +6943,12 @@ msgstr ""
 "значенн� віку виражають�� у дн�х."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr "--unlock"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 msgid ""
 "Unlock the password of the named account. This option re-enables a password "
 "by changing the password back to its previous value (to the value before "
@@ -6685,7 +6959,7 @@ msgstr ""
 "викори�танн� параметра <_:option-1/>)."
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 msgid ""
 "Set the number of days of warning before a password change is required. The "
 "<_:replaceable-1/> option is the number of days prior to the password "
@@ -6697,12 +6971,12 @@ msgstr ""
 "кори�тувача про те, що пароль невдовзі доведеть�� змінити."
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 msgid "-x"
 msgstr "-x"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 msgid ""
 "Set the maximum number of days a password remains valid. After <_:"
 "replaceable-1/>, the password is required to be changed."
@@ -6711,8 +6985,20 @@ msgstr ""
 "чинним. Щойно мине <_:replaceable-1/>, �и�тема вимагатиме від кори�тувача "
 "змінити пароль."
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
@@ -6722,7 +7008,7 @@ msgstr ""
 "розробників."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
@@ -6731,7 +7017,7 @@ msgstr ""
 "увімкнено NIS, і кори�тувачі не увійшли до �ервера NIS."
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 msgid ""
 "<_:command-1/> uses PAM to authenticate users and to change their passwords."
 msgstr ""
@@ -6739,38 +7025,56 @@ msgstr ""
 "паролів PAM."
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/pam.d/passwd"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "некоректне поєднанн� параметрів"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "неочікувана помилка, нічого не виконано"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr "неочікувана помилка, не ви�тачає файла <_:filename-1/>"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 msgid "<_:filename-1/> file busy, try again"
 msgstr "файл <_:filename-1/> зайн�то, повторіть �пробу"
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:494
+#, fuzzy
+#| msgid ""
+#| "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+#| "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:517
+msgid ""
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
 
 #. (itstool) path: refnamediv/refpurpose
 #: passwd.5.xml.out:41
@@ -8488,6 +8792,11 @@ msgid "$HZ"
 msgstr "$HZ"
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr "ENV_TZ"
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr "ENV_HZ"
@@ -8837,7 +9146,7 @@ msgstr ""
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -8867,14 +9176,14 @@ msgstr ""
 "<_:option-1/>, <_:option-2/>, <_:option-3/> Ñ– <_:option-4/>)."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr "--base-dir"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 msgid "BASE_DIR"
 msgstr "Б�ЗОВИЙ_К�Т�ЛОГ"
 
@@ -8897,18 +9206,18 @@ msgstr ""
 "поєднано із назвою облікового запи�у."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr "HOME"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -8993,7 +9302,7 @@ msgstr ""
 "форматі <_:emphasis-1/>."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr "EXPIRE"
 
@@ -9035,7 +9344,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -9141,14 +9450,30 @@ msgstr ""
 "<_:option-1/>, <_:option-2/> <_:replaceable-3/>[<_:emphasis-4/>[<_:"
 "emphasis-5/>]]]"
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GROUP"
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
+#, fuzzy
+#| msgid ""
+#| "A list of supplementary groups which the user is also a member of. Each "
+#| "group is separated from the next by a comma, with no intervening "
+#| "whitespace. The groups are subject to the same restrictions as the group "
+#| "given with the <_:option-1/> option. The default is for the user to "
+#| "belong only to the initial group."
 msgid ""
 "A list of supplementary groups which the user is also a member of. Each "
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 "Спи�ок додаткових груп, уча�ником �ких також буде кори�тувач. Групи у �пи�ку "
 "�лід відокремлювати комою, без проміжного пробілу. Групи підл�гатимуть тим "
@@ -9156,17 +9481,17 @@ msgstr ""
 "поведінкою є належні�ть кори�тувача лише до початкової групи."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr "--skel"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "SKEL_DIR"
 msgstr "SKEL_DIR"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by <_:"
@@ -9178,12 +9503,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr "--create-home"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 msgid ""
 "This option is only valid if the <_:option-1/> (or <_:option-2/>) option is "
 "specified."
@@ -9192,17 +9517,17 @@ msgstr ""
 "option-2/>)."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr "SKEL"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 msgid "/etc/skel"
 msgstr "/etc/skel"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 msgid ""
 "If this option is not set, the skeleton directory is defined by the <_:"
 "option-1/> variable in <_:filename-2/> or, by default, <_:filename-3/>."
@@ -9211,17 +9536,17 @@ msgstr ""
 "<_:option-1/> у <_:filename-2/> або, типово, <_:filename-3/>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr "Якщо можна, буде �копійовано ACL і розширені атрибути."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr "UMASK"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
@@ -9230,7 +9555,7 @@ msgstr ""
 "option-3/>, <_:option-4/>, <_:option-5/> та іншими)."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -9244,17 +9569,17 @@ msgstr ""
 "replaceable-9/>=<_:replaceable-10/>"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr "--no-log-init"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr "�е додавати кори�тувача до баз даних lastlog і faillog."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 msgid ""
 "By default, the user's entries in the lastlog and faillog databases are "
 "reset to avoid reusing the entry from a previously deleted user."
@@ -9264,12 +9589,12 @@ msgstr ""
 "від раніше вилучених кори�тувачів."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr "LOG_INIT"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -9280,7 +9605,7 @@ msgstr ""
 "кори�тувача не буде додано до баз даних lastlog і faillog."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 msgid ""
 "Create the user's home directory if it does not exist. The files and "
 "directories contained in the skeleton directory (which can be defined with "
@@ -9291,12 +9616,12 @@ msgstr ""
 "(�кий можна визначити за допомогою параметра <_:option-1/>)."
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr "CREATE_HOME"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 msgid ""
 "By default, if this option is not specified and <_:option-1/> is not "
 "enabled, no home directories are created."
@@ -9305,7 +9630,7 @@ msgstr ""
 "не �творюватиме домашніх каталогів."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -9317,12 +9642,12 @@ msgstr ""
 "каталог буде недо�тупним."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr "--no-create-home"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 #, fuzzy
 #| msgid ""
 #| "Do no create the user's home directory, even if the system wide setting "
@@ -9336,12 +9661,12 @@ msgstr ""
 "значенн� <_:replaceable-3/>."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr "--no-user-group"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 msgid ""
 "Do not create a group with the same name as the user, but add the user to "
 "the group specified by the <_:option-1/> option or by the <_:option-2/> "
@@ -9352,12 +9677,12 @@ msgstr ""
 "option-1/> або змінною <_:option-2/> у <_:filename-3/>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 msgid "allows the creation of an account with an already existing UID."
 msgstr "Дозвол�є �творенн� облікового запи�у із на�вним UID."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -9372,7 +9697,7 @@ msgstr ""
 "матимуть декілька облікових запи�ів дл� входу до �и�теми."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -9384,7 +9709,7 @@ msgstr ""
 "режимі."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -9397,7 +9722,7 @@ msgstr ""
 "або визначити пароль вла�норуч."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 msgid ""
 "<_:emphasis-1/>Avoid this option on the command line because the password "
 "(or encrypted password) will be visible by users listing the processes."
@@ -9407,7 +9732,7 @@ msgstr ""
 "кори�тувачів, �кі мають до�туп до �пи�ку проце�ів."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 msgid ""
 "Note that <_:command-1/> will not create a home directory for such a user, "
 "regardless of the default setting in <_:filename-2/> (<_:option-3/>). You "
@@ -9421,7 +9746,7 @@ msgstr ""
 "домашній каталог."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 #, fuzzy
 #| msgid ""
 #| "Note that <_:command-1/> will not create a home directory for such a "
@@ -9440,7 +9765,7 @@ msgstr ""
 "домашній каталог."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 #, fuzzy
 #| msgid ""
 #| "sets the path to the user's login shell. Without this option, the system "
@@ -9459,17 +9784,17 @@ msgstr ""
 "входу у <_:filename-3/> лишатиметь�� порожнім."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr "--uid"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "UID"
 msgstr "UID"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 msgid ""
 "The numerical value of the user's ID. This value must be unique, unless the "
 "<_:option-1/> option is used. The value must be non-negative. The default is "
@@ -9483,12 +9808,12 @@ msgstr ""
 "будь-�кого іншого кори�тувача."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr "--user-group"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
@@ -9497,29 +9822,38 @@ msgstr ""
 "кори�тувача, додати кори�тувача до цієї групи."
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 msgid "-Z"
 msgstr "-Z"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr "--selinux-user"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr "SEКОРИСТУВ�Ч"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr "semanage"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
+#, fuzzy
+#| msgid ""
+#| "defines the SELinux user for the new account. Without this option, a "
+#| "SELinux uses the default user. Note that the shadow system doesn't store "
+#| "the selinux-user, it uses <_:citerefentry-1/> for that."
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
@@ -9528,13 +9862,44 @@ msgstr ""
 "shadow не зберігає кори�тувача selinux — дл� цього вона викори�товує <_:"
 "citerefentry-1/>."
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+#, fuzzy
+#| msgid "--selinux-user"
+msgid "--selinux-range"
+msgstr "--selinux-user"
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+#, fuzzy
+#| msgid "RANGE"
+msgid "SERANGE"
+msgstr "ДІ�П�ЗО�"
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+#, fuzzy
+#| msgid ""
+#| "defines the SELinux user for the new account. Without this option, a "
+#| "SELinux uses the default user. Note that the shadow system doesn't store "
+#| "the selinux-user, it uses <_:citerefentry-1/> for that."
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+"Визначає кори�тувача SELinux дл� нового облікового запи�у. Без цього "
+"параметра, SELinux викори�тає типового кори�тувача. Зауважте, що �и�тема "
+"shadow не зберігає кори�тувача selinux — дл� цього вона викори�товує <_:"
+"citerefentry-1/>."
+
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr "Зміна типових значень"
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 msgid ""
 "When invoked with only the <_:option-1/> option, <_:command-2/> will display "
 "the current default values. When invoked with <_:option-3/> plus other "
@@ -9547,7 +9912,7 @@ msgstr ""
 "вказаних параметрів. Коректними параметрами дл� зміни типових значень є такі:"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 msgid ""
 "sets the path prefix for a new user's home directory. The user's name will "
 "be affixed to the end of <_:replaceable-1/> to form the new user's home "
@@ -9560,20 +9925,20 @@ msgstr ""
 "�творенн� облікового запи�у не було викори�тано параметр <_:option-2/>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 msgid "This option sets the <_:option-1/> variable in <_:filename-2/>."
 msgstr ""
 "Цей параметр в�тановлює значенн� змінної <_:option-1/> у <_:filename-2/>."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr ""
 "В�тановлює дату вимиканн� ново�творених облікових запи�ів кори�тувачів."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -9584,7 +9949,7 @@ msgstr ""
 "citerefentry-1/>, щоб дізнати�� більше."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -9595,23 +9960,23 @@ msgstr ""
 "назвою група має і�нувати, а GID має бути на�вним запи�ом."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr "Визначає типову оболонку входу дл� нових кори�тувачів."
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "ПРИМІТКИ"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 msgid ""
 "The system administrator is responsible for placing the default user files "
 "in the <_:filename-1/> directory (or any other skeleton directory specified "
@@ -9622,7 +9987,7 @@ msgstr ""
 "р�дку команди) відповідає адміні�тратор �и�теми."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
@@ -9631,7 +9996,7 @@ msgstr ""
 "має бути виконано на відповідному �ервері."
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 msgid ""
 "Similarly, if the username already exists in an external user database such "
 "as NIS or LDAP, <_:command-1/> will deny the user account creation request."
@@ -9641,12 +10006,12 @@ msgstr ""
 "�творенн� облікового запи�у кори�тувача."
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -9657,52 +10022,52 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
-msgstr "Довжина імен кори�тувачів не може перевищувати 32 �имволи."
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
+msgstr "Довжина імен кори�тувачів не може перевищувати 256 �имволи."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "Типові значенн� дл� �творенн� облікового запи�у."
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/shadow-maint/useradd-pre.d/*"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr "/etc/shadow-maint/useradd-post.d/*"
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr "<_:filename-1/>, <_:filename-2/>"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "ACTION"
 msgstr "ACTION"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr "SUBJECT"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "useradd-pre.d"
 msgstr "useradd-pre.d"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid "useradd-post.d"
 msgstr "useradd-post.d"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -9718,44 +10083,44 @@ msgstr ""
 "буде ненульове значенн�, виконанн� дій буде перервано."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr "Каталог, у �кому мі�т�ть�� типові файли."
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr "не вдало�� оновити файл паролів"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr "UID вже викори�тано (і не вказано <_:option-1/>)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "username already in use"
 msgid "username or group name already in use"
 msgstr "запи� кори�тувача вже викори�тано"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr "не вдало�� �творити домашній каталог"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 msgid "14"
 msgstr "14"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr "не вдало�� оновити прив'�зку кори�тувача SELinux"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -10513,8 +10878,24 @@ msgstr ""
 "вилучено. Зауважте, що �и�тема shadow не зберігає кори�тувача selinux, а "
 "викори�товує дл� цього semanage(8)."
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
+#, fuzzy
+#| msgid ""
+#| "defines the SELinux user for the new account. Without this option, a "
+#| "SELinux uses the default user. Note that the shadow system doesn't store "
+#| "the selinux-user, it uses <_:citerefentry-1/> for that."
+msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+"Визначає кори�тувача SELinux дл� нового облікового запи�у. Без цього "
+"параметра, SELinux викори�тає типового кори�тувача. Зауважте, що �и�тема "
+"shadow не зберігає кори�тувача selinux — дл� цього вона викори�товує <_:"
+"citerefentry-1/>."
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
 msgid ""
 "You must make certain that the named user is not executing any processes "
 "when this command is being executed if the user's numerical user ID, the "
@@ -10530,17 +10911,17 @@ msgstr ""
 "того, чи увійшов кори�тувач до �и�теми."
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr "crontab"
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr "at"
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 msgid ""
 "You must change the owner of any <_:command-1/> files or <_:command-2/> jobs "
 "manually."
@@ -10549,42 +10930,44 @@ msgstr ""
 "command-2/> вручну."
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr "Вам �лід вне�ти у�і зміни щодо NIS на �ервері NIS."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 msgid "Group account information"
 msgstr "Відомо�ті щодо груп облікових запи�ів"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
-msgid "Secure group account informatio."
+#: usermod.8.xml.out:582
+#, fuzzy
+#| msgid "Secure group account information."
+msgid "Secure group account information"
 msgstr "Відомо�ті щодо захищених груп облікових запи�ів."
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 msgid "Shadow password suite configuration"
 msgstr "�алаштуванн� комплек�у дл� роботи з прихованими парол�ми"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 msgid "User account information"
 msgstr "Відомо�ті щодо облікових запи�ів кори�тувача"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 msgid "Secure user account information"
 msgstr "Відомо�ті щодо захищених облікових запи�ів кори�тувачів"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr "Окремі дл� кори�тувачів ідентифікатори підлеглих груп"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr "Окремі дл� кори�тувачів ідентифікатори підлеглих кори�тувачів"
 
@@ -10617,8 +11000,18 @@ msgstr "vi"
 
 #. (itstool) path: refsect1/para
 #: vipw.8.xml.out:66
-msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+#, fuzzy
+#| msgid ""
+#| "The <_:command-1/> and <_:command-2/> commands edits the files <_:"
+#| "filename-3/> and <_:filename-4/>, respectively. With the <_:option-5/> "
+#| "flag, they will edit the shadow versions of those files, <_:filename-6/> "
+#| "and <_:filename-7/>, respectively. The programs will set the appropriate "
+#| "locks to prevent file corruption. When looking for an editor, the "
+#| "programs will first try the environment variable <_:envar-8/>, then the "
+#| "environment variable <_:envar-9/>, and finally the default editor, <_:"
+#| "citerefentry-10/>."
+msgid ""
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -10815,6 +11208,21 @@ msgstr ""
 #~ "Якщо у р�дку мі�тить�� <_:replaceable-1/>, це значенн� буде замінено на "
 #~ "ім'� кори�тувача."
 
+#~ msgid "The available methods are DES, MD5, and NONE."
+#~ msgstr "До�тупними методами є DES, MD5 і NONE."
+
+#~ msgid ""
+#~ "The value 0 means that the system will choose the default number of "
+#~ "rounds for the crypt method (5000)."
+#~ msgstr ""
+#~ "Значенн� 0 означає, що �и�тема вибере типову кількі�ть проходів дл� "
+#~ "методу шифруванн� (5000)."
+
+#~ msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#~ msgstr ""
+#~ "Ви можете �кори�тати�� цим параметром у поєднанні із методами шифруванн� "
+#~ "SHA256 або SHA512."
+
 #~ msgid ""
 #~ "This defines the system default encryption algorithm for encrypting "
 #~ "passwords (if no algorithm are specified on the command line)."
@@ -10822,21 +11230,6 @@ msgstr ""
 #~ "Визначає типовий алгоритм шифруванн� �и�теми дл� шифруванн� паролів (�кщо "
 #~ "алгоритм не було вказано у р�дку команди)."
 
-#~ msgid "DES"
-#~ msgstr "DES"
-
-#~ msgid "MD5"
-#~ msgstr "MD5"
-
-#~ msgid "SHA256"
-#~ msgstr "SHA256"
-
-#~ msgid "SHA512"
-#~ msgstr "SHA512"
-
-#~ msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
-#~ msgstr ", <_:replaceable-1/>, <_:replaceable-2/>"
-
 #~ msgid ""
 #~ "It can take one of these values: <_:replaceable-1/> (default), <_:"
 #~ "replaceable-2/><_:phrase-3/>. MD5 and DES should not be used for new "
@@ -10933,6 +11326,14 @@ msgstr ""
 #~ msgstr ""
 #~ "Ц� змінна вважаєть�� за�тарілою. Вам �лід кори�тувати�� <_:option-1/>."
 
+#~| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+#~ msgid "SHA_CRYPT_MIN_ROUNDS"
+#~ msgstr "SHA_CRYPT_MIN_ROUNDS"
+
+#~| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+#~ msgid "SHA_CRYPT_MAX_ROUNDS"
+#~ msgstr "SHA_CRYPT_MAX_ROUNDS"
+
 #~ msgid ""
 #~ "When <_:option-1/> is set to <_:replaceable-2/> or <_:replaceable-3/>, "
 #~ "this defines the number of SHA rounds used by the encryption algorithm by "
@@ -10974,6 +11375,13 @@ msgstr ""
 #~ "Якщо <_:option-1/> &gt; <_:option-2/>, буде викори�тано найбільше "
 #~ "значенн�."
 
+#~ msgid ""
+#~ "By default, the number of rounds is defined by the <_:option-1/> and <_:"
+#~ "option-2/> variables in <_:filename-3/>."
+#~ msgstr ""
+#~ "Типово, кількі�ть проходів визначено змінними <_:option-1/> і <_:option-2/"
+#~ "> у <_:filename-3/>."
+
 #~ msgid "CHSH_AUTH"
 #~ msgstr "CHSH_AUTH"
 
@@ -11861,6 +12269,42 @@ msgstr ""
 #~ "О�ь приклад �крипту, �кий вилучає завданн� cron, at і друку кори�тувача: "
 #~ "<_:programlisting-1/>"
 
+#~ msgid "ENV_HZ <_:phrase-1/>"
+#~ msgstr "ENV_HZ <_:phrase-1/>"
+
+#~ msgid ""
+#~ "Then, the password is tested for complexity. As a general guideline, "
+#~ "passwords should consist of 6 to 8 characters including one or more "
+#~ "characters from each of the following sets:"
+#~ msgstr ""
+#~ "Далі, пароль буде перевірено на �кладні�ть. Загальним правилом є те, що "
+#~ "пароль має �кладати�� з від 6 до 8 �имволів, включаючи один або декілька "
+#~ "�имволів з кожного з таких наборів:"
+
+#~ msgid "lower case alphabetics"
+#~ msgstr "малі літери латин�ької абетки"
+
+#~ msgid "digits 0 thru 9"
+#~ msgstr "цифри від 0 до 9"
+
+#~ msgid "punctuation marks"
+#~ msgstr "�имволи пунктуації"
+
+#~ msgid ""
+#~ "Care must be taken not to include the system default erase or kill "
+#~ "characters. <_:command-1/> will reject any password which is not suitably "
+#~ "complex."
+#~ msgstr ""
+#~ "До парол� не можна включати типові �имволи вилученн� або витиранн� "
+#~ "�и�теми. <_:command-1/> не прийме парол�, �кий не є до�татньо �кладним."
+
+#~ msgid ""
+#~ "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+#~ "phrase-4/> <_:citerefentry-5/>."
+#~ msgstr ""
+#~ "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+#~ "phrase-4/> <_:citerefentry-5/>."
+
 #~ msgid ""
 #~ "Usernames must start with a lower case letter or an underscore, followed "
 #~ "by lower case letters, digits, underscores, or dashes. They can end with "
@@ -11871,6 +12315,10 @@ msgstr ""
 #~ "�имволи підкре�ленн� та дефі�и. �азви можуть завершувати�� �имволом "
 #~ "долара. У термінах формальних виразів: [a-z_][a-z0-9_-]*[$]?"
 
+#~| msgid "Secure group account information."
+#~ msgid "Secure group account informatio."
+#~ msgstr "Відомо�ті щодо захищених груп облікових запи�ів."
+
 #~ msgid "<option>-g</option>, <option>--group</option>"
 #~ msgstr "<option>-g</option>, <option>--group</option>"
 
diff --git a/man/po/zh_CN.po b/man/po/zh_CN.po
index cb0db6a..7160da2 100644
--- a/man/po/zh_CN.po
+++ b/man/po/zh_CN.po
@@ -4,7 +4,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow-man-pages VERSION\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-03-14 18:23-0500\n"
 "PO-Revision-Date: 2013-08-23 01:42+0200\n"
 "Last-Translator: YunQiang Su <wzssyqa@gmail.com>\n"
 "Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
@@ -15,12 +15,12 @@ msgstr ""
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:19 chsh.1.xml.out:18
+#: chage.1.xml.out:16 chfn.1.xml.out:18 chpasswd.8.xml.out:21 chsh.1.xml.out:18
 #: expiry.1.xml.out:19 faillog.5.xml.out:15 faillog.8.xml.out:15
 #: groupadd.8.xml.out:18 groupdel.8.xml.out:16 groupmod.8.xml.out:16
 #: groups.1.xml.out:15 grpck.8.xml.out:15 lastlog.8.xml.out:17
-#: login.1.xml.out:48 login.defs.5.xml.out:84 logoutd.8.xml.out:15
-#: newgrp.1.xml.out:16 newusers.8.xml.out:31 passwd.1.xml.out:22
+#: login.1.xml.out:48 login.defs.5.xml.out:86 logoutd.8.xml.out:15
+#: newgrp.1.xml.out:16 newusers.8.xml.out:33 passwd.1.xml.out:24
 #: passwd.5.xml.out:15 porttime.5.xml.out:15 pwck.8.xml.out:22
 #: shadow.3.xml.out:15 shadow.5.xml.out:15 sg.1.xml.out:16 su.1.xml.out:32
 #: useradd.8.xml.out:34 userdel.8.xml.out:21 usermod.8.xml.out:22
@@ -28,12 +28,12 @@ msgid "Julianne Frances"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:20 chsh.1.xml.out:19
+#: chage.1.xml.out:17 chfn.1.xml.out:19 chpasswd.8.xml.out:22 chsh.1.xml.out:19
 #: expiry.1.xml.out:20 faillog.5.xml.out:16 faillog.8.xml.out:16
 #: groupadd.8.xml.out:19 groupdel.8.xml.out:17 groupmod.8.xml.out:17
 #: groups.1.xml.out:16 grpck.8.xml.out:16 lastlog.8.xml.out:18
-#: login.1.xml.out:49 login.defs.5.xml.out:85 logoutd.8.xml.out:16
-#: newgrp.1.xml.out:17 newusers.8.xml.out:32 passwd.1.xml.out:23
+#: login.1.xml.out:49 login.defs.5.xml.out:87 logoutd.8.xml.out:16
+#: newgrp.1.xml.out:17 newusers.8.xml.out:34 passwd.1.xml.out:25
 #: passwd.5.xml.out:16 porttime.5.xml.out:16 pwck.8.xml.out:23
 #: shadow.3.xml.out:16 shadow.5.xml.out:16 sg.1.xml.out:17 su.1.xml.out:33
 #: useradd.8.xml.out:35 userdel.8.xml.out:22 usermod.8.xml.out:23
@@ -46,14 +46,14 @@ msgid "Creation, 1990"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:20
-#: chpasswd.8.xml.out:24 chsh.1.xml.out:23 expiry.1.xml.out:24
-#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:25
+#: chage.1.xml.out:21 chfn.1.xml.out:23 chgpasswd.8.xml.out:22
+#: chpasswd.8.xml.out:26 chsh.1.xml.out:23 expiry.1.xml.out:24
+#: faillog.5.xml.out:20 faillog.8.xml.out:20 gpasswd.1.xml.out:27
 #: groupadd.8.xml.out:23 groupdel.8.xml.out:21 groupmems.8.xml.out:24
 #: groupmod.8.xml.out:21 groups.1.xml.out:20 grpck.8.xml.out:20
 #: lastlog.8.xml.out:22 limits.5.xml.out:22 login.1.xml.out:53
-#: login.access.5.xml.out:21 login.defs.5.xml.out:89 logoutd.8.xml.out:20
-#: newgrp.1.xml.out:21 newusers.8.xml.out:36 passwd.1.xml.out:27
+#: login.access.5.xml.out:21 login.defs.5.xml.out:91 logoutd.8.xml.out:20
+#: newgrp.1.xml.out:21 newusers.8.xml.out:38 passwd.1.xml.out:29
 #: passwd.5.xml.out:20 porttime.5.xml.out:20 pwck.8.xml.out:27
 #: pwconv.8.xml.out:26 shadow.3.xml.out:20 shadow.5.xml.out:20 sg.1.xml.out:21
 #: su.1.xml.out:37 suauth.5.xml.out:20 useradd.8.xml.out:39
@@ -62,14 +62,14 @@ msgid "Thomas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:21
-#: chpasswd.8.xml.out:25 chsh.1.xml.out:24 expiry.1.xml.out:25
-#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:26
+#: chage.1.xml.out:22 chfn.1.xml.out:24 chgpasswd.8.xml.out:23
+#: chpasswd.8.xml.out:27 chsh.1.xml.out:24 expiry.1.xml.out:25
+#: faillog.5.xml.out:21 faillog.8.xml.out:21 gpasswd.1.xml.out:28
 #: groupadd.8.xml.out:24 groupdel.8.xml.out:22 groupmems.8.xml.out:25
 #: groupmod.8.xml.out:22 groups.1.xml.out:21 grpck.8.xml.out:21
 #: lastlog.8.xml.out:23 limits.5.xml.out:23 login.1.xml.out:54
-#: login.access.5.xml.out:22 login.defs.5.xml.out:90 logoutd.8.xml.out:21
-#: newgrp.1.xml.out:22 newusers.8.xml.out:37 passwd.1.xml.out:28
+#: login.access.5.xml.out:22 login.defs.5.xml.out:92 logoutd.8.xml.out:21
+#: newgrp.1.xml.out:22 newusers.8.xml.out:39 passwd.1.xml.out:30
 #: passwd.5.xml.out:21 porttime.5.xml.out:21 pwck.8.xml.out:28
 #: pwconv.8.xml.out:27 shadow.3.xml.out:21 shadow.5.xml.out:21 sg.1.xml.out:22
 #: su.1.xml.out:38 suauth.5.xml.out:21 useradd.8.xml.out:40
@@ -78,14 +78,14 @@ msgid "KÅ‚oczko"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:22
-#: chpasswd.8.xml.out:26 chsh.1.xml.out:25 expiry.1.xml.out:26
-#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:27
+#: chage.1.xml.out:23 chfn.1.xml.out:25 chgpasswd.8.xml.out:24
+#: chpasswd.8.xml.out:28 chsh.1.xml.out:25 expiry.1.xml.out:26
+#: faillog.5.xml.out:22 faillog.8.xml.out:22 gpasswd.1.xml.out:29
 #: groupadd.8.xml.out:25 groupdel.8.xml.out:23 groupmems.8.xml.out:26
 #: groupmod.8.xml.out:23 groups.1.xml.out:22 grpck.8.xml.out:22
 #: lastlog.8.xml.out:24 limits.5.xml.out:24 login.1.xml.out:55
-#: login.access.5.xml.out:23 login.defs.5.xml.out:91 logoutd.8.xml.out:22
-#: newgrp.1.xml.out:23 newusers.8.xml.out:38 passwd.1.xml.out:29
+#: login.access.5.xml.out:23 login.defs.5.xml.out:93 logoutd.8.xml.out:22
+#: newgrp.1.xml.out:23 newusers.8.xml.out:40 passwd.1.xml.out:31
 #: passwd.5.xml.out:22 porttime.5.xml.out:22 pwck.8.xml.out:29
 #: pwconv.8.xml.out:28 shadow.3.xml.out:22 shadow.5.xml.out:22 sg.1.xml.out:23
 #: su.1.xml.out:39 suauth.5.xml.out:22 useradd.8.xml.out:41
@@ -94,14 +94,14 @@ msgid "kloczek@pld.org.pl"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:27 chsh.1.xml.out:26
+#: chage.1.xml.out:24 chfn.1.xml.out:26 chpasswd.8.xml.out:29 chsh.1.xml.out:26
 #: expiry.1.xml.out:27 faillog.5.xml.out:23 faillog.8.xml.out:23
-#: gpasswd.1.xml.out:28 groupadd.8.xml.out:26 groupdel.8.xml.out:24
+#: gpasswd.1.xml.out:30 groupadd.8.xml.out:26 groupdel.8.xml.out:24
 #: groupmems.8.xml.out:27 groupmod.8.xml.out:24 groups.1.xml.out:23
 #: grpck.8.xml.out:23 lastlog.8.xml.out:25 limits.5.xml.out:25
-#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:92
-#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:39
-#: passwd.1.xml.out:30 passwd.5.xml.out:23 porttime.5.xml.out:23
+#: login.1.xml.out:56 login.access.5.xml.out:24 login.defs.5.xml.out:94
+#: logoutd.8.xml.out:23 newgrp.1.xml.out:24 newusers.8.xml.out:41
+#: passwd.1.xml.out:32 passwd.5.xml.out:23 porttime.5.xml.out:23
 #: pwck.8.xml.out:30 pwconv.8.xml.out:29 shadow.3.xml.out:23
 #: shadow.5.xml.out:23 sg.1.xml.out:24 su.1.xml.out:40 suauth.5.xml.out:23
 #: useradd.8.xml.out:42 userdel.8.xml.out:29 usermod.8.xml.out:30
@@ -110,15 +110,15 @@ msgid "shadow-utils maintainer, 2000 - 2007"
 msgstr ""
 
 #. (itstool) path: author/firstname
-#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:26
-#: chpasswd.8.xml.out:30 chsh.1.xml.out:29 expiry.1.xml.out:30
-#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:31
+#: chage.1.xml.out:27 chfn.1.xml.out:29 chgpasswd.8.xml.out:28
+#: chpasswd.8.xml.out:32 chsh.1.xml.out:29 expiry.1.xml.out:30
+#: faillog.5.xml.out:26 faillog.8.xml.out:26 gpasswd.1.xml.out:33
 #: groupadd.8.xml.out:29 groupdel.8.xml.out:27 groupmems.8.xml.out:30
 #: groupmod.8.xml.out:27 groups.1.xml.out:26 grpck.8.xml.out:26
 #: gshadow.5.xml.out:14 lastlog.8.xml.out:28 limits.5.xml.out:28
-#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:95
-#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:42
-#: nologin.8.xml.out:15 passwd.1.xml.out:33 passwd.5.xml.out:26
+#: login.1.xml.out:59 login.access.5.xml.out:27 login.defs.5.xml.out:97
+#: logoutd.8.xml.out:26 newgrp.1.xml.out:27 newusers.8.xml.out:44
+#: nologin.8.xml.out:15 passwd.1.xml.out:35 passwd.5.xml.out:26
 #: porttime.5.xml.out:26 pwck.8.xml.out:33 pwconv.8.xml.out:32
 #: shadow.3.xml.out:26 shadow.5.xml.out:26 sg.1.xml.out:27 su.1.xml.out:43
 #: suauth.5.xml.out:26 useradd.8.xml.out:45 userdel.8.xml.out:32
@@ -127,15 +127,15 @@ msgid "Nicolas"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:27
-#: chpasswd.8.xml.out:31 chsh.1.xml.out:30 expiry.1.xml.out:31
-#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:32
+#: chage.1.xml.out:28 chfn.1.xml.out:30 chgpasswd.8.xml.out:29
+#: chpasswd.8.xml.out:33 chsh.1.xml.out:30 expiry.1.xml.out:31
+#: faillog.5.xml.out:27 faillog.8.xml.out:27 gpasswd.1.xml.out:34
 #: groupadd.8.xml.out:30 groupdel.8.xml.out:28 groupmems.8.xml.out:31
 #: groupmod.8.xml.out:28 groups.1.xml.out:27 grpck.8.xml.out:27
 #: gshadow.5.xml.out:15 lastlog.8.xml.out:29 limits.5.xml.out:29
-#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:96
-#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:43
-#: nologin.8.xml.out:16 passwd.1.xml.out:34 passwd.5.xml.out:27
+#: login.1.xml.out:60 login.access.5.xml.out:28 login.defs.5.xml.out:98
+#: logoutd.8.xml.out:27 newgrp.1.xml.out:28 newusers.8.xml.out:45
+#: nologin.8.xml.out:16 passwd.1.xml.out:36 passwd.5.xml.out:27
 #: porttime.5.xml.out:27 pwck.8.xml.out:34 pwconv.8.xml.out:33
 #: shadow.3.xml.out:27 shadow.5.xml.out:27 sg.1.xml.out:28 su.1.xml.out:44
 #: suauth.5.xml.out:27 useradd.8.xml.out:46 userdel.8.xml.out:33
@@ -144,15 +144,15 @@ msgid "François"
 msgstr ""
 
 #. (itstool) path: author/email
-#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:28
-#: chpasswd.8.xml.out:32 chsh.1.xml.out:31 expiry.1.xml.out:32
-#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:33
+#: chage.1.xml.out:29 chfn.1.xml.out:31 chgpasswd.8.xml.out:30
+#: chpasswd.8.xml.out:34 chsh.1.xml.out:31 expiry.1.xml.out:32
+#: faillog.5.xml.out:28 faillog.8.xml.out:28 gpasswd.1.xml.out:35
 #: groupadd.8.xml.out:31 groupdel.8.xml.out:29 groupmems.8.xml.out:32
 #: groupmod.8.xml.out:29 groups.1.xml.out:28 grpck.8.xml.out:28
 #: gshadow.5.xml.out:16 lastlog.8.xml.out:30 limits.5.xml.out:30
-#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:97
-#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:44
-#: nologin.8.xml.out:17 passwd.1.xml.out:35 passwd.5.xml.out:28
+#: login.1.xml.out:61 login.access.5.xml.out:29 login.defs.5.xml.out:99
+#: logoutd.8.xml.out:28 newgrp.1.xml.out:29 newusers.8.xml.out:46
+#: nologin.8.xml.out:17 passwd.1.xml.out:37 passwd.5.xml.out:28
 #: porttime.5.xml.out:28 pwck.8.xml.out:35 pwconv.8.xml.out:34
 #: shadow.3.xml.out:28 shadow.5.xml.out:28 sg.1.xml.out:29 su.1.xml.out:45
 #: suauth.5.xml.out:28 useradd.8.xml.out:47 userdel.8.xml.out:34
@@ -161,15 +161,15 @@ msgid "nicolas.francois@centraliens.net"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:29
-#: chpasswd.8.xml.out:33 chsh.1.xml.out:32 expiry.1.xml.out:33
-#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:34
+#: chage.1.xml.out:30 chfn.1.xml.out:32 chgpasswd.8.xml.out:31
+#: chpasswd.8.xml.out:35 chsh.1.xml.out:32 expiry.1.xml.out:33
+#: faillog.5.xml.out:29 faillog.8.xml.out:29 gpasswd.1.xml.out:36
 #: groupadd.8.xml.out:32 groupdel.8.xml.out:30 groupmems.8.xml.out:33
 #: groupmod.8.xml.out:30 groups.1.xml.out:29 grpck.8.xml.out:29
 #: gshadow.5.xml.out:18 lastlog.8.xml.out:31 limits.5.xml.out:31
-#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:98
-#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:45
-#: nologin.8.xml.out:18 passwd.1.xml.out:36 passwd.5.xml.out:29
+#: login.1.xml.out:62 login.access.5.xml.out:30 login.defs.5.xml.out:100
+#: logoutd.8.xml.out:29 newgrp.1.xml.out:30 newusers.8.xml.out:47
+#: nologin.8.xml.out:18 passwd.1.xml.out:38 passwd.5.xml.out:29
 #: porttime.5.xml.out:29 pwck.8.xml.out:36 pwconv.8.xml.out:35
 #: shadow.3.xml.out:29 shadow.5.xml.out:29 sg.1.xml.out:30 su.1.xml.out:46
 #: suauth.5.xml.out:29 useradd.8.xml.out:48 userdel.8.xml.out:35
@@ -184,9 +184,9 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
 #: chage.1.xml.out:34 chage.1.xml.out:41 chage.1.xml.out:46 chage.1.xml.out:59
-#: chage.1.xml.out:69 chage.1.xml.out:216 chage.1.xml.out:226
-#: chage.1.xml.out:236 chage.1.xml.out:241 chage.1.xml.out:285
-#: login.defs.5.xml.out:233 shadow.5.xml.out:262
+#: chage.1.xml.out:69 chage.1.xml.out:231 chage.1.xml.out:241
+#: chage.1.xml.out:251 chage.1.xml.out:256 chage.1.xml.out:300
+#: login.defs.5.xml.out:237 shadow.5.xml.out:262
 msgid "chage"
 msgstr "chage"
 
@@ -194,11 +194,11 @@ msgstr "chage"
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:35 chage.1.xml.out:294 chfn.1.xml.out:37 chfn.1.xml.out:65
-#: chfn.1.xml.out:205 chgpasswd.8.xml.out:217 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:37 chsh.1.xml.out:171 expiry.1.xml.out:38
-#: faillog.8.xml.out:235 gpasswd.1.xml.out:39 gpasswd.1.xml.out:93
-#: gpasswd.1.xml.out:277 groupadd.8.xml.out:345 groupadd.8.xml.out:348
+#: chage.1.xml.out:35 chage.1.xml.out:309 chfn.1.xml.out:37 chfn.1.xml.out:65
+#: chfn.1.xml.out:205 chgpasswd.8.xml.out:245 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:37 chsh.1.xml.out:212 expiry.1.xml.out:38
+#: faillog.8.xml.out:235 gpasswd.1.xml.out:41 gpasswd.1.xml.out:95
+#: gpasswd.1.xml.out:279 groupadd.8.xml.out:345 groupadd.8.xml.out:348
 #: groupadd.8.xml.out:351 groupdel.8.xml.out:205 groupdel.8.xml.out:208
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:209 groupmems.8.xml.out:212
 #: groupmems.8.xml.out:215 groupmod.8.xml.out:326 groupmod.8.xml.out:329
@@ -206,44 +206,44 @@ msgstr "chage"
 #: grpck.8.xml.out:243 gshadow.5.xml.out:77 gshadow.5.xml.out:165
 #: limits.5.xml.out:185 login.1.xml.out:67 login.1.xml.out:128
 #: login.1.xml.out:377 login.1.xml.out:380 login.1.xml.out:383
-#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:516
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:520 login.defs.5.xml.out:530
-#: login.defs.5.xml.out:533 login.defs.5.xml.out:536 newgrp.1.xml.out:35
+#: login.1.xml.out:386 login.access.5.xml.out:112 login.defs.5.xml.out:535
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:539 login.defs.5.xml.out:549
+#: login.defs.5.xml.out:552 login.defs.5.xml.out:555 newgrp.1.xml.out:35
 #: newgrp.1.xml.out:130 newgrp.1.xml.out:133 newgrp.1.xml.out:136
-#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:456
-#: nologin.8.xml.out:60 passwd.1.xml.out:41 passwd.1.xml.out:431
-#: passwd.5.xml.out:118 passwd.5.xml.out:173 passwd.5.xml.out:179
-#: passwd.5.xml.out:182 passwd.5.xml.out:197 porttime.5.xml.out:121
-#: pwck.8.xml.out:293 shadow.5.xml.out:262 shadow.5.xml.out:265
-#: shadow.5.xml.out:268 shadow.5.xml.out:283 sg.1.xml.out:35 sg.1.xml.out:119
-#: sg.1.xml.out:122 sg.1.xml.out:125 sg.1.xml.out:128 sg.1.xml.out:131
-#: su.1.xml.out:51 su.1.xml.out:391 su.1.xml.out:415 su.1.xml.out:421
-#: su.1.xml.out:424 suauth.5.xml.out:201 useradd.8.xml.out:817
-#: useradd.8.xml.out:878 useradd.8.xml.out:881 useradd.8.xml.out:884
-#: userdel.8.xml.out:241 userdel.8.xml.out:310 userdel.8.xml.out:313
-#: userdel.8.xml.out:316 usermod.8.xml.out:105 usermod.8.xml.out:244
-#: usermod.8.xml.out:605 usermod.8.xml.out:608 usermod.8.xml.out:611
-#: vipw.8.xml.out:78 vipw.8.xml.out:205
+#: newgrp.1.xml.out:139 newgrp.1.xml.out:142 newusers.8.xml.out:477
+#: nologin.8.xml.out:60 passwd.1.xml.out:43 passwd.1.xml.out:453
+#: passwd.1.xml.out:499 passwd.5.xml.out:118 passwd.5.xml.out:173
+#: passwd.5.xml.out:179 passwd.5.xml.out:182 passwd.5.xml.out:197
+#: porttime.5.xml.out:121 pwck.8.xml.out:293 shadow.5.xml.out:262
+#: shadow.5.xml.out:265 shadow.5.xml.out:268 shadow.5.xml.out:283
+#: sg.1.xml.out:35 sg.1.xml.out:119 sg.1.xml.out:122 sg.1.xml.out:125
+#: sg.1.xml.out:128 sg.1.xml.out:131 su.1.xml.out:51 su.1.xml.out:391
+#: su.1.xml.out:415 su.1.xml.out:421 su.1.xml.out:424 suauth.5.xml.out:201
+#: useradd.8.xml.out:837 useradd.8.xml.out:898 useradd.8.xml.out:901
+#: useradd.8.xml.out:904 userdel.8.xml.out:241 userdel.8.xml.out:310
+#: userdel.8.xml.out:313 userdel.8.xml.out:316 usermod.8.xml.out:105
+#: usermod.8.xml.out:244 usermod.8.xml.out:622 usermod.8.xml.out:625
+#: usermod.8.xml.out:628 vipw.8.xml.out:78 vipw.8.xml.out:205
 msgid "1"
 msgstr "1"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: chage.1.xml.out:36 chfn.1.xml.out:38 chsh.1.xml.out:38 expiry.1.xml.out:39
-#: gpasswd.1.xml.out:40 groups.1.xml.out:35 login.1.xml.out:68
-#: newgrp.1.xml.out:36 passwd.1.xml.out:42 sg.1.xml.out:36 su.1.xml.out:52
+#: gpasswd.1.xml.out:42 groups.1.xml.out:35 login.1.xml.out:68
+#: newgrp.1.xml.out:36 passwd.1.xml.out:44 sg.1.xml.out:36 su.1.xml.out:52
 msgid "User Commands"
 msgstr "用户命令"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:36
-#: chpasswd.8.xml.out:40 chsh.1.xml.out:39 expiry.1.xml.out:40
-#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:41
+#: chage.1.xml.out:37 chfn.1.xml.out:39 chgpasswd.8.xml.out:38
+#: chpasswd.8.xml.out:42 chsh.1.xml.out:39 expiry.1.xml.out:40
+#: faillog.5.xml.out:36 faillog.8.xml.out:36 gpasswd.1.xml.out:43
 #: groupadd.8.xml.out:39 groupdel.8.xml.out:37 groupmems.8.xml.out:40
 #: groupmod.8.xml.out:37 groups.1.xml.out:36 grpck.8.xml.out:36
 #: gshadow.5.xml.out:25 lastlog.8.xml.out:38 limits.5.xml.out:38
-#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:105
-#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:52
-#: nologin.8.xml.out:25 passwd.1.xml.out:43 passwd.5.xml.out:36
+#: login.1.xml.out:69 login.access.5.xml.out:37 login.defs.5.xml.out:107
+#: logoutd.8.xml.out:36 newgrp.1.xml.out:37 newusers.8.xml.out:54
+#: nologin.8.xml.out:25 passwd.1.xml.out:45 passwd.5.xml.out:36
 #: porttime.5.xml.out:36 pwck.8.xml.out:43 pwconv.8.xml.out:42
 #: shadow.3.xml.out:36 shadow.5.xml.out:36 sg.1.xml.out:37 su.1.xml.out:53
 #: suauth.5.xml.out:36 useradd.8.xml.out:55 userdel.8.xml.out:42
@@ -252,20 +252,20 @@ msgid "shadow-utils"
 msgstr "shadow-utils"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:37
-#: chpasswd.8.xml.out:41 chsh.1.xml.out:40 expiry.1.xml.out:41
-#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:42
+#: chage.1.xml.out:38 chfn.1.xml.out:40 chgpasswd.8.xml.out:39
+#: chpasswd.8.xml.out:43 chsh.1.xml.out:40 expiry.1.xml.out:41
+#: faillog.5.xml.out:37 faillog.8.xml.out:37 gpasswd.1.xml.out:44
 #: groupadd.8.xml.out:40 groupdel.8.xml.out:38 groupmems.8.xml.out:41
 #: groupmod.8.xml.out:38 groups.1.xml.out:37 grpck.8.xml.out:37
 #: gshadow.5.xml.out:26 lastlog.8.xml.out:39 limits.5.xml.out:39
-#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:106
-#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:53
-#: nologin.8.xml.out:26 passwd.1.xml.out:44 passwd.5.xml.out:37
+#: login.1.xml.out:70 login.access.5.xml.out:38 login.defs.5.xml.out:108
+#: logoutd.8.xml.out:37 newgrp.1.xml.out:38 newusers.8.xml.out:55
+#: nologin.8.xml.out:26 passwd.1.xml.out:46 passwd.5.xml.out:37
 #: porttime.5.xml.out:37 pwck.8.xml.out:44 pwconv.8.xml.out:43
 #: shadow.3.xml.out:37 shadow.5.xml.out:37 sg.1.xml.out:38 su.1.xml.out:54
 #: suauth.5.xml.out:37 useradd.8.xml.out:56 userdel.8.xml.out:43
 #: usermod.8.xml.out:44 vipw.8.xml.out:39
-msgid "4.13"
+msgid "4.15.0"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -275,10 +275,10 @@ msgstr "更改用户密�过期信�"
 
 #. (itstool) path: arg/replaceable
 #. (itstool) path: cmdsynopsis/arg
-#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:48
-#: chpasswd.8.xml.out:52 chsh.1.xml.out:51 faillog.8.xml.out:48
+#: chage.1.xml.out:48 chfn.1.xml.out:51 chgpasswd.8.xml.out:50
+#: chpasswd.8.xml.out:54 chsh.1.xml.out:51 faillog.8.xml.out:48
 #: groupdel.8.xml.out:49 groupmod.8.xml.out:49 grpck.8.xml.out:47
-#: lastlog.8.xml.out:50 newusers.8.xml.out:64 passwd.1.xml.out:55
+#: lastlog.8.xml.out:50 newusers.8.xml.out:66 passwd.1.xml.out:57
 #: pwck.8.xml.out:54 pwconv.8.xml.out:57 pwconv.8.xml.out:63
 #: pwconv.8.xml.out:69 pwconv.8.xml.out:75 su.1.xml.out:64 useradd.8.xml.out:66
 #: useradd.8.xml.out:78 userdel.8.xml.out:52 usermod.8.xml.out:55
@@ -291,22 +291,22 @@ msgstr "选项"
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
 #: chage.1.xml.out:51 chfn.1.xml.out:54 chsh.1.xml.out:54 faillog.8.xml.out:180
-#: lastlog.8.xml.out:139 passwd.1.xml.out:58 useradd.8.xml.out:68
+#: lastlog.8.xml.out:139 passwd.1.xml.out:60 useradd.8.xml.out:68
 #: useradd.8.xml.out:158 userdel.8.xml.out:54 userdel.8.xml.out:64
 #: usermod.8.xml.out:57 usermod.8.xml.out:222 usermod.8.xml.out:506
 msgid "LOGIN"
 msgstr "登录"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:54
-#: chpasswd.8.xml.out:58 chsh.1.xml.out:60 expiry.1.xml.out:58
-#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:70
+#: chage.1.xml.out:57 chfn.1.xml.out:60 chgpasswd.8.xml.out:56
+#: chpasswd.8.xml.out:60 chsh.1.xml.out:60 expiry.1.xml.out:58
+#: faillog.5.xml.out:45 faillog.8.xml.out:54 gpasswd.1.xml.out:72
 #: groupadd.8.xml.out:60 groupdel.8.xml.out:56 groupmems.8.xml.out:61
 #: groupmod.8.xml.out:56 groups.1.xml.out:54 grpck.8.xml.out:58
 #: gshadow.5.xml.out:34 lastlog.8.xml.out:56 limits.5.xml.out:48
-#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:114
-#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:73
-#: nologin.8.xml.out:40 passwd.1.xml.out:64 passwd.5.xml.out:45
+#: login.1.xml.out:101 login.access.5.xml.out:46 login.defs.5.xml.out:116
+#: logoutd.8.xml.out:51 newgrp.1.xml.out:53 newusers.8.xml.out:75
+#: nologin.8.xml.out:40 passwd.1.xml.out:66 passwd.5.xml.out:45
 #: porttime.5.xml.out:45 pwck.8.xml.out:69 pwconv.8.xml.out:81
 #: shadow.3.xml.out:94 shadow.3.xml.out:150 shadow.5.xml.out:45 sg.1.xml.out:57
 #: su.1.xml.out:79 suauth.5.xml.out:51 useradd.8.xml.out:84
@@ -324,12 +324,12 @@ msgstr ""
 
 #. (itstool) path: refsect1/title
 #. (itstool) path: arg/replaceable
-#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:81
-#: chpasswd.8.xml.out:106 chsh.1.xml.out:71 expiry.1.xml.out:67
-#: faillog.8.xml.out:65 gpasswd.1.xml.out:110 groupadd.8.xml.out:51
+#: chage.1.xml.out:67 chfn.1.xml.out:87 chgpasswd.8.xml.out:83
+#: chpasswd.8.xml.out:108 chsh.1.xml.out:71 expiry.1.xml.out:67
+#: faillog.8.xml.out:65 gpasswd.1.xml.out:112 groupadd.8.xml.out:51
 #: groupadd.8.xml.out:80 groupdel.8.xml.out:64 groupmems.8.xml.out:76
 #: groupmod.8.xml.out:65 grpck.8.xml.out:122 lastlog.8.xml.out:68
-#: login.1.xml.out:186 newusers.8.xml.out:250 passwd.1.xml.out:150
+#: login.1.xml.out:186 newusers.8.xml.out:252 passwd.1.xml.out:146
 #: pwck.8.xml.out:153 pwconv.8.xml.out:163 su.1.xml.out:120
 #: useradd.8.xml.out:102 userdel.8.xml.out:69 usermod.8.xml.out:70
 #: vipw.8.xml.out:83
@@ -337,12 +337,12 @@ msgid "OPTIONS"
 msgstr "选项"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:82
-#: chpasswd.8.xml.out:107 chsh.1.xml.out:72 expiry.1.xml.out:68
-#: faillog.8.xml.out:66 gpasswd.1.xml.out:118 groupadd.8.xml.out:81
+#: chage.1.xml.out:68 chfn.1.xml.out:88 chgpasswd.8.xml.out:84
+#: chpasswd.8.xml.out:109 chsh.1.xml.out:72 expiry.1.xml.out:68
+#: faillog.8.xml.out:66 gpasswd.1.xml.out:120 groupadd.8.xml.out:81
 #: groupdel.8.xml.out:65 groupmems.8.xml.out:77 groupmod.8.xml.out:66
-#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:251
-#: passwd.1.xml.out:151 pwck.8.xml.out:158 su.1.xml.out:121
+#: grpck.8.xml.out:127 lastlog.8.xml.out:69 newusers.8.xml.out:253
+#: passwd.1.xml.out:147 pwck.8.xml.out:158 su.1.xml.out:121
 #: useradd.8.xml.out:103 userdel.8.xml.out:70 usermod.8.xml.out:71
 #, fuzzy
 #| msgid "The options which apply to the <command>su</command> command are:"
@@ -351,9 +351,9 @@ msgstr "<command>su</command> 命令�以接�的选项有："
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:74 gpasswd.1.xml.out:137 groupmems.8.xml.out:94
-#: passwd.1.xml.out:168 useradd.8.xml.out:123 useradd.8.xml.out:151
-#: useradd.8.xml.out:599 usermod.8.xml.out:112 usermod.8.xml.out:260
+#: chage.1.xml.out:74 gpasswd.1.xml.out:139 groupmems.8.xml.out:94
+#: passwd.1.xml.out:164 useradd.8.xml.out:123 useradd.8.xml.out:151
+#: useradd.8.xml.out:619 usermod.8.xml.out:112 usermod.8.xml.out:260
 #, fuzzy
 #| msgid "-"
 msgid "-d"
@@ -373,44 +373,44 @@ msgstr ""
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:73 chage.1.xml.out:88 chage.1.xml.out:127
 #: chage.1.xml.out:156 chage.1.xml.out:168 chage.1.xml.out:189
-#: chage.1.xml.out:202 chfn.1.xml.out:93 chfn.1.xml.out:101 chfn.1.xml.out:109
-#: chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
-#: chgpasswd.8.xml.out:122 chpasswd.8.xml.out:113 chpasswd.8.xml.out:164
-#: chpasswd.8.xml.out:177 chsh.1.xml.out:83 chsh.1.xml.out:96
-#: faillog.8.xml.out:104 faillog.8.xml.out:119 faillog.8.xml.out:156
-#: faillog.8.xml.out:169 gpasswd.1.xml.out:123 gpasswd.1.xml.out:136
-#: gpasswd.1.xml.out:157 groupadd.8.xml.out:101 groupadd.8.xml.out:157
-#: groupadd.8.xml.out:200 groupadd.8.xml.out:213 groupdel.8.xml.out:88
-#: groupdel.8.xml.out:101 groupmems.8.xml.out:83 groupmems.8.xml.out:94
-#: groupmems.8.xml.out:110 groupmems.8.xml.out:141 groupmod.8.xml.out:72
-#: groupmod.8.xml.out:81 groupmod.8.xml.out:120 groupmod.8.xml.out:142
-#: groupmod.8.xml.out:163 groupmod.8.xml.out:176 grpck.8.xml.out:148
-#: lastlog.8.xml.out:74 lastlog.8.xml.out:103 lastlog.8.xml.out:127
-#: newusers.8.xml.out:305 passwd.1.xml.out:196 passwd.1.xml.out:245
-#: passwd.1.xml.out:267 passwd.1.xml.out:277 passwd.1.xml.out:321
-#: passwd.1.xml.out:334 pwck.8.xml.out:196 pwconv.8.xml.out:177
-#: su.1.xml.out:125 su.1.xml.out:162 useradd.8.xml.out:117
-#: useradd.8.xml.out:138 useradd.8.xml.out:150 useradd.8.xml.out:178
-#: useradd.8.xml.out:195 useradd.8.xml.out:229 useradd.8.xml.out:277
-#: useradd.8.xml.out:424 useradd.8.xml.out:488 useradd.8.xml.out:501
-#: useradd.8.xml.out:516 useradd.8.xml.out:530 useradd.8.xml.out:565
-#: useradd.8.xml.out:591 useradd.8.xml.out:609 useradd.8.xml.out:621
-#: useradd.8.xml.out:638 useradd.8.xml.out:654 userdel.8.xml.out:122
-#: userdel.8.xml.out:135 usermod.8.xml.out:98 usermod.8.xml.out:111
-#: usermod.8.xml.out:128 usermod.8.xml.out:151 usermod.8.xml.out:173
-#: usermod.8.xml.out:216 usermod.8.xml.out:289 usermod.8.xml.out:327
-#: usermod.8.xml.out:340 usermod.8.xml.out:356 usermod.8.xml.out:368
-#: usermod.8.xml.out:500 vipw.8.xml.out:114
+#: chage.1.xml.out:202 chage.1.xml.out:217 chfn.1.xml.out:93 chfn.1.xml.out:101
+#: chfn.1.xml.out:109 chfn.1.xml.out:121 chfn.1.xml.out:129 chfn.1.xml.out:150
+#: chgpasswd.8.xml.out:128 chpasswd.8.xml.out:115 chpasswd.8.xml.out:170
+#: chpasswd.8.xml.out:183 chpasswd.8.xml.out:198 chsh.1.xml.out:83
+#: chsh.1.xml.out:96 faillog.8.xml.out:104 faillog.8.xml.out:119
+#: faillog.8.xml.out:156 faillog.8.xml.out:169 gpasswd.1.xml.out:125
+#: gpasswd.1.xml.out:138 gpasswd.1.xml.out:159 groupadd.8.xml.out:101
+#: groupadd.8.xml.out:157 groupadd.8.xml.out:200 groupadd.8.xml.out:213
+#: groupdel.8.xml.out:88 groupdel.8.xml.out:101 groupmems.8.xml.out:83
+#: groupmems.8.xml.out:94 groupmems.8.xml.out:110 groupmems.8.xml.out:141
+#: groupmod.8.xml.out:72 groupmod.8.xml.out:81 groupmod.8.xml.out:120
+#: groupmod.8.xml.out:142 groupmod.8.xml.out:163 groupmod.8.xml.out:176
+#: grpck.8.xml.out:148 lastlog.8.xml.out:74 lastlog.8.xml.out:103
+#: lastlog.8.xml.out:127 newusers.8.xml.out:307 passwd.1.xml.out:192
+#: passwd.1.xml.out:241 passwd.1.xml.out:263 passwd.1.xml.out:273
+#: passwd.1.xml.out:286 passwd.1.xml.out:332 passwd.1.xml.out:345
+#: pwck.8.xml.out:196 pwconv.8.xml.out:177 su.1.xml.out:125 su.1.xml.out:162
+#: useradd.8.xml.out:117 useradd.8.xml.out:138 useradd.8.xml.out:150
+#: useradd.8.xml.out:178 useradd.8.xml.out:195 useradd.8.xml.out:229
+#: useradd.8.xml.out:279 useradd.8.xml.out:426 useradd.8.xml.out:490
+#: useradd.8.xml.out:503 useradd.8.xml.out:518 useradd.8.xml.out:532
+#: useradd.8.xml.out:567 useradd.8.xml.out:611 useradd.8.xml.out:629
+#: useradd.8.xml.out:641 useradd.8.xml.out:658 useradd.8.xml.out:674
+#: userdel.8.xml.out:122 userdel.8.xml.out:135 usermod.8.xml.out:98
+#: usermod.8.xml.out:111 usermod.8.xml.out:128 usermod.8.xml.out:151
+#: usermod.8.xml.out:173 usermod.8.xml.out:216 usermod.8.xml.out:289
+#: usermod.8.xml.out:327 usermod.8.xml.out:340 usermod.8.xml.out:356
+#: usermod.8.xml.out:368 usermod.8.xml.out:500 vipw.8.xml.out:114
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>"
 msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:82 chage.1.xml.out:288 groupadd.8.xml.out:303
+#: chage.1.xml.out:82 chage.1.xml.out:303 groupadd.8.xml.out:303
 #: groupdel.8.xml.out:168 groupmod.8.xml.out:259 grpck.8.xml.out:237
-#: login.defs.5.xml.out:138 passwd.1.xml.out:425 pwck.8.xml.out:287
-#: su.1.xml.out:385 useradd.8.xml.out:811 userdel.8.xml.out:235
+#: login.defs.5.xml.out:140 passwd.1.xml.out:447 pwck.8.xml.out:287
+#: su.1.xml.out:385 useradd.8.xml.out:831 userdel.8.xml.out:235
 msgid "0"
 msgstr "0"
 
@@ -431,7 +431,7 @@ msgid "-E"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chage.1.xml.out:89 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 msgid "--expiredate"
 msgstr ""
@@ -439,7 +439,7 @@ msgstr ""
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:89 chage.1.xml.out:109 useradd.8.xml.out:179
-#: useradd.8.xml.out:610 usermod.8.xml.out:129 usermod.8.xml.out:243
+#: useradd.8.xml.out:630 usermod.8.xml.out:129 usermod.8.xml.out:243
 #: usermod.8.xml.out:416
 msgid "EXPIRE_DATE"
 msgstr ""
@@ -469,7 +469,7 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:108 chage.1.xml.out:139 chage.1.xml.out:182
-#: passwd.1.xml.out:344 useradd.8.xml.out:315
+#: passwd.1.xml.out:355 useradd.8.xml.out:317
 #, fuzzy
 #| msgid "1"
 msgid "-1"
@@ -491,78 +491,78 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:102 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
 #: grpck.8.xml.out:132 lastlog.8.xml.out:96 login.1.xml.out:204
-#: login.1.xml.out:229 newusers.8.xml.out:280 passwd.1.xml.out:190
-#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:271
+#: login.1.xml.out:229 newusers.8.xml.out:282 passwd.1.xml.out:186
+#: pwck.8.xml.out:173 pwconv.8.xml.out:171 useradd.8.xml.out:273
 #: userdel.8.xml.out:99 vipw.8.xml.out:96
 msgid "-h"
 msgstr "-h"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:107
-#: chpasswd.8.xml.out:147 chsh.1.xml.out:77 expiry.1.xml.out:88
-#: faillog.8.xml.out:98 gpasswd.1.xml.out:149 groupadd.8.xml.out:118
+#: chage.1.xml.out:115 chfn.1.xml.out:143 chgpasswd.8.xml.out:113
+#: chpasswd.8.xml.out:153 chsh.1.xml.out:77 expiry.1.xml.out:88
+#: faillog.8.xml.out:98 gpasswd.1.xml.out:151 groupadd.8.xml.out:118
 #: groupdel.8.xml.out:82 groupmems.8.xml.out:118 groupmod.8.xml.out:114
-#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:280
-#: passwd.1.xml.out:190 pwck.8.xml.out:173 pwconv.8.xml.out:171
-#: su.1.xml.out:387 useradd.8.xml.out:271 userdel.8.xml.out:99
+#: grpck.8.xml.out:132 lastlog.8.xml.out:96 newusers.8.xml.out:282
+#: passwd.1.xml.out:186 pwck.8.xml.out:173 pwconv.8.xml.out:171
+#: su.1.xml.out:387 useradd.8.xml.out:273 userdel.8.xml.out:99
 #: vipw.8.xml.out:96
 msgid "--help"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
 #: chage.1.xml.out:115 chage.1.xml.out:121 chage.1.xml.out:146
-#: chfn.1.xml.out:142 chgpasswd.8.xml.out:88 chgpasswd.8.xml.out:101
-#: chgpasswd.8.xml.out:107 chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:135
-#: chpasswd.8.xml.out:139 chpasswd.8.xml.out:147 chpasswd.8.xml.out:155
+#: chfn.1.xml.out:142 chgpasswd.8.xml.out:90 chgpasswd.8.xml.out:107
+#: chgpasswd.8.xml.out:113 chgpasswd.8.xml.out:119 chgpasswd.8.xml.out:141
+#: chpasswd.8.xml.out:145 chpasswd.8.xml.out:153 chpasswd.8.xml.out:161
 #: chsh.1.xml.out:77 expiry.1.xml.out:73 expiry.1.xml.out:79
 #: expiry.1.xml.out:88 faillog.8.xml.out:72 faillog.8.xml.out:98
-#: faillog.8.xml.out:144 gpasswd.1.xml.out:149 gpasswd.1.xml.out:172
-#: gpasswd.1.xml.out:188 groupadd.8.xml.out:87 groupadd.8.xml.out:118
+#: faillog.8.xml.out:144 gpasswd.1.xml.out:151 gpasswd.1.xml.out:174
+#: gpasswd.1.xml.out:190 groupadd.8.xml.out:87 groupadd.8.xml.out:118
 #: groupadd.8.xml.out:144 groupadd.8.xml.out:184 groupadd.8.xml.out:228
 #: groupdel.8.xml.out:71 groupdel.8.xml.out:82 groupmems.8.xml.out:118
 #: groupmems.8.xml.out:124 groupmems.8.xml.out:130 groupmod.8.xml.out:114
 #: groupmod.8.xml.out:131 groupmod.8.xml.out:193 grpck.8.xml.out:132
 #: grpck.8.xml.out:138 grpck.8.xml.out:161 grpck.8.xml.out:172
 #: lastlog.8.xml.out:84 lastlog.8.xml.out:95 lastlog.8.xml.out:116
-#: newusers.8.xml.out:268 newusers.8.xml.out:280 newusers.8.xml.out:286
-#: newusers.8.xml.out:320 passwd.1.xml.out:156 passwd.1.xml.out:167
-#: passwd.1.xml.out:179 passwd.1.xml.out:190 passwd.1.xml.out:209
-#: passwd.1.xml.out:221 passwd.1.xml.out:257 passwd.1.xml.out:290
-#: passwd.1.xml.out:308 pwck.8.xml.out:173 pwck.8.xml.out:179
-#: pwck.8.xml.out:188 pwck.8.xml.out:209 pwconv.8.xml.out:171
-#: useradd.8.xml.out:168 useradd.8.xml.out:217 useradd.8.xml.out:271
-#: useradd.8.xml.out:330 useradd.8.xml.out:349 useradd.8.xml.out:372
-#: useradd.8.xml.out:385 useradd.8.xml.out:404 useradd.8.xml.out:455
-#: useradd.8.xml.out:548 userdel.8.xml.out:75 userdel.8.xml.out:99
-#: userdel.8.xml.out:105 userdel.8.xml.out:152 usermod.8.xml.out:77
-#: usermod.8.xml.out:88 usermod.8.xml.out:230 usermod.8.xml.out:249
-#: usermod.8.xml.out:270 usermod.8.xml.out:316 usermod.8.xml.out:404
-#: vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102 vipw.8.xml.out:108
-#: vipw.8.xml.out:127 vipw.8.xml.out:133
+#: newusers.8.xml.out:270 newusers.8.xml.out:282 newusers.8.xml.out:288
+#: newusers.8.xml.out:322 passwd.1.xml.out:152 passwd.1.xml.out:163
+#: passwd.1.xml.out:175 passwd.1.xml.out:186 passwd.1.xml.out:205
+#: passwd.1.xml.out:217 passwd.1.xml.out:253 passwd.1.xml.out:301
+#: passwd.1.xml.out:319 passwd.1.xml.out:362 pwck.8.xml.out:173
+#: pwck.8.xml.out:179 pwck.8.xml.out:188 pwck.8.xml.out:209
+#: pwconv.8.xml.out:171 useradd.8.xml.out:168 useradd.8.xml.out:217
+#: useradd.8.xml.out:273 useradd.8.xml.out:332 useradd.8.xml.out:351
+#: useradd.8.xml.out:374 useradd.8.xml.out:387 useradd.8.xml.out:406
+#: useradd.8.xml.out:457 useradd.8.xml.out:550 userdel.8.xml.out:75
+#: userdel.8.xml.out:99 userdel.8.xml.out:105 userdel.8.xml.out:152
+#: usermod.8.xml.out:77 usermod.8.xml.out:88 usermod.8.xml.out:230
+#: usermod.8.xml.out:249 usermod.8.xml.out:270 usermod.8.xml.out:316
+#: usermod.8.xml.out:404 vipw.8.xml.out:90 vipw.8.xml.out:96 vipw.8.xml.out:102
+#: vipw.8.xml.out:108 vipw.8.xml.out:127 vipw.8.xml.out:133
 #, fuzzy
 #| msgid "<option>-a</option>, <option>--all</option>"
 msgid "<_:option-1/>, <_:option-2/>"
 msgstr "<option>-a</option>, <option>--all</option>"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:109
-#: chpasswd.8.xml.out:149 chsh.1.xml.out:79 expiry.1.xml.out:90
-#: faillog.8.xml.out:100 gpasswd.1.xml.out:151 groupadd.8.xml.out:120
+#: chage.1.xml.out:117 chfn.1.xml.out:146 chgpasswd.8.xml.out:115
+#: chpasswd.8.xml.out:155 chsh.1.xml.out:79 expiry.1.xml.out:90
+#: faillog.8.xml.out:100 gpasswd.1.xml.out:153 groupadd.8.xml.out:120
 #: groupdel.8.xml.out:84 groupmems.8.xml.out:120 groupmod.8.xml.out:116
-#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:282
-#: passwd.1.xml.out:192 pwck.8.xml.out:175 pwconv.8.xml.out:173
-#: useradd.8.xml.out:273 userdel.8.xml.out:101 vipw.8.xml.out:98
+#: grpck.8.xml.out:134 lastlog.8.xml.out:99 newusers.8.xml.out:284
+#: passwd.1.xml.out:188 pwck.8.xml.out:175 pwconv.8.xml.out:173
+#: useradd.8.xml.out:275 userdel.8.xml.out:101 vipw.8.xml.out:98
 msgid "Display help message and exit."
 msgstr "显示帮助信�并退出。"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:121 passwd.1.xml.out:197
+#: chage.1.xml.out:121 passwd.1.xml.out:193
 #, fuzzy
 #| msgid "-"
 msgid "-i"
@@ -586,8 +586,8 @@ msgid "-I"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:128 passwd.1.xml.out:197 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 usermod.8.xml.out:152
+#: chage.1.xml.out:128 passwd.1.xml.out:193 useradd.8.xml.out:196
+#: useradd.8.xml.out:642 usermod.8.xml.out:152
 msgid "--inactive"
 msgstr ""
 
@@ -595,8 +595,8 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/option
 #: chage.1.xml.out:128 chage.1.xml.out:134 chage.1.xml.out:140
-#: passwd.1.xml.out:197 passwd.1.xml.out:203 useradd.8.xml.out:196
-#: useradd.8.xml.out:211 useradd.8.xml.out:622 useradd.8.xml.out:632
+#: passwd.1.xml.out:193 passwd.1.xml.out:199 useradd.8.xml.out:196
+#: useradd.8.xml.out:211 useradd.8.xml.out:642 useradd.8.xml.out:652
 #: usermod.8.xml.out:152
 msgid "INACTIVE"
 msgstr ""
@@ -626,10 +626,10 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #. (itstool) path: group/arg
-#: chage.1.xml.out:147 chage.1.xml.out:242 faillog.8.xml.out:88
+#: chage.1.xml.out:147 chage.1.xml.out:257 faillog.8.xml.out:88
 #: faillog.8.xml.out:105 faillog.8.xml.out:185 faillog.8.xml.out:202
-#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:222
-#: passwd.1.xml.out:316 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:330
+#: groupmems.8.xml.out:55 groupmems.8.xml.out:124 passwd.1.xml.out:218
+#: passwd.1.xml.out:327 su.1.xml.out:144 su.1.xml.out:156 useradd.8.xml.out:332
 #: usermod.8.xml.out:217
 msgid "-l"
 msgstr "-l"
@@ -646,11 +646,11 @@ msgstr "显示账户年龄信�。"
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:157 chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:113
-#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:84 chpasswd.8.xml.out:130
-#: chpasswd.8.xml.out:155 faillog.8.xml.out:88 faillog.8.xml.out:120
+#: chage.1.xml.out:157 chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:119
+#: chpasswd.8.xml.out:80 chpasswd.8.xml.out:86 chpasswd.8.xml.out:136
+#: chpasswd.8.xml.out:161 faillog.8.xml.out:88 faillog.8.xml.out:120
 #: faillog.8.xml.out:185 faillog.8.xml.out:202 su.1.xml.out:207
-#: useradd.8.xml.out:287 useradd.8.xml.out:350 useradd.8.xml.out:476
+#: useradd.8.xml.out:289 useradd.8.xml.out:352 useradd.8.xml.out:478
 #: usermod.8.xml.out:119 usermod.8.xml.out:250
 #, fuzzy
 #| msgid "-"
@@ -658,19 +658,19 @@ msgid "-m"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:157 passwd.1.xml.out:246
+#: chage.1.xml.out:157 passwd.1.xml.out:242
 msgid "--mindays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:246
-#: passwd.1.xml.out:251
+#: chage.1.xml.out:157 chage.1.xml.out:162 passwd.1.xml.out:242
+#: passwd.1.xml.out:247
 msgid "MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:160 passwd.1.xml.out:249
+#: chage.1.xml.out:160 passwd.1.xml.out:245
 #, fuzzy
 #| msgid ""
 #| "Set the minimum number of days between password changes to "
@@ -686,26 +686,26 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chage.1.xml.out:169 gpasswd.1.xml.out:81 gpasswd.1.xml.out:112
-#: gpasswd.1.xml.out:217 useradd.8.xml.out:162 useradd.8.xml.out:373
+#: chage.1.xml.out:169 gpasswd.1.xml.out:83 gpasswd.1.xml.out:114
+#: gpasswd.1.xml.out:219 useradd.8.xml.out:162 useradd.8.xml.out:375
 msgid "-M"
 msgstr "-M"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:169 passwd.1.xml.out:335
+#: chage.1.xml.out:169 passwd.1.xml.out:346
 msgid "--maxdays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:169 chage.1.xml.out:174 chage.1.xml.out:183
-#: passwd.1.xml.out:335 passwd.1.xml.out:340 passwd.1.xml.out:345
+#: passwd.1.xml.out:346 passwd.1.xml.out:351 passwd.1.xml.out:356
 msgid "MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chage.1.xml.out:178 chage.1.xml.out:203 usermod.8.xml.out:481
+#: chage.1.xml.out:178 chage.1.xml.out:218 usermod.8.xml.out:481
 #, fuzzy
 #| msgid "-"
 msgid "-W"
@@ -726,7 +726,7 @@ msgstr ""
 "�能使用此账户。"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:181 passwd.1.xml.out:343
+#: chage.1.xml.out:181 passwd.1.xml.out:354
 #, fuzzy
 #| msgid ""
 #| "Passing the number <emphasis remap=\"I\">-1</emphasis> as "
@@ -740,12 +740,12 @@ msgstr ""
 "emphasis> 会移除密�有效性检查。"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:189 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:191 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 #, fuzzy
 #| msgid "-"
@@ -753,12 +753,12 @@ msgid "-R"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:123
-#: chpasswd.8.xml.out:165 chsh.1.xml.out:84 faillog.8.xml.out:157
-#: gpasswd.1.xml.out:158 groupadd.8.xml.out:201 groupdel.8.xml.out:89
+#: chage.1.xml.out:190 chfn.1.xml.out:130 chgpasswd.8.xml.out:129
+#: chpasswd.8.xml.out:171 chsh.1.xml.out:84 faillog.8.xml.out:157
+#: gpasswd.1.xml.out:160 groupadd.8.xml.out:201 groupdel.8.xml.out:89
 #: groupmems.8.xml.out:142 groupmod.8.xml.out:164 grpck.8.xml.out:149
-#: lastlog.8.xml.out:104 newusers.8.xml.out:306 passwd.1.xml.out:278
-#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:489
+#: lastlog.8.xml.out:104 newusers.8.xml.out:308 passwd.1.xml.out:274
+#: pwck.8.xml.out:197 pwconv.8.xml.out:178 useradd.8.xml.out:491
 #: userdel.8.xml.out:123 usermod.8.xml.out:328 vipw.8.xml.out:115
 msgid "--root"
 msgstr ""
@@ -767,22 +767,22 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #: chage.1.xml.out:190 chage.1.xml.out:194 chage.1.xml.out:196
 #: chfn.1.xml.out:130 chfn.1.xml.out:134 chfn.1.xml.out:136
-#: chgpasswd.8.xml.out:123 chgpasswd.8.xml.out:127 chgpasswd.8.xml.out:129
-#: chpasswd.8.xml.out:165 chpasswd.8.xml.out:169 chpasswd.8.xml.out:171
+#: chgpasswd.8.xml.out:129 chgpasswd.8.xml.out:133 chgpasswd.8.xml.out:135
+#: chpasswd.8.xml.out:171 chpasswd.8.xml.out:175 chpasswd.8.xml.out:177
 #: chsh.1.xml.out:84 chsh.1.xml.out:88 chsh.1.xml.out:90 faillog.8.xml.out:157
-#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:158
-#: gpasswd.1.xml.out:162 gpasswd.1.xml.out:164 groupadd.8.xml.out:201
+#: faillog.8.xml.out:161 faillog.8.xml.out:163 gpasswd.1.xml.out:160
+#: gpasswd.1.xml.out:164 gpasswd.1.xml.out:166 groupadd.8.xml.out:201
 #: groupadd.8.xml.out:205 groupadd.8.xml.out:207 groupdel.8.xml.out:89
 #: groupdel.8.xml.out:93 groupdel.8.xml.out:95 groupmems.8.xml.out:142
 #: groupmems.8.xml.out:146 groupmems.8.xml.out:148 groupmod.8.xml.out:164
 #: groupmod.8.xml.out:168 groupmod.8.xml.out:170 grpck.8.xml.out:149
 #: grpck.8.xml.out:153 grpck.8.xml.out:155 lastlog.8.xml.out:104
-#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:306
-#: newusers.8.xml.out:310 newusers.8.xml.out:312 passwd.1.xml.out:278
-#: passwd.1.xml.out:282 passwd.1.xml.out:284 pwck.8.xml.out:197
+#: lastlog.8.xml.out:108 lastlog.8.xml.out:110 newusers.8.xml.out:308
+#: newusers.8.xml.out:312 newusers.8.xml.out:314 passwd.1.xml.out:274
+#: passwd.1.xml.out:278 passwd.1.xml.out:280 pwck.8.xml.out:197
 #: pwck.8.xml.out:201 pwck.8.xml.out:203 pwconv.8.xml.out:178
-#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:489
-#: useradd.8.xml.out:493 useradd.8.xml.out:495 userdel.8.xml.out:123
+#: pwconv.8.xml.out:182 pwconv.8.xml.out:184 useradd.8.xml.out:491
+#: useradd.8.xml.out:495 useradd.8.xml.out:497 userdel.8.xml.out:123
 #: userdel.8.xml.out:127 userdel.8.xml.out:129 usermod.8.xml.out:328
 #: usermod.8.xml.out:332 usermod.8.xml.out:334 vipw.8.xml.out:115
 #: vipw.8.xml.out:119 vipw.8.xml.out:121
@@ -790,12 +790,12 @@ msgid "CHROOT_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:126
-#: chpasswd.8.xml.out:168 chsh.1.xml.out:87 faillog.8.xml.out:160
-#: gpasswd.1.xml.out:161 groupadd.8.xml.out:204 groupdel.8.xml.out:92
+#: chage.1.xml.out:193 chfn.1.xml.out:133 chgpasswd.8.xml.out:132
+#: chpasswd.8.xml.out:174 chsh.1.xml.out:87 faillog.8.xml.out:160
+#: gpasswd.1.xml.out:163 groupadd.8.xml.out:204 groupdel.8.xml.out:92
 #: groupmems.8.xml.out:145 groupmod.8.xml.out:167 grpck.8.xml.out:152
-#: lastlog.8.xml.out:107 newusers.8.xml.out:309 passwd.1.xml.out:281
-#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:492
+#: lastlog.8.xml.out:107 newusers.8.xml.out:311 passwd.1.xml.out:277
+#: pwck.8.xml.out:200 pwconv.8.xml.out:181 useradd.8.xml.out:494
 #: userdel.8.xml.out:126 usermod.8.xml.out:331 vipw.8.xml.out:118
 #, fuzzy
 #| msgid ""
@@ -810,19 +810,58 @@ msgstr ""
 "replaceable>。"
 
 #. (itstool) path: term/option
-#: chage.1.xml.out:203 passwd.1.xml.out:322
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+#, fuzzy
+#| msgid "-"
+msgid "-P"
+msgstr "-"
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:203 chpasswd.8.xml.out:184 groupadd.8.xml.out:214
+#: groupdel.8.xml.out:102 groupmod.8.xml.out:177 passwd.1.xml.out:287
+#: useradd.8.xml.out:504 userdel.8.xml.out:136 usermod.8.xml.out:341
+msgid "--prefix"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#. (itstool) path: para/replaceable
+#: chage.1.xml.out:203 chage.1.xml.out:208 chpasswd.8.xml.out:184
+#: chpasswd.8.xml.out:189 groupadd.8.xml.out:214 groupadd.8.xml.out:219
+#: groupdel.8.xml.out:102 groupdel.8.xml.out:106 groupdel.8.xml.out:108
+#: groupmod.8.xml.out:177 groupmod.8.xml.out:181 groupmod.8.xml.out:183
+#: passwd.1.xml.out:287 passwd.1.xml.out:292 useradd.8.xml.out:504
+#: useradd.8.xml.out:509 userdel.8.xml.out:136 userdel.8.xml.out:140
+#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
+msgid "PREFIX_DIR"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chage.1.xml.out:206 chpasswd.8.xml.out:187 groupadd.8.xml.out:217
+#: passwd.1.xml.out:290 useradd.8.xml.out:507
+msgid ""
+"Apply changes to configuration files under the root filesystem found under "
+"the directory <_:replaceable-1/>. This option does not chroot and is "
+"intended for preparing a cross-compilation target. Some limitations: NIS and "
+"LDAP users/groups are not verified. PAM authentication is using the host "
+"files. No SELINUX support."
+msgstr ""
+
+#. (itstool) path: term/option
+#: chage.1.xml.out:218 passwd.1.xml.out:333
 msgid "--warndays"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: chage.1.xml.out:203 chage.1.xml.out:208 passwd.1.xml.out:322
-#: passwd.1.xml.out:327
+#: chage.1.xml.out:218 chage.1.xml.out:223 passwd.1.xml.out:333
+#: passwd.1.xml.out:338
 msgid "WARN_DAYS"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:206
+#: chage.1.xml.out:221
 #, fuzzy
 msgid ""
 "Set the number of days of warning before a password change is required. The "
@@ -832,12 +871,12 @@ msgstr ""
 "设置在�求更改密�之�几天开始警告。<replaceable>WARN_DAYS</replaceable> 选项"
 
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:220 chfn.1.xml.out:163 chsh.1.xml.out:112
+#: chage.1.xml.out:235 chfn.1.xml.out:163 chsh.1.xml.out:112
 msgid "[ ]"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:215
+#: chage.1.xml.out:230
 #, fuzzy
 #| msgid ""
 #| "If none of the options are selected, <command>chage</command> operates in "
@@ -857,13 +896,13 @@ msgstr ""
 "<emphasis>[ ]</emphasis> 标记对里。"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:224 chsh.1.xml.out:117 groups.1.xml.out:65
+#: chage.1.xml.out:239 chsh.1.xml.out:117 groups.1.xml.out:65
 #: lastlog.8.xml.out:170
 msgid "NOTE"
 msgstr "注�"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:225
+#: chage.1.xml.out:240
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> program requires a shadow password file to "
@@ -873,7 +912,7 @@ msgid ""
 msgstr "<command>chage</command> 需�有一个影�密�文件��用。"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:229
+#: chage.1.xml.out:244
 msgid ""
 "The chage program will report only the information from the shadow password "
 "file. This implies that configuration from other sources (e.g. LDAP or empty "
@@ -887,7 +926,7 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: chage.1.xml.out:238 grpck.8.xml.out:294 login.defs.5.xml.out:410
+#: chage.1.xml.out:253 grpck.8.xml.out:294 login.defs.5.xml.out:429
 #: passwd.5.xml.out:185 pwck.8.xml.out:40 pwck.8.xml.out:47 pwck.8.xml.out:53
 #: pwck.8.xml.out:71 pwck.8.xml.out:147 pwck.8.xml.out:159 pwck.8.xml.out:191
 #: pwck.8.xml.out:223 pwck.8.xml.out:284 pwconv.8.xml.out:197
@@ -896,7 +935,7 @@ msgid "pwck"
 msgstr "pwck"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:235
+#: chage.1.xml.out:250
 msgid ""
 "The <_:command-1/> program will also not report any inconsistency between "
 "the shadow and passwd files (e.g. missing x in the passwd file). The <_:"
@@ -904,7 +943,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:241
+#: chage.1.xml.out:256
 #, fuzzy
 #| msgid ""
 #| "The <command>chage</command> command is restricted to the root user, "
@@ -920,52 +959,54 @@ msgstr ""
 "option> 选项，用�让�特�用户觉得自己的密�或账户何时过期。"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:249 chfn.1.xml.out:170 chgpasswd.8.xml.out:175
-#: chpasswd.8.xml.out:216 chsh.1.xml.out:131 gpasswd.1.xml.out:241
+#: chage.1.xml.out:264 chfn.1.xml.out:170 chgpasswd.8.xml.out:201
+#: chpasswd.8.xml.out:256 chsh.1.xml.out:150 gpasswd.1.xml.out:243
 #: groupadd.8.xml.out:247 groupdel.8.xml.out:133 groupmems.8.xml.out:176
 #: groupmod.8.xml.out:212 grpck.8.xml.out:196 lastlog.8.xml.out:182
-#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:360
-#: passwd.1.xml.out:372 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
-#: su.1.xml.out:314 useradd.8.xml.out:710 userdel.8.xml.out:165
-#: usermod.8.xml.out:536 vipw.8.xml.out:142
+#: login.1.xml.out:270 newgrp.1.xml.out:85 newusers.8.xml.out:381
+#: passwd.1.xml.out:394 pwck.8.xml.out:240 pwconv.8.xml.out:204 sg.1.xml.out:74
+#: su.1.xml.out:314 useradd.8.xml.out:730 userdel.8.xml.out:165
+#: usermod.8.xml.out:553 vipw.8.xml.out:142
 msgid "CONFIGURATION"
 msgstr "�置文件"
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chage.1.xml.out:252 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
-#: chgpasswd.8.xml.out:70 chgpasswd.8.xml.out:155 chgpasswd.8.xml.out:178
-#: chgpasswd.8.xml.out:205 chpasswd.8.xml.out:77 chpasswd.8.xml.out:134
-#: chpasswd.8.xml.out:200 chpasswd.8.xml.out:219 chpasswd.8.xml.out:247
-#: chsh.1.xml.out:134 chsh.1.xml.out:159 gpasswd.1.xml.out:244
-#: groupadd.8.xml.out:129 groupadd.8.xml.out:239 groupadd.8.xml.out:250
-#: groupadd.8.xml.out:276 groupdel.8.xml.out:136 groupmems.8.xml.out:179
-#: groupmod.8.xml.out:109 groupmod.8.xml.out:204 groupmod.8.xml.out:215
-#: groupmod.8.xml.out:239 grpck.8.xml.out:199 lastlog.8.xml.out:185
-#: login.1.xml.out:273 login.1.xml.out:365 login.access.5.xml.out:100
-#: login.defs.5.xml.out:116 login.defs.5.xml.out:515 newgrp.1.xml.out:88
-#: newusers.8.xml.out:340 newusers.8.xml.out:363 newusers.8.xml.out:423
-#: passwd.1.xml.out:375 passwd.1.xml.out:405 pwck.8.xml.out:243
+#: chage.1.xml.out:267 chfn.1.xml.out:68 chfn.1.xml.out:173 chfn.1.xml.out:187
+#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:159 chgpasswd.8.xml.out:168
+#: chgpasswd.8.xml.out:177 chgpasswd.8.xml.out:204 chgpasswd.8.xml.out:233
+#: chpasswd.8.xml.out:79 chpasswd.8.xml.out:140 chpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:227 chpasswd.8.xml.out:236 chpasswd.8.xml.out:259
+#: chpasswd.8.xml.out:289 chsh.1.xml.out:153 chsh.1.xml.out:200
+#: gpasswd.1.xml.out:246 groupadd.8.xml.out:129 groupadd.8.xml.out:239
+#: groupadd.8.xml.out:250 groupadd.8.xml.out:276 groupdel.8.xml.out:136
+#: groupmems.8.xml.out:179 groupmod.8.xml.out:109 groupmod.8.xml.out:204
+#: groupmod.8.xml.out:215 groupmod.8.xml.out:239 grpck.8.xml.out:199
+#: lastlog.8.xml.out:185 login.1.xml.out:273 login.1.xml.out:365
+#: login.access.5.xml.out:100 login.defs.5.xml.out:118 login.defs.5.xml.out:534
+#: newgrp.1.xml.out:88 newusers.8.xml.out:340 newusers.8.xml.out:349
+#: newusers.8.xml.out:357 newusers.8.xml.out:384 newusers.8.xml.out:444
+#: passwd.1.xml.out:397 passwd.1.xml.out:427 pwck.8.xml.out:243
 #: pwconv.8.xml.out:148 pwconv.8.xml.out:207 pwconv.8.xml.out:215
 #: pwconv.8.xml.out:230 sg.1.xml.out:77 su.1.xml.out:109 su.1.xml.out:219
 #: su.1.xml.out:277 su.1.xml.out:317 su.1.xml.out:357 useradd.8.xml.out:241
-#: useradd.8.xml.out:307 useradd.8.xml.out:378 useradd.8.xml.out:399
-#: useradd.8.xml.out:467 useradd.8.xml.out:474 useradd.8.xml.out:560
-#: useradd.8.xml.out:713 useradd.8.xml.out:797 userdel.8.xml.out:87
+#: useradd.8.xml.out:309 useradd.8.xml.out:380 useradd.8.xml.out:401
+#: useradd.8.xml.out:469 useradd.8.xml.out:476 useradd.8.xml.out:562
+#: useradd.8.xml.out:733 useradd.8.xml.out:817 userdel.8.xml.out:87
 #: userdel.8.xml.out:168 userdel.8.xml.out:191 userdel.8.xml.out:297
-#: usermod.8.xml.out:399 usermod.8.xml.out:539 usermod.8.xml.out:569
+#: usermod.8.xml.out:399 usermod.8.xml.out:556 usermod.8.xml.out:586
 #: vipw.8.xml.out:145
 msgid "/etc/login.defs"
 msgstr "/etc/login.defs"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:250 chfn.1.xml.out:171 chgpasswd.8.xml.out:176
-#: chpasswd.8.xml.out:217 chsh.1.xml.out:132 gpasswd.1.xml.out:242
+#: chage.1.xml.out:265 chfn.1.xml.out:171 chgpasswd.8.xml.out:202
+#: chpasswd.8.xml.out:257 chsh.1.xml.out:151 gpasswd.1.xml.out:244
 #: groupadd.8.xml.out:248 groupdel.8.xml.out:134 groupmems.8.xml.out:177
 #: groupmod.8.xml.out:213 grpck.8.xml.out:197 lastlog.8.xml.out:183
-#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:361
-#: passwd.1.xml.out:373 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
-#: useradd.8.xml.out:711 userdel.8.xml.out:166 usermod.8.xml.out:537
+#: login.1.xml.out:271 newgrp.1.xml.out:86 newusers.8.xml.out:382
+#: passwd.1.xml.out:395 pwck.8.xml.out:241 sg.1.xml.out:75 su.1.xml.out:315
+#: useradd.8.xml.out:731 userdel.8.xml.out:166 usermod.8.xml.out:554
 #: vipw.8.xml.out:143
 #, fuzzy
 #| msgid ""
@@ -979,126 +1020,126 @@ msgstr ""
 "的行为："
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:261 chfn.1.xml.out:184 chgpasswd.8.xml.out:190
-#: chpasswd.8.xml.out:232 chsh.1.xml.out:144 expiry.1.xml.out:97
-#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:256
+#: chage.1.xml.out:276 chfn.1.xml.out:184 chgpasswd.8.xml.out:218
+#: chpasswd.8.xml.out:274 chsh.1.xml.out:163 expiry.1.xml.out:97
+#: faillog.5.xml.out:72 faillog.8.xml.out:220 gpasswd.1.xml.out:258
 #: groupadd.8.xml.out:261 groupdel.8.xml.out:145 groupmems.8.xml.out:188
 #: groupmod.8.xml.out:224 groups.1.xml.out:77 grpck.8.xml.out:208
 #: gshadow.5.xml.out:132 lastlog.8.xml.out:194 limits.5.xml.out:172
 #: login.1.xml.out:314 login.access.5.xml.out:97 logoutd.8.xml.out:65
-#: newgrp.1.xml.out:97 newusers.8.xml.out:396 passwd.1.xml.out:390
+#: newgrp.1.xml.out:97 newusers.8.xml.out:417 passwd.1.xml.out:412
 #: passwd.5.xml.out:139 porttime.5.xml.out:106 pwck.8.xml.out:258
 #: pwconv.8.xml.out:227 shadow.3.xml.out:202 shadow.5.xml.out:231
-#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:740
-#: userdel.8.xml.out:182 usermod.8.xml.out:554 vipw.8.xml.out:172
+#: sg.1.xml.out:86 su.1.xml.out:342 suauth.5.xml.out:169 useradd.8.xml.out:760
+#: userdel.8.xml.out:182 usermod.8.xml.out:571 vipw.8.xml.out:172
 msgid "FILES"
 msgstr "文件"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:265 chfn.1.xml.out:193 chpasswd.8.xml.out:235
-#: chsh.1.xml.out:147 expiry.1.xml.out:100 groupmod.8.xml.out:245
+#: chage.1.xml.out:280 chfn.1.xml.out:193 chpasswd.8.xml.out:277
+#: chsh.1.xml.out:166 expiry.1.xml.out:100 groupmod.8.xml.out:245
 #: grpck.8.xml.out:223 lastlog.8.xml.out:63 login.1.xml.out:145
 #: login.1.xml.out:329 newgrp.1.xml.out:65 newgrp.1.xml.out:70
-#: newgrp.1.xml.out:100 newusers.8.xml.out:399 passwd.1.xml.out:393
+#: newgrp.1.xml.out:100 newusers.8.xml.out:420 passwd.1.xml.out:415
 #: passwd.5.xml.out:47 passwd.5.xml.out:89 passwd.5.xml.out:142
 #: pwck.8.xml.out:73 pwck.8.xml.out:145 pwck.8.xml.out:212 pwck.8.xml.out:224
 #: pwck.8.xml.out:267 pwconv.8.xml.out:127 shadow.5.xml.out:234 sg.1.xml.out:89
-#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:524
-#: useradd.8.xml.out:743 userdel.8.xml.out:197 usermod.8.xml.out:103
-#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:575
+#: su.1.xml.out:185 su.1.xml.out:197 su.1.xml.out:345 useradd.8.xml.out:526
+#: useradd.8.xml.out:763 userdel.8.xml.out:197 usermod.8.xml.out:103
+#: usermod.8.xml.out:305 usermod.8.xml.out:362 usermod.8.xml.out:592
 #: vipw.8.xml.out:68 vipw.8.xml.out:187
 msgid "/etc/passwd"
 msgstr "/etc/passwd"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:268 chfn.1.xml.out:195 chpasswd.8.xml.out:237
-#: chsh.1.xml.out:149 expiry.1.xml.out:102 groupmod.8.xml.out:247
+#: chage.1.xml.out:283 chfn.1.xml.out:195 chpasswd.8.xml.out:279
+#: chsh.1.xml.out:168 expiry.1.xml.out:102 groupmod.8.xml.out:247
 #: grpck.8.xml.out:225 login.1.xml.out:331 newgrp.1.xml.out:102
-#: newusers.8.xml.out:401 passwd.1.xml.out:395 passwd.5.xml.out:144
+#: newusers.8.xml.out:422 passwd.1.xml.out:417 passwd.5.xml.out:144
 #: pwck.8.xml.out:269 shadow.5.xml.out:236 sg.1.xml.out:91 su.1.xml.out:347
-#: useradd.8.xml.out:745 userdel.8.xml.out:199 vipw.8.xml.out:189
+#: useradd.8.xml.out:765 userdel.8.xml.out:199 vipw.8.xml.out:189
 msgid "User account information."
 msgstr "用户账户信�。"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: chage.1.xml.out:273 chpasswd.8.xml.out:241 expiry.1.xml.out:106
+#: chage.1.xml.out:288 chpasswd.8.xml.out:283 expiry.1.xml.out:106
 #: login.1.xml.out:335 newgrp.1.xml.out:68 newgrp.1.xml.out:106
-#: newusers.8.xml.out:295 newusers.8.xml.out:405 passwd.1.xml.out:399
+#: newusers.8.xml.out:297 newusers.8.xml.out:426 passwd.1.xml.out:421
 #: passwd.5.xml.out:82 passwd.5.xml.out:148 pwck.8.xml.out:73
 #: pwck.8.xml.out:107 pwck.8.xml.out:213 pwck.8.xml.out:225 pwck.8.xml.out:273
 #: pwconv.8.xml.out:128 pwconv.8.xml.out:149 shadow.3.xml.out:97
 #: shadow.3.xml.out:173 shadow.3.xml.out:205 shadow.5.xml.out:78
-#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:439
-#: useradd.8.xml.out:464 useradd.8.xml.out:749 userdel.8.xml.out:203
+#: shadow.5.xml.out:240 sg.1.xml.out:95 su.1.xml.out:351 useradd.8.xml.out:441
+#: useradd.8.xml.out:466 useradd.8.xml.out:769 userdel.8.xml.out:203
 #: usermod.8.xml.out:144 usermod.8.xml.out:145 usermod.8.xml.out:166
-#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:581
+#: usermod.8.xml.out:167 usermod.8.xml.out:306 usermod.8.xml.out:598
 #: vipw.8.xml.out:71 vipw.8.xml.out:193
 msgid "/etc/shadow"
 msgstr "/etc/shadow"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:276 chpasswd.8.xml.out:243 expiry.1.xml.out:108
-#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:407
-#: passwd.1.xml.out:401 pwck.8.xml.out:275 shadow.3.xml.out:207
-#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:751
+#: chage.1.xml.out:291 chpasswd.8.xml.out:285 expiry.1.xml.out:108
+#: login.1.xml.out:337 newgrp.1.xml.out:108 newusers.8.xml.out:428
+#: passwd.1.xml.out:423 pwck.8.xml.out:275 shadow.3.xml.out:207
+#: shadow.5.xml.out:242 sg.1.xml.out:97 su.1.xml.out:353 useradd.8.xml.out:771
 #: userdel.8.xml.out:205 vipw.8.xml.out:195
 msgid "Secure user account information."
 msgstr "安全用户账户信�。"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:283 groupadd.8.xml.out:298 groupdel.8.xml.out:163
-#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:420
-#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:806
+#: chage.1.xml.out:298 groupadd.8.xml.out:298 groupdel.8.xml.out:163
+#: groupmod.8.xml.out:254 grpck.8.xml.out:232 passwd.1.xml.out:442
+#: pwck.8.xml.out:282 su.1.xml.out:366 useradd.8.xml.out:826
 #: userdel.8.xml.out:230
 msgid "EXIT VALUES"
 msgstr "退出值"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:290 groupadd.8.xml.out:305 groupdel.8.xml.out:170
-#: grpck.8.xml.out:239 passwd.1.xml.out:427 pwck.8.xml.out:289
-#: useradd.8.xml.out:813 userdel.8.xml.out:237
+#: chage.1.xml.out:305 groupadd.8.xml.out:305 groupdel.8.xml.out:170
+#: grpck.8.xml.out:239 passwd.1.xml.out:449 pwck.8.xml.out:289
+#: useradd.8.xml.out:833 userdel.8.xml.out:237
 msgid "success"
 msgstr "�功"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:296 passwd.1.xml.out:433
+#: chage.1.xml.out:311 passwd.1.xml.out:455
 msgid "permission denied"
 msgstr "���够"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: citerefentry/manvolnum
-#: chage.1.xml.out:300 groupadd.8.xml.out:309 groupdel.8.xml.out:174
+#: chage.1.xml.out:315 groupadd.8.xml.out:309 groupdel.8.xml.out:174
 #: groupmod.8.xml.out:265 groups.1.xml.out:95 groups.1.xml.out:98
 #: groups.1.xml.out:101 grpck.8.xml.out:249 limits.5.xml.out:90
 #: limits.5.xml.out:101 limits.5.xml.out:188 limits.5.xml.out:191
-#: passwd.1.xml.out:437 pwck.8.xml.out:299 useradd.8.xml.out:823
+#: passwd.1.xml.out:459 pwck.8.xml.out:299 useradd.8.xml.out:843
 #: userdel.8.xml.out:247
 msgid "2"
 msgstr "2"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:302 groupadd.8.xml.out:311 groupdel.8.xml.out:176
-#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:825
+#: chage.1.xml.out:317 groupadd.8.xml.out:311 groupdel.8.xml.out:176
+#: grpck.8.xml.out:245 pwck.8.xml.out:295 useradd.8.xml.out:845
 #: userdel.8.xml.out:249
 msgid "invalid command syntax"
 msgstr "无效的命令语法"
 
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:306
+#: chage.1.xml.out:321
 msgid "15"
 msgstr "15"
 
 #. (itstool) path: listitem/para
-#: chage.1.xml.out:308
+#: chage.1.xml.out:323
 msgid "can't find the shadow password file"
 msgstr "无法找到影�密�文件"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:284 groupadd.8.xml.out:299 groupdel.8.xml.out:164
-#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:421
-#: pwck.8.xml.out:283 useradd.8.xml.out:807 userdel.8.xml.out:231
+#: chage.1.xml.out:299 groupadd.8.xml.out:299 groupdel.8.xml.out:164
+#: groupmod.8.xml.out:255 grpck.8.xml.out:233 passwd.1.xml.out:443
+#: pwck.8.xml.out:283 useradd.8.xml.out:827 userdel.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "The <command>pwck</command> command exits with the following values: "
@@ -1109,18 +1150,18 @@ msgid ""
 msgstr "<command>pwck</command> 命令有如下返回值：<placeholder-1/>"
 
 #. (itstool) path: refsect1/title
-#: chage.1.xml.out:316 chfn.1.xml.out:202 chgpasswd.8.xml.out:214
-#: chpasswd.8.xml.out:262 chsh.1.xml.out:168 expiry.1.xml.out:115
-#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:274
+#: chage.1.xml.out:331 chfn.1.xml.out:202 chgpasswd.8.xml.out:242
+#: chpasswd.8.xml.out:304 chsh.1.xml.out:209 expiry.1.xml.out:115
+#: faillog.5.xml.out:84 faillog.8.xml.out:232 gpasswd.1.xml.out:276
 #: groupadd.8.xml.out:343 groupdel.8.xml.out:202 groupmems.8.xml.out:206
 #: groupmod.8.xml.out:323 groups.1.xml.out:89 grpck.8.xml.out:277
 #: gshadow.5.xml.out:150 limits.5.xml.out:182 login.1.xml.out:374
-#: login.access.5.xml.out:109 login.defs.5.xml.out:527 newgrp.1.xml.out:127
-#: newusers.8.xml.out:450 nologin.8.xml.out:57 passwd.1.xml.out:471
+#: login.access.5.xml.out:109 login.defs.5.xml.out:546 newgrp.1.xml.out:127
+#: newusers.8.xml.out:471 nologin.8.xml.out:57 passwd.1.xml.out:493
 #: passwd.5.xml.out:167 porttime.5.xml.out:118 pwck.8.xml.out:333
 #: pwconv.8.xml.out:239 shadow.3.xml.out:214 shadow.5.xml.out:259
-#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:875
-#: userdel.8.xml.out:308 usermod.8.xml.out:602 vipw.8.xml.out:202
+#: sg.1.xml.out:116 su.1.xml.out:413 suauth.5.xml.out:198 useradd.8.xml.out:895
+#: userdel.8.xml.out:308 usermod.8.xml.out:619 vipw.8.xml.out:202
 msgid "SEE ALSO"
 msgstr "��"
 
@@ -1133,53 +1174,53 @@ msgstr "��"
 #. (itstool) path: para/command
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: chage.1.xml.out:319 chfn.1.xml.out:211 chpasswd.8.xml.out:265
-#: chsh.1.xml.out:177 expiry.1.xml.out:118 groupadd.8.xml.out:351
+#: chage.1.xml.out:334 chfn.1.xml.out:211 chpasswd.8.xml.out:307
+#: chsh.1.xml.out:218 expiry.1.xml.out:118 groupadd.8.xml.out:351
 #: groupdel.8.xml.out:211 groupmems.8.xml.out:215 groupmod.8.xml.out:332
 #: grpck.8.xml.out:291 lastlog.8.xml.out:176 login.1.xml.out:128
-#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:399
-#: login.defs.5.xml.out:516 login.defs.5.xml.out:533 login.defs.5.xml.out:539
-#: newusers.8.xml.out:79 newusers.8.xml.out:456 passwd.1.xml.out:40
-#: passwd.1.xml.out:47 passwd.1.xml.out:53 passwd.1.xml.out:66
-#: passwd.1.xml.out:69 passwd.1.xml.out:86 passwd.1.xml.out:116
-#: passwd.1.xml.out:152 passwd.1.xml.out:366 passwd.1.xml.out:413
-#: passwd.1.xml.out:422 passwd.1.xml.out:451 passwd.1.xml.out:457
-#: passwd.1.xml.out:477 passwd.5.xml.out:33 passwd.5.xml.out:40
+#: login.1.xml.out:380 login.1.xml.out:395 login.defs.5.xml.out:415
+#: login.defs.5.xml.out:535 login.defs.5.xml.out:552 login.defs.5.xml.out:558
+#: newusers.8.xml.out:81 newusers.8.xml.out:477 passwd.1.xml.out:42
+#: passwd.1.xml.out:49 passwd.1.xml.out:55 passwd.1.xml.out:68
+#: passwd.1.xml.out:71 passwd.1.xml.out:88 passwd.1.xml.out:100
+#: passwd.1.xml.out:148 passwd.1.xml.out:388 passwd.1.xml.out:435
+#: passwd.1.xml.out:444 passwd.1.xml.out:473 passwd.1.xml.out:479
+#: passwd.1.xml.out:502 passwd.5.xml.out:33 passwd.5.xml.out:40
 #: passwd.5.xml.out:182 pwck.8.xml.out:228 pwck.8.xml.out:342
 #: pwconv.8.xml.out:84 pwconv.8.xml.out:99 shadow.5.xml.out:268
-#: shadow.5.xml.out:271 useradd.8.xml.out:884 userdel.8.xml.out:316
-#: usermod.8.xml.out:611 vipw.8.xml.out:217
+#: shadow.5.xml.out:271 useradd.8.xml.out:904 userdel.8.xml.out:316
+#: usermod.8.xml.out:628 vipw.8.xml.out:217
 msgid "passwd"
 msgstr "passwd"
 
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: term/replaceable
-#: chage.1.xml.out:319 chage.1.xml.out:322 chfn.1.xml.out:208
-#: chfn.1.xml.out:211 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 chsh.1.xml.out:177 expiry.1.xml.out:118
+#: chage.1.xml.out:334 chage.1.xml.out:337 chfn.1.xml.out:208
+#: chfn.1.xml.out:211 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 chsh.1.xml.out:218 expiry.1.xml.out:118
 #: expiry.1.xml.out:121 faillog.5.xml.out:34 faillog.8.xml.out:238
-#: gpasswd.1.xml.out:292 gpasswd.1.xml.out:295 groupadd.8.xml.out:363
+#: gpasswd.1.xml.out:294 gpasswd.1.xml.out:297 groupadd.8.xml.out:363
 #: groupmod.8.xml.out:344 grpck.8.xml.out:267 grpck.8.xml.out:280
 #: grpck.8.xml.out:287 grpck.8.xml.out:291 grpck.8.xml.out:297
 #: gshadow.5.xml.out:23 gshadow.5.xml.out:153 gshadow.5.xml.out:156
 #: limits.5.xml.out:36 login.1.xml.out:389 login.1.xml.out:392
 #: login.1.xml.out:395 login.1.xml.out:398 login.access.5.xml.out:35
-#: login.defs.5.xml.out:103 login.defs.5.xml.out:539 login.defs.5.xml.out:542
-#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:79
-#: newusers.8.xml.out:453 newusers.8.xml.out:460 newusers.8.xml.out:463
-#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:455
-#: passwd.1.xml.out:477 passwd.1.xml.out:480 passwd.1.xml.out:484
+#: login.defs.5.xml.out:105 login.defs.5.xml.out:558 login.defs.5.xml.out:561
+#: newgrp.1.xml.out:145 newgrp.1.xml.out:148 newusers.8.xml.out:81
+#: newusers.8.xml.out:474 newusers.8.xml.out:481 newusers.8.xml.out:484
+#: nologin.8.xml.out:48 nologin.8.xml.out:63 passwd.1.xml.out:477
+#: passwd.1.xml.out:502 passwd.1.xml.out:505 passwd.1.xml.out:509
 #: passwd.5.xml.out:34 passwd.5.xml.out:80 passwd.5.xml.out:194
 #: porttime.5.xml.out:34 pwck.8.xml.out:317 pwck.8.xml.out:336
 #: pwck.8.xml.out:342 pwck.8.xml.out:345 pwconv.8.xml.out:245
 #: shadow.3.xml.out:220 shadow.5.xml.out:34 shadow.5.xml.out:271
 #: sg.1.xml.out:134 sg.1.xml.out:137 su.1.xml.out:418 suauth.5.xml.out:34
-#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:628
-#: useradd.8.xml.out:899 useradd.8.xml.out:906 useradd.8.xml.out:909
+#: suauth.5.xml.out:91 useradd.8.xml.out:205 useradd.8.xml.out:648
+#: useradd.8.xml.out:919 useradd.8.xml.out:926 useradd.8.xml.out:929
 #: userdel.8.xml.out:319 userdel.8.xml.out:335 userdel.8.xml.out:338
-#: usermod.8.xml.out:162 usermod.8.xml.out:629 usermod.8.xml.out:633
-#: usermod.8.xml.out:636 vipw.8.xml.out:208 vipw.8.xml.out:211
+#: usermod.8.xml.out:162 usermod.8.xml.out:646 usermod.8.xml.out:650
+#: usermod.8.xml.out:653 vipw.8.xml.out:208 vipw.8.xml.out:211
 #: vipw.8.xml.out:214 vipw.8.xml.out:217 vipw.8.xml.out:220 vipw.8.xml.out:223
 msgid "5"
 msgstr "5"
@@ -1192,20 +1233,20 @@ msgstr "5"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/filename
-#: chage.1.xml.out:322 expiry.1.xml.out:121 grpck.8.xml.out:51
-#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:542
-#: passwd.1.xml.out:480 passwd.5.xml.out:79 passwd.5.xml.out:194
+#: chage.1.xml.out:337 expiry.1.xml.out:121 grpck.8.xml.out:51
+#: grpck.8.xml.out:190 grpck.8.xml.out:297 login.defs.5.xml.out:561
+#: passwd.1.xml.out:505 passwd.5.xml.out:79 passwd.5.xml.out:194
 #: pwck.8.xml.out:229 pwck.8.xml.out:233 pwck.8.xml.out:345 pwconv.8.xml.out:84
 #: pwconv.8.xml.out:85 pwconv.8.xml.out:100 pwconv.8.xml.out:101
 #: shadow.3.xml.out:33 shadow.3.xml.out:40 shadow.3.xml.out:96
 #: shadow.3.xml.out:220 shadow.5.xml.out:33 shadow.5.xml.out:40
-#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:628
+#: shadow.5.xml.out:47 useradd.8.xml.out:205 useradd.8.xml.out:648
 #: usermod.8.xml.out:162 vipw.8.xml.out:223
 msgid "shadow"
 msgstr "shadow"
 
 #. (itstool) path: refsect1/para
-#: chage.1.xml.out:317 expiry.1.xml.out:116 faillog.8.xml.out:233
+#: chage.1.xml.out:332 expiry.1.xml.out:116 faillog.8.xml.out:233
 #: nologin.8.xml.out:58 shadow.3.xml.out:215
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>."
 msgstr ""
@@ -1217,10 +1258,10 @@ msgstr ""
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: varlistentry/term
 #: chfn.1.xml.out:36 chfn.1.xml.out:43 chfn.1.xml.out:49 chfn.1.xml.out:62
-#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:171
+#: chfn.1.xml.out:89 chfn.1.xml.out:159 chfn.1.xml.out:164 chsh.1.xml.out:212
 #: groupadd.8.xml.out:345 groupdel.8.xml.out:205 groupmems.8.xml.out:209
-#: groupmod.8.xml.out:326 login.defs.5.xml.out:239 useradd.8.xml.out:878
-#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:605
+#: groupmod.8.xml.out:326 login.defs.5.xml.out:243 useradd.8.xml.out:898
+#: userdel.8.xml.out:310 usermod.8.xml.out:105 usermod.8.xml.out:622
 msgid "chfn"
 msgstr "chfn"
 
@@ -1238,8 +1279,8 @@ msgstr ""
 #. (itstool) path: term/option
 #: chfn.1.xml.out:71 chfn.1.xml.out:110 groupadd.8.xml.out:106
 #: groupadd.8.xml.out:145 groupadd.8.xml.out:323 groupmod.8.xml.out:93
-#: groupmod.8.xml.out:132 useradd.8.xml.out:405 useradd.8.xml.out:536
-#: useradd.8.xml.out:837 usermod.8.xml.out:271 usermod.8.xml.out:377
+#: groupmod.8.xml.out:132 useradd.8.xml.out:407 useradd.8.xml.out:538
+#: useradd.8.xml.out:857 usermod.8.xml.out:271 usermod.8.xml.out:377
 #, fuzzy
 #| msgid "-"
 msgid "-o"
@@ -1279,7 +1320,7 @@ msgstr ""
 #: chfn.1.xml.out:94 expiry.1.xml.out:61 expiry.1.xml.out:79
 #: groupadd.8.xml.out:88 groupdel.8.xml.out:72 login.1.xml.out:90
 #: login.1.xml.out:190 login.1.xml.out:229 useradd.8.xml.out:196
-#: useradd.8.xml.out:622 userdel.8.xml.out:76 userdel.8.xml.out:287
+#: useradd.8.xml.out:642 userdel.8.xml.out:76 userdel.8.xml.out:287
 #: userdel.8.xml.out:302 usermod.8.xml.out:152
 msgid "-f"
 msgstr "-f"
@@ -1341,12 +1382,12 @@ msgstr ""
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: chfn.1.xml.out:122 faillog.8.xml.out:89 faillog.8.xml.out:144
-#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:173
+#: faillog.8.xml.out:186 faillog.8.xml.out:203 gpasswd.1.xml.out:175
 #: groupadd.8.xml.out:112 groupadd.8.xml.out:185 grpck.8.xml.out:124
 #: grpck.8.xml.out:138 login.1.xml.out:220 login.1.xml.out:229
-#: newusers.8.xml.out:287 passwd.1.xml.out:268 pwck.8.xml.out:155
-#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:456
-#: useradd.8.xml.out:542 userdel.8.xml.out:106 usermod.8.xml.out:317
+#: newusers.8.xml.out:289 passwd.1.xml.out:264 pwck.8.xml.out:155
+#: pwck.8.xml.out:188 useradd.8.xml.out:224 useradd.8.xml.out:458
+#: useradd.8.xml.out:544 userdel.8.xml.out:106 usermod.8.xml.out:317
 msgid "-r"
 msgstr "-r"
 
@@ -1371,8 +1412,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: chfn.1.xml.out:143 faillog.8.xml.out:80 faillog.8.xml.out:180
 #: faillog.8.xml.out:214 lastlog.8.xml.out:90 lastlog.8.xml.out:122
-#: lastlog.8.xml.out:139 passwd.1.xml.out:309 useradd.8.xml.out:414
-#: useradd.8.xml.out:531 usermod.8.xml.out:279 usermod.8.xml.out:369
+#: lastlog.8.xml.out:139 passwd.1.xml.out:320 useradd.8.xml.out:416
+#: useradd.8.xml.out:533 usermod.8.xml.out:279 usermod.8.xml.out:369
 #: vipw.8.xml.out:133
 #, fuzzy
 #| msgid "-"
@@ -1380,7 +1421,7 @@ msgid "-u"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: chfn.1.xml.out:151 passwd.1.xml.out:322 usermod.8.xml.out:463
+#: chfn.1.xml.out:151 passwd.1.xml.out:333 usermod.8.xml.out:463
 #, fuzzy
 #| msgid "-"
 msgid "-w"
@@ -1425,11 +1466,11 @@ msgstr ""
 "<emphasis>[ ]</emphasis> 标记对里。"
 
 #. (itstool) path: listitem/para
-#: chfn.1.xml.out:189 chgpasswd.8.xml.out:207 chpasswd.8.xml.out:249
-#: chsh.1.xml.out:161 groupadd.8.xml.out:278 groupmod.8.xml.out:241
-#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:425
-#: passwd.1.xml.out:407 pwconv.8.xml.out:232 su.1.xml.out:359
-#: useradd.8.xml.out:799 userdel.8.xml.out:193
+#: chfn.1.xml.out:189 chgpasswd.8.xml.out:235 chpasswd.8.xml.out:291
+#: chsh.1.xml.out:202 groupadd.8.xml.out:278 groupmod.8.xml.out:241
+#: login.1.xml.out:367 login.access.5.xml.out:102 newusers.8.xml.out:446
+#: passwd.1.xml.out:429 pwconv.8.xml.out:232 su.1.xml.out:359
+#: useradd.8.xml.out:819 userdel.8.xml.out:193
 msgid "Shadow password suite configuration."
 msgstr "Shadow 密�套件�置。"
 
@@ -1442,8 +1483,8 @@ msgstr "Shadow 密�套件�置。"
 #: chfn.1.xml.out:205 chsh.1.xml.out:36 chsh.1.xml.out:43 chsh.1.xml.out:49
 #: chsh.1.xml.out:62 chsh.1.xml.out:73 chsh.1.xml.out:109
 #: groupadd.8.xml.out:348 groupdel.8.xml.out:208 groupmems.8.xml.out:212
-#: groupmod.8.xml.out:329 login.defs.5.xml.out:270 useradd.8.xml.out:881
-#: userdel.8.xml.out:313 usermod.8.xml.out:608
+#: groupmod.8.xml.out:329 login.defs.5.xml.out:280 useradd.8.xml.out:901
+#: userdel.8.xml.out:313 usermod.8.xml.out:625
 msgid "chsh"
 msgstr "chsh"
 
@@ -1451,25 +1492,25 @@ msgstr "chsh"
 #. (itstool) path: para/filename
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
-#: chfn.1.xml.out:208 chgpasswd.8.xml.out:223 chpasswd.8.xml.out:272
-#: chsh.1.xml.out:174 groupadd.8.xml.out:194 groupadd.8.xml.out:363
-#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:102
-#: login.defs.5.xml.out:109 newusers.8.xml.out:298 newusers.8.xml.out:453
-#: passwd.1.xml.out:484 pwconv.8.xml.out:92 pwconv.8.xml.out:94
+#: chfn.1.xml.out:208 chgpasswd.8.xml.out:251 chpasswd.8.xml.out:314
+#: chsh.1.xml.out:215 groupadd.8.xml.out:194 groupadd.8.xml.out:363
+#: groupmod.8.xml.out:344 login.1.xml.out:389 login.defs.5.xml.out:104
+#: login.defs.5.xml.out:111 newusers.8.xml.out:300 newusers.8.xml.out:474
+#: passwd.1.xml.out:509 pwconv.8.xml.out:92 pwconv.8.xml.out:94
 #: pwconv.8.xml.out:108 pwconv.8.xml.out:245 su.1.xml.out:418
-#: useradd.8.xml.out:899 userdel.8.xml.out:117 userdel.8.xml.out:319
-#: usermod.8.xml.out:629 vipw.8.xml.out:214
+#: useradd.8.xml.out:919 userdel.8.xml.out:117 userdel.8.xml.out:319
+#: usermod.8.xml.out:646 vipw.8.xml.out:214
 msgid "login.defs"
 msgstr "login.defs"
 
 #. (itstool) path: refsect1/para
-#: chfn.1.xml.out:203 chgpasswd.8.xml.out:215 chsh.1.xml.out:169
+#: chfn.1.xml.out:203 chgpasswd.8.xml.out:243 chsh.1.xml.out:210
 #: limits.5.xml.out:183
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>."
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: chgpasswd.8.xml.out:23
+#: chgpasswd.8.xml.out:25
 msgid "Creation, 2006"
 msgstr ""
 
@@ -1478,19 +1519,19 @@ msgstr ""
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:33 chgpasswd.8.xml.out:40 chgpasswd.8.xml.out:46
-#: chgpasswd.8.xml.out:56 chgpasswd.8.xml.out:66 chgpasswd.8.xml.out:83
-#: login.defs.5.xml.out:249
+#: chgpasswd.8.xml.out:35 chgpasswd.8.xml.out:42 chgpasswd.8.xml.out:48
+#: chgpasswd.8.xml.out:58 chgpasswd.8.xml.out:68 chgpasswd.8.xml.out:85
+#: login.defs.5.xml.out:253
 msgid "chgpasswd"
 msgstr "chgpasswd"
 
 #. (itstool) path: refmeta/manvolnum
 #. (itstool) path: citerefentry/manvolnum
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:34 chgpasswd.8.xml.out:220 chpasswd.8.xml.out:38
-#: chpasswd.8.xml.out:268 chpasswd.8.xml.out:276 faillog.5.xml.out:87
-#: faillog.8.xml.out:34 gpasswd.1.xml.out:280 gpasswd.1.xml.out:283
-#: gpasswd.1.xml.out:286 gpasswd.1.xml.out:289 groupadd.8.xml.out:37
+#: chgpasswd.8.xml.out:36 chgpasswd.8.xml.out:248 chpasswd.8.xml.out:40
+#: chpasswd.8.xml.out:310 chpasswd.8.xml.out:318 faillog.5.xml.out:87
+#: faillog.8.xml.out:34 gpasswd.1.xml.out:282 gpasswd.1.xml.out:285
+#: gpasswd.1.xml.out:288 gpasswd.1.xml.out:291 groupadd.8.xml.out:37
 #: groupadd.8.xml.out:354 groupadd.8.xml.out:357 groupadd.8.xml.out:360
 #: groupadd.8.xml.out:366 groupadd.8.xml.out:369 groupadd.8.xml.out:372
 #: groupdel.8.xml.out:35 groupdel.8.xml.out:186 groupdel.8.xml.out:214
@@ -1503,43 +1544,43 @@ msgstr "chgpasswd"
 #: grpck.8.xml.out:34 grpck.8.xml.out:283 grpck.8.xml.out:294
 #: gshadow.5.xml.out:159 gshadow.5.xml.out:162 lastlog.8.xml.out:36
 #: login.1.xml.out:174 login.1.xml.out:176 login.1.xml.out:249
-#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:545
-#: logoutd.8.xml.out:34 newusers.8.xml.out:50 newusers.8.xml.out:467
-#: nologin.8.xml.out:23 passwd.1.xml.out:474 passwd.1.xml.out:488
+#: login.1.xml.out:251 login.1.xml.out:401 login.defs.5.xml.out:564
+#: logoutd.8.xml.out:34 newusers.8.xml.out:52 newusers.8.xml.out:488
+#: nologin.8.xml.out:23 passwd.1.xml.out:496 passwd.1.xml.out:513
 #: passwd.5.xml.out:185 passwd.5.xml.out:188 passwd.5.xml.out:191
 #: passwd.5.xml.out:200 pwck.8.xml.out:41 pwck.8.xml.out:339 pwck.8.xml.out:348
 #: pwconv.8.xml.out:40 pwconv.8.xml.out:242 pwconv.8.xml.out:248
 #: pwconv.8.xml.out:251 pwconv.8.xml.out:254 shadow.5.xml.out:274
 #: shadow.5.xml.out:277 shadow.5.xml.out:280 shadow.5.xml.out:286
-#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:574
-#: useradd.8.xml.out:890 useradd.8.xml.out:893 useradd.8.xml.out:896
-#: useradd.8.xml.out:902 useradd.8.xml.out:913 useradd.8.xml.out:916
-#: userdel.8.xml.out:40 userdel.8.xml.out:259 userdel.8.xml.out:322
-#: userdel.8.xml.out:325 userdel.8.xml.out:328 userdel.8.xml.out:331
-#: userdel.8.xml.out:342 userdel.8.xml.out:345 usermod.8.xml.out:41
-#: usermod.8.xml.out:617 usermod.8.xml.out:620 usermod.8.xml.out:623
-#: usermod.8.xml.out:626 usermod.8.xml.out:640 usermod.8.xml.out:643
-#: vipw.8.xml.out:36
+#: suauth.5.xml.out:192 useradd.8.xml.out:53 useradd.8.xml.out:576
+#: useradd.8.xml.out:590 useradd.8.xml.out:910 useradd.8.xml.out:913
+#: useradd.8.xml.out:916 useradd.8.xml.out:922 useradd.8.xml.out:933
+#: useradd.8.xml.out:936 userdel.8.xml.out:40 userdel.8.xml.out:259
+#: userdel.8.xml.out:322 userdel.8.xml.out:325 userdel.8.xml.out:328
+#: userdel.8.xml.out:331 userdel.8.xml.out:342 userdel.8.xml.out:345
+#: usermod.8.xml.out:41 usermod.8.xml.out:522 usermod.8.xml.out:634
+#: usermod.8.xml.out:637 usermod.8.xml.out:640 usermod.8.xml.out:643
+#: usermod.8.xml.out:657 usermod.8.xml.out:660 vipw.8.xml.out:36
 msgid "8"
 msgstr "8"
 
 #. (itstool) path: refmeta/refmiscinfo
-#: chgpasswd.8.xml.out:35 chpasswd.8.xml.out:39 faillog.8.xml.out:35
+#: chgpasswd.8.xml.out:37 chpasswd.8.xml.out:41 faillog.8.xml.out:35
 #: groupadd.8.xml.out:38 groupdel.8.xml.out:36 groupmems.8.xml.out:39
 #: groupmod.8.xml.out:36 grpck.8.xml.out:35 lastlog.8.xml.out:37
-#: logoutd.8.xml.out:35 newusers.8.xml.out:51 nologin.8.xml.out:24
+#: logoutd.8.xml.out:35 newusers.8.xml.out:53 nologin.8.xml.out:24
 #: pwck.8.xml.out:42 pwconv.8.xml.out:41 useradd.8.xml.out:54
 #: userdel.8.xml.out:41 usermod.8.xml.out:42 vipw.8.xml.out:37
 msgid "System Management Commands"
 msgstr "系统管�命令"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chgpasswd.8.xml.out:41
+#: chgpasswd.8.xml.out:43
 msgid "update group passwords in batch mode"
 msgstr "批�更新组密�"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:55
+#: chgpasswd.8.xml.out:57
 #, fuzzy
 #| msgid ""
 #| "The <command>chgpasswd</command> command reads a list of group name and "
@@ -1556,12 +1597,12 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chgpasswd.8.xml.out:61 groupmems.8.xml.out:54 groupmems.8.xml.out:110
+#: chgpasswd.8.xml.out:63 groupmems.8.xml.out:54 groupmems.8.xml.out:110
 msgid "group_name"
 msgstr "group_name"
 
 #. (itstool) path: para/emphasis
-#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66 passwd.5.xml.out:77
+#: chgpasswd.8.xml.out:64 chpasswd.8.xml.out:68 passwd.5.xml.out:77
 #: passwd.5.xml.out:86 passwd.5.xml.out:91 passwd.5.xml.out:95
 #: passwd.5.xml.out:98
 #, fuzzy
@@ -1570,12 +1611,12 @@ msgid "password"
 msgstr "passwd"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:60 chpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:62 chpasswd.8.xml.out:66
 msgid "<_:emphasis-1/>:<_:emphasis-2/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:64
+#: chgpasswd.8.xml.out:66
 #, fuzzy
 #| msgid ""
 #| "By default the supplied password must be in clear-text, and is encrypted "
@@ -1587,8 +1628,8 @@ msgstr ""
 "默认上，�供的密�必须是明�文本，然�由 <command>chgpasswd</command> 加密。"
 
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:70 chpasswd.8.xml.out:75 chpasswd.8.xml.out:132
-#: passwd.1.xml.out:129
+#: chgpasswd.8.xml.out:72 chpasswd.8.xml.out:77 chpasswd.8.xml.out:138
+#: passwd.1.xml.out:114
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "ENCRYPT_METHOD"
@@ -1596,9 +1637,9 @@ msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:71 chgpasswd.8.xml.out:101 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:130 chpasswd.8.xml.out:139
-#: passwd.1.xml.out:180 useradd.8.xml.out:179 useradd.8.xml.out:610
+#: chgpasswd.8.xml.out:73 chgpasswd.8.xml.out:107 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:136 chpasswd.8.xml.out:145
+#: passwd.1.xml.out:176 useradd.8.xml.out:179 useradd.8.xml.out:630
 #: usermod.8.xml.out:129
 #, fuzzy
 #| msgid "-"
@@ -1608,16 +1649,16 @@ msgstr "-"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #. (itstool) path: arg/arg
-#: chgpasswd.8.xml.out:72 chgpasswd.8.xml.out:88 chpasswd.8.xml.out:78
-#: chpasswd.8.xml.out:84 chpasswd.8.xml.out:114 chpasswd.8.xml.out:129
-#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:74 chgpasswd.8.xml.out:90 chpasswd.8.xml.out:80
+#: chpasswd.8.xml.out:86 chpasswd.8.xml.out:116 chpasswd.8.xml.out:135
+#: expiry.1.xml.out:60 expiry.1.xml.out:73 newusers.8.xml.out:270
 #: sg.1.xml.out:50 su.1.xml.out:86 su.1.xml.out:126 su.1.xml.out:131
 #: useradd.8.xml.out:139 usermod.8.xml.out:99
 msgid "-c"
 msgstr "-c"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:68
+#: chgpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -1634,55 +1675,109 @@ msgstr ""
 "c</option> 选项覆盖。"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:74 chpasswd.8.xml.out:99
+#: chgpasswd.8.xml.out:76 chpasswd.8.xml.out:101
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are created at a single time."
 msgstr "此命令一般用于需�一次创建很多用户的大型系统。"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:88 chpasswd.8.xml.out:114 newusers.8.xml.out:268
+#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:116 newusers.8.xml.out:270
 msgid "--crypt-method"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:90 chpasswd.8.xml.out:117 newusers.8.xml.out:270
+#: chgpasswd.8.xml.out:92 chpasswd.8.xml.out:119 newusers.8.xml.out:272
 msgid "Use the specified method to encrypt the passwords."
 msgstr "使用指定的方法加密密�。"
 
-#. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:91 chpasswd.8.xml.out:118
-msgid "The available methods are DES, MD5, and NONE."
-msgstr "�用的方法有 DES，MD5 和 NONE。"
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:95 chgpasswd.8.xml.out:149 chpasswd.8.xml.out:122
+#: chpasswd.8.xml.out:208 newusers.8.xml.out:330
+msgid "BCRYPT"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid "<_:replaceable-1/>,"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:96 chpasswd.8.xml.out:123
+msgid "DES"
+msgstr ""
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid "MD5"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:98 chgpasswd.8.xml.out:151 chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:210 newusers.8.xml.out:332
+msgid "SHA256"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:99 chgpasswd.8.xml.out:152 chpasswd.8.xml.out:126
+#: chpasswd.8.xml.out:211 newusers.8.xml.out:333
+msgid "SHA512"
+msgstr ""
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:97 chpasswd.8.xml.out:124
+msgid ", <_:replaceable-1/>, <_:replaceable-2/>"
+msgstr ""
+
+#. (itstool) path: phrase/replaceable
+#: chgpasswd.8.xml.out:100 chgpasswd.8.xml.out:154 chpasswd.8.xml.out:127
+#: chpasswd.8.xml.out:213 newusers.8.xml.out:335
+#, fuzzy
+#| msgid "DESCRIPTION"
+msgid "YESCRYPT"
+msgstr "�述"
+
+#. (itstool) path: para/phrase
+#: chgpasswd.8.xml.out:99 chpasswd.8.xml.out:126
+#, fuzzy
+#| msgid "-h <placeholder-1/>"
+msgid ", <_:replaceable-1/>"
+msgstr "-h <placeholder-1/>"
+
+#. (itstool) path: para/replaceable
+#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:128
+msgid "NONE"
+msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:94 chpasswd.8.xml.out:121 newusers.8.xml.out:271
+#: chgpasswd.8.xml.out:93 chpasswd.8.xml.out:120
 msgid ""
-"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
-"support these methods."
+"The available methods are <_:phrase-1/> <_:replaceable-2/>, <_:replaceable-3/"
+"><_:phrase-4/><_:phrase-5/> and <_:replaceable-6/> if your libc supports "
+"these methods."
 msgstr ""
-"�用的方法有 DES, MD5, NONE, and SHA256 或 SHA512，��是您的 libc 支�这写方"
-"法。"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:101 chpasswd.8.xml.out:139
+#: chgpasswd.8.xml.out:107 chpasswd.8.xml.out:145
 #, fuzzy
 #| msgid "encrypted password"
 msgid "--encrypted"
 msgstr "加密了的密�"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:103 chpasswd.8.xml.out:141
+#: chgpasswd.8.xml.out:109 chpasswd.8.xml.out:147
 msgid "Supplied passwords are in encrypted form."
 msgstr "�供的密�是已�加密了的"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:113 chpasswd.8.xml.out:155
+#: chgpasswd.8.xml.out:119 chpasswd.8.xml.out:161
 msgid "--md5"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:115 chpasswd.8.xml.out:157
+#: chgpasswd.8.xml.out:121 chpasswd.8.xml.out:163
 msgid ""
 "Use MD5 encryption instead of DES when the supplied passwords are not "
 "encrypted."
@@ -1690,74 +1785,125 @@ msgstr "如果�供的密�没有加密，则使用 MD5 加密而�是 DES。
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 chsh.1.xml.out:97
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 chsh.1.xml.out:97
 #: chsh.1.xml.out:108 grpck.8.xml.out:124 grpck.8.xml.out:161
-#: newusers.8.xml.out:320 pwck.8.xml.out:155 pwck.8.xml.out:209
-#: su.1.xml.out:163 useradd.8.xml.out:517 useradd.8.xml.out:655
-#: usermod.8.xml.out:357 vipw.8.xml.out:70 vipw.8.xml.out:127
+#: newusers.8.xml.out:322 passwd.1.xml.out:363 pwck.8.xml.out:155
+#: pwck.8.xml.out:209 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357 vipw.8.xml.out:70
+#: vipw.8.xml.out:127
 msgid "-s"
 msgstr "-s"
 
 #. (itstool) path: term/option
-#: chgpasswd.8.xml.out:135 chpasswd.8.xml.out:178 newusers.8.xml.out:320
+#: chgpasswd.8.xml.out:141 chpasswd.8.xml.out:199 newusers.8.xml.out:322
 msgid "--sha-rounds"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:137 chpasswd.8.xml.out:181 newusers.8.xml.out:322
+#: chgpasswd.8.xml.out:143 chpasswd.8.xml.out:202 newusers.8.xml.out:324
 msgid "Use the specified number of rounds to encrypt the passwords."
 msgstr "使用指定次数的轮转�加密密�。"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:140 chpasswd.8.xml.out:184 newusers.8.xml.out:325
+#: chgpasswd.8.xml.out:146 chpasswd.8.xml.out:205 newusers.8.xml.out:327
+msgid ""
+"You can only use this option with crypt method: <_:phrase-1/> <_:phrase-2/> "
+"<_:phrase-3/>"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:156 chpasswd.8.xml.out:215 newusers.8.xml.out:337
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
 msgid ""
-"The value 0 means that the system will choose the default number of rounds "
-"for the crypt method (5000)."
-msgstr "值 0 表示让系统为加密方法选择默认的轮转次数 (5000)。"
+"By default, the number of rounds for BCRYPT is defined by the "
+"BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+"默认，轮转数由 <filename>/etc/login.defs</filename> 文件中的 "
+"SHA_CRYPT_MIN_ROUNDS 和 SHA_CRYPT_MAX_ROUNDS ��确定。"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:144 chpasswd.8.xml.out:188 newusers.8.xml.out:329
+#: chgpasswd.8.xml.out:161 chpasswd.8.xml.out:220
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
 msgid ""
-"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default number of rounds is 13."
 msgstr "会强制最� 1,000，最大 9,9999,9999"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:148 chpasswd.8.xml.out:192 newusers.8.xml.out:333
-msgid "You can only use this option with the SHA256 or SHA512 crypt method."
-msgstr "您��以对 SHA256 或 SHA512 使用此选项。"
+#: chgpasswd.8.xml.out:165 chpasswd.8.xml.out:224 newusers.8.xml.out:346
+#, fuzzy
+#| msgid ""
+#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
+#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
+#| "filename>."
+msgid ""
+"By default, the number of rounds for SHA256 or SHA512 is defined by the "
+"SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+msgstr ""
+"默认，轮转数由 <filename>/etc/login.defs</filename> 文件中的 "
+"SHA_CRYPT_MIN_ROUNDS 和 SHA_CRYPT_MAX_ROUNDS ��确定。"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:152 newusers.8.xml.out:337
+#: chgpasswd.8.xml.out:170 chpasswd.8.xml.out:229
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default number of rounds is 5000."
+msgstr "会强制最� 1,000，最大 9,9999,9999"
+
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:175 chpasswd.8.xml.out:234 newusers.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
 #| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
 #| "filename>."
 msgid ""
-"By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and "
-"SHA_CRYPT_MAX_ROUNDS variables in <_:filename-1/>."
+"By default, the number of rounds for YESCRYPT is defined by the "
+"YESCRYPT_COST_FACTOR in <_:filename-1/>."
 msgstr ""
 "默认，轮转数由 <filename>/etc/login.defs</filename> 文件中的 "
 "SHA_CRYPT_MIN_ROUNDS 和 SHA_CRYPT_MAX_ROUNDS ��确定。"
 
+#. (itstool) path: listitem/para
+#: chgpasswd.8.xml.out:179 chpasswd.8.xml.out:238
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default number of rounds is 5."
+msgstr "会强制最� 1,000，最大 9,9999,9999"
+
 #. (itstool) path: refsect1/title
-#: chgpasswd.8.xml.out:163 chpasswd.8.xml.out:208 faillog.8.xml.out:209
-#: gpasswd.1.xml.out:229 groupadd.8.xml.out:285 groupdel.8.xml.out:121
-#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:348
-#: passwd.1.xml.out:354 shadow.3.xml.out:194 su.1.xml.out:306
-#: useradd.8.xml.out:682 userdel.8.xml.out:281 usermod.8.xml.out:517
+#: chgpasswd.8.xml.out:189 chpasswd.8.xml.out:248 faillog.8.xml.out:209
+#: gpasswd.1.xml.out:231 groupadd.8.xml.out:285 groupdel.8.xml.out:121
+#: lastlog.8.xml.out:206 login.1.xml.out:236 newusers.8.xml.out:369
+#: passwd.1.xml.out:376 shadow.3.xml.out:194 su.1.xml.out:306
+#: useradd.8.xml.out:702 userdel.8.xml.out:281 usermod.8.xml.out:534
 msgid "CAVEATS"
 msgstr "CAVEATS"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:164 chpasswd.8.xml.out:209
+#: chgpasswd.8.xml.out:190 chpasswd.8.xml.out:249
 msgid ""
 "Remember to set permissions or umask to prevent readability of unencrypted "
 "files by other users."
 msgstr "记��设置��或者掩��阻止其它用户对未加密文件的读�。"
 
 #. (itstool) path: refsect1/para
-#: chgpasswd.8.xml.out:168 newusers.8.xml.out:353
+#: chgpasswd.8.xml.out:194 newusers.8.xml.out:374
 msgid ""
 "You should make sure the passwords and the encryption method respect the "
 "system's password policy."
@@ -1767,8 +1913,8 @@ msgstr "您需�确�你�和加密方法符�系统的密�策略。"
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
 #. (itstool) path: citerefentry/refentrytitle
-#: chgpasswd.8.xml.out:193 gpasswd.1.xml.out:48 gpasswd.1.xml.out:51
-#: gpasswd.1.xml.out:73 gpasswd.1.xml.out:231 gpasswd.1.xml.out:259
+#: chgpasswd.8.xml.out:221 gpasswd.1.xml.out:50 gpasswd.1.xml.out:53
+#: gpasswd.1.xml.out:75 gpasswd.1.xml.out:233 gpasswd.1.xml.out:261
 #: groupadd.8.xml.out:170 groupadd.8.xml.out:264 groupdel.8.xml.out:148
 #: groupmems.8.xml.out:191 groupmod.8.xml.out:227 groups.1.xml.out:58
 #: groups.1.xml.out:70 groups.1.xml.out:80 grpck.8.xml.out:62
@@ -1776,19 +1922,19 @@ msgstr "您需�确�你�和加密方法符�系统的密�策略。"
 #: grpck.8.xml.out:164 grpck.8.xml.out:177 grpck.8.xml.out:185
 #: grpck.8.xml.out:211 gshadow.5.xml.out:91 gshadow.5.xml.out:124
 #: gshadow.5.xml.out:135 newgrp.1.xml.out:80 newgrp.1.xml.out:112
-#: newusers.8.xml.out:411 pwck.8.xml.out:261 pwconv.8.xml.out:128
-#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:755
-#: userdel.8.xml.out:185 usermod.8.xml.out:557 vipw.8.xml.out:69
+#: newusers.8.xml.out:432 pwck.8.xml.out:261 pwconv.8.xml.out:128
+#: sg.1.xml.out:101 suauth.5.xml.out:90 useradd.8.xml.out:775
+#: userdel.8.xml.out:185 usermod.8.xml.out:574 vipw.8.xml.out:69
 #: vipw.8.xml.out:175
 msgid "/etc/group"
 msgstr "/etc/group"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:195 gpasswd.1.xml.out:261 groupadd.8.xml.out:266
+#: chgpasswd.8.xml.out:223 gpasswd.1.xml.out:263 groupadd.8.xml.out:266
 #: groupdel.8.xml.out:150 groupmems.8.xml.out:193 groupmod.8.xml.out:229
 #: groups.1.xml.out:82 grpck.8.xml.out:213 gshadow.5.xml.out:137
-#: newgrp.1.xml.out:114 newusers.8.xml.out:413 pwck.8.xml.out:263
-#: sg.1.xml.out:103 useradd.8.xml.out:757 userdel.8.xml.out:187
+#: newgrp.1.xml.out:114 newusers.8.xml.out:434 pwck.8.xml.out:263
+#: sg.1.xml.out:103 useradd.8.xml.out:777 userdel.8.xml.out:187
 #: vipw.8.xml.out:177
 msgid "Group account information."
 msgstr "组账户信�。"
@@ -1796,8 +1942,8 @@ msgstr "组账户信�。"
 #. (itstool) path: term/filename
 #. (itstool) path: phrase/filename
 #. (itstool) path: para/filename
-#: chgpasswd.8.xml.out:199 gpasswd.1.xml.out:52 gpasswd.1.xml.out:74
-#: gpasswd.1.xml.out:232 gpasswd.1.xml.out:265 groupadd.8.xml.out:170
+#: chgpasswd.8.xml.out:227 gpasswd.1.xml.out:54 gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:234 gpasswd.1.xml.out:267 groupadd.8.xml.out:170
 #: groupadd.8.xml.out:270 groupdel.8.xml.out:154 groupmems.8.xml.out:87
 #: groupmems.8.xml.out:88 groupmems.8.xml.out:98 groupmems.8.xml.out:103
 #: groupmems.8.xml.out:104 groupmems.8.xml.out:134 groupmems.8.xml.out:135
@@ -1805,17 +1951,17 @@ msgstr "组账户信�。"
 #: grpck.8.xml.out:93 grpck.8.xml.out:114 grpck.8.xml.out:166
 #: grpck.8.xml.out:186 grpck.8.xml.out:217 gshadow.5.xml.out:36
 #: gshadow.5.xml.out:141 newgrp.1.xml.out:78 newgrp.1.xml.out:118
-#: newusers.8.xml.out:417 pwconv.8.xml.out:129 sg.1.xml.out:107
-#: useradd.8.xml.out:761 usermod.8.xml.out:563 vipw.8.xml.out:72
+#: newusers.8.xml.out:438 pwconv.8.xml.out:129 sg.1.xml.out:107
+#: useradd.8.xml.out:781 usermod.8.xml.out:580 vipw.8.xml.out:72
 #: vipw.8.xml.out:181
 msgid "/etc/gshadow"
 msgstr "/etc/gshadow"
 
 #. (itstool) path: listitem/para
-#: chgpasswd.8.xml.out:201 gpasswd.1.xml.out:267 groupadd.8.xml.out:272
+#: chgpasswd.8.xml.out:229 gpasswd.1.xml.out:269 groupadd.8.xml.out:272
 #: groupdel.8.xml.out:156 groupmod.8.xml.out:235 grpck.8.xml.out:219
-#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:419
-#: sg.1.xml.out:109 useradd.8.xml.out:763 vipw.8.xml.out:183
+#: gshadow.5.xml.out:143 newgrp.1.xml.out:120 newusers.8.xml.out:440
+#: sg.1.xml.out:109 useradd.8.xml.out:783 vipw.8.xml.out:183
 msgid "Secure group account information."
 msgstr "安全组账户信�。"
 
@@ -1825,12 +1971,12 @@ msgstr "安全组账户信�。"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:217 gpasswd.1.xml.out:38 gpasswd.1.xml.out:45
-#: gpasswd.1.xml.out:59 gpasswd.1.xml.out:72 gpasswd.1.xml.out:85
-#: gpasswd.1.xml.out:119 groupadd.8.xml.out:354 groupdel.8.xml.out:214
-#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:280
+#: chgpasswd.8.xml.out:245 gpasswd.1.xml.out:40 gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:61 gpasswd.1.xml.out:74 gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:121 groupadd.8.xml.out:354 groupdel.8.xml.out:214
+#: groupmod.8.xml.out:335 gshadow.5.xml.out:153 login.defs.5.xml.out:290
 #: newgrp.1.xml.out:142 sg.1.xml.out:131 userdel.8.xml.out:322
-#: usermod.8.xml.out:617
+#: usermod.8.xml.out:634
 msgid "gpasswd"
 msgstr "gpasswd"
 
@@ -1840,19 +1986,19 @@ msgstr "gpasswd"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: chgpasswd.8.xml.out:220 gpasswd.1.xml.out:280 groupadd.8.xml.out:36
+#: chgpasswd.8.xml.out:248 gpasswd.1.xml.out:282 groupadd.8.xml.out:36
 #: groupadd.8.xml.out:43 groupadd.8.xml.out:49 groupadd.8.xml.out:61
 #: groupadd.8.xml.out:82 groupadd.8.xml.out:292 groupadd.8.xml.out:300
 #: groupdel.8.xml.out:217 groupmems.8.xml.out:218 groupmod.8.xml.out:338
-#: login.defs.5.xml.out:290 useradd.8.xml.out:890 userdel.8.xml.out:325
-#: usermod.8.xml.out:620
+#: login.defs.5.xml.out:303 useradd.8.xml.out:910 userdel.8.xml.out:325
+#: usermod.8.xml.out:637
 msgid "groupadd"
 msgstr "groupadd"
 
 #. (itstool) path: author/contrib
-#: chpasswd.8.xml.out:21 groupadd.8.xml.out:20 groupdel.8.xml.out:18
-#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:86
-#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:33
+#: chpasswd.8.xml.out:23 groupadd.8.xml.out:20 groupdel.8.xml.out:18
+#: groupmod.8.xml.out:18 groups.1.xml.out:17 login.defs.5.xml.out:88
+#: logoutd.8.xml.out:17 newgrp.1.xml.out:18 newusers.8.xml.out:35
 #: sg.1.xml.out:18 useradd.8.xml.out:36 userdel.8.xml.out:23
 #: usermod.8.xml.out:24
 msgid "Creation, 1991"
@@ -1864,20 +2010,20 @@ msgstr ""
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: chpasswd.8.xml.out:37 chpasswd.8.xml.out:44 chpasswd.8.xml.out:50
-#: chpasswd.8.xml.out:60 chpasswd.8.xml.out:70 chpasswd.8.xml.out:89
-#: chpasswd.8.xml.out:96 chpasswd.8.xml.out:108 chpasswd.8.xml.out:255
-#: login.defs.5.xml.out:259 passwd.1.xml.out:474
+#: chpasswd.8.xml.out:39 chpasswd.8.xml.out:46 chpasswd.8.xml.out:52
+#: chpasswd.8.xml.out:62 chpasswd.8.xml.out:72 chpasswd.8.xml.out:91
+#: chpasswd.8.xml.out:98 chpasswd.8.xml.out:110 chpasswd.8.xml.out:297
+#: login.defs.5.xml.out:266 passwd.1.xml.out:496
 msgid "chpasswd"
 msgstr "chpasswd"
 
 #. (itstool) path: refnamediv/refpurpose
-#: chpasswd.8.xml.out:45
+#: chpasswd.8.xml.out:47
 msgid "update passwords in batch mode"
 msgstr "批�更新密�"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:59
+#: chpasswd.8.xml.out:61
 #, fuzzy
 #| msgid ""
 #| "The <command>chgpasswd</command> command reads a list of group name and "
@@ -1894,13 +2040,13 @@ msgstr ""
 #. (itstool) path: para/emphasis
 #. (itstool) path: arg/replaceable
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:65 groupmems.8.xml.out:52 groupmems.8.xml.out:53
+#: chpasswd.8.xml.out:67 groupmems.8.xml.out:52 groupmems.8.xml.out:53
 #: groupmems.8.xml.out:83 groupmems.8.xml.out:94
 msgid "user_name"
 msgstr "user_name"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:68
+#: chpasswd.8.xml.out:70
 #, fuzzy
 #| msgid ""
 #| "By default the passwords must be supplied in clear-text, and are "
@@ -1914,14 +2060,14 @@ msgstr ""
 "龄信�，也会更新之。"
 
 #. (itstool) path: para/option
-#: chpasswd.8.xml.out:76 chpasswd.8.xml.out:133
+#: chpasswd.8.xml.out:78 chpasswd.8.xml.out:139
 #, fuzzy
 #| msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgid "MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:73
+#: chpasswd.8.xml.out:75
 #, fuzzy
 #| msgid ""
 #| "The default encryption algorithm can be defined for the system with the "
@@ -1938,7 +2084,7 @@ msgstr ""
 "c</option> 选项覆盖。"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:81
+#: chpasswd.8.xml.out:83
 msgid ""
 "By default, passwords are encrypted by PAM, but (even if not recommended) "
 "you can select a different encryption method with the <_:option-1/>, <_:"
@@ -1946,21 +2092,21 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:88
+#: chpasswd.8.xml.out:90
 #, fuzzy
 #| msgid "By default, PAM is used to encrypt the passwords."
 msgid "Except when PAM is used to encrypt the passwords,"
 msgstr "默认，使用 PAM �加密密�。"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:87
+#: chpasswd.8.xml.out:89
 msgid ""
 "<_:phrase-1/> <_:command-2/> first updates all the passwords in memory, and "
 "then commits all the changes to disk if no errors occurred for any user."
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:93
+#: chpasswd.8.xml.out:95
 msgid ""
 "When PAM is used to encrypt the passwords (and update the passwords in the "
 "system database) then if a password cannot be updated <_:command-1/> "
@@ -1969,17 +2115,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:114
+#: chpasswd.8.xml.out:116
 msgid "METHOD"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:125
+#: chpasswd.8.xml.out:131
 msgid "By default, PAM is used to encrypt the passwords."
 msgstr "默认，使用 PAM �加密密�。"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:128
+#: chpasswd.8.xml.out:134
 #, fuzzy
 #| msgid ""
 #| "The default behavior (if the <option>-g</option>, <option>-N</option>, "
@@ -1996,45 +2142,17 @@ msgstr ""
 "<option>USERGROUPS_ENAB</option> ��指定。"
 
 #. (itstool) path: term/replaceable
-#: chpasswd.8.xml.out:178
-msgid "ROUNDS"
-msgstr ""
-
-#. (itstool) path: para/option
-#: chpasswd.8.xml.out:198
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MIN_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: para/option
 #: chpasswd.8.xml.out:199
-#, fuzzy
-#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-msgid "SHA_CRYPT_MAX_ROUNDS"
-msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
-
-#. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:196
-#, fuzzy
-#| msgid ""
-#| "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS "
-#| "and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</"
-#| "filename>."
-msgid ""
-"By default, the number of rounds is defined by the <_:option-1/> and <_:"
-"option-2/> variables in <_:filename-3/>."
+msgid "ROUNDS"
 msgstr ""
-"默认，轮转数由 <filename>/etc/login.defs</filename> 文件中的 "
-"SHA_CRYPT_MIN_ROUNDS 和 SHA_CRYPT_MAX_ROUNDS ��确定。"
 
 #. (itstool) path: term/filename
-#: chpasswd.8.xml.out:253
+#: chpasswd.8.xml.out:295
 msgid "/etc/pam.d/chpasswd"
 msgstr "/etc/pam.d/chpasswd"
 
 #. (itstool) path: listitem/para
-#: chpasswd.8.xml.out:255 newusers.8.xml.out:431 passwd.1.xml.out:413
+#: chpasswd.8.xml.out:297 newusers.8.xml.out:452 passwd.1.xml.out:435
 #, fuzzy
 #| msgid "PAM configuration for <command>passwd</command>."
 msgid "PAM configuration for <_:command-1/>."
@@ -2046,17 +2164,17 @@ msgstr "<command>passwd</command> 的 PAM �置。"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:268 login.defs.5.xml.out:380 newusers.8.xml.out:49
-#: newusers.8.xml.out:56 newusers.8.xml.out:62 newusers.8.xml.out:75
-#: newusers.8.xml.out:96 newusers.8.xml.out:123 newusers.8.xml.out:132
-#: newusers.8.xml.out:151 newusers.8.xml.out:164 newusers.8.xml.out:170
-#: newusers.8.xml.out:172 newusers.8.xml.out:210 newusers.8.xml.out:230
-#: newusers.8.xml.out:252 newusers.8.xml.out:431 useradd.8.xml.out:902
+#: chpasswd.8.xml.out:310 login.defs.5.xml.out:393 newusers.8.xml.out:51
+#: newusers.8.xml.out:58 newusers.8.xml.out:64 newusers.8.xml.out:77
+#: newusers.8.xml.out:98 newusers.8.xml.out:125 newusers.8.xml.out:134
+#: newusers.8.xml.out:153 newusers.8.xml.out:166 newusers.8.xml.out:172
+#: newusers.8.xml.out:174 newusers.8.xml.out:212 newusers.8.xml.out:232
+#: newusers.8.xml.out:254 newusers.8.xml.out:452 useradd.8.xml.out:922
 msgid "newusers"
 msgstr "newusers"
 
 #. (itstool) path: para/phrase
-#: chpasswd.8.xml.out:270 grpck.8.xml.out:285 passwd.1.xml.out:482
+#: chpasswd.8.xml.out:312 grpck.8.xml.out:285 passwd.1.xml.out:507
 msgid "<_:citerefentry-1/>,"
 msgstr ""
 
@@ -2066,21 +2184,21 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: chpasswd.8.xml.out:276 groupadd.8.xml.out:366 groupdel.8.xml.out:223
-#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:462
-#: newusers.8.xml.out:467 useradd.8.xml.out:52 useradd.8.xml.out:59
+#: chpasswd.8.xml.out:318 groupadd.8.xml.out:366 groupdel.8.xml.out:223
+#: groupmems.8.xml.out:224 groupmod.8.xml.out:347 login.defs.5.xml.out:481
+#: newusers.8.xml.out:488 useradd.8.xml.out:52 useradd.8.xml.out:59
 #: useradd.8.xml.out:64 useradd.8.xml.out:71 useradd.8.xml.out:75
 #: useradd.8.xml.out:87 useradd.8.xml.out:90 useradd.8.xml.out:103
 #: useradd.8.xml.out:129 useradd.8.xml.out:187 useradd.8.xml.out:209
-#: useradd.8.xml.out:239 useradd.8.xml.out:284 useradd.8.xml.out:341
-#: useradd.8.xml.out:472 useradd.8.xml.out:584 useradd.8.xml.out:586
-#: useradd.8.xml.out:690 useradd.8.xml.out:808 userdel.8.xml.out:342
-#: usermod.8.xml.out:640
+#: useradd.8.xml.out:239 useradd.8.xml.out:286 useradd.8.xml.out:343
+#: useradd.8.xml.out:474 useradd.8.xml.out:604 useradd.8.xml.out:606
+#: useradd.8.xml.out:710 useradd.8.xml.out:828 userdel.8.xml.out:342
+#: usermod.8.xml.out:657
 msgid "useradd"
 msgstr "useradd"
 
 #. (itstool) path: refsect1/para
-#: chpasswd.8.xml.out:263 newusers.8.xml.out:451
+#: chpasswd.8.xml.out:305 newusers.8.xml.out:472
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:phrase-3/> <_:citerefentry-4/>."
 msgstr ""
@@ -2101,8 +2219,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:517
-#: useradd.8.xml.out:655 usermod.8.xml.out:357
+#: chsh.1.xml.out:97 su.1.xml.out:163 su.1.xml.out:199 useradd.8.xml.out:519
+#: useradd.8.xml.out:675 usermod.8.xml.out:357
 #, fuzzy
 #| msgid "pw_shell"
 msgid "--shell"
@@ -2110,8 +2228,8 @@ msgstr "pw_shell"
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/option
-#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:517
-#: useradd.8.xml.out:522 useradd.8.xml.out:655 useradd.8.xml.out:662
+#: chsh.1.xml.out:97 su.1.xml.out:163 useradd.8.xml.out:519
+#: useradd.8.xml.out:524 useradd.8.xml.out:675 useradd.8.xml.out:682
 #: usermod.8.xml.out:357
 msgid "SHELL"
 msgstr ""
@@ -2146,12 +2264,13 @@ msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:153 su.1.xml.out:198
+#: chsh.1.xml.out:120 chsh.1.xml.out:124 chsh.1.xml.out:130 chsh.1.xml.out:143
+#: chsh.1.xml.out:172 chsh.1.xml.out:184 su.1.xml.out:198
 msgid "/etc/shells"
 msgstr "/etc/shells"
 
 #. (itstool) path: para/filename
-#: chsh.1.xml.out:123
+#: chsh.1.xml.out:123 chsh.1.xml.out:142
 msgid "/bin/rsh"
 msgstr ""
 
@@ -2167,11 +2286,97 @@ msgid ""
 "original value."
 msgstr ""
 
+#. (itstool) path: para/filename
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:132 chsh.1.xml.out:181
+msgid "%vendordir%/shells"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:133
+msgid "%vendordir%/shells.d/*"
+msgstr ""
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:134
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/*"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:135
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d/@filename@"
+msgstr "/etc/shells"
+
+#. (itstool) path: para/filename
+#: chsh.1.xml.out:136
+msgid "%vendordir%/shells.d/@filename@"
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:128
+msgid ""
+"The only restriction placed on the login shell is that the command name must "
+"be listed in <_:filename-1/>. If this file does not exist, the definitions "
+"are taken from the files <_:filename-2/>, <_:filename-3/> and <_:filename-4/"
+"> in that order. If <_:filename-5/> exists, then <_:filename-6/> will not be "
+"used. If the invoker is the superuser any value may be added regardless what "
+"is defined in the configuration files. An account with a restricted login "
+"shell may not change her login shell."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: chsh.1.xml.out:141
+msgid ""
+"For this reason, placing <_:filename-1/> in <_:filename-2/> is discouraged "
+"since accidentally changing to a restricted shell would prevent the user "
+"from ever changing her login shell back to its original value."
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: chsh.1.xml.out:155
+#: chsh.1.xml.out:174
 msgid "List of valid login shells."
 msgstr "�用的登录 shell 的列表。"
 
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:177
+#, fuzzy
+#| msgid "List of valid login shells."
+msgid "User defined list of valid login shells."
+msgstr "�用的登录 shell 的列表。"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:183
+msgid "Default configuration file if <_:filename-1/> does not exist."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:188
+msgid "%vendordir%/shells.d"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:190
+msgid "Directory for additional vendor specific configuration files."
+msgstr ""
+
+#. (itstool) path: term/filename
+#: chsh.1.xml.out:194
+#, fuzzy
+#| msgid "/etc/shells"
+msgid "/etc/shells.d"
+msgstr "/etc/shells"
+
+#. (itstool) path: listitem/para
+#: chsh.1.xml.out:196
+#, fuzzy
+#| msgid "Directory containing default files."
+msgid "Directory for additional user defined configuration files."
+msgstr "包�默认文件的目录。"
+
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
@@ -2187,7 +2392,7 @@ msgid "check and enforce password expiration policy"
 msgstr ""
 
 #. (itstool) path: arg/replaceable
-#: expiry.1.xml.out:52 gpasswd.1.xml.out:61
+#: expiry.1.xml.out:52 gpasswd.1.xml.out:63
 msgid "option"
 msgstr "选项"
 
@@ -2222,7 +2427,7 @@ msgstr "如果用户密�过期，则强制用户修改密�。"
 
 #. (itstool) path: author/contrib
 #: faillog.5.xml.out:17 faillog.8.xml.out:17 login.1.xml.out:50
-#: passwd.1.xml.out:24 passwd.5.xml.out:17 porttime.5.xml.out:17
+#: passwd.1.xml.out:26 passwd.5.xml.out:17 porttime.5.xml.out:17
 #: shadow.3.xml.out:17 shadow.5.xml.out:17 su.1.xml.out:34
 msgid "Creation, 1989"
 msgstr ""
@@ -2243,7 +2448,7 @@ msgstr "faillog"
 
 #. (itstool) path: refmeta/refmiscinfo
 #: faillog.5.xml.out:35 gshadow.5.xml.out:24 limits.5.xml.out:37
-#: login.access.5.xml.out:36 login.defs.5.xml.out:104 passwd.5.xml.out:35
+#: login.access.5.xml.out:36 login.defs.5.xml.out:106 passwd.5.xml.out:35
 #: porttime.5.xml.out:35 shadow.5.xml.out:35 suauth.5.xml.out:35
 #, fuzzy
 #| msgid "File Formats and Conversions"
@@ -2332,8 +2537,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:124
-#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 faillog.8.xml.out:215 gpasswd.1.xml.out:126
+#: groupmems.8.xml.out:83 groupmod.8.xml.out:73 passwd.1.xml.out:153
 #: usermod.8.xml.out:78 usermod.8.xml.out:210
 #, fuzzy
 #| msgid "-"
@@ -2341,7 +2546,7 @@ msgid "-a"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: faillog.8.xml.out:72 passwd.1.xml.out:157
+#: faillog.8.xml.out:72 passwd.1.xml.out:153
 msgid "--all"
 msgstr ""
 
@@ -2569,8 +2774,8 @@ msgstr ""
 #: login.1.xml.out:108 login.1.xml.out:112 login.1.xml.out:119
 #: login.1.xml.out:171 login.1.xml.out:177 login.1.xml.out:230
 #: login.1.xml.out:238 login.1.xml.out:247 login.1.xml.out:253
-#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:343
-#: login.defs.5.xml.out:518 login.defs.5.xml.out:530 newgrp.1.xml.out:133
+#: login.1.xml.out:259 login.access.5.xml.out:112 login.defs.5.xml.out:356
+#: login.defs.5.xml.out:537 login.defs.5.xml.out:549 newgrp.1.xml.out:133
 #: nologin.8.xml.out:60 passwd.5.xml.out:125 passwd.5.xml.out:132
 #: passwd.5.xml.out:179 porttime.5.xml.out:121 shadow.5.xml.out:265
 #: sg.1.xml.out:122 su.1.xml.out:415
@@ -2578,30 +2783,30 @@ msgid "login"
 msgstr "login"
 
 #. (itstool) path: author/firstname
-#: gpasswd.1.xml.out:20
+#: gpasswd.1.xml.out:22
 msgid "Rafal"
 msgstr ""
 
 #. (itstool) path: author/surname
-#: gpasswd.1.xml.out:21
+#: gpasswd.1.xml.out:23
 msgid "Maszkowski"
 msgstr ""
 
 #. (itstool) path: author/contrib
-#: gpasswd.1.xml.out:22 login.access.5.xml.out:18 pwconv.8.xml.out:23
+#: gpasswd.1.xml.out:24 login.access.5.xml.out:18 pwconv.8.xml.out:23
 #: suauth.5.xml.out:17
 msgid "Creation, 1996"
 msgstr ""
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:47
+#: gpasswd.1.xml.out:49
 #, fuzzy
 #| msgid "administer <placeholder-1/>"
 msgid "administer <_:filename-1/>"
 msgstr "管�员 <placeholder-1/>"
 
 #. (itstool) path: refpurpose/phrase
-#: gpasswd.1.xml.out:50
+#: gpasswd.1.xml.out:52
 #, fuzzy
 #| msgid "administer <placeholder-1/> and <placeholder-2/>"
 msgid "administer <_:filename-1/> and <_:filename-2/>"
@@ -2611,9 +2816,9 @@ msgstr "管�员 <placeholder-1/> 和 <placeholder-2/>"
 #. (itstool) path: para/replaceable
 #. (itstool) path: citerefentry/refentrytitle
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:64 gpasswd.1.xml.out:89 gpasswd.1.xml.out:129
-#: gpasswd.1.xml.out:142 gpasswd.1.xml.out:177 gpasswd.1.xml.out:181
-#: gpasswd.1.xml.out:193 gpasswd.1.xml.out:197 gpasswd.1.xml.out:292
+#: gpasswd.1.xml.out:66 gpasswd.1.xml.out:91 gpasswd.1.xml.out:131
+#: gpasswd.1.xml.out:144 gpasswd.1.xml.out:179 gpasswd.1.xml.out:183
+#: gpasswd.1.xml.out:195 gpasswd.1.xml.out:199 gpasswd.1.xml.out:294
 #: grpck.8.xml.out:49 grpck.8.xml.out:188 grpck.8.xml.out:280
 #: gshadow.5.xml.out:156 limits.5.xml.out:138 newgrp.1.xml.out:48
 #: newgrp.1.xml.out:145 pwck.8.xml.out:336 pwconv.8.xml.out:114
@@ -2622,19 +2827,19 @@ msgid "group"
 msgstr "group"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:73
+#: gpasswd.1.xml.out:75
 msgid ", and <_:filename-1/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:76
+#: gpasswd.1.xml.out:78
 #, fuzzy
 #| msgid "administrators"
 msgid "administrators,"
 msgstr "管�员"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:71
+#: gpasswd.1.xml.out:73
 msgid ""
 "The <_:command-1/> command is used to administer <_:filename-2/><_:phrase-3/"
 ">. Every group can have <_:phrase-4/> members and a password."
@@ -2642,14 +2847,14 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:80 gpasswd.1.xml.out:112 gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:82 gpasswd.1.xml.out:114 gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "-"
 msgid "-A"
 msgstr "-"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:79
+#: gpasswd.1.xml.out:81
 msgid ""
 "System administrators can use the <_:option-1/> option to define group "
 "administrator(s) and the <_:option-2/> option to define members. They have "
@@ -2657,21 +2862,21 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:86
+#: gpasswd.1.xml.out:88
 #, fuzzy
 #| msgid "administrators"
 msgid "a group administrator"
 msgstr "管�员"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:87
+#: gpasswd.1.xml.out:89
 #, fuzzy
 #| msgid "administrators"
 msgid "a system administrator"
 msgstr "管�员"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:84
+#: gpasswd.1.xml.out:86
 msgid ""
 "<_:command-1/> called by <_:phrase-2/> <_:phrase-3/> with a group name only "
 "prompts for the new password of the <_:replaceable-4/>."
@@ -2682,8 +2887,8 @@ msgstr ""
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
-#: gpasswd.1.xml.out:93 gpasswd.1.xml.out:180 gpasswd.1.xml.out:196
-#: gpasswd.1.xml.out:277 groups.1.xml.out:71 groups.1.xml.out:92
+#: gpasswd.1.xml.out:95 gpasswd.1.xml.out:182 gpasswd.1.xml.out:198
+#: gpasswd.1.xml.out:279 groups.1.xml.out:71 groups.1.xml.out:92
 #: gshadow.5.xml.out:76 gshadow.5.xml.out:165 newgrp.1.xml.out:34
 #: newgrp.1.xml.out:41 newgrp.1.xml.out:47 newgrp.1.xml.out:55
 #: newgrp.1.xml.out:63 newgrp.1.xml.out:66 sg.1.xml.out:60 sg.1.xml.out:64
@@ -2692,19 +2897,19 @@ msgid "newgrp"
 msgstr "newgrp"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:91
+#: gpasswd.1.xml.out:93
 msgid ""
 "If a password is set the members can still use <_:citerefentry-1/> without a "
 "password, and non-members must supply the password."
 msgstr ""
 
 #. (itstool) path: refsect2/title
-#: gpasswd.1.xml.out:99
+#: gpasswd.1.xml.out:101
 msgid "Notes about group passwords"
 msgstr "请注�组密�"
 
 #. (itstool) path: refsect2/para
-#: gpasswd.1.xml.out:100
+#: gpasswd.1.xml.out:102
 msgid ""
 "Group passwords are an inherent security problem since more than one person "
 "is permitted to know the password. However, groups are a useful tool for "
@@ -2712,7 +2917,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:111
+#: gpasswd.1.xml.out:113
 #, fuzzy
 #| msgid ""
 #| "Except for the <option>-A</option> and <option>-M</option> options, the "
@@ -2724,26 +2929,26 @@ msgstr ""
 "除了 <option>-A</option> 和 <option>-M</option> 选项，其它选项�能��使用。"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:115
+#: gpasswd.1.xml.out:117
 msgid "The options cannot be combined."
 msgstr "这些选项�能组�使用。"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:124 groupmems.8.xml.out:83
+#: gpasswd.1.xml.out:126 groupmems.8.xml.out:83
 msgid "--add"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #. (itstool) path: arg/replaceable
-#: gpasswd.1.xml.out:124 gpasswd.1.xml.out:128 gpasswd.1.xml.out:137
-#: gpasswd.1.xml.out:141 gpasswd.1.xml.out:205 gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:126 gpasswd.1.xml.out:130 gpasswd.1.xml.out:139
+#: gpasswd.1.xml.out:143 gpasswd.1.xml.out:207 gpasswd.1.xml.out:219
 #: groups.1.xml.out:48 groups.1.xml.out:59
 msgid "user"
 msgstr "用户"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:127
+#: gpasswd.1.xml.out:129
 #, fuzzy
 #| msgid ""
 #| "Add the <replaceable>user</replaceable> to the named <replaceable>group</"
@@ -2754,12 +2959,12 @@ msgstr ""
 "replaceable>。"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:137 groupmems.8.xml.out:94 passwd.1.xml.out:168
+#: gpasswd.1.xml.out:139 groupmems.8.xml.out:94 passwd.1.xml.out:164
 msgid "--delete"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:140
+#: gpasswd.1.xml.out:142
 #, fuzzy
 #| msgid ""
 #| "Remove the <replaceable>user</replaceable> from the named "
@@ -2770,19 +2975,19 @@ msgstr ""
 "replaceable>。"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:158
+#: gpasswd.1.xml.out:160
 #, fuzzy
 #| msgid "-"
 msgid "-Q"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:173
+#: gpasswd.1.xml.out:175
 msgid "--remove-password"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:176
+#: gpasswd.1.xml.out:178
 msgid ""
 "Remove the password from the named <_:replaceable-1/>. The group password "
 "will be empty. Only group members will be allowed to use <_:command-2/> to "
@@ -2790,12 +2995,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:189
+#: gpasswd.1.xml.out:191
 msgid "--restrict"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:192
+#: gpasswd.1.xml.out:194
 msgid ""
 "Restrict the access to the named <_:replaceable-1/>. The group password is "
 "set to \"!\". Only group members with a password will be allowed to use <_:"
@@ -2803,48 +3008,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:205
+#: gpasswd.1.xml.out:207
 #, fuzzy
 #| msgid "administrators"
 msgid "--administrators"
 msgstr "管�员"
 
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:204 gpasswd.1.xml.out:216
+#: gpasswd.1.xml.out:206 gpasswd.1.xml.out:218
 msgid "<_:option-1/>, <_:option-2/> <_:replaceable-3/>,..."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:208
+#: gpasswd.1.xml.out:210
 msgid "Set the list of administrative users."
 msgstr "设置有管���的用户列表。"
 
 #. (itstool) path: term/option
-#: gpasswd.1.xml.out:217
+#: gpasswd.1.xml.out:219
 #, fuzzy
 #| msgid "members"
 msgid "--members"
 msgstr "�员"
 
 #. (itstool) path: listitem/para
-#: gpasswd.1.xml.out:220
+#: gpasswd.1.xml.out:222
 msgid "Set the list of group members."
 msgstr "设置组�员列表。"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:232
+#: gpasswd.1.xml.out:234
 msgid "and <_:filename-1/> files."
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:234
+#: gpasswd.1.xml.out:236
 #, fuzzy
 #| msgid "file"
 msgid "file."
 msgstr "文件"
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:230
+#: gpasswd.1.xml.out:232
 #, fuzzy
 #| msgid ""
 #| "You may not add a user to a NIS or LDAP group. This must be performed on "
@@ -2861,11 +3066,11 @@ msgstr "您å�¯èƒ½ä¸�能想 NIS 组或 LDAP 组添加用户。这å�ªèƒ½åœ¨ç›¸åº”æ
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:283 groupadd.8.xml.out:357 groupdel.8.xml.out:34
+#: gpasswd.1.xml.out:285 groupadd.8.xml.out:357 groupdel.8.xml.out:34
 #: groupdel.8.xml.out:41 groupdel.8.xml.out:47 groupdel.8.xml.out:57
 #: groupdel.8.xml.out:66 groupdel.8.xml.out:165 groupmems.8.xml.out:221
-#: groupmod.8.xml.out:341 login.defs.5.xml.out:299 useradd.8.xml.out:893
-#: userdel.8.xml.out:328 usermod.8.xml.out:623
+#: groupmod.8.xml.out:341 login.defs.5.xml.out:312 useradd.8.xml.out:913
+#: userdel.8.xml.out:328 usermod.8.xml.out:640
 msgid "groupdel"
 msgstr "groupdel"
 
@@ -2875,11 +3080,11 @@ msgstr "groupdel"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:286 groupadd.8.xml.out:360 groupdel.8.xml.out:220
+#: gpasswd.1.xml.out:288 groupadd.8.xml.out:360 groupdel.8.xml.out:220
 #: groupmod.8.xml.out:34 groupmod.8.xml.out:41 groupmod.8.xml.out:47
 #: groupmod.8.xml.out:58 groupmod.8.xml.out:67 groupmod.8.xml.out:256
-#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:311
-#: useradd.8.xml.out:896 userdel.8.xml.out:331 usermod.8.xml.out:626
+#: grpck.8.xml.out:107 grpck.8.xml.out:283 login.defs.5.xml.out:324
+#: useradd.8.xml.out:916 userdel.8.xml.out:331 usermod.8.xml.out:643
 msgid "groupmod"
 msgstr "groupmod"
 
@@ -2889,10 +3094,10 @@ msgstr "groupmod"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #. (itstool) path: varlistentry/term
-#: gpasswd.1.xml.out:289 grpck.8.xml.out:33 grpck.8.xml.out:40
+#: gpasswd.1.xml.out:291 grpck.8.xml.out:33 grpck.8.xml.out:40
 #: grpck.8.xml.out:46 grpck.8.xml.out:60 grpck.8.xml.out:116
 #: grpck.8.xml.out:128 grpck.8.xml.out:141 grpck.8.xml.out:184
-#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:318
+#: grpck.8.xml.out:234 gshadow.5.xml.out:159 login.defs.5.xml.out:331
 #: pwck.8.xml.out:339 pwconv.8.xml.out:198 pwconv.8.xml.out:242
 msgid "grpck"
 msgstr "grpck"
@@ -2902,7 +3107,7 @@ msgstr "grpck"
 #. (itstool) path: refmeta/refentrytitle
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: para/emphasis
-#: gpasswd.1.xml.out:295 grpck.8.xml.out:95 grpck.8.xml.out:287
+#: gpasswd.1.xml.out:297 grpck.8.xml.out:95 grpck.8.xml.out:287
 #: gshadow.5.xml.out:22 gshadow.5.xml.out:29 newgrp.1.xml.out:148
 #: pwconv.8.xml.out:114 pwconv.8.xml.out:115 pwconv.8.xml.out:121
 #: pwconv.8.xml.out:122 sg.1.xml.out:137 vipw.8.xml.out:211
@@ -2910,12 +3115,12 @@ msgid "gshadow"
 msgstr "gshadow"
 
 #. (itstool) path: para/phrase
-#: gpasswd.1.xml.out:293 newgrp.1.xml.out:146 sg.1.xml.out:135
+#: gpasswd.1.xml.out:295 newgrp.1.xml.out:146 sg.1.xml.out:135
 msgid ", <_:citerefentry-1/>"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: gpasswd.1.xml.out:275 newgrp.1.xml.out:128 sg.1.xml.out:117
+#: gpasswd.1.xml.out:277 newgrp.1.xml.out:128 sg.1.xml.out:117
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/><_:phrase-7/>."
@@ -2975,8 +3180,8 @@ msgstr "用户��能超过 32 个字符长。"
 #: groupadd.8.xml.out:94 groupadd.8.xml.out:95 groupadd.8.xml.out:102
 #: groupadd.8.xml.out:236 groupmems.8.xml.out:110 groupmod.8.xml.out:82
 #: groupmod.8.xml.out:136 groupmod.8.xml.out:201 useradd.8.xml.out:96
-#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:391
-#: useradd.8.xml.out:396 useradd.8.xml.out:557 useradd.8.xml.out:639
+#: useradd.8.xml.out:230 useradd.8.xml.out:264 useradd.8.xml.out:393
+#: useradd.8.xml.out:398 useradd.8.xml.out:559 useradd.8.xml.out:659
 #: usermod.8.xml.out:174 vipw.8.xml.out:90
 #, fuzzy
 #| msgid "-"
@@ -2994,7 +3199,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:102 groupmod.8.xml.out:82 useradd.8.xml.out:230
-#: useradd.8.xml.out:639 usermod.8.xml.out:174
+#: useradd.8.xml.out:659 usermod.8.xml.out:174
 msgid "--gid"
 msgstr ""
 
@@ -3003,8 +3208,8 @@ msgstr ""
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:102 groupadd.8.xml.out:105 groupadd.8.xml.out:151
 #: groupmod.8.xml.out:73 groupmod.8.xml.out:82 groupmod.8.xml.out:87
-#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:300
-#: useradd.8.xml.out:469
+#: groupmod.8.xml.out:91 groupmod.8.xml.out:137 newusers.8.xml.out:302
+#: useradd.8.xml.out:471
 msgid "GID"
 msgstr ""
 
@@ -3042,7 +3247,7 @@ msgid "GID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:111 useradd.8.xml.out:541
+#: groupadd.8.xml.out:111 useradd.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "See also the <option>-r</option> option and the <option>UID_MAX</option> "
@@ -3053,33 +3258,33 @@ msgstr "请å�‚考 <option>-r</option> 选项和 <option>UID_MAX</option> çš„æ��è
 #. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:125 groupadd.8.xml.out:131 groupadd.8.xml.out:134
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:303
-#: useradd.8.xml.out:314 useradd.8.xml.out:317 useradd.8.xml.out:319
-#: useradd.8.xml.out:320
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:305
+#: useradd.8.xml.out:316 useradd.8.xml.out:319 useradd.8.xml.out:321
+#: useradd.8.xml.out:322
 #, fuzzy
 #| msgid "-"
 msgid "-K"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "--key"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 msgid "KEY"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:125 useradd.8.xml.out:303
+#: groupadd.8.xml.out:125 useradd.8.xml.out:305
 #, fuzzy
 #| msgid "EXIT VALUES"
 msgid "VALUE"
 msgstr "退出值"
 
 #. (itstool) path: varlistentry/term
-#: groupadd.8.xml.out:124 useradd.8.xml.out:302
+#: groupadd.8.xml.out:124 useradd.8.xml.out:304
 #, fuzzy
 #| msgid ""
 #| "<option>-u</option>, <option>--uid</option>&nbsp;<replaceable>UID</"
@@ -3097,14 +3302,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:134 useradd.8.xml.out:320
+#: groupadd.8.xml.out:134 useradd.8.xml.out:322
 #, fuzzy
 #| msgid "10"
 msgid "100"
 msgstr "10"
 
 #. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:321
+#: groupadd.8.xml.out:135 groupadd.8.xml.out:138 useradd.8.xml.out:323
 msgid "499"
 msgstr ""
 
@@ -3124,7 +3329,7 @@ msgstr ""
 #. (itstool) path: para/replaceable
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:138 groupadd.8.xml.out:333 groupdel.8.xml.out:192
-#: groupmod.8.xml.out:295 useradd.8.xml.out:853 userdel.8.xml.out:265
+#: groupmod.8.xml.out:295 useradd.8.xml.out:873 userdel.8.xml.out:265
 msgid "10"
 msgstr "10"
 
@@ -3144,7 +3349,7 @@ msgstr ""
 "replaceable>=<replaceable>499</replaceable> 尚�能工作。"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:405
+#: groupadd.8.xml.out:145 groupmod.8.xml.out:132 useradd.8.xml.out:407
 #: usermod.8.xml.out:271
 msgid "--non-unique"
 msgstr ""
@@ -3164,13 +3369,13 @@ msgstr ""
 #: groupadd.8.xml.out:158 groupmems.8.xml.out:55 groupmems.8.xml.out:130
 #: groupmod.8.xml.out:143 login.1.xml.out:80 login.1.xml.out:88
 #: login.1.xml.out:95 login.1.xml.out:212 su.1.xml.out:207
-#: useradd.8.xml.out:425 usermod.8.xml.out:237 usermod.8.xml.out:290
+#: useradd.8.xml.out:427 usermod.8.xml.out:237 usermod.8.xml.out:290
 #: usermod.8.xml.out:411 vipw.8.xml.out:102
 msgid "-p"
 msgstr "-p"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 #, fuzzy
 #| msgid "passwd"
@@ -3178,7 +3383,7 @@ msgid "--password"
 msgstr "passwd"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:425
+#: groupadd.8.xml.out:158 groupmod.8.xml.out:143 useradd.8.xml.out:427
 #: usermod.8.xml.out:290
 msgid "PASSWORD"
 msgstr ""
@@ -3187,8 +3392,8 @@ msgstr ""
 #: groupadd.8.xml.out:163 groupmod.8.xml.out:148 gshadow.5.xml.out:62
 #: gshadow.5.xml.out:68 passwd.5.xml.out:103 passwd.5.xml.out:109
 #: passwd.5.xml.out:170 shadow.5.xml.out:88 shadow.5.xml.out:94
-#: useradd.8.xml.out:430 useradd.8.xml.out:887 usermod.8.xml.out:295
-#: usermod.8.xml.out:614
+#: useradd.8.xml.out:432 useradd.8.xml.out:907 usermod.8.xml.out:295
+#: usermod.8.xml.out:631
 msgid "crypt"
 msgstr ""
 
@@ -3198,11 +3403,11 @@ msgstr ""
 #: groupadd.8.xml.out:164 groupadd.8.xml.out:315 groupmod.8.xml.out:148
 #: groupmod.8.xml.out:271 groups.1.xml.out:68 groups.1.xml.out:104
 #: grpck.8.xml.out:255 gshadow.5.xml.out:63 gshadow.5.xml.out:69
-#: passwd.1.xml.out:443 passwd.5.xml.out:104 passwd.5.xml.out:110
+#: passwd.1.xml.out:465 passwd.5.xml.out:104 passwd.5.xml.out:110
 #: passwd.5.xml.out:170 passwd.5.xml.out:176 pwck.8.xml.out:305
 #: shadow.3.xml.out:34 shadow.3.xml.out:217 shadow.5.xml.out:89
-#: shadow.5.xml.out:95 useradd.8.xml.out:431 useradd.8.xml.out:829
-#: useradd.8.xml.out:887 usermod.8.xml.out:296 usermod.8.xml.out:614
+#: shadow.5.xml.out:95 useradd.8.xml.out:433 useradd.8.xml.out:849
+#: useradd.8.xml.out:907 usermod.8.xml.out:296 usermod.8.xml.out:631
 msgid "3"
 msgstr "3"
 
@@ -3222,7 +3427,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: para/emphasis
-#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:444
+#: groupadd.8.xml.out:173 groupmod.8.xml.out:152 useradd.8.xml.out:446
 #: userdel.8.xml.out:93 usermod.8.xml.out:299
 msgid "Note:"
 msgstr ""
@@ -3242,14 +3447,14 @@ msgstr ""
 "过的密�)会被用户通过列出这个过程而看到。"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:448
+#: groupadd.8.xml.out:177 groupmod.8.xml.out:156 useradd.8.xml.out:450
 #: usermod.8.xml.out:309
 msgid ""
 "You should make sure the password respects the system's password policy."
 msgstr "您应该确�密�符�系统的密�政策。"
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:185 newusers.8.xml.out:287 useradd.8.xml.out:456
+#: groupadd.8.xml.out:185 newusers.8.xml.out:289 useradd.8.xml.out:458
 msgid "--system"
 msgstr ""
 
@@ -3277,44 +3482,10 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-#, fuzzy
-#| msgid "-"
-msgid "-P"
-msgstr "-"
-
-#. (itstool) path: term/option
-#: groupadd.8.xml.out:214 groupdel.8.xml.out:102 groupmod.8.xml.out:177
-#: useradd.8.xml.out:502 userdel.8.xml.out:136 usermod.8.xml.out:341
-msgid "--prefix"
-msgstr ""
-
-#. (itstool) path: term/replaceable
-#. (itstool) path: para/replaceable
-#: groupadd.8.xml.out:214 groupadd.8.xml.out:219 groupdel.8.xml.out:102
-#: groupdel.8.xml.out:106 groupdel.8.xml.out:108 groupmod.8.xml.out:177
-#: groupmod.8.xml.out:181 groupmod.8.xml.out:183 useradd.8.xml.out:502
-#: useradd.8.xml.out:507 userdel.8.xml.out:136 userdel.8.xml.out:140
-#: userdel.8.xml.out:142 usermod.8.xml.out:341 usermod.8.xml.out:346
-msgid "PREFIX_DIR"
-msgstr ""
-
-#. (itstool) path: listitem/para
-#: groupadd.8.xml.out:217 useradd.8.xml.out:505
-msgid ""
-"Apply changes to configuration files under the root filesystem found under "
-"the directory <_:replaceable-1/>. This option does not chroot and is "
-"intended for preparing a cross-compilation target. Some limitations: NIS and "
-"LDAP users/groups are not verified. PAM authentication is using the host "
-"files. No SELINUX support."
-msgstr ""
-
-#. (itstool) path: term/option
 #. (itstool) path: para/option
 #: groupadd.8.xml.out:229 groupadd.8.xml.out:237 groupmod.8.xml.out:194
-#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:397
-#: useradd.8.xml.out:549 useradd.8.xml.out:558 usermod.8.xml.out:238
+#: groupmod.8.xml.out:202 useradd.8.xml.out:96 useradd.8.xml.out:399
+#: useradd.8.xml.out:551 useradd.8.xml.out:560 usermod.8.xml.out:238
 #: usermod.8.xml.out:405
 #, fuzzy
 #| msgid "-"
@@ -3338,7 +3509,7 @@ msgstr "管�员�以更改组密�和�员。"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: groupadd.8.xml.out:237 groupmod.8.xml.out:202 useradd.8.xml.out:96
-#: useradd.8.xml.out:386 useradd.8.xml.out:397 useradd.8.xml.out:558
+#: useradd.8.xml.out:388 useradd.8.xml.out:399 useradd.8.xml.out:560
 #, fuzzy
 #| msgid "-"
 msgid "-N"
@@ -3346,15 +3517,15 @@ msgstr "-"
 
 #. (itstool) path: para/option
 #. (itstool) path: para/phrase
-#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:448
-#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:398
-#: useradd.8.xml.out:559 userdel.8.xml.out:86 userdel.8.xml.out:296
+#: groupadd.8.xml.out:238 groupmod.8.xml.out:203 login.defs.5.xml.out:467
+#: useradd.8.xml.out:97 useradd.8.xml.out:240 useradd.8.xml.out:400
+#: useradd.8.xml.out:561 userdel.8.xml.out:86 userdel.8.xml.out:296
 msgid "USERGROUPS_ENAB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:395
-#: useradd.8.xml.out:556
+#: groupadd.8.xml.out:235 groupmod.8.xml.out:200 useradd.8.xml.out:397
+#: useradd.8.xml.out:558
 #, fuzzy
 #| msgid ""
 #| "The default behavior (if the <option>-g</option>, <option>-N</option>, "
@@ -3392,13 +3563,13 @@ msgstr ""
 "<command>useradd</command> 将拒�创建用户账户的请求。"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:317 passwd.1.xml.out:463 useradd.8.xml.out:831
+#: groupadd.8.xml.out:317 passwd.1.xml.out:485 useradd.8.xml.out:851
 msgid "invalid argument to option"
 msgstr "给了选项一个无效的�数"
 
 #. (itstool) path: term/replaceable
 #: groupadd.8.xml.out:321 groupmod.8.xml.out:277 grpck.8.xml.out:261
-#: passwd.1.xml.out:449 pwck.8.xml.out:311 useradd.8.xml.out:835
+#: passwd.1.xml.out:471 pwck.8.xml.out:311 useradd.8.xml.out:855
 msgid "4"
 msgstr "4"
 
@@ -3410,7 +3581,7 @@ msgid "GID is already used (when called without <_:option-1/>)"
 msgstr "UID 已�使用 (且没有 <option>-o</option>)"
 
 #. (itstool) path: term/replaceable
-#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:847
+#: groupadd.8.xml.out:327 groupmod.8.xml.out:289 useradd.8.xml.out:867
 msgid "9"
 msgstr "9"
 
@@ -3422,7 +3593,7 @@ msgid "group name is already used"
 msgstr "组�已�在使用"
 
 #. (itstool) path: listitem/para
-#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:855
+#: groupadd.8.xml.out:335 groupdel.8.xml.out:194 useradd.8.xml.out:875
 #: userdel.8.xml.out:267
 msgid "can't update group file"
 msgstr "无法更新组文件"
@@ -3434,11 +3605,11 @@ msgstr "无法更新组文件"
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
 #: groupadd.8.xml.out:369 groupdel.8.xml.out:226 groupmems.8.xml.out:227
-#: groupmod.8.xml.out:350 login.defs.5.xml.out:480 useradd.8.xml.out:913
+#: groupmod.8.xml.out:350 login.defs.5.xml.out:499 useradd.8.xml.out:933
 #: userdel.8.xml.out:39 userdel.8.xml.out:46 userdel.8.xml.out:51
 #: userdel.8.xml.out:62 userdel.8.xml.out:71 userdel.8.xml.out:82
 #: userdel.8.xml.out:211 userdel.8.xml.out:232 userdel.8.xml.out:283
-#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:643
+#: userdel.8.xml.out:298 userdel.8.xml.out:300 usermod.8.xml.out:660
 msgid "userdel"
 msgstr "userdel"
 
@@ -3449,11 +3620,11 @@ msgstr "userdel"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #: groupadd.8.xml.out:372 groupdel.8.xml.out:229 groupmems.8.xml.out:230
-#: groupmod.8.xml.out:353 login.defs.5.xml.out:490 passwd.1.xml.out:488
-#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:916
+#: groupmod.8.xml.out:353 login.defs.5.xml.out:509 passwd.1.xml.out:513
+#: pwck.8.xml.out:140 pwck.8.xml.out:348 useradd.8.xml.out:936
 #: userdel.8.xml.out:345 usermod.8.xml.out:40 usermod.8.xml.out:47
 #: usermod.8.xml.out:53 usermod.8.xml.out:64 usermod.8.xml.out:72
-#: usermod.8.xml.out:263 usermod.8.xml.out:522
+#: usermod.8.xml.out:263 usermod.8.xml.out:539
 msgid "usermod"
 msgstr "usermod"
 
@@ -3479,8 +3650,8 @@ msgstr "删除一个组"
 #: groupdel.8.xml.out:51 groupdel.8.xml.out:59 groupmod.8.xml.out:51
 #: groupmod.8.xml.out:59 groupmod.8.xml.out:86 groupmod.8.xml.out:102
 #: groupmod.8.xml.out:125 suauth.5.xml.out:85 suauth.5.xml.out:87
-#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:392
-#: useradd.8.xml.out:639 useradd.8.xml.out:648 usermod.8.xml.out:174
+#: useradd.8.xml.out:230 useradd.8.xml.out:249 useradd.8.xml.out:394
+#: useradd.8.xml.out:659 useradd.8.xml.out:668 usermod.8.xml.out:174
 msgid "GROUP"
 msgstr "GROUP"
 
@@ -3530,13 +3701,13 @@ msgid ""
 msgstr "您需�手动检查所有文件系统，以确�没有�留的属于此组的文件。"
 
 #. (itstool) path: term/replaceable
-#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:461
-#: pwck.8.xml.out:323 useradd.8.xml.out:841 userdel.8.xml.out:253
+#: groupdel.8.xml.out:180 groupmod.8.xml.out:283 passwd.1.xml.out:483
+#: pwck.8.xml.out:323 useradd.8.xml.out:861 userdel.8.xml.out:253
 msgid "6"
 msgstr "6"
 
 #. (itstool) path: listitem/para
-#: groupdel.8.xml.out:182 useradd.8.xml.out:843
+#: groupdel.8.xml.out:182 useradd.8.xml.out:863
 msgid "specified group doesn't exist"
 msgstr "指定的组�存在"
 
@@ -3581,7 +3752,7 @@ msgstr ""
 #: groupmems.8.xml.out:37 groupmems.8.xml.out:44 groupmems.8.xml.out:50
 #: groupmems.8.xml.out:63 groupmems.8.xml.out:65 groupmems.8.xml.out:71
 #: groupmems.8.xml.out:78 groupmems.8.xml.out:159 groupmems.8.xml.out:163
-#: login.defs.5.xml.out:305
+#: login.defs.5.xml.out:318
 msgid "groupmems"
 msgstr "groupmems"
 
@@ -3728,7 +3899,7 @@ msgstr ""
 #| "\t$ groupmems -g groups -a gk4\n"
 #| "    "
 msgid ""
-"$ groupadd -r groups $ chmod 2710 groupmems $ chown root.groups groupmems $ "
+"$ groupadd -r groups $ chmod 2710 groupmems $ chown root:groups groupmems $ "
 "groupmems -g groups -a gk4"
 msgstr ""
 "\n"
@@ -3819,7 +3990,7 @@ msgstr ""
 "<option>SYS_UID_MAX</option> 进行检查。"
 
 #. (itstool) path: term/option
-#: groupmod.8.xml.out:121 passwd.1.xml.out:246
+#: groupmod.8.xml.out:121 passwd.1.xml.out:242
 #, fuzzy
 #| msgid "-"
 msgid "-n"
@@ -3921,7 +4092,7 @@ msgid "E_CLEANUP_SERVICE: can't setup cleanup service"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: groupmod.8.xml.out:307 useradd.8.xml.out:859 userdel.8.xml.out:271
+#: groupmod.8.xml.out:307 useradd.8.xml.out:879 userdel.8.xml.out:271
 msgid "12"
 msgstr "12"
 
@@ -4106,7 +4277,7 @@ msgstr ""
 #. (itstool) path: para/phrase
 #. (itstool) path: arg/replaceable
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:113 newusers.8.xml.out:67 newusers.8.xml.out:75
+#: grpck.8.xml.out:113 newusers.8.xml.out:69 newusers.8.xml.out:77
 msgid "file"
 msgstr "文件"
 
@@ -4147,7 +4318,7 @@ msgstr ""
 
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: grpck.8.xml.out:143 login.defs.5.xml.out:134 login.defs.5.xml.out:136
+#: grpck.8.xml.out:143 login.defs.5.xml.out:136 login.defs.5.xml.out:138
 #: useradd.8.xml.out:246
 msgid "no"
 msgstr ""
@@ -4172,8 +4343,8 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:161
-#: passwd.1.xml.out:291
+#: grpck.8.xml.out:172 lastlog.8.xml.out:117 passwd.1.xml.out:157
+#: passwd.1.xml.out:302
 #, fuzzy
 #| msgid "-"
 msgid "-S"
@@ -4413,7 +4584,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: gshadow.5.xml.out:162 login.defs.5.xml.out:324 pwconv.8.xml.out:48
+#: gshadow.5.xml.out:162 login.defs.5.xml.out:337 pwconv.8.xml.out:48
 #: pwconv.8.xml.out:67 pwconv.8.xml.out:113 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:166 pwconv.8.xml.out:208
 msgid "grpconv"
@@ -4427,7 +4598,7 @@ msgstr "grpconv"
 #. (itstool) path: varlistentry/term
 #: lastlog.8.xml.out:35 lastlog.8.xml.out:42 lastlog.8.xml.out:48
 #: lastlog.8.xml.out:58 lastlog.8.xml.out:70 lastlog.8.xml.out:172
-#: login.defs.5.xml.out:337
+#: login.defs.5.xml.out:350
 msgid "lastlog"
 msgstr "lastlog"
 
@@ -4473,7 +4644,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:592
+#: lastlog.8.xml.out:75 useradd.8.xml.out:118 useradd.8.xml.out:612
 #: usermod.8.xml.out:89
 #, fuzzy
 #| msgid "-"
@@ -4847,7 +5018,7 @@ msgstr ""
 #. (itstool) path: para/command
 #: limits.5.xml.out:122 login.1.xml.out:83 login.1.xml.out:91
 #: login.1.xml.out:197 su.1.xml.out:70 su.1.xml.out:82 su.1.xml.out:95
-#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:775
+#: su.1.xml.out:153 su.1.xml.out:155 useradd.8.xml.out:795
 msgid "username"
 msgstr "用户�"
 
@@ -5310,8 +5481,8 @@ msgstr "chsh"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.1.xml.out:386 login.defs.5.xml.out:436 login.defs.5.xml.out:520
-#: login.defs.5.xml.out:536 newgrp.1.xml.out:136 passwd.5.xml.out:197
+#: login.1.xml.out:386 login.defs.5.xml.out:455 login.defs.5.xml.out:539
+#: login.defs.5.xml.out:555 newgrp.1.xml.out:136 passwd.5.xml.out:197
 #: shadow.5.xml.out:283 sg.1.xml.out:128 su.1.xml.out:50 su.1.xml.out:57
 #: su.1.xml.out:62 su.1.xml.out:81 su.1.xml.out:83 su.1.xml.out:121
 #: su.1.xml.out:201 su.1.xml.out:239 su.1.xml.out:308 su.1.xml.out:368
@@ -5472,12 +5643,12 @@ msgid "<_:citerefentry-1/>."
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: login.defs.5.xml.out:110
+#: login.defs.5.xml.out:112
 msgid "shadow password suite configuration"
 msgstr "影�密�套件�置"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:115
+#: login.defs.5.xml.out:117
 msgid ""
 "The <_:filename-1/> file defines the site-specific configuration for the "
 "shadow password suite. This file is required. Absence of this file will not "
@@ -5485,7 +5656,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:122
+#: login.defs.5.xml.out:124
 msgid ""
 "This file is a readable text file, each line of the file describing one "
 "configuration parameter. The lines consist of a configuration name and "
@@ -5496,20 +5667,20 @@ msgstr ""
 
 #. (itstool) path: para/replaceable
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:133 useradd.8.xml.out:242 useradd.8.xml.out:380
+#: login.defs.5.xml.out:135 useradd.8.xml.out:242 useradd.8.xml.out:382
 #: userdel.8.xml.out:87 userdel.8.xml.out:297
 msgid "yes"
 msgstr ""
 
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:140
+#: login.defs.5.xml.out:142
 #, fuzzy
 #| msgid "0"
 msgid "0x"
 msgstr "0"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:130
+#: login.defs.5.xml.out:132
 msgid ""
 "Parameter values may be of four types: strings, booleans, numbers, and long "
 "numbers. A string is comprised of any printable characters. A boolean should "
@@ -5522,32 +5693,32 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:145
+#: login.defs.5.xml.out:147
 msgid "The following configuration items are provided:"
 msgstr "�供如下�置项："
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
 #. (itstool) path: para/replaceable
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:146 useradd.8.xml.out:309
-#: useradd.8.xml.out:314
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:146 useradd.8.xml.out:311
+#: useradd.8.xml.out:316
 msgid "PASS_MAX_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:193 pwconv.8.xml.out:145
+#: login.defs.5.xml.out:196 pwconv.8.xml.out:145
 msgid "PASS_MIN_DAYS"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/emphasis
-#: login.defs.5.xml.out:194 pwconv.8.xml.out:147
+#: login.defs.5.xml.out:197 pwconv.8.xml.out:147
 msgid "PASS_WARN_AGE"
 msgstr ""
 
 #. (itstool) path: variablelist/para
-#: login.defs.5.xml.out:192
+#: login.defs.5.xml.out:195
 msgid ""
 "<_:option-1/>, <_:option-2/> and <_:option-3/> are only used at the time of "
 "account creation. Any changes to these settings won't affect existing "
@@ -5555,12 +5726,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:225
+#: login.defs.5.xml.out:229
 msgid "CROSS REFERENCES"
 msgstr "交�引用"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:226
+#: login.defs.5.xml.out:230
 msgid ""
 "The following cross references show which programs in the shadow password "
 "suite use which parameters."
@@ -5570,65 +5741,81 @@ msgstr "如下交�引用显示影�密�套件哪个程�使用哪个�数
 #. (itstool) path: para/phrase
 #. (itstool) path: phrase/option
 #. (itstool) path: para/option
-#: login.defs.5.xml.out:235 login.defs.5.xml.out:423 login.defs.5.xml.out:431
-#: login.defs.5.xml.out:503 pwck.8.xml.out:75 pwck.8.xml.out:216
+#: login.defs.5.xml.out:239 login.defs.5.xml.out:442 login.defs.5.xml.out:450
+#: login.defs.5.xml.out:522 pwck.8.xml.out:75 pwck.8.xml.out:216
 #: pwck.8.xml.out:232 pwconv.8.xml.out:89 pwconv.8.xml.out:91
 #: pwconv.8.xml.out:94 pwconv.8.xml.out:105 pwconv.8.xml.out:107
 msgid "USE_TCB"
 msgstr "USE_TCB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:242
+#: login.defs.5.xml.out:246
 msgid "CHFN_AUTH"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:244 login.defs.5.xml.out:359
+#: login.defs.5.xml.out:248 login.defs.5.xml.out:372
 #, fuzzy
 #| msgid "CHSH_AUTH LOGIN_STRING"
 msgid "LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:241
+#: login.defs.5.xml.out:245
 msgid "<_:phrase-1/> CHFN_RESTRICT <_:phrase-2/>"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:253 login.defs.5.xml.out:264 login.defs.5.xml.out:284
-#: login.defs.5.xml.out:388 login.defs.5.xml.out:404
+#: login.defs.5.xml.out:256 login.defs.5.xml.out:269 login.defs.5.xml.out:293
+#: login.defs.5.xml.out:396 login.defs.5.xml.out:418
+#, fuzzy
+#| msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+msgid "BCRYPT_MAX_ROUNDS BCRYPT_MIN_ROUNDS"
+msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
+
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:259 login.defs.5.xml.out:273 login.defs.5.xml.out:296
+#: login.defs.5.xml.out:403 login.defs.5.xml.out:422
 msgid "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 msgstr "SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS"
 
+#. (itstool) path: para/phrase
+#: login.defs.5.xml.out:261 login.defs.5.xml.out:275 login.defs.5.xml.out:298
+#: login.defs.5.xml.out:409 login.defs.5.xml.out:424
+msgid "YESCRYPT_COST_FACTOR"
+msgstr ""
+
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:251 login.defs.5.xml.out:282
+#: login.defs.5.xml.out:255 login.defs.5.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
-msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:phrase-1/>"
+msgid ""
+"<_:phrase-1/> ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <_:"
+"phrase-2/> <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:262
+#: login.defs.5.xml.out:271
 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 msgstr "ENCRYPT_METHOD MD5_CRYPT_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:272
+#: login.defs.5.xml.out:282
 msgid "CHSH_AUTH LOGIN_STRING"
 msgstr "CHSH_AUTH LOGIN_STRING"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:292
+#: login.defs.5.xml.out:305
 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 msgstr "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:301 login.defs.5.xml.out:307 login.defs.5.xml.out:313
-#: login.defs.5.xml.out:320 login.defs.5.xml.out:326 login.defs.5.xml.out:332
+#: login.defs.5.xml.out:314 login.defs.5.xml.out:320 login.defs.5.xml.out:326
+#: login.defs.5.xml.out:333 login.defs.5.xml.out:339 login.defs.5.xml.out:345
 msgid "MAX_MEMBERS_PER_GROUP"
 msgstr "MAX_MEMBERS_PER_GROUP"
 
@@ -5636,65 +5823,65 @@ msgstr "MAX_MEMBERS_PER_GROUP"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:330 pwconv.8.xml.out:49 pwconv.8.xml.out:73
+#: login.defs.5.xml.out:343 pwconv.8.xml.out:49 pwconv.8.xml.out:73
 #: pwconv.8.xml.out:119 pwconv.8.xml.out:153 pwconv.8.xml.out:167
 #: pwconv.8.xml.out:208
 msgid "grpunconv"
 msgstr "grpunconv"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:339
+#: login.defs.5.xml.out:352
 msgid "LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:346 login.defs.5.xml.out:439
+#: login.defs.5.xml.out:359 login.defs.5.xml.out:458
 msgid "CONSOLE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:348
+#: login.defs.5.xml.out:361
 msgid "ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:351
+#: login.defs.5.xml.out:364
 #, fuzzy
 #| msgid "SYSLOG_SG_ENAB"
 msgid "FAILLOG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:353
+#: login.defs.5.xml.out:366
 #, fuzzy
 #| msgid "FILE"
 msgid "FTMP_FILE"
 msgstr "FILE"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:355
+#: login.defs.5.xml.out:368
 msgid "ISSUE_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:357
+#: login.defs.5.xml.out:370
 msgid "LASTLOG_ENAB LASTLOG_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:361
+#: login.defs.5.xml.out:374
 msgid ""
 "MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE "
 "PORTTIME_CHECKS_ENAB QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:365
+#: login.defs.5.xml.out:378
 msgid "ULIMIT UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:345
+#: login.defs.5.xml.out:358
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ERASECHAR FAIL_DELAY "
 "<_:phrase-3/> FAKE_SHELL <_:phrase-4/> HUSHLOGIN_FILE <_:phrase-5/> KILLCHAR "
@@ -5704,17 +5891,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: login.defs.5.xml.out:372
+#: login.defs.5.xml.out:385
 msgid "newgrp / sg"
 msgstr "newgrp / sg"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:374
+#: login.defs.5.xml.out:387
 msgid "SYSLOG_SG_ENAB"
 msgstr "SYSLOG_SG_ENAB"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:382
+#: login.defs.5.xml.out:395
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
@@ -5723,10 +5910,11 @@ msgstr "SYSLOG_SG_ENAB"
 #| "phrase> SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
 #| "UMASK"
 msgid ""
-"ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
-"HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:phrase-1/> "
-"SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN "
-"SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
+"<_:phrase-1/> ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP "
+"MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <_:"
+"phrase-2/> SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX "
+"SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN "
+"UMASK <_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB "
 "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -5734,27 +5922,28 @@ msgstr ""
 "SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:401
+#: login.defs.5.xml.out:417
 #, fuzzy
 #| msgid ""
 #| "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 #| "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 #| "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 msgid ""
-"ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
-"PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-1/>"
+"<_:phrase-1/> ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB "
+"PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <_:phrase-2/> "
+"<_:phrase-3/>"
 msgstr ""
 "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN "
 "PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase "
 "condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:414
+#: login.defs.5.xml.out:433
 msgid "TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:412 login.defs.5.xml.out:421
+#: login.defs.5.xml.out:431 login.defs.5.xml.out:440
 #, fuzzy
 #| msgid ""
 #| "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase "
@@ -5770,7 +5959,7 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:419 passwd.5.xml.out:188 pwconv.8.xml.out:39
+#: login.defs.5.xml.out:438 passwd.5.xml.out:188 pwconv.8.xml.out:39
 #: pwconv.8.xml.out:46 pwconv.8.xml.out:55 pwconv.8.xml.out:83
 #: pwconv.8.xml.out:88 pwconv.8.xml.out:90 pwconv.8.xml.out:134
 #: pwconv.8.xml.out:144 pwconv.8.xml.out:165 pwconv.8.xml.out:216
@@ -5783,7 +5972,7 @@ msgstr "pwconv"
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:428 passwd.5.xml.out:191 pwconv.8.xml.out:47
+#: login.defs.5.xml.out:447 passwd.5.xml.out:191 pwconv.8.xml.out:47
 #: pwconv.8.xml.out:61 pwconv.8.xml.out:98 pwconv.8.xml.out:104
 #: pwconv.8.xml.out:109 pwconv.8.xml.out:153 pwconv.8.xml.out:157
 #: pwconv.8.xml.out:166 shadow.5.xml.out:280
@@ -5791,22 +5980,22 @@ msgid "pwunconv"
 msgstr "pwunconv"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:441
+#: login.defs.5.xml.out:460
 msgid "ENV_HZ ENVIRON_FILE"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:443
+#: login.defs.5.xml.out:462
 msgid "ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:446
+#: login.defs.5.xml.out:465
 msgid "SU_WHEEL_ONLY"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:438
+#: login.defs.5.xml.out:457
 msgid ""
 "<_:phrase-1/> CONSOLE_GROUPS DEFAULT_HOME <_:phrase-2/> ENV_PATH ENV_SUPATH "
 "<_:phrase-3/> SULOG_FILE SU_NAME <_:phrase-4/> SYSLOG_SU_ENAB <_:phrase-5/>"
@@ -5814,28 +6003,22 @@ msgstr ""
 
 #. (itstool) path: varlistentry/term
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:453 passwd.5.xml.out:200 shadow.5.xml.out:286
+#: login.defs.5.xml.out:472 passwd.5.xml.out:200 shadow.5.xml.out:286
 msgid "sulogin"
 msgstr "sulogin"
 
-#. (itstool) path: para/phrase
-#. (itstool) path: para/option
-#: login.defs.5.xml.out:457 su.1.xml.out:278
-msgid "ENV_TZ"
-msgstr ""
-
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:455
-msgid "ENV_HZ <_:phrase-1/>"
+#: login.defs.5.xml.out:474
+msgid "ENV_HZ ENV_TZ"
 msgstr ""
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:475
+#: login.defs.5.xml.out:494
 msgid "TCB_AUTH_GROUP TCB_SYMLINK USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:464
+#: login.defs.5.xml.out:483
 #, fuzzy
 #| msgid ""
 #| "CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS "
@@ -5855,12 +6038,12 @@ msgstr ""
 "USE_TCB</phrase>"
 
 #. (itstool) path: para/phrase
-#: login.defs.5.xml.out:485 login.defs.5.xml.out:495
+#: login.defs.5.xml.out:504 login.defs.5.xml.out:514
 msgid "TCB_SYMLINKS USE_TCB"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:482
+#: login.defs.5.xml.out:501
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB "
@@ -5873,7 +6056,7 @@ msgstr ""
 "condition=\"tcb\">TCB_SYMLINKS USE_TCB</phrase>"
 
 #. (itstool) path: listitem/para
-#: login.defs.5.xml.out:492
+#: login.defs.5.xml.out:511
 #, fuzzy
 #| msgid ""
 #| "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP <phrase "
@@ -5888,18 +6071,18 @@ msgstr ""
 #. (itstool) path: refnamediv/refname
 #. (itstool) path: cmdsynopsis/command
 #. (itstool) path: para/command
-#: login.defs.5.xml.out:500 vipw.8.xml.out:35 vipw.8.xml.out:42
+#: login.defs.5.xml.out:519 vipw.8.xml.out:35 vipw.8.xml.out:42
 #: vipw.8.xml.out:51 vipw.8.xml.out:67 vipw.8.xml.out:85
 msgid "vipw"
 msgstr "vipw"
 
 #. (itstool) path: refsect1/title
-#: login.defs.5.xml.out:511 pwconv.8.xml.out:193 suauth.5.xml.out:179
+#: login.defs.5.xml.out:530 pwconv.8.xml.out:193 suauth.5.xml.out:179
 msgid "BUGS"
 msgstr "缺陷"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:512
+#: login.defs.5.xml.out:531
 msgid ""
 "Much of the functionality that used to be provided by the shadow password "
 "suite is now handled by PAM. Thus, <_:filename-1/> is no longer used by <_:"
@@ -5908,14 +6091,14 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: login.defs.5.xml.out:545
+#: login.defs.5.xml.out:564
 #, fuzzy
 #| msgid "pw_name"
 msgid "pam"
 msgstr "pw_name"
 
 #. (itstool) path: refsect1/para
-#: login.defs.5.xml.out:528
+#: login.defs.5.xml.out:547
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>."
@@ -6007,12 +6190,12 @@ msgid "id"
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
-#: newusers.8.xml.out:57
+#: newusers.8.xml.out:59
 msgid "update and create new users in batch"
 msgstr "批�更新和创建新用户"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:74
+#: newusers.8.xml.out:76
 #, fuzzy
 #| msgid ""
 #| "The <command>newusers</command> command reads a file of user name and "
@@ -6033,22 +6216,22 @@ msgstr ""
 "citerefentry>)，除了下边这些区别："
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:82
+#: newusers.8.xml.out:84
 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 msgstr "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:87
+#: newusers.8.xml.out:89
 msgid "pw_name"
 msgstr "pw_name"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:90
+#: newusers.8.xml.out:92
 msgid "This is the name of the user."
 msgstr "这是用户的用户�。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:93
+#: newusers.8.xml.out:95
 #, fuzzy
 #| msgid ""
 #| "It can be the name of a new user or the name of an existing user (or an "
@@ -6064,29 +6247,29 @@ msgstr ""
 "创建的用户)。现有用户时，将会更改用户信�，�则会创建新用户。"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:104
+#: newusers.8.xml.out:106
 msgid "pw_passwd"
 msgstr "pw_passwd"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:107
+#: newusers.8.xml.out:109
 msgid ""
 "This field will be encrypted and used as the new value of the encrypted "
 "password."
 msgstr "此字段将被加密然�用于加密�密�的新值。"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:115
+#: newusers.8.xml.out:117
 msgid "pw_uid"
 msgstr "pw_uid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:118
+#: newusers.8.xml.out:120
 msgid "This field is used to define the UID of the user."
 msgstr "此字段用于定义用户的 UID。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:121
+#: newusers.8.xml.out:123
 #, fuzzy
 #| msgid ""
 #| "If the field is empty, an new (unused) UID will be defined automatically "
@@ -6098,12 +6281,12 @@ msgstr ""
 "如果此字段为空，<command>newusers</command> 会自动确定一个新的(未使用的)UID。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:125
+#: newusers.8.xml.out:127
 msgid "If this field contains a number, this number will be used as the UID."
 msgstr "如果此字段包�一个数字，此数字会用于 UID。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:129
+#: newusers.8.xml.out:131
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing user (or the name of an "
@@ -6118,24 +6301,24 @@ msgstr ""
 "创建的一个用户)，将会使用指定用户的 UID。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:135
+#: newusers.8.xml.out:137
 msgid ""
 "If the UID of an existing user is changed, the files ownership of the user's "
 "file should be fixed manually."
 msgstr "如果一个现有用户更改了 UID，此用户的文件所有�需�手动修�。"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:143
+#: newusers.8.xml.out:145
 msgid "pw_gid"
 msgstr "pw_gid"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:146
+#: newusers.8.xml.out:148
 msgid "This field is used to define the primary group ID for the user."
 msgstr "此字段用于定义用户的主组 ID。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:149
+#: newusers.8.xml.out:151
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of an existing group (or a group created "
@@ -6150,7 +6333,7 @@ msgstr ""
 "一个组)，此组的 GID 会被用于�此用户的主组 ID。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:155
+#: newusers.8.xml.out:157
 msgid ""
 "If this field is a number, this number will be used as the primary group ID "
 "of the user. If no groups exist with this GID, a new group will be created "
@@ -6160,7 +6343,7 @@ msgstr ""
 "有组，将会使用此 GID 创建一个新组，�称和用户�相�。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:161
+#: newusers.8.xml.out:163
 #, fuzzy
 #| msgid ""
 #| "If this field is empty, a new group will be created with the name of the "
@@ -6176,7 +6359,7 @@ msgstr ""
 "的一个 GID 作为主组 ID �创建一个新组。"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:167
+#: newusers.8.xml.out:169
 #, fuzzy
 #| msgid ""
 #| "If this field contains the name of a group which does not exist (and was "
@@ -6195,32 +6378,32 @@ msgstr ""
 "个组，并作为用户的主组。"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:179
+#: newusers.8.xml.out:181
 msgid "pw_gecos"
 msgstr "pw_gecos"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:182
+#: newusers.8.xml.out:184
 msgid "This field is copied in the GECOS field of the user."
 msgstr "此字段�制到用户的 GECOS 字段。"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:189
+#: newusers.8.xml.out:191
 msgid "pw_dir"
 msgstr "pw_dir"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:192
+#: newusers.8.xml.out:194
 msgid "This field is used to define the home directory of the user."
 msgstr "此字段用于定义用户的主目录。"
 
 #. (itstool) path: para/emphasis
-#: newusers.8.xml.out:199
+#: newusers.8.xml.out:201
 msgid "newusers does not create parent directories"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:195
+#: newusers.8.xml.out:197
 msgid ""
 "If this field does not specify an existing directory, the specified "
 "directory is created, with ownership set to the user being created or "
@@ -6233,7 +6416,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:208
+#: newusers.8.xml.out:210
 #, fuzzy
 #| msgid ""
 #| "If the home directory of an existing user is changed, <command>newusers</"
@@ -6248,19 +6431,19 @@ msgstr ""
 "的内容到新�置。这需�手动完�。"
 
 #. (itstool) path: term/emphasis
-#: newusers.8.xml.out:218
+#: newusers.8.xml.out:220
 msgid "pw_shell"
 msgstr "pw_shell"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:221
+#: newusers.8.xml.out:223
 msgid ""
 "This field defines the shell of the user. No checks are performed on this "
 "field."
 msgstr "此字段定义了用户的 shell。对此字段�进行任何检查。"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:229
+#: newusers.8.xml.out:231
 #, fuzzy
 #| msgid ""
 #| "<command>newusers</command> first tries to create or change all the "
@@ -6278,7 +6461,7 @@ msgstr ""
 "改。"
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:235
+#: newusers.8.xml.out:237
 msgid ""
 "During this first pass, users are created with a locked password (and "
 "passwords are not changed for the users which are not created). A second "
@@ -6287,55 +6470,64 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:243
+#: newusers.8.xml.out:245
 msgid ""
 "This command is intended to be used in a large system environment where many "
 "accounts are updated at a single time."
 msgstr "此命令一般用于在大型的应用环境中，对大�账户进行一次性更新。"
 
 #. (itstool) path: term/option
-#: newusers.8.xml.out:257 pwck.8.xml.out:164 useradd.8.xml.out:108
+#: newusers.8.xml.out:259 pwck.8.xml.out:164 useradd.8.xml.out:108
 #: usermod.8.xml.out:89
 msgid "--badname"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:260 pwck.8.xml.out:167 useradd.8.xml.out:111
+#: newusers.8.xml.out:262 pwck.8.xml.out:167 useradd.8.xml.out:111
 #: usermod.8.xml.out:92
 msgid "Allow names that do not conform to standards."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:290 useradd.8.xml.out:459
+#: newusers.8.xml.out:273
+msgid ""
+"The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc "
+"support these methods."
+msgstr ""
+"�用的方法有 DES, MD5, NONE, and SHA256 或 SHA512，��是您的 libc 支�这写方"
+"法。"
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:292 useradd.8.xml.out:461
 msgid "Create a system account."
 msgstr "创建一个系统账户。"
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
-#: newusers.8.xml.out:297 useradd.8.xml.out:466 usermod.8.xml.out:398
+#: newusers.8.xml.out:299 useradd.8.xml.out:468 usermod.8.xml.out:398
 msgid "SYS_UID_MAX"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:319
-#: useradd.8.xml.out:468 useradd.8.xml.out:538 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:321
+#: useradd.8.xml.out:470 useradd.8.xml.out:540 usermod.8.xml.out:397
 msgid "UID_MIN"
 msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: para/replaceable
-#: newusers.8.xml.out:299 useradd.8.xml.out:308 useradd.8.xml.out:321
-#: useradd.8.xml.out:468 useradd.8.xml.out:543 usermod.8.xml.out:397
+#: newusers.8.xml.out:301 useradd.8.xml.out:310 useradd.8.xml.out:323
+#: useradd.8.xml.out:470 useradd.8.xml.out:545 usermod.8.xml.out:397
 msgid "UID_MAX"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:293 useradd.8.xml.out:462
+#: newusers.8.xml.out:295 useradd.8.xml.out:464
 #, fuzzy
 msgid ""
 "System users will be created with no aging information in <_:filename-1/>, "
@@ -6349,64 +6541,97 @@ msgstr ""
 "<option>UID_MIN</option>-<option>UID_MAX</option> (and their <option>GID</"
 "option> counterparts for the creation of groups)。"
 
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:342
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 4 and a maximal value of 31 will be enforced for BCRYPT. "
+"The default is 13."
+msgstr "会强制最� 1,000，最大 9,9999,9999"
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:351
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1000 and a maximal value of 999,999,999 will be enforced "
+"for SHA256 and SHA512. The default is 5000."
+msgstr "会强制最� 1,000，最大 9,9999,9999"
+
+#. (itstool) path: listitem/para
+#: newusers.8.xml.out:359
+#, fuzzy
+#| msgid ""
+#| "A minimal value of 1000 and a maximal value of 999,999,999 will be "
+#| "enforced."
+msgid ""
+"A minimal value of 1 and a maximal value of 11 will be enforced for "
+"YESCRYPT. The default is 5."
+msgstr "会强制最� 1,000，最大 9,9999,9999"
+
 #. (itstool) path: refsect1/para
-#: newusers.8.xml.out:349
+#: newusers.8.xml.out:370
 msgid ""
 "The input file must be protected since it contains unencrypted passwords."
 msgstr "输入文件必须�到�护，因为它包�未加密的密�。"
 
 #. (itstool) path: term/filename
-#: newusers.8.xml.out:429
+#: newusers.8.xml.out:450
 msgid "/etc/pam.d/newusers"
 msgstr "/etc/pam.d/newusers"
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:435 useradd.8.xml.out:222 useradd.8.xml.out:481
-#: useradd.8.xml.out:785 userdel.8.xml.out:215 usermod.8.xml.out:587
+#: newusers.8.xml.out:456 useradd.8.xml.out:222 useradd.8.xml.out:483
+#: useradd.8.xml.out:805 userdel.8.xml.out:215 usermod.8.xml.out:604
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:437 useradd.8.xml.out:787 userdel.8.xml.out:217
+#: newusers.8.xml.out:458 useradd.8.xml.out:807 userdel.8.xml.out:217
 msgid "Per user subordinate group IDs."
 msgstr ""
 
 #. (itstool) path: term/filename
 #. (itstool) path: para/filename
-#: newusers.8.xml.out:441 useradd.8.xml.out:222 useradd.8.xml.out:480
-#: useradd.8.xml.out:791 userdel.8.xml.out:221 usermod.8.xml.out:593
+#: newusers.8.xml.out:462 useradd.8.xml.out:222 useradd.8.xml.out:482
+#: useradd.8.xml.out:811 userdel.8.xml.out:221 usermod.8.xml.out:610
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "/etc/subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: listitem/para
-#: newusers.8.xml.out:443 useradd.8.xml.out:793 userdel.8.xml.out:223
+#: newusers.8.xml.out:464 useradd.8.xml.out:813 userdel.8.xml.out:223
 msgid "Per user subordinate user IDs."
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:460 useradd.8.xml.out:906 userdel.8.xml.out:335
-#: usermod.8.xml.out:633
+#: newusers.8.xml.out:481 useradd.8.xml.out:926 userdel.8.xml.out:335
+#: usermod.8.xml.out:650
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subgid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: citerefentry/refentrytitle
-#: newusers.8.xml.out:463 useradd.8.xml.out:909 userdel.8.xml.out:338
-#: usermod.8.xml.out:636
+#: newusers.8.xml.out:484 useradd.8.xml.out:929 userdel.8.xml.out:338
+#: usermod.8.xml.out:653
 #, fuzzy
 #| msgid "/etc/suauth"
 msgid "subuid"
 msgstr "/etc/suauth"
 
 #. (itstool) path: para/phrase
-#: newusers.8.xml.out:458 useradd.8.xml.out:904 userdel.8.xml.out:333
-#: usermod.8.xml.out:631
+#: newusers.8.xml.out:479 useradd.8.xml.out:924 userdel.8.xml.out:333
+#: usermod.8.xml.out:648
 msgid "<_:citerefentry-1/>, <_:citerefentry-2/>,"
 msgstr ""
 
@@ -6458,12 +6683,12 @@ msgid "The <_:command-1/> command appeared in BSD 4.4."
 msgstr "<command>nologin</command> 首次出现于 BSD 4.4。"
 
 #. (itstool) path: refnamediv/refpurpose
-#: passwd.1.xml.out:48
+#: passwd.1.xml.out:50
 msgid "change user password"
 msgstr "更改用户密�"
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:65
+#: passwd.1.xml.out:67
 #, fuzzy
 #| msgid ""
 #| "The <command>passwd</command> command changes passwords for user "
@@ -6482,12 +6707,12 @@ msgstr ""
 "更改账户或相关的密�有效期。"
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:74
+#: passwd.1.xml.out:76
 msgid "Password Changes"
 msgstr "密�更改"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:75
+#: passwd.1.xml.out:77
 msgid ""
 "The user is first prompted for their old password, if one is present. This "
 "password is then encrypted and compared against the stored password. The "
@@ -6499,7 +6724,7 @@ msgstr ""
 "�。"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:83
+#: passwd.1.xml.out:85
 #, fuzzy
 #| msgid ""
 #| "After the password has been entered, password aging information is "
@@ -6515,7 +6740,7 @@ msgstr ""
 "许，<command>passwd</command> 拒�更改密�，然�退出。"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:90
+#: passwd.1.xml.out:92
 msgid ""
 "The user is then prompted twice for a replacement password. The second entry "
 "is compared against the first and both are required to match in order for "
@@ -6524,57 +6749,25 @@ msgstr ""
 "�示用户输入两次新密�。第二次和第一次进行比较，并且需�相��能更改密�。"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:96
+#: passwd.1.xml.out:98
 msgid ""
-"Then, the password is tested for complexity. As a general guideline, "
-"passwords should consist of 6 to 8 characters including one or more "
-"characters from each of the following sets:"
+"Then, the password is tested for complexity. <_:command-1/> will reject any "
+"password which is not suitably complex. Care must be taken not to include "
+"the system default erase or kill characters."
 msgstr ""
-"然�，测试密�的负责程度。一般�讲，密�应该包� 6 到 8 �字符，从下边的一个"
-"或多个集�中选择："
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:104
-msgid "lower case alphabetics"
-msgstr "�写字�"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:107
-msgid "digits 0 thru 9"
-msgstr "数字 0 到 9"
-
-#. (itstool) path: listitem/para
-#: passwd.1.xml.out:110
-msgid "punctuation marks"
-msgstr "标点符�"
-
-#. (itstool) path: refsect2/para
-#: passwd.1.xml.out:114
-#, fuzzy
-#| msgid ""
-#| "Care must be taken not to include the system default erase or kill "
-#| "characters. <command>passwd</command> will reject any password which is "
-#| "not suitably complex."
-msgid ""
-"Care must be taken not to include the system default erase or kill "
-"characters. <_:command-1/> will reject any password which is not suitably "
-"complex."
-msgstr ""
-"必须�留��能包�系统默认的擦除和�死字符。<command>passwd</command> 会拒�"
-"��度�满足�求的密�。"
 
 #. (itstool) path: refsect2/title
-#: passwd.1.xml.out:123
+#: passwd.1.xml.out:108
 msgid "Hints for user passwords"
 msgstr "关于用户密�的�示"
 
 #. (itstool) path: para/emphasis
-#: passwd.1.xml.out:127
+#: passwd.1.xml.out:112
 msgid "UNIX"
 msgstr ""
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:124
+#: passwd.1.xml.out:109
 #, fuzzy
 #| msgid ""
 #| "The security of a password depends upon the strength of the encryption "
@@ -6595,7 +6788,7 @@ msgstr ""
 "<option>ENCRYPT_METHOD</option>)。密钥空间的大��赖于选择的密�的�机性。"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:133
+#: passwd.1.xml.out:118
 msgid ""
 "Compromises in password security normally result from careless password "
 "selection or handling. For this reason, you should not select a password "
@@ -6608,7 +6801,19 @@ msgstr ""
 "或者街��。所有这些�以用于猜测��害系统安全。"
 
 #. (itstool) path: refsect2/para
-#: passwd.1.xml.out:142
+#: passwd.1.xml.out:127
+msgid ""
+"As a general guideline, passwords should be long and random. It's fine to "
+"use simple character sets, such as passwords consisting only of lowercase "
+"letters, if that helps memorizing longer passwords. For a password "
+"consisting only of lowercase English letters randomly chosen, and a length "
+"of 32, there are 26^32 (approximately 2^150) different possible "
+"combinations. Being an exponential equation, it's apparent that the exponent "
+"(the length) is more important than the base (the size of the character set)."
+msgstr ""
+
+#. (itstool) path: refsect2/para
+#: passwd.1.xml.out:138
 #, fuzzy
 #| msgid ""
 #| "You can find advices on how to choose a strong password on http://en."
@@ -6621,7 +6826,7 @@ msgstr ""
 "议。"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:160
+#: passwd.1.xml.out:156
 #, fuzzy
 #| msgid ""
 #| "This option can be used only with <option>-S</option> and causes show "
@@ -6632,7 +6837,7 @@ msgid ""
 msgstr "此选项�能和 <option>-S</option> 一起使用，�显示所有用户的状�。"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:171
+#: passwd.1.xml.out:167
 msgid ""
 "Delete a user's password (make it empty). This is a quick way to disable a "
 "password for an account. It will set the named account passwordless."
@@ -6641,21 +6846,21 @@ msgstr ""
 "户。"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:180
+#: passwd.1.xml.out:176
 #, fuzzy
 #| msgid "expiry"
 msgid "--expire"
 msgstr "expiry"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:183
+#: passwd.1.xml.out:179
 msgid ""
 "Immediately expire an account's password. This in effect can force a user to "
 "change their password at the user's next login."
 msgstr "让一个账户的密�立�过期。这�以强制一个用户下次登录时更改密�。"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:200
+#: passwd.1.xml.out:196
 #, fuzzy
 #| msgid ""
 #| "This option is used to disable an account after the password has been "
@@ -6673,19 +6878,19 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: passwd.1.xml.out:210 useradd.8.xml.out:278 useradd.8.xml.out:356
+#: passwd.1.xml.out:206 useradd.8.xml.out:280 useradd.8.xml.out:358
 #, fuzzy
 #| msgid "-"
 msgid "-k"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:210
+#: passwd.1.xml.out:206
 msgid "--keep-tokens"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:213
+#: passwd.1.xml.out:209
 msgid ""
 "Indicate password change should be performed only for expired authentication "
 "tokens (passwords). The user wishes to keep their non-expired tokens as "
@@ -6695,12 +6900,12 @@ msgstr ""
 "令。"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:222 usermod.8.xml.out:231
+#: passwd.1.xml.out:218 usermod.8.xml.out:231
 msgid "--lock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:225
+#: passwd.1.xml.out:221
 msgid ""
 "Lock the password of the named account. This option disables a password by "
 "changing it to a value which matches no possible encrypted value (it adds a "
@@ -6710,12 +6915,12 @@ msgstr ""
 "在密�开头添加一个“!�)。"
 
 #. (itstool) path: para/command
-#: passwd.1.xml.out:235
+#: passwd.1.xml.out:231
 msgid "usermod --expiredate 1"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:231
+#: passwd.1.xml.out:227
 #, fuzzy
 #| msgid ""
 #| "Note that this does not disable the account. The user may still be able "
@@ -6733,52 +6938,52 @@ msgstr ""
 "户的过期时间为1970年1月2日)。"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:238
+#: passwd.1.xml.out:234
 msgid "Users with a locked password are not allowed to change their password."
 msgstr "被�定了密�的用户��许更改密�。"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "-q"
 msgstr "-q"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:258 pwck.8.xml.out:179 vipw.8.xml.out:108
+#: passwd.1.xml.out:254 pwck.8.xml.out:179 vipw.8.xml.out:108
 msgid "--quiet"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:261 vipw.8.xml.out:110
+#: passwd.1.xml.out:257 vipw.8.xml.out:110
 msgid "Quiet mode."
 msgstr "安�模�。"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:268
+#: passwd.1.xml.out:264
 msgid "--repository"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
-#: passwd.1.xml.out:268 passwd.1.xml.out:272
+#: passwd.1.xml.out:264 passwd.1.xml.out:268
 #, fuzzy
 #| msgid "EDITOR"
 msgid "REPOSITORY"
 msgstr "EDITOR"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:271
+#: passwd.1.xml.out:267
 #, fuzzy
 #| msgid "change password in <replaceable>REPOSITORY</replaceable> repository"
 msgid "change password in <_:replaceable-1/> repository"
 msgstr "在 <replaceable>REPOSITORY</replaceable> 中更改密�"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:291
+#: passwd.1.xml.out:302
 msgid "--status"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:294
+#: passwd.1.xml.out:305
 msgid ""
 "Display account status information. The status information consists of 7 "
 "fields. The first field is the user's login name. The second field indicates "
@@ -6794,12 +6999,12 @@ msgstr ""
 "和�用期。这些年龄以天为��计算。"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:309 usermod.8.xml.out:405
+#: passwd.1.xml.out:320 usermod.8.xml.out:405
 msgid "--unlock"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:312
+#: passwd.1.xml.out:323
 #, fuzzy
 #| msgid ""
 #| "Unlock the password of the named account. This option re-enables a "
@@ -6814,7 +7019,7 @@ msgstr ""
 "之�的值)�新�用密�。"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:325
+#: passwd.1.xml.out:336
 #, fuzzy
 #| msgid ""
 #| "Set the number of days of warning before a password change is required. "
@@ -6830,14 +7035,14 @@ msgstr ""
 "在密�过期之���警告的天数。"
 
 #. (itstool) path: term/option
-#: passwd.1.xml.out:335
+#: passwd.1.xml.out:346
 #, fuzzy
 #| msgid "-"
 msgid "-x"
 msgstr "-"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:338
+#: passwd.1.xml.out:349
 #, fuzzy
 #| msgid ""
 #| "Set the maximum number of days a password remains valid. After "
@@ -6850,15 +7055,27 @@ msgstr ""
 "设置密��然有效的最大天数。<replaceable>MAX_DAYS</replaceable> 之�，密�会"
 "�求更改。"
 
+#. (itstool) path: term/option
+#: passwd.1.xml.out:363
+msgid "--stdin"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: passwd.1.xml.out:366
+msgid ""
+"This option is used to indicate that passwd should read the new password "
+"from standard input, which can be a pipe."
+msgstr ""
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:355
+#: passwd.1.xml.out:377
 msgid ""
 "Password complexity checking may vary from site to site. The user is urged "
 "to select a password as complex as he or she feels comfortable with."
 msgstr "密���性检查在��机器间��。用户应该选择适�的尽���的密�。"
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:360
+#: passwd.1.xml.out:382
 msgid ""
 "Users may not be able to change their password on a system if NIS is enabled "
 "and they are not logged into the NIS server."
@@ -6866,7 +7083,7 @@ msgstr ""
 "在�动了 NIS 的系统上，如果没有登录 NIS �务器，用户或许�能更改自己的密�。"
 
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:365
+#: passwd.1.xml.out:387
 #, fuzzy
 #| msgid ""
 #| "<command>passwd</command> uses PAM to authenticate users and to change "
@@ -6876,39 +7093,53 @@ msgid ""
 msgstr "<command>passwd</command> 使用 PAM �认�用户以�更改密�。"
 
 #. (itstool) path: term/filename
-#: passwd.1.xml.out:411
+#: passwd.1.xml.out:433
 msgid "/etc/pam.d/passwd"
 msgstr "/etc/pam.d/passwd"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:439
+#: passwd.1.xml.out:461
 msgid "invalid combination of options"
 msgstr "无效的选项组�"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:445
+#: passwd.1.xml.out:467
 msgid "unexpected failure, nothing done"
 msgstr "�外的失败，什么也没有�。"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:451
+#: passwd.1.xml.out:473
 #, fuzzy
 #| msgid "unexpected failure, <filename>passwd</filename> file missing"
 msgid "unexpected failure, <_:filename-1/> file missing"
 msgstr "�外的失败，<filename>passwd</filename> 文件丢失"
 
 #. (itstool) path: listitem/para
-#: passwd.1.xml.out:457
+#: passwd.1.xml.out:479
 #, fuzzy
 #| msgid "<filename>passwd</filename> file busy, try again"
 msgid "<_:filename-1/> file busy, try again"
 msgstr "<filename>passwd</filename> 文件忙，请�试"
 
+#. (itstool) path: citerefentry/refentrytitle
+#: passwd.1.xml.out:499
+#, fuzzy
+#| msgid "passwd"
+msgid "makepasswd"
+msgstr "passwd"
+
 #. (itstool) path: refsect1/para
-#: passwd.1.xml.out:472
+#: passwd.1.xml.out:494
 msgid ""
-"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:phrase-4/> "
-"<_:citerefentry-5/>."
+"<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
+"citerefentry-4/>, <_:phrase-5/> <_:citerefentry-6/>."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: passwd.1.xml.out:517
+msgid ""
+"The following web page comically (yet correctly) compares the strength of "
+"two different methods for choosing a password: \"https://xkcd.com/936/\""
 msgstr ""
 
 #. (itstool) path: refnamediv/refpurpose
@@ -8874,6 +9105,11 @@ msgid "$HZ"
 msgstr ""
 
 #. (itstool) path: para/option
+#: su.1.xml.out:278
+msgid "ENV_TZ"
+msgstr ""
+
+#. (itstool) path: para/option
 #: su.1.xml.out:279
 msgid "ENV_HZ"
 msgstr ""
@@ -9304,7 +9540,7 @@ msgstr "创建一个新用户或更新默认新用户信�"
 #. (itstool) path: para/option
 #. (itstool) path: term/option
 #: useradd.8.xml.out:72 useradd.8.xml.out:76 useradd.8.xml.out:86
-#: useradd.8.xml.out:169 useradd.8.xml.out:583 useradd.8.xml.out:585
+#: useradd.8.xml.out:169 useradd.8.xml.out:603 useradd.8.xml.out:605
 msgid "-D"
 msgstr "-D"
 
@@ -9345,14 +9581,14 @@ msgstr ""
 "<option>-U</option>，和 <option>USERGROUPS_ENAB</option>)。"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:118 useradd.8.xml.out:592
+#: useradd.8.xml.out:118 useradd.8.xml.out:612
 msgid "--base-dir"
 msgstr ""
 
 #. (itstool) path: term/replaceable
 #. (itstool) path: para/replaceable
 #: useradd.8.xml.out:118 useradd.8.xml.out:124 useradd.8.xml.out:159
-#: useradd.8.xml.out:592 useradd.8.xml.out:598
+#: useradd.8.xml.out:612 useradd.8.xml.out:618
 msgid "BASE_DIR"
 msgstr ""
 
@@ -9383,18 +9619,18 @@ msgstr ""
 "须已�存在。"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:131 useradd.8.xml.out:603
+#: useradd.8.xml.out:131 useradd.8.xml.out:623
 msgid "HOME"
 msgstr ""
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
 #: useradd.8.xml.out:132 useradd.8.xml.out:189 useradd.8.xml.out:212
-#: useradd.8.xml.out:250 useradd.8.xml.out:293 useradd.8.xml.out:343
-#: useradd.8.xml.out:393 useradd.8.xml.out:523 useradd.8.xml.out:604
-#: useradd.8.xml.out:616 useradd.8.xml.out:633 useradd.8.xml.out:649
-#: useradd.8.xml.out:663 useradd.8.xml.out:677 useradd.8.xml.out:767
-#: usermod.8.xml.out:419
+#: useradd.8.xml.out:250 useradd.8.xml.out:267 useradd.8.xml.out:295
+#: useradd.8.xml.out:345 useradd.8.xml.out:395 useradd.8.xml.out:525
+#: useradd.8.xml.out:624 useradd.8.xml.out:636 useradd.8.xml.out:653
+#: useradd.8.xml.out:669 useradd.8.xml.out:683 useradd.8.xml.out:697
+#: useradd.8.xml.out:787 usermod.8.xml.out:419
 msgid "/etc/default/useradd"
 msgstr "/etc/default/useradd"
 
@@ -9499,7 +9735,7 @@ msgstr ""
 "�指定。"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:188 useradd.8.xml.out:615 usermod.8.xml.out:418
+#: useradd.8.xml.out:188 useradd.8.xml.out:635 usermod.8.xml.out:418
 msgid "EXPIRE"
 msgstr ""
 
@@ -9546,7 +9782,7 @@ msgstr ""
 
 #. (itstool) path: term/option
 #. (itstool) path: para/option
-#: useradd.8.xml.out:218 useradd.8.xml.out:482
+#: useradd.8.xml.out:218 useradd.8.xml.out:484
 #, fuzzy
 #| msgid "-"
 msgid "-F"
@@ -9662,6 +9898,13 @@ msgid ""
 "emphasis-5/>]]]"
 msgstr ""
 
+#. (itstool) path: para/option
+#: useradd.8.xml.out:267
+#, fuzzy
+#| msgid "GROUP"
+msgid "GROUPS"
+msgstr "GROUP"
+
 #. (itstool) path: listitem/para
 #: useradd.8.xml.out:260
 #, fuzzy
@@ -9676,23 +9919,25 @@ msgid ""
 "group is separated from the next by a comma, with no intervening whitespace. "
 "The groups are subject to the same restrictions as the group given with the "
 "<_:option-1/> option. The default is for the user to belong only to the "
-"initial group."
+"initial group. In addition to passing in the -G flag, you can add the option "
+"<_:option-2/> to the file <_:filename-3/> which in turn will add all users "
+"to those supplementary groups."
 msgstr ""
 "用户还属于的附加组列表。�个组都用逗�隔开，没有中间的空格。这里的组�到了 "
 "<option>-g</option> 选项给定的组�样的�制。默认上，用户�属于�始组。"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "--skel"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:278
+#: useradd.8.xml.out:280
 msgid "SKEL_DIR"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:281
+#: useradd.8.xml.out:283
 #, fuzzy
 #| msgid ""
 #| "The skeleton directory, which contains files and directories to be copied "
@@ -9708,12 +9953,12 @@ msgstr ""
 
 #. (itstool) path: para/option
 #. (itstool) path: term/option
-#: useradd.8.xml.out:288 useradd.8.xml.out:350
+#: useradd.8.xml.out:290 useradd.8.xml.out:352
 msgid "--create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:286
+#: useradd.8.xml.out:288 useradd.8.xml.out:592 usermod.8.xml.out:524
 #, fuzzy
 #| msgid ""
 #| "This option is only valid if the <option>-m</option> (or <option>--create-"
@@ -9726,19 +9971,19 @@ msgstr ""
 "项时�有效。"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:292
+#: useradd.8.xml.out:294
 msgid "SKEL"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:294
+#: useradd.8.xml.out:296
 #, fuzzy
 #| msgid "/etc/skel/"
 msgid "/etc/skel"
 msgstr "/etc/skel/"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:290
+#: useradd.8.xml.out:292
 #, fuzzy
 #| msgid ""
 #| "If this option is not set, the skeleton directory is defined by the "
@@ -9752,24 +9997,24 @@ msgstr ""
 "的 <option>SKEL</option> 的��或默认为 <filename>/etc/skel</filename>。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:296
+#: useradd.8.xml.out:298
 msgid "If possible, the ACLs and extended attributes are copied."
 msgstr "如果�以，也�制 ACL 和扩展属性。"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:309
+#: useradd.8.xml.out:311
 msgid "UMASK"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:306
+#: useradd.8.xml.out:308
 msgid ""
 "Overrides <_:filename-1/> defaults (<_:option-2/>, <_:option-3/>, <_:"
 "option-4/>, <_:option-5/> and others)."
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:312
+#: useradd.8.xml.out:314
 msgid ""
 "Example: <_:option-1/> <_:replaceable-2/>=<_:replaceable-3/> can be used "
 "when creating an account to turn off password aging. Multiple <_:option-4/> "
@@ -9778,17 +10023,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:330
+#: useradd.8.xml.out:332
 msgid "--no-log-init"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:332
+#: useradd.8.xml.out:334
 msgid "Do not add the user to the lastlog and faillog databases."
 msgstr "��将用户添加到最近登录和登录失败数�库。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:335
+#: useradd.8.xml.out:337
 #, fuzzy
 #| msgid ""
 #| "By default, the user's entries in the lastlog and faillog databases are "
@@ -9801,12 +10046,12 @@ msgstr ""
 "的�目。"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:342
+#: useradd.8.xml.out:344
 msgid "LOG_INIT"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:340
+#: useradd.8.xml.out:342
 msgid ""
 "If this option is not specified, <_:command-1/> will also consult the "
 "variable <_:option-2/> in the <_:filename-3/> if set to no the user will not "
@@ -9814,7 +10059,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:353
+#: useradd.8.xml.out:355
 #, fuzzy
 #| msgid ""
 #| "Create the user's home directory if it does not exist. The files and "
@@ -9829,12 +10074,12 @@ msgstr ""
 "option> 选项指定)，将会�制到主目录。"
 
 #. (itstool) path: para/option
-#: useradd.8.xml.out:361 useradd.8.xml.out:379 useradd.8.xml.out:475
+#: useradd.8.xml.out:363 useradd.8.xml.out:381 useradd.8.xml.out:477
 msgid "CREATE_HOME"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:359
+#: useradd.8.xml.out:361
 #, fuzzy
 #| msgid ""
 #| "By default, if this option is not specified and <option>CREATE_HOME</"
@@ -9847,7 +10092,7 @@ msgstr ""
 "建主目录。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:364
+#: useradd.8.xml.out:366
 msgid ""
 "The directory where the user's home directory is created must exist and have "
 "proper SELinux context and permissions. Otherwise the user's home directory "
@@ -9855,12 +10100,12 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:373
+#: useradd.8.xml.out:375
 msgid "--no-create-home"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:376
+#: useradd.8.xml.out:378
 #, fuzzy
 #| msgid ""
 #| "Do no create the user's home directory, even if the system wide setting "
@@ -9874,12 +10119,12 @@ msgstr ""
 "(<option>CREATE_HOME</option>) 为 <replaceable>yes</replaceable>。"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:386
+#: useradd.8.xml.out:388
 msgid "--no-user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:389
+#: useradd.8.xml.out:391
 #, fuzzy
 #| msgid ""
 #| "Do not create a group with the same name as the user, but add the user to "
@@ -9895,7 +10140,7 @@ msgstr ""
 "<filename>/etc/default/useradd</filename> 中的 <option>GROUP</option> ��。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:408
+#: useradd.8.xml.out:410
 #, fuzzy
 #| msgid ""
 #| "Allow the creation of a user account with a duplicate (non-unique) UID."
@@ -9903,7 +10148,7 @@ msgid "allows the creation of an account with an already existing UID."
 msgstr "�许使用��的 UID 创建用户账户。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:412 usermod.8.xml.out:277
+#: useradd.8.xml.out:414 usermod.8.xml.out:277
 msgid ""
 "This option is only valid in combination with the <_:option-1/> option. As a "
 "user identity serves as key to map between users on one hand and "
@@ -9913,7 +10158,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:428
+#: useradd.8.xml.out:430
 msgid ""
 "defines an initial password for the account. PASSWORD is expected to be "
 "encrypted, as returned by <_:citerefentry-1/>. Within a shell script, this "
@@ -9921,7 +10166,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:435
+#: useradd.8.xml.out:437
 msgid ""
 "Without this option, the new account will be locked and with no password "
 "defined, i.e. a single exclamation mark in the respective field of <_:"
@@ -9930,7 +10175,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:443
+#: useradd.8.xml.out:445
 #, fuzzy
 #| msgid ""
 #| "<emphasis role=\"bold\">Note:</emphasis> This option is not recommended "
@@ -9944,7 +10189,7 @@ msgstr ""
 "过的密�)会被用户通过列出这个过程而看到。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:471
+#: useradd.8.xml.out:473
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -9963,7 +10208,7 @@ msgstr ""
 "样。如果想为�创建的系统账户创建主目录，需�指定 <option>-m</option> 选项。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:479
+#: useradd.8.xml.out:481
 #, fuzzy
 #| msgid ""
 #| "Note that <command>useradd</command> will not create a home directory for "
@@ -9981,7 +10226,7 @@ msgstr ""
 "样。如果想为�创建的系统账户创建主目录，需�指定 <option>-m</option> 选项。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:520
+#: useradd.8.xml.out:522
 msgid ""
 "sets the path to the user's login shell. Without this option, the system "
 "will use the <_:option-1/> variable specified in <_:filename-2/>, or, if "
@@ -9990,17 +10235,17 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "--uid"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:531 usermod.8.xml.out:369
+#: useradd.8.xml.out:533 usermod.8.xml.out:369
 msgid "UID"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:534
+#: useradd.8.xml.out:536
 #, fuzzy
 #| msgid ""
 #| "The numerical value of the user's ID. This value must be unique, unless "
@@ -10018,54 +10263,76 @@ msgstr ""
 "�值。"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:549
+#: useradd.8.xml.out:551
 msgid "--user-group"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:552
+#: useradd.8.xml.out:554
 msgid ""
 "Create a group with the same name as the user, and add the user to this "
 "group."
 msgstr "创建一个和用户��的组，并将用户添加到组中。"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:593 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:525
 #, fuzzy
 #| msgid "-"
 msgid "-Z"
 msgstr "-"
 
 #. (itstool) path: term/option
-#: useradd.8.xml.out:566 userdel.8.xml.out:153 usermod.8.xml.out:501
+#. (itstool) path: para/option
+#: useradd.8.xml.out:568 useradd.8.xml.out:594 userdel.8.xml.out:153
+#: usermod.8.xml.out:501 usermod.8.xml.out:526
 msgid "--selinux-user"
 msgstr ""
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:566 usermod.8.xml.out:501
+#: useradd.8.xml.out:568 usermod.8.xml.out:501
 msgid "SEUSER"
 msgstr ""
 
 #. (itstool) path: citerefentry/refentrytitle
-#: useradd.8.xml.out:573
+#: useradd.8.xml.out:575 useradd.8.xml.out:589 usermod.8.xml.out:521
 msgid "semanage"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:569
+#: useradd.8.xml.out:571
 msgid ""
-"defines the SELinux user for the new account. Without this option, a SELinux "
+"defines the SELinux user for the new account. Without this option, SELinux "
 "uses the default user. Note that the shadow system doesn't store the selinux-"
 "user, it uses <_:citerefentry-1/> for that."
 msgstr ""
 
+#. (itstool) path: term/option
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "--selinux-range"
+msgstr ""
+
+#. (itstool) path: term/replaceable
+#: useradd.8.xml.out:582 usermod.8.xml.out:515
+msgid "SERANGE"
+msgstr ""
+
+#. (itstool) path: listitem/para
+#: useradd.8.xml.out:585
+msgid ""
+"defines the SELinux MLS range for the new account. Without this option, "
+"SELinux uses the default range. Note that the shadow system doesn't store "
+"the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
 #. (itstool) path: refsect2/title
-#: useradd.8.xml.out:581
+#: useradd.8.xml.out:601
 msgid "Changing the default values"
 msgstr "更改默认值"
 
 #. (itstool) path: refsect2/para
-#: useradd.8.xml.out:582
+#: useradd.8.xml.out:602
 #, fuzzy
 #| msgid ""
 #| "When invoked with only the <option>-D</option> option, <command>useradd</"
@@ -10084,7 +10351,7 @@ msgstr ""
 "将为指定的选项更新默认值。有效的“更改默认值�选项有："
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:595
+#: useradd.8.xml.out:615
 #, fuzzy
 #| msgid ""
 #| "The path prefix for a new user's home directory. The user's name will be "
@@ -10102,8 +10369,8 @@ msgstr ""
 "录�。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:602 useradd.8.xml.out:614 useradd.8.xml.out:631
-#: useradd.8.xml.out:647 useradd.8.xml.out:661
+#: useradd.8.xml.out:622 useradd.8.xml.out:634 useradd.8.xml.out:651
+#: useradd.8.xml.out:667 useradd.8.xml.out:681
 #, fuzzy
 #| msgid ""
 #| "This option sets the <option>HOME</option> variable in <filename>/etc/"
@@ -10114,14 +10381,14 @@ msgstr ""
 "option> 选项。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:613
+#: useradd.8.xml.out:633
 #, fuzzy
 #| msgid "The date on which the user account is disabled."
 msgid "sets the date on which newly created user accounts are disabled."
 msgstr "�用此用户账户的日期。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:625
+#: useradd.8.xml.out:645
 msgid ""
 "defines the number of days after the password exceeded its maximum age where "
 "the user is expected to replace this password. See <_:citerefentry-1/>for "
@@ -10129,7 +10396,7 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:642
+#: useradd.8.xml.out:662
 msgid ""
 "sets the default primary group for newly created users, accepting group "
 "names or a numerical group ID. The named group must exist, and the GID must "
@@ -10137,23 +10404,23 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:658
+#: useradd.8.xml.out:678
 msgid "defines the default login shell for new users."
 msgstr ""
 
 #. (itstool) path: refsect1/title
-#: useradd.8.xml.out:673
+#: useradd.8.xml.out:693
 msgid "NOTES"
 msgstr "注�："
 
 #. (itstool) path: para/filename
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:675 useradd.8.xml.out:779
+#: useradd.8.xml.out:695 useradd.8.xml.out:799
 msgid "/etc/skel/"
 msgstr "/etc/skel/"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:674
+#: useradd.8.xml.out:694
 #, fuzzy
 #| msgid ""
 #| "The system administrator is responsible for placing the default user "
@@ -10169,14 +10436,14 @@ msgstr ""
 "者命令行上�<filename>/etc/default/useradd</filename> 中指定的任何其它目录)。"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:683
+#: useradd.8.xml.out:703
 msgid ""
 "You may not add a user to a NIS or LDAP group. This must be performed on the "
 "corresponding server."
 msgstr "您�能�能想 NIS 组或 LDAP 组添加用户。这�能在相应�务器上进行。"
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:688
+#: useradd.8.xml.out:708
 #, fuzzy
 #| msgid ""
 #| "Similarly, if the username already exists in an external user database "
@@ -10190,12 +10457,12 @@ msgstr ""
 "<command>useradd</command> 将拒�创建用户账户的请求。"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:702
+#: useradd.8.xml.out:722
 msgid "ls"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:694
+#: useradd.8.xml.out:714
 msgid ""
 "Usernames may contain only lower and upper case letters, digits, "
 "underscores, or dashes. They can end with a dollar sign. Dashes are not "
@@ -10206,60 +10473,60 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:704
-msgid "Usernames may only be up to 32 characters long."
-msgstr "用户��能超过 32 个字符长。"
+#: useradd.8.xml.out:724
+msgid "Usernames may only be up to 256 characters long."
+msgstr "用户��能超过 256 个字符长。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:769
+#: useradd.8.xml.out:789
 msgid "Default values for account creation."
 msgstr "账户创建的默认值。"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 #, fuzzy
 #| msgid "/etc/default/useradd"
 msgid "/etc/shadow-maint/useradd-pre.d/*"
 msgstr "/etc/default/useradd"
 
 #. (itstool) path: term/filename
-#: useradd.8.xml.out:773
+#: useradd.8.xml.out:793
 msgid "/etc/shadow-maint/useradd-post.d/*"
 msgstr ""
 
 #. (itstool) path: varlistentry/term
-#: useradd.8.xml.out:773 userdel.8.xml.out:209
+#: useradd.8.xml.out:793 userdel.8.xml.out:209
 msgid "<_:filename-1/>, <_:filename-2/>"
 msgstr ""
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 #, fuzzy
 #| msgid "OPTIONS"
 msgid "ACTION"
 msgstr "选项"
 
 #. (itstool) path: para/command
-#: useradd.8.xml.out:775 userdel.8.xml.out:211
+#: useradd.8.xml.out:795 userdel.8.xml.out:211
 msgid "SUBJECT"
 msgstr ""
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-pre.d"
 msgstr "useradd"
 
 #. (itstool) path: para/filename
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 #, fuzzy
 #| msgid "useradd"
 msgid "useradd-post.d"
 msgstr "useradd"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:775
+#: useradd.8.xml.out:795
 msgid ""
 "Run-part files to execute during user addition. The environment variable <_:"
 "command-1/> will be populated with useradd and <_:command-2/> with the <_:"
@@ -10269,48 +10536,48 @@ msgid ""
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:781
+#: useradd.8.xml.out:801
 msgid "Directory containing default files."
 msgstr "包�默认文件的目录。"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:819 userdel.8.xml.out:243
+#: useradd.8.xml.out:839 userdel.8.xml.out:243
 msgid "can't update password file"
 msgstr "无法更新密�文件"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:837
+#: useradd.8.xml.out:857
 #, fuzzy
 #| msgid "UID already in use (and no <option>-o</option>)"
 msgid "UID already in use (and no <_:option-1/>)"
 msgstr "UID 已�使用 (且没有 <option>-o</option>)"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:849
+#: useradd.8.xml.out:869
 #, fuzzy
 #| msgid "group name already in use"
 msgid "username or group name already in use"
 msgstr "组�已�在使用"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:861
+#: useradd.8.xml.out:881
 msgid "can't create home directory"
 msgstr "无法创建主目录"
 
 #. (itstool) path: term/replaceable
-#: useradd.8.xml.out:865
+#: useradd.8.xml.out:885
 #, fuzzy
 #| msgid "1"
 msgid "14"
 msgstr "1"
 
 #. (itstool) path: listitem/para
-#: useradd.8.xml.out:867
+#: useradd.8.xml.out:887
 msgid "can't update SELinux user mapping"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: useradd.8.xml.out:876 usermod.8.xml.out:603
+#: useradd.8.xml.out:896 usermod.8.xml.out:620
 msgid ""
 "<_:citerefentry-1/>, <_:citerefentry-2/>, <_:citerefentry-3/>, <_:"
 "citerefentry-4/>, <_:citerefentry-5/>, <_:citerefentry-6/>, <_:"
@@ -11129,8 +11396,15 @@ msgid ""
 "shadow system doesn't store the selinux-user, it uses semanage(8) for that."
 msgstr ""
 
-#. (itstool) path: refsect1/para
+#. (itstool) path: listitem/para
 #: usermod.8.xml.out:518
+msgid ""
+"defines the SELinux MLS range for the new account. Note that the shadow "
+"system doesn't store the selinux-range, it uses <_:citerefentry-1/> for that."
+msgstr ""
+
+#. (itstool) path: refsect1/para
+#: usermod.8.xml.out:535
 #, fuzzy
 #| msgid ""
 #| "You must make certain that the named user is not executing any processes "
@@ -11150,17 +11424,17 @@ msgstr ""
 "仅根� utmp 检查用户是�已�登录。"
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:527
+#: usermod.8.xml.out:544
 msgid "crontab"
 msgstr ""
 
 #. (itstool) path: para/command
-#: usermod.8.xml.out:528
+#: usermod.8.xml.out:545
 msgid "at"
 msgstr ""
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:526
+#: usermod.8.xml.out:543
 #, fuzzy
 #| msgid ""
 #| "You must change the owner of any <command>crontab</command> files or "
@@ -11173,52 +11447,52 @@ msgstr ""
 "属主。"
 
 #. (itstool) path: refsect1/para
-#: usermod.8.xml.out:530
+#: usermod.8.xml.out:547
 msgid "You must make any changes involving NIS on the NIS server."
 msgstr "您必须更改 NIS �务器上的 NIS 相关内容。"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:559
+#: usermod.8.xml.out:576
 #, fuzzy
 #| msgid "Group account information."
 msgid "Group account information"
 msgstr "组账户信�。"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:565
+#: usermod.8.xml.out:582
 #, fuzzy
 #| msgid "Secure group account information."
-msgid "Secure group account informatio."
+msgid "Secure group account information"
 msgstr "安全组账户信�。"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:571
+#: usermod.8.xml.out:588
 #, fuzzy
 #| msgid "Shadow password suite configuration."
 msgid "Shadow password suite configuration"
 msgstr "Shadow 密�套件�置。"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:577
+#: usermod.8.xml.out:594
 #, fuzzy
 #| msgid "User account information."
 msgid "User account information"
 msgstr "用户账户信�。"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:583
+#: usermod.8.xml.out:600
 #, fuzzy
 #| msgid "Secure user account information."
 msgid "Secure user account information"
 msgstr "安全用户账户信�。"
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:589
+#: usermod.8.xml.out:606
 msgid "Per user subordinate group IDs"
 msgstr ""
 
 #. (itstool) path: listitem/para
-#: usermod.8.xml.out:595
+#: usermod.8.xml.out:612
 msgid "Per user subordinate user IDs"
 msgstr ""
 
@@ -11270,7 +11544,7 @@ msgstr "vipw"
 #| "envar>, and finally the default editor, <citerefentry><refentrytitle>vi</"
 #| "refentrytitle><manvolnum>1</manvolnum></citerefentry>."
 msgid ""
-"The <_:command-1/> and <_:command-2/> commands edits the files <_:filename-3/"
+"The <_:command-1/> and <_:command-2/> commands edit the files <_:filename-3/"
 "> and <_:filename-4/>, respectively. With the <_:option-5/> flag, they will "
 "edit the shadow versions of those files, <_:filename-6/> and <_:filename-7/"
 ">, respectively. The programs will set the appropriate locks to prevent file "
@@ -12996,6 +13270,31 @@ msgstr ""
 #~ "<citerefentry><refentrytitle>sulogin</refentrytitle><manvolnum>8</"
 #~ "manvolnum></citerefentry>."
 
+#~ msgid ""
+#~ "Then, the password is tested for complexity. As a general guideline, "
+#~ "passwords should consist of 6 to 8 characters including one or more "
+#~ "characters from each of the following sets:"
+#~ msgstr ""
+#~ "然�，测试密�的负责程度。一般�讲，密�应该包� 6 到 8 �字符，从下边的一"
+#~ "个或多个集�中选择："
+
+#~ msgid "lower case alphabetics"
+#~ msgstr "�写字�"
+
+#~ msgid "digits 0 thru 9"
+#~ msgstr "数字 0 到 9"
+
+#~ msgid "punctuation marks"
+#~ msgstr "标点符�"
+
+#~ msgid ""
+#~ "Care must be taken not to include the system default erase or kill "
+#~ "characters. <command>passwd</command> will reject any password which is "
+#~ "not suitably complex."
+#~ msgstr ""
+#~ "必须�留��能包�系统默认的擦除和�死字符。<command>passwd</command> 会拒"
+#~ "���度�满足�求的密�。"
+
 #~ msgid "<option>-d</option>, <option>--delete</option>"
 #~ msgstr "<option>-d</option>, <option>--delete</option>"
 
@@ -13260,6 +13559,14 @@ msgstr ""
 #~ msgid "<option>-s</option>, <option>--sha-rounds</option>"
 #~ msgstr "<option>-s</option>, <option>--sha-rounds</option>"
 
+#~ msgid ""
+#~ "The value 0 means that the system will choose the default number of "
+#~ "rounds for the crypt method (5000)."
+#~ msgstr "值 0 表示让系统为加密方法选择默认的轮转次数 (5000)。"
+
+#~ msgid "You can only use this option with the SHA256 or SHA512 crypt method."
+#~ msgstr "您��以对 SHA256 或 SHA512 使用此选项。"
+
 #~ msgid "PAM configuration for <command>newusers</command>."
 #~ msgstr "<command>newusers</command> 的 PAM �置。"
 
@@ -14211,6 +14518,9 @@ msgstr ""
 #~ "<option>-c</option>, <option>--crypt-method</option>&nbsp;"
 #~ "<replaceable>METHOD</replaceable>"
 
+#~ msgid "The available methods are DES, MD5, and NONE."
+#~ msgstr "�用的方法有 DES，MD5 和 NONE。"
+
 #~ msgid "<option>-e</option>, <option>--encrypted</option>"
 #~ msgstr "<option>-e</option>, <option>--encrypted</option>"
 
diff --git a/man/pt_BR/Makefile.in b/man/pt_BR/Makefile.in
index 0ec510c..f12dbd0 100644
--- a/man/pt_BR/Makefile.in
+++ b/man/pt_BR/Makefile.in
@@ -172,6 +172,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -190,6 +192,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -205,9 +208,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -223,6 +232,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -231,6 +241,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -253,6 +265,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
index 8a776a8..84d55d9 100644
--- a/man/ru/Makefile.am
+++ b/man/ru/Makefile.am
@@ -21,7 +21,6 @@ man_MANS = \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -44,6 +43,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
diff --git a/man/ru/Makefile.in b/man/ru/Makefile.in
index cbdffd7..cfa1982 100644
--- a/man/ru/Makefile.in
+++ b/man/ru/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/ru
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -176,6 +177,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -194,6 +197,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -209,9 +213,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -227,6 +237,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -235,6 +246,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -257,6 +270,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -332,20 +348,22 @@ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
 	man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
 	man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
-	man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
-	man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
-	man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
-	man8/vipw.8 $(am__append_1)
+	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man3/shadow.3 \
+	man5/shadow.5 man1/su.1 man5/suauth.5 man8/useradd.8 \
+	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+	$(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
 	man5/porttime.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_2)
+EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_3)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -354,8 +372,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -739,10 +764,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -750,7 +775,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -761,11 +786,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/ru/man1/chage.1 b/man/ru/man1/chage.1
index 49be778..fd2c3ec 100644
--- a/man/ru/man1/chage.1
+++ b/man/ru/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "chage" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "chage" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chage \- измен�ет информацию об у�таревании парол� пользовател�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBchage\fR\ 'u
-\fBchage\fR [\fIпараметры\fR] \fIУЧ�Т��Я_З�ПИСЬ\fR
+\fBchage\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
@@ -136,6 +136,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
diff --git a/man/ru/man1/chfn.1 b/man/ru/man1/chfn.1
index 98d1cf1..6d7039e 100644
--- a/man/ru/man1/chfn.1
+++ b/man/ru/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "chfn" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "chfn" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chfn \- измен�ет информацию о пользователе
 .SH "СИ�Т�КСИС"
 .HP \w'\fBchfn\fR\ 'u
-\fBchfn\fR [\fIпараметры\fR] [\fIУЧ�Т��Я_З�ПИСЬ\fR]
+\fBchfn\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man1/chsh.1 b/man/ru/man1/chsh.1
index a8f2743..20fcc1a 100644
--- a/man/ru/man1/chsh.1
+++ b/man/ru/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "chsh" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "chsh" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chsh \- измен�ет реги�трационную оболочку пользовател�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBchsh\fR\ 'u
-\fBchsh\fR [\fIпараметры\fR] [\fIУЧ�Т��Я_З�ПИСЬ\fR]
+\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "��СТРОЙК�"
 .PP
 The following configuration variables in
diff --git a/man/ru/man1/expiry.1 b/man/ru/man1/expiry.1
index 697ee41..84d59b1 100644
--- a/man/ru/man1/expiry.1
+++ b/man/ru/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "expiry" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "expiry" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 expiry \- провер�ет и измен�ет пароль �огла�но политике у�таревани�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBexpiry\fR\ 'u
-\fBexpiry\fR \fIпараметр\fR
+\fBexpiry\fR \fIoption\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man1/gpasswd.1 b/man/ru/man1/gpasswd.1
index b8c9402..976a154 100644
--- a/man/ru/man1/gpasswd.1
+++ b/man/ru/man1/gpasswd.1
@@ -2,12 +2,12 @@
 .\"     Title: gpasswd
 .\"    Author: Rafal Maszkowski
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "gpasswd" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "gpasswd" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 gpasswd \- administer /etc/group and /etc/gshadow
 .SH "СИ�Т�КСИС"
 .HP \w'\fBgpasswd\fR\ 'u
-\fBgpasswd\fR [\fIпараметр\fR] \fIгруппа\fR
+\fBgpasswd\fR [\fIoption\fR] \fIgroup\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man1/groups.1 b/man/ru/man1/groups.1
index 3ab2ded..08a849a 100644
--- a/man/ru/man1/groups.1
+++ b/man/ru/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "groups" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "groups" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groups \- показывает имена групп запу�тившего программу пользовател�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fIим�\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man1/id.1 b/man/ru/man1/id.1
index 0ce055b..7556192 100644
--- a/man/ru/man1/id.1
+++ b/man/ru/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "id" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "id" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man1/login.1 b/man/ru/man1/login.1
index 65229c4..e3b0720 100644
--- a/man/ru/man1/login.1
+++ b/man/ru/man1/login.1
@@ -2,12 +2,12 @@
 .\"     Title: login
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "login" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "login" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,9 +31,9 @@
 login \- начинает �еан� в �и�теме
 .SH "СИ�Т�КСИС"
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIим�_пользовател�\fR] [\fIПЕРЕМЕ���Я_ОКРУЖЕ�ИЯ=З��ЧЕ�ИЕ\fR...]
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIusername\fR] [\fIENV=VAR\fR...]
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIим�_пользовател�\fR
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIusername\fR
 .HP \w'\fBlogin\fR\ 'u
 \fBlogin\fR [\-p] \-r\ \fIhost\fR
 .SH "ОПИС��ИЕ"
diff --git a/man/ru/man1/newgrp.1 b/man/ru/man1/newgrp.1
index 2af3bde..4bf0c07 100644
--- a/man/ru/man1/newgrp.1
+++ b/man/ru/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "newgrp" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "newgrp" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newgrp \- выполн�ет реги�трацию пользовател� в новой группе
 .SH "СИ�Т�КСИС"
 .HP \w'\fBnewgrp\fR\ 'u
-\fBnewgrp\fR [\-] [\fIгруппа\fR]
+\fBnewgrp\fR [\-] [\fIgroup\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man1/passwd.1 b/man/ru/man1/passwd.1
index 8224852..4fa5ce0 100644
--- a/man/ru/man1/passwd.1
+++ b/man/ru/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "passwd" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "passwd" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 passwd \- измен�ет пароль пользовател�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBpasswd\fR\ 'u
-\fBpasswd\fR [\fIпараметры\fR] [\fIУЧ�Т��Я_З�ПИСЬ\fR]
+\fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
 .PP
 Затем пользователю предложат дважды вве�ти новый пароль\&. Значение второго ввода �равнивает�� � первым и дл� изменени� пароли из обеих попыток должны �овпа�ть\&.
 .PP
-Затем пароль те�тирует�� на �ложно�ть подбора\&. Согла�но общим принципам, пароли должны быть длиной от 6 до 8 �имволов и включать один или более �имволов каждого типа:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-�трочные буквы
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-цифры от 0 до 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-знаки пунктуации
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "Выбор парол�"
 .PP
 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method
 .PP
 При обе�печении безопа�но�ти парол� выбирают нечто �реднее между �ложным паролем и �ложно�тью работы � ним\&. По �той причине, вы не должны и�пользовать пароль, который �вл�ет�� �ловом из �ловар� или который придёт�� запи�ать из\-за его �ложно�ти\&. Также, пароль не должен быть названием чего\-либо, номером вашей лицензии, днём рождени� и домашним адре�ом\&. Обо в�ём �том легко догадать��, что приведёт к нарушению безопа�но�ти �и�темы\&.
 .PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
 You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
 .SH "П�Р�МЕТРЫ"
 .PP
@@ -175,6 +142,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
 Показать �о�то�ние учётной запи�и\&. Информаци� о �о�то�нии �одержит 7 полей\&. Первое поле �одержит им� учётной запи�и\&. Второе поле указывает, заблокирован ли пароль учётной запи�и (L), она без парол� (NP) или у неё е�ть рабочий пароль (P)\&. Третье поле хранит дату по�леднего изменени� парол�\&. В �ледующих четырёх пол�х хран�т�� минимальный �рок, мак�имальный �рок, период выдачи предупреждени� и период неактивно�ти парол�\&. Эти �роки измер�ют�� в дн�х\&.
@@ -205,6 +178,11 @@ as
 \fIMAX_DAYS\fR
 will remove checking a password\*(Aqs validity\&.
 .RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
 .SH "ПРЕДОСТЕРЕЖЕ�ИЯ"
 .PP
 Сложно�ть парол� провер�ет�� на разных машинах по разному\&. Пользователю на�то�тельно рекомендует�� выбирать пароль такой �ложно�ти, чтобы ему нормально работало�ь\&.
@@ -277,7 +255,10 @@ invalid argument to option
 .SH "СМОТРИТЕ Т�КЖЕ"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/ru/man1/sg.1 b/man/ru/man1/sg.1
index 532c615..6f87d74 100644
--- a/man/ru/man1/sg.1
+++ b/man/ru/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "sg" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "sg" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man1/su.1 b/man/ru/man1/su.1
index 17c6269..c47ada9 100644
--- a/man/ru/man1/su.1
+++ b/man/ru/man1/su.1
@@ -2,12 +2,12 @@
 .\"     Title: su
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Пользователь�кие команды
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "su" "1" "11/08/2022" "shadow\-utils 4\&.13" "Пользователь�кие команды"
+.TH "su" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 su \- измен�ет ID пользовател� или делает его �уперпользователем
 .SH "СИ�Т�КСИС"
 .HP \w'\fBsu\fR\ 'u
-\fBsu\fR [\fIпараметры\fR] [\fI\-\fR] [\fIим�_пользовател�\fR\ [\ \fIargs\fR\ ]]
+\fBsu\fR [\fIoptions\fR] [\fI\-\fR] [\fIusername\fR\ [\ \fIargs\fR\ ]]
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man3/shadow.3 b/man/ru/man3/shadow.3
index c86e060..68d19f4 100644
--- a/man/ru/man3/shadow.3
+++ b/man/ru/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Библиотечные функции
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: Library Calls
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "shadow" "3" "11/08/2022" "shadow\-utils 4\&.13" "Библиотечные функции"
+.TH "shadow" "3" "06/21/2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,7 +50,7 @@ shadow, getspnam \- процедуры длÑ� работы Ñ� файлом шиÑ
 .PP
 \fIint putspent(struct spwd\fR
 \fI*p,\fR
-\fIФ�ЙЛ\fR
+\fIFILE\fR
 \fI*fp\fR\fI);\fR
 .PP
 \fIint lckpwdf();\fR
diff --git a/man/ru/man5/faillog.5 b/man/ru/man5/faillog.5
index c615de1..26c9102 100644
--- a/man/ru/man5/faillog.5
+++ b/man/ru/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "faillog" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "faillog" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man5/gshadow.5 b/man/ru/man5/gshadow.5
index 4c012de..e0ad132 100644
--- a/man/ru/man5/gshadow.5
+++ b/man/ru/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "gshadow" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "gshadow" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ contains the shadowed information for group accounts\&.
 .PP
 Кажда� �трока файла �одержит пол�, отделёнными друг от друга двоеточием:
 .PP
-\fBим� группы\fR
+\fBgroup name\fR
 .RS 4
 Должно �одержать правильное им� группы, котора� �уще�твует в �и�теме\&.
 .RE
 .PP
-\fBшифрованный пароль\fR
+\fBencrypted password\fR
 .RS 4
 Refer to
 \fBcrypt\fR(3)
@@ -63,7 +63,7 @@ This password supersedes any password specified in
 /etc/group\&.
 .RE
 .PP
-\fBадмини�траторы\fR
+\fBadministrators\fR
 .RS 4
 Спи�ок имён пользователей, перечи�ленных через зап�тую\&.
 .sp
@@ -72,7 +72,7 @@ This password supersedes any password specified in
 �дмини�траторы также имеют те же права, что и члены группы (�мотрите далее)\&.
 .RE
 .PP
-\fBчлены\fR
+\fBmembers\fR
 .RS 4
 Спи�ок имён пользователей, перечи�ленных через зап�тую\&.
 .sp
diff --git a/man/ru/man5/limits.5 b/man/ru/man5/limits.5
index 9567b31..da82471 100644
--- a/man/ru/man5/limits.5
+++ b/man/ru/man5/limits.5
@@ -2,12 +2,12 @@
 .\"     Title: limits
 .\"    Author: Luca Berra
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "limits" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "limits" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -41,11 +41,11 @@ config\&.h) describes the resource limits you wish to impose\&. It should be own
 .PP
 Кажда� �трока опи�ывает ограничение дл� одного пользовател� имеет вид:
 .PP
-\fIuser СТРОК�_ОГР��ИЧЕ�ИЙ\fR
+\fIuser LIMITS_STRING\fR
 .PP
 или в виде:
 .PP
-\fI@group СТРОК�_ОГР��ИЧЕ�ИЙ\fR
+\fI@group LIMITS_STRING\fR
 .PP
 The
 \fILIMITS_STRING\fR
diff --git a/man/ru/man5/login.access.5 b/man/ru/man5/login.access.5
index 8f7f7b0..4ca9898 100644
--- a/man/ru/man5/login.access.5
+++ b/man/ru/man5/login.access.5
@@ -2,12 +2,12 @@
 .\"     Title: login.access
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "login\&.access" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "login\&.access" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man5/login.defs.5 b/man/ru/man5/login.defs.5
index aa24629..1f4bc48 100644
--- a/man/ru/man5/login.defs.5
+++ b/man/ru/man5/login.defs.5
@@ -2,12 +2,12 @@
 .\"     Title: login.defs
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "login\&.defs" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "login\&.defs" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -192,8 +192,7 @@ USERGROUPS_ENAB
 .PP
 sulogin
 .RS 4
-ENV_HZ
-ENV_TZ
+ENV_HZ ENV_TZ
 .RE
 .PP
 useradd
diff --git a/man/ru/man5/passwd.5 b/man/ru/man5/passwd.5
index 74fa8e3..8a3aeed 100644
--- a/man/ru/man5/passwd.5
+++ b/man/ru/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "passwd" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "passwd" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man5/porttime.5 b/man/ru/man5/porttime.5
index cbbd4e3..38065be 100644
--- a/man/ru/man5/porttime.5
+++ b/man/ru/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "porttime" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "porttime" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man5/shadow.5 b/man/ru/man5/shadow.5
index 6857795..3145f93 100644
--- a/man/ru/man5/shadow.5
+++ b/man/ru/man5/shadow.5
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "shadow" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "shadow" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ is a file which contains the password information for the system\*(Aqs accounts
 .PP
 Each line of this file contains 9 fields, separated by colons (\(Fo:\(Fc), in the following order:
 .PP
-\fBим� пользовател� дл� входа в �и�тему\fR
+\fBlogin name\fR
 .RS 4
 Должно �одержать правильное им� учётной запи�и, котора� �уще�твует в �и�теме\&.
 .RE
 .PP
-\fBшифрованный пароль\fR
+\fBencrypted password\fR
 .RS 4
 This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the
 /etc/shadow
@@ -59,7 +59,7 @@ If the password field contains some string that is not a valid result of
 \fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
 .RE
 .PP
-\fBдата по�ледней �мены парол�\fR
+\fBdate of last password change\fR
 .RS 4
 The date of the last password change, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -68,14 +68,14 @@ The value 0 has a special meaning, which is that the user should change her pass
 Пу�тое значение обозначает, что проверка у�таревани� парол� выключена\&.
 .RE
 .PP
-\fBминимальный �рок дей�тви� парол�\fR
+\fBminimum password age\fR
 .RS 4
 Минимальный �рок дей�тви� парол� в дн�х, которые пользователь должен ждать, чтобы помен�ть пароль\&.
 .sp
 An empty field and value 0 mean that there is no minimum password age\&.
 .RE
 .PP
-\fBмак�имальный �рок дей�тви� парол�\fR
+\fBmaximum password age\fR
 .RS 4
 Мак�имальный �рок дей�тви� парол� в дн�х, по�ле которого пользователь должен изменить пароль\&.
 .sp
@@ -86,14 +86,14 @@ An empty field and value 0 mean that there is no minimum password age\&.
 Е�ли мак�имальный �рок дей�тви� парол� меньше чем минимальный �рок дей�тви� парол�, то пользователь не �может изменить �вой пароль\&.
 .RE
 .PP
-\fBпериод предупреждени� о пароле\fR
+\fBpassword warning period\fR
 .RS 4
 Количе�тво дней до у�таревани� парол� (�мотрите мак�имальный �рок дей�тви� парол�) во врем� которых пользователю выдаёт�� предупреждение\&.
 .sp
 Пу�тое значение пол� и 0 отключают период предупреждени� о пароле\&.
 .RE
 .PP
-\fBпериод неактивно�ти парол�\fR
+\fBpassword inactivity period\fR
 .RS 4
 Количе�тво дней по�ле у�таревани� парол� (�мотрите мак�имальный �рок дей�тви� парол�) во врем� которых пароль в�ё ещё принимает�� (и пользователь должен обновить �вой пароль при �ледующем входе)\&.
 .sp
@@ -102,7 +102,7 @@ After expiration of the password and this expiration period is elapsed, no login
 Пу�тое значение пол� означает, что период неактивно�ти от�ут�твует\&.
 .RE
 .PP
-\fBдата и�течени� �рока дей�тви� учётной запи�и\fR
+\fBaccount expiration date\fR
 .RS 4
 The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -113,7 +113,7 @@ Note that an account expiration differs from a password expiration\&. In case of
 Значение 0 не должно и�пользовать��, так как �то может ра��матривать�� как неу�таревающа� учётна� запи�ь или что запи�ь у�тарела 1 �нвар� 1970 года\&.
 .RE
 .PP
-\fBзарезервированное поле\fR
+\fBreserved field\fR
 .RS 4
 Это поле зарезервировано дл� и�пользовани� в будущем\&.
 .RE
diff --git a/man/ru/man5/suauth.5 b/man/ru/man5/suauth.5
index 2c728e2..44fa4e0 100644
--- a/man/ru/man5/suauth.5
+++ b/man/ru/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
+.\"      Date: 06/21/2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "suauth" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "suauth" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man8/chgpasswd.8 b/man/ru/man8/chgpasswd.8
index 45c6268..868d573 100644
--- a/man/ru/man8/chgpasswd.8
+++ b/man/ru/man8/chgpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chgpasswd
 .\"    Author: Thomas K\(/loczko <kloczek@pld.org.pl>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "chgpasswd" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "chgpasswd" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chgpasswd \- обновл�ет пароли групп в пакетном режиме
 .SH "СИ�Т�КСИС"
 .HP \w'\fBchgpasswd\fR\ 'u
-\fBchgpasswd\fR [\fIпараметры\fR]
+\fBchgpasswd\fR [\fIoptions\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
@@ -63,7 +63,12 @@ command are:
 .RS 4
 И�пользовать указанный метод дл� шифровани� паролей\&.
 .sp
-Возможные методы: DES, MD5, NONE и SHA256 или SHA512, е�ли �ти методы поддерживает�� libc\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
@@ -94,14 +99,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 И�пользовать указанное количе�тво раундов шифровани� паролей\&.
 .sp
-Значение 0 означает, что �и�тема выберет количе�тво раундов по умолчанию дл� выбранного метода шифровани� (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999\&.
-.sp
-Вы можете и�пользовать �тот параметр только при методе шифровани� SHA256 или SHA512\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "ПРЕДОСТЕРЕЖЕ�ИЯ"
 .PP
diff --git a/man/ru/man8/chpasswd.8 b/man/ru/man8/chpasswd.8
index bc59c32..d0ffacb 100644
--- a/man/ru/man8/chpasswd.8
+++ b/man/ru/man8/chpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chpasswd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "chpasswd" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "chpasswd" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chpasswd \- обновл�ет пароли в пакетном режиме
 .SH "СИ�Т�КСИС"
 .HP \w'\fBchpasswd\fR\ 'u
-\fBchpasswd\fR [\fIпараметры\fR]
+\fBchpasswd\fR [\fIoptions\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
@@ -68,7 +68,12 @@ command are:
 .RS 4
 И�пользовать указанный метод дл� шифровани� паролей\&.
 .sp
-Возможные методы: DES, MD5, NONE и SHA256 или SHA512, е�ли �ти методы поддерживает�� libc\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .sp
 By default (if none of the
 \fB\-c\fR,
@@ -106,22 +111,23 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
 .RS 4
 И�пользовать указанное количе�тво раундов шифровани� паролей\&.
 .sp
-Значение 0 означает, что �и�тема выберет количе�тво раундов по умолчанию дл� выбранного метода шифровани� (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999\&.
-.sp
-Вы можете и�пользовать �тот параметр только при методе шифровани� SHA256 или SHA512\&.
-.sp
-By default, the number of rounds is defined by the
-\fBSHA_CRYPT_MIN_ROUNDS\fR
-and
-\fBSHA_CRYPT_MAX_ROUNDS\fR
-variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "ПРЕДОСТЕРЕЖЕ�ИЯ"
 .PP
diff --git a/man/ru/man8/faillog.8 b/man/ru/man8/faillog.8
index 3cb6a72..017e0bb 100644
--- a/man/ru/man8/faillog.8
+++ b/man/ru/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "faillog" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "faillog" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 faillog \- показывает запи�и из файла faillog или задаёт предел неудачных попыток входа в �и�тему
 .SH "СИ�Т�КСИС"
 .HP \w'\fBfaillog\fR\ 'u
-\fBfaillog\fR [\fIпараметры\fR]
+\fBfaillog\fR [\fIoptions\fR]
 .SH "ОПИС��ИЕ"
 .PP
 \fBfaillog\fR
diff --git a/man/ru/man8/groupadd.8 b/man/ru/man8/groupadd.8
index b8300e4..f0942ef 100644
--- a/man/ru/man8/groupadd.8
+++ b/man/ru/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "groupadd" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "groupadd" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupadd \- �оздаёт новую группу
 .SH "СИ�Т�КСИС"
 .HP \w'\fBgroupadd\fR\ 'u
-\fBgroupadd\fR [\fIП�Р�МЕТРЫ\fR] \fINEWGROUP\fR
+\fBgroupadd\fR [\fIOPTIONS\fR] \fINEWGROUP\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man8/groupdel.8 b/man/ru/man8/groupdel.8
index dfa6c33..949d984 100644
--- a/man/ru/man8/groupdel.8
+++ b/man/ru/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "groupdel" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "groupdel" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- удал�ет группу
 .SH "СИ�Т�КСИС"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fIпараметры\fR] \fIГРУПП�\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man8/groupmems.8 b/man/ru/man8/groupmems.8
index 668a28f..a3ef2fa 100644
--- a/man/ru/man8/groupmems.8
+++ b/man/ru/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "groupmems" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "groupmems" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
diff --git a/man/ru/man8/groupmod.8 b/man/ru/man8/groupmod.8
index 9b7e87c..f0e4b26 100644
--- a/man/ru/man8/groupmod.8
+++ b/man/ru/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "groupmod" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "groupmod" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupmod \- измен�ет определение группы в �и�теме
 .SH "СИ�Т�КСИС"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fIпараметры\fR] \fIГРУПП�\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man8/grpck.8 b/man/ru/man8/grpck.8
index 1d2c194..39ebad1 100644
--- a/man/ru/man8/grpck.8
+++ b/man/ru/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "grpck" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "grpck" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 grpck \- провер�ет корректно�ть файлов групп
 .SH "СИ�Т�КСИС"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [параметры] [\fIгруппа\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man8/lastlog.8 b/man/ru/man8/lastlog.8
index 4c3bd8f..cd96dfb 100644
--- a/man/ru/man8/lastlog.8
+++ b/man/ru/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "lastlog" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "lastlog" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 lastlog \- выводит отчёт о по�ледней реги�трации в �и�теме в�ех или указанного пользовател�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBlastlog\fR\ 'u
-\fBlastlog\fR [\fIпараметры\fR]
+\fBlastlog\fR [\fIoptions\fR]
 .SH "ОПИС��ИЕ"
 .PP
 \fBlastlog\fR
@@ -128,5 +128,5 @@ change the behavior of this tool:
 Большие промежутки в значени�х идентификаторов пользователей привод�т к тому, что программа некоторое врем� ничего не выводит на �кран (то е�ть, е�ли в базе данных lastlog нет пользователей � идентификаторами � 170 по 800, то во врем� обработки UID � 171 по 799 программа кажет�� пови�шей)\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/ru/man8/logoutd.8 b/man/ru/man8/logoutd.8
index fa64db1..20b26e7 100644
--- a/man/ru/man8/logoutd.8
+++ b/man/ru/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "logoutd" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "logoutd" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man8/newusers.8 b/man/ru/man8/newusers.8
index e7ab6cb..d01897a 100644
--- a/man/ru/man8/newusers.8
+++ b/man/ru/man8/newusers.8
@@ -2,12 +2,12 @@
 .\"     Title: newusers
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "newusers" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "newusers" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newusers \- обновл�ет и �оздаёт новые учётные запи�и пользователей в пакетном режиме
 .SH "СИ�Т�КСИС"
 .HP \w'\fBnewusers\fR\ 'u
-\fBnewusers\fR [\fIпараметры\fR] [\fIфайл\fR]
+\fBnewusers\fR [\fIoptions\fR] [\fIfile\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
@@ -56,7 +56,7 @@ It can be the name of a new user or the name of an existing user (or a user crea
 Это поле будет зашифровано и и�пользовано как новое значение шифрованного парол�\&.
 .RE
 .PP
-\fI pw_gid\fR
+\fIpw_uid\fR
 .RS 4
 Это поле и�пользует�� дл� определени� UID пользовател�\&.
 .sp
@@ -168,14 +168,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 И�пользовать указанное количе�тво раундов шифровани� паролей\&.
 .sp
-Значение 0 означает, что �и�тема выберет количе�тво раундов по умолчанию дл� выбранного метода шифровани� (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Минимальное значение равно 1000, а мак�имальное значение равно 999,999,999\&.
-.sp
-Вы можете и�пользовать �тот параметр только при методе шифровани� SHA256 или SHA512\&.
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default is 5000\&.
 .RE
 .SH "ПРЕДОСТЕРЕЖЕ�ИЯ"
 .PP
diff --git a/man/ru/man8/nologin.8 b/man/ru/man8/nologin.8
index 2ec0d03..dd071b9 100644
--- a/man/ru/man8/nologin.8
+++ b/man/ru/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "nologin" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "nologin" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man8/pwck.8 b/man/ru/man8/pwck.8
index 2866d4f..b052af4 100644
--- a/man/ru/man8/pwck.8
+++ b/man/ru/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "pwck" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "pwck" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pwck \- verify the integrity of password files
 .SH "СИ�Т�КСИС"
 .HP \w'\fBpwck\fR\ 'u
-\fBpwck\fR [параметры] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
+\fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man8/pwconv.8 b/man/ru/man8/pwconv.8
index edc5618..1dafb35 100644
--- a/man/ru/man8/pwconv.8
+++ b/man/ru/man8/pwconv.8
@@ -2,12 +2,12 @@
 .\"     Title: pwconv
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "pwconv" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "pwconv" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,13 +31,13 @@
 pwconv, pwunconv, grpconv, grpunconv \- преобразует пароли пользователей и групп в/из защищённую форму
 .SH "СИ�Т�КСИС"
 .HP \w'\fBpwconv\fR\ 'u
-\fBpwconv\fR [\fIпараметры\fR]
+\fBpwconv\fR [\fIoptions\fR]
 .HP \w'\fBpwunconv\fR\ 'u
-\fBpwunconv\fR [\fIпараметры\fR]
+\fBpwunconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpconv\fR\ 'u
-\fBgrpconv\fR [\fIпараметры\fR]
+\fBgrpconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpunconv\fR\ 'u
-\fBgrpunconv\fR [\fIпараметры\fR]
+\fBgrpunconv\fR [\fIoptions\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man8/sulogin.8 b/man/ru/man8/sulogin.8
index f0620a3..37e61c9 100644
--- a/man/ru/man8/sulogin.8
+++ b/man/ru/man8/sulogin.8
@@ -2,12 +2,12 @@
 .\"     Title: sulogin
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "sulogin" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "sulogin" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/ru/man8/useradd.8 b/man/ru/man8/useradd.8
index 94559cb..336ab74 100644
--- a/man/ru/man8/useradd.8
+++ b/man/ru/man8/useradd.8
@@ -2,12 +2,12 @@
 .\"     Title: useradd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "useradd" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "useradd" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,11 +31,11 @@
 useradd \- реги�трирует нового пользовател� или измен�ет информацию по умолчанию о новых пользовател�х
 .SH "СИ�Т�КСИС"
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR [\fIпараметры\fR] \fIУЧ�Т��Я_З�ПИСЬ\fR
+\fBuseradd\fR [\fIoptions\fR] \fILOGIN\fR
 .HP \w'\fBuseradd\fR\ 'u
 \fBuseradd\fR \-D
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR \-D [\fIпараметры\fR]
+\fBuseradd\fR \-D [\fIoptions\fR]
 .SH "ОПИС��ИЕ"
 .PP
 When invoked without the
@@ -169,7 +169,11 @@ variable in
 .RS 4
 A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
 \fB\-g\fR
-option\&. The default is for the user to belong only to the initial group\&.
+option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
+\fBGROUPS\fR
+to the file
+/etc/default/useradd
+which in turn will add all users to those supplementary groups\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -194,6 +198,10 @@ variable in
 or, by default,
 /etc/skel\&.
 .sp
+Absolute symlinks that link back to the skel directory will have the
+/etc/skel
+prefix replaced with the user\*(Aqs home directory\&.
+.sp
 Е�ли возможно, выполн�ет�� копирование ACL и ра�ширенных атрибутов\&.
 .RE
 .PP
@@ -380,9 +388,21 @@ variable in
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-defines the SELinux user for the new account\&. Without this option, a SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+\fBsemanage\fR(8)
+for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
 \fBsemanage\fR(8)
 for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SS "Изменение значений по умолчанию"
 .PP
@@ -469,7 +489,7 @@ Usernames may contain only lower and upper case letters, digits, underscores, or
 \fBls\fR
 output\&.
 .PP
-Имена пользователей могут быть длиной не более 32 знаков\&.
+Имена пользователей могут быть длиной не более 256 знаков\&.
 .SH "��СТРОЙК�"
 .PP
 The following configuration variables in
diff --git a/man/ru/man8/userdel.8 b/man/ru/man8/userdel.8
index 1103268..7d1c317 100644
--- a/man/ru/man8/userdel.8
+++ b/man/ru/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "userdel" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "userdel" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 userdel \- удал�ет учётную запи�ь и файлы пользовател�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBuserdel\fR\ 'u
-\fBuserdel\fR [параметры] \fIУЧ�Т��Я_З�ПИСЬ\fR
+\fBuserdel\fR [options] \fILOGIN\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
diff --git a/man/ru/man8/usermod.8 b/man/ru/man8/usermod.8
index 232977c..fd85384 100644
--- a/man/ru/man8/usermod.8
+++ b/man/ru/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "usermod" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "usermod" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 usermod \- измен�ет учётную запи�ь пользовател�
 .SH "СИ�Т�КСИС"
 .HP \w'\fBusermod\fR\ 'u
-\fBusermod\fR [\fIпараметры\fR] \fIУЧ�Т��Я_З�ПИСЬ\fR
+\fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "ОПИС��ИЕ"
 .PP
 The
@@ -309,6 +309,18 @@ from /etc/login\&.defs\&.
 defines the SELinux user to be mapped with
 \fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
 .RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
+.RE
 .SH "ПРЕДОСТЕРЕЖЕ�ИЯ"
 .PP
 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
@@ -336,7 +348,7 @@ Group account information
 .PP
 /etc/gshadow
 .RS 4
-Secure group account informatio\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/ru/man8/vipw.8 b/man/ru/man8/vipw.8
index 723fd50..82712ed 100644
--- a/man/ru/man8/vipw.8
+++ b/man/ru/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 11/08/2022
-.\"    Manual: Команды управлени� �и�темой
-.\"    Source: shadow-utils 4.13
+.\"      Date: 06/21/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Russian
 .\"
-.TH "vipw" "8" "11/08/2022" "shadow\-utils 4\&.13" "Команды управлени� �и�темой"
+.TH "vipw" "8" "06/21/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,16 @@
 vipw, vigr \- позвол�ют редактировать файлы паролей, групп, теневых паролей пользователей или групп\&.
 .SH "СИ�Т�КСИС"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fIпараметры\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fIпараметры\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "ОПИС��ИЕ"
 .PP
 The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
diff --git a/man/shadow-man.xsl b/man/shadow-man.xsl
new file mode 100644
index 0000000..a3408e6
--- /dev/null
+++ b/man/shadow-man.xsl
@@ -0,0 +1,9 @@
+<?xml version='1.0'?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ss="http://docbook.sf.net/xmlns/string.subst/1.0" version="1.0">
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl"/>
+  <xsl:param name="vendordir"/>
+
+  <xsl:param name="man.string.subst.map.local.pre">
+    <ss:substitution oldstring="%vendordir%" newstring="{$vendordir}" />
+  </xsl:param>
+</xsl:stylesheet>
diff --git a/man/su.1.xml b/man/su.1.xml
index 02cae5a..5c50014 100644
--- a/man/su.1.xml
+++ b/man/su.1.xml
@@ -321,7 +321,7 @@
       &CONSOLE;
       &CONSOLE_GROUPS;
       &DEFAULT_HOME;
-      <phrase condition="no_pam">&ENV_HZ;</phrase>
+      &ENV_HZ;
       &ENVIRON_FILE;
       &ENV_PATH;
       &ENV_SUPATH;
diff --git a/man/subuid.5.xml b/man/subuid.5.xml
index fc6b2c9..79a6b42 100644
--- a/man/subuid.5.xml
+++ b/man/subuid.5.xml
@@ -130,7 +130,7 @@
 	<refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
       </citerefentry>,
       <citerefentry>
-	<refentrytitle>newusers</refentrytitle><manvolnum>1</manvolnum>
+	<refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citerefentry>
 	<refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
diff --git a/man/sulogin.8.xml b/man/sulogin.8.xml
index da4a7e2..5fb60a9 100644
--- a/man/sulogin.8.xml
+++ b/man/sulogin.8.xml
@@ -106,7 +106,7 @@
     </para>
   </refsect1>
 
-  <refsect1 id='configuration'>
+  <refsect1 condition="no_pam" id='configuration'>
     <title>CONFIGURATION</title>
     <para>
       The following configuration variables in
diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
index e64b7bc..70329ed 100644
--- a/man/sv/Makefile.am
+++ b/man/sv/Makefile.am
@@ -15,7 +15,6 @@ man_MANS = \
 	man1/groups.1 \
 	man8/grpck.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man8/logoutd.8 \
 	man1/newgrp.1 \
 	man8/nologin.8 \
@@ -29,6 +28,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/porttime.5
diff --git a/man/sv/Makefile.in b/man/sv/Makefile.in
index d6b562c..b3d1b12 100644
--- a/man/sv/Makefile.in
+++ b/man/sv/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/sv
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -176,6 +177,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -194,6 +197,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -209,9 +213,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -227,6 +237,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -235,6 +246,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -257,6 +270,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -333,16 +349,18 @@ top_srcdir = @top_srcdir@
 man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \
 	man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \
-	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
-	man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \
-	man8/vigr.8 man8/vipw.8 $(am__append_1)
+	man5/gshadow.5 man8/logoutd.8 man1/newgrp.1 man8/nologin.8 \
+	man1/passwd.1 man5/passwd.5 man8/pwck.8 man1/sg.1 \
+	man3/shadow.3 man5/suauth.5 man8/userdel.8 man8/vigr.8 \
+	man8/vipw.8 $(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/limits.5 \
 	man5/porttime.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 $(am__append_2)
+EXTRA_DIST = $(man_MANS) man1/id.1 $(am__append_3)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -351,8 +369,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -736,10 +761,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -747,7 +772,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -758,11 +783,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/sv/man1/chage.1 b/man/sv/man1/chage.1
index ae3159e..5e9c097 100644
--- a/man/sv/man1/chage.1
+++ b/man/sv/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "CHAGE" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "CHAGE" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chage \- \(:andra \(oaldringsinformation f\(:or anv\(:andarl\(:osenord
 .SH "SYNOPSIS"
 .HP \w'\fBchage\fR\ 'u
-\fBchage\fR [\fIflaggor\fR] \fIINLOGGNINGSNAMN\fR
+\fBchage\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "BESKRIVNING"
 .PP
 The
@@ -136,6 +136,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
diff --git a/man/sv/man1/chsh.1 b/man/sv/man1/chsh.1
index f89f3d9..1a8f1db 100644
--- a/man/sv/man1/chsh.1
+++ b/man/sv/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "CHSH" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "CHSH" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chsh \- \(:andra inloggningsskal
 .SH "SYNOPSIS"
 .HP \w'\fBchsh\fR\ 'u
-\fBchsh\fR [\fIflaggor\fR] [\fIINLOGGNINGSNAMN\fR]
+\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "BESKRIVNING"
 .PP
 The
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "CONFIGURATION"
 .PP
 The following configuration variables in
diff --git a/man/sv/man1/expiry.1 b/man/sv/man1/expiry.1
index e4891a4..f9625cc 100644
--- a/man/sv/man1/expiry.1
+++ b/man/sv/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "EXPIRY" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "EXPIRY" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man1/groups.1 b/man/sv/man1/groups.1
index b6e06d5..886569a 100644
--- a/man/sv/man1/groups.1
+++ b/man/sv/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "GROUPS" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "GROUPS" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groups \- visa aktuella gruppnamn
 .SH "SYNOPSIS"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fIanv\(:andare\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man1/id.1 b/man/sv/man1/id.1
index 6c94a96..4ae10de 100644
--- a/man/sv/man1/id.1
+++ b/man/sv/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "ID" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "ID" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man1/newgrp.1 b/man/sv/man1/newgrp.1
index 5f39894..3dbce36 100644
--- a/man/sv/man1/newgrp.1
+++ b/man/sv/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "NEWGRP" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "NEWGRP" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newgrp \- logga in i en ny grupp
 .SH "SYNOPSIS"
 .HP \w'\fBnewgrp\fR\ 'u
-\fBnewgrp\fR [\-] [\fIgrupp\fR]
+\fBnewgrp\fR [\-] [\fIgroup\fR]
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man1/passwd.1 b/man/sv/man1/passwd.1
index 823ed02..6259499 100644
--- a/man/sv/man1/passwd.1
+++ b/man/sv/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "PASSWD" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "PASSWD" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 passwd \- \(:andra anv\(:andarl\(:osenord
 .SH "SYNOPSIS"
 .HP \w'\fBpasswd\fR\ 'u
-\fBpasswd\fR [\fIflaggor\fR] [\fIINLOGGNINGSNAMN\fR]
+\fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "BESKRIVNING"
 .PP
 The
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
 .PP
 Anv\(:andaren fr\(oagas sedan tv\(oa g\(oanger efter ett ers\(:attande l\(:osenord\&. Den andra inmatningen j\(:amf\(:ors mot den f\(:orsta och b\(oada m\(oaste st\(:amma \(:overens f\(:or att l\(:osenordet ska \(:andras\&.
 .PP
-Sedan testas l\(:osenordet f\(:or sin komplexitet\&. Som en allm\(:an riktlinje b\(:or l\(:osenord inneh\(oalla 6 till 8 tecken och inkluderas ett eller flera tecken fr\(oan var och en av f\(:oljande punkter:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-gemena bokst\(:aver ur alfabetet
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-siffrorna 0 till 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-skiljetecken
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "Tips f\(:or anv\(:andarl\(:osenord"
 .PP
 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method
 .PP
 Problem i l\(:osenordss\(:akerheten brukar normalt komma fr\(oan slarvigt valda l\(:osenord eller hantering\&. Av denna anledning b\(:or du inte v\(:alja ett l\(:osenord som finns i en ordbok eller som m\(oaste skrivas ner\&. L\(:osenordet b\(:or heller inte vara ett korrekt namn, ditt personnummer, f\(:odelsedatum eller gatuadress\&. Dessa kan anv\(:andas som gissningar f\(:or att ta sig in i systemet\&.
 .PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
 You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
 .SH "FLAGGOR"
 .PP
@@ -175,6 +142,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
 Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&.
@@ -205,6 +178,11 @@ as
 \fIMAX_DAYS\fR
 will remove checking a password\*(Aqs validity\&.
 .RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
 .SH "T\(:ANK P\(oA"
 .PP
 Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&.
@@ -277,7 +255,10 @@ invalid argument to option
 .SH "SE OCKS\(oA"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/sv/man1/sg.1 b/man/sv/man1/sg.1
index f8ad8d2..967f227 100644
--- a/man/sv/man1/sg.1
+++ b/man/sv/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Anv\(:andarkommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "SG" "1" "08-11-2022" "shadow\-utils 4\&.13" "Anv\(:andarkommandon"
+.TH "SG" "1" "21-06-2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man3/shadow.3 b/man/sv/man3/shadow.3
index bdf65b2..a2de94d 100644
--- a/man/sv/man3/shadow.3
+++ b/man/sv/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Biblioteksanrop
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: Library Calls
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "SHADOW" "3" "08-11-2022" "shadow\-utils 4\&.13" "Biblioteksanrop"
+.TH "SHADOW" "3" "21-06-2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,7 +50,7 @@ shadow, getspnam \- encrypted password file routines
 .PP
 \fIint putspent(struct spwd\fR
 \fI*p,\fR
-\fIFIL\fR
+\fIFILE\fR
 \fI*fp\fR\fI);\fR
 .PP
 \fIint lckpwdf();\fR
diff --git a/man/sv/man5/faillog.5 b/man/sv/man5/faillog.5
index 06cf896..f4a5f75 100644
--- a/man/sv/man5/faillog.5
+++ b/man/sv/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
+.\"      Date: 21-06-2024
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "FAILLOG" "5" "08-11-2022" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "FAILLOG" "5" "21-06-2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man5/gshadow.5 b/man/sv/man5/gshadow.5
index 30a6ade..d90374a 100644
--- a/man/sv/man5/gshadow.5
+++ b/man/sv/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
+.\"      Date: 21-06-2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "GSHADOW" "5" "08-11-2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "GSHADOW" "5" "21-06-2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ Denna fil f\(oar inte vara l\(:asbar av vanliga anv\(:andare om l\(:osenordss\(:
 .PP
 Each line of this file contains the following colon\-separated fields:
 .PP
-\fBgruppnamn\fR
+\fBgroup name\fR
 .RS 4
 It must be a valid group name, which exist on the system\&.
 .RE
 .PP
-\fBkrypterat l\(:osenord\fR
+\fBencrypted password\fR
 .RS 4
 Refer to
 \fBcrypt\fR(3)
diff --git a/man/sv/man5/limits.5 b/man/sv/man5/limits.5
index 9e8986d..647d856 100644
--- a/man/sv/man5/limits.5
+++ b/man/sv/man5/limits.5
@@ -2,12 +2,12 @@
 .\"     Title: limits
 .\"    Author: Luca Berra
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
+.\"      Date: 21-06-2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "LIMITS" "5" "08-11-2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LIMITS" "5" "21-06-2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man5/passwd.5 b/man/sv/man5/passwd.5
index ffa1db0..2d362b8 100644
--- a/man/sv/man5/passwd.5
+++ b/man/sv/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
+.\"      Date: 21-06-2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "PASSWD" "5" "08-11-2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PASSWD" "5" "21-06-2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man5/porttime.5 b/man/sv/man5/porttime.5
index 0550292..e1da89a 100644
--- a/man/sv/man5/porttime.5
+++ b/man/sv/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
+.\"      Date: 21-06-2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "PORTTIME" "5" "08-11-2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PORTTIME" "5" "21-06-2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man5/suauth.5 b/man/sv/man5/suauth.5
index 231b881..2caf2d3 100644
--- a/man/sv/man5/suauth.5
+++ b/man/sv/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
+.\"      Date: 21-06-2024
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "SUAUTH" "5" "08-11-2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUAUTH" "5" "21-06-2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man8/faillog.8 b/man/sv/man8/faillog.8
index a885d40..98263bf 100644
--- a/man/sv/man8/faillog.8
+++ b/man/sv/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "FAILLOG" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "FAILLOG" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 faillog \- display faillog records or set login failure limits
 .SH "SYNOPSIS"
 .HP \w'\fBfaillog\fR\ 'u
-\fBfaillog\fR [\fIflaggor\fR]
+\fBfaillog\fR [\fIoptions\fR]
 .SH "BESKRIVNING"
 .PP
 \fBfaillog\fR
diff --git a/man/sv/man8/groupadd.8 b/man/sv/man8/groupadd.8
index 4c65936..3bfea6f 100644
--- a/man/sv/man8/groupadd.8
+++ b/man/sv/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "GROUPADD" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "GROUPADD" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupadd \- skapa en ny grupp
 .SH "SYNOPSIS"
 .HP \w'\fBgroupadd\fR\ 'u
-\fBgroupadd\fR [\fIFLAGGOR\fR] \fINEWGROUP\fR
+\fBgroupadd\fR [\fIOPTIONS\fR] \fINEWGROUP\fR
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man8/groupdel.8 b/man/sv/man8/groupdel.8
index db14aa0..8b66eb6 100644
--- a/man/sv/man8/groupdel.8
+++ b/man/sv/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "GROUPDEL" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "GROUPDEL" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- ta bort en grupp
 .SH "SYNOPSIS"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fIflaggor\fR] \fIGRUPP\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man8/groupmems.8 b/man/sv/man8/groupmems.8
index 3cf8360..4203d4a 100644
--- a/man/sv/man8/groupmems.8
+++ b/man/sv/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "GROUPMEMS" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "GROUPMEMS" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
diff --git a/man/sv/man8/groupmod.8 b/man/sv/man8/groupmod.8
index 788fe08..d72f800 100644
--- a/man/sv/man8/groupmod.8
+++ b/man/sv/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "GROUPMOD" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "GROUPMOD" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupmod \- \(:andra en gruppdefinition p\(oa systemet
 .SH "SYNOPSIS"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fIflaggor\fR] \fIGRUPP\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man8/grpck.8 b/man/sv/man8/grpck.8
index 58dccbe..665a4c2 100644
--- a/man/sv/man8/grpck.8
+++ b/man/sv/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "GRPCK" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "GRPCK" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 grpck \- validera integriteten f\(:or gruppfiler
 .SH "SYNOPSIS"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [flaggor] [\fIgrupp\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man8/lastlog.8 b/man/sv/man8/lastlog.8
index 63ce7fa..bf36f8d 100644
--- a/man/sv/man8/lastlog.8
+++ b/man/sv/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "LASTLOG" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "LASTLOG" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 lastlog \- reports the most recent login of all users or of a given user
 .SH "SYNOPSIS"
 .HP \w'\fBlastlog\fR\ 'u
-\fBlastlog\fR [\fIflaggor\fR]
+\fBlastlog\fR [\fIoptions\fR]
 .SH "BESKRIVNING"
 .PP
 \fBlastlog\fR
@@ -128,5 +128,5 @@ Databastider f\(:or tidigare anv\(:andarinloggningar\&.
 Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i\&.e\&. if in lastlog database there is no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171\-799)\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/sv/man8/logoutd.8 b/man/sv/man8/logoutd.8
index f6aa807..12677d8 100644
--- a/man/sv/man8/logoutd.8
+++ b/man/sv/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "LOGOUTD" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "LOGOUTD" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man8/nologin.8 b/man/sv/man8/nologin.8
index d507fcb..b943388 100644
--- a/man/sv/man8/nologin.8
+++ b/man/sv/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "NOLOGIN" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "NOLOGIN" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/sv/man8/pwck.8 b/man/sv/man8/pwck.8
index cee3cfa..fff0952 100644
--- a/man/sv/man8/pwck.8
+++ b/man/sv/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "PWCK" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "PWCK" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pwck \- verify the integrity of password files
 .SH "SYNOPSIS"
 .HP \w'\fBpwck\fR\ 'u
-\fBpwck\fR [flaggor] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
+\fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man8/userdel.8 b/man/sv/man8/userdel.8
index d2c1a5e..c80ef7f 100644
--- a/man/sv/man8/userdel.8
+++ b/man/sv/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "USERDEL" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "USERDEL" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 userdel \- ta bort ett anv\(:andarkonto och relaterade filer
 .SH "SYNOPSIS"
 .HP \w'\fBuserdel\fR\ 'u
-\fBuserdel\fR [flaggor] \fIINLOGGNINGSNAMN\fR
+\fBuserdel\fR [options] \fILOGIN\fR
 .SH "BESKRIVNING"
 .PP
 The
diff --git a/man/sv/man8/vipw.8 b/man/sv/man8/vipw.8
index 4607794..4dc34dc 100644
--- a/man/sv/man8/vipw.8
+++ b/man/sv/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08-11-2022
-.\"    Manual: Systemhanteringskommandon
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21-06-2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Swedish
 .\"
-.TH "VIPW" "8" "08-11-2022" "shadow\-utils 4\&.13" "Systemhanteringskommandon"
+.TH "VIPW" "8" "21-06-2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,16 @@
 vipw, vigr \- redigera l\(:osenordet, grupp, skuggl\(:osenord eller skuggruppfil
 .SH "SYNOPSIS"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fIflaggor\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fIflaggor\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "BESKRIVNING"
 .PP
 The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
diff --git a/man/tr/Makefile.in b/man/tr/Makefile.in
index fd1633d..ff1d884 100644
--- a/man/tr/Makefile.in
+++ b/man/tr/Makefile.in
@@ -172,6 +172,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -190,6 +192,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -205,9 +208,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -223,6 +232,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -231,6 +241,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -253,6 +265,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
index 30c8627..3fb5ffb 100644
--- a/man/uk/Makefile.am
+++ b/man/uk/Makefile.am
@@ -21,7 +21,6 @@ man_MANS = \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -44,6 +43,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/login.access.5 \
 	man5/porttime.5
diff --git a/man/uk/Makefile.in b/man/uk/Makefile.in
index ce192e6..83e14fa 100644
--- a/man/uk/Makefile.in
+++ b/man/uk/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/uk
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -176,6 +177,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -194,6 +197,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -209,9 +213,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -227,6 +237,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -235,6 +246,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -257,6 +270,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -332,19 +348,21 @@ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
 	man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
 	man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
-	man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
-	man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
-	man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
-	man8/vipw.8 $(am__append_1)
+	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man3/shadow.3 \
+	man5/shadow.5 man1/su.1 man5/suauth.5 man8/useradd.8 \
+	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+	$(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/login.access.5 \
 	man5/porttime.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_2)
+EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_3)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -353,8 +371,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -738,10 +763,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -749,7 +774,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -760,11 +785,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/uk/man1/chage.1 b/man/uk/man1/chage.1
index b35b7ac..3f51fd3 100644
--- a/man/uk/man1/chage.1
+++ b/man/uk/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "chage" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "chage" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,26 +31,28 @@
 chage \- зміна даних щодо завершенн� �троку дії парол� кори�тувача
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBchage\fR\ 'u
-\fBchage\fR [\fIпараметри\fR] \fIЗ�ПИС\fR
+\fBchage\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBchage\fR
-змінює кількі�ть днів між змінами паролів і дату о�танньої зміни парол�\&. Ці відомо�ті викори�товує �и�тема дл� визначенн� того, коли кори�тувач має змінювати пароль\&.
+command changes the number of days between password changes and the date of the last password change\&. This information is used by the system to determine when a user must change their password\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBchage\fR, є такими:
+The options which apply to the
+\fBchage\fR
+command are:
 .PP
-\fB\-d\fR, \fB\-\-lastday\fR \fIОСТ���ІЙ_ДЕ�Ь\fR
+\fB\-d\fR, \fB\-\-lastday\fR\ \&\fILAST_DAY\fR
 .RS 4
-В�тановити кількі�ть днів з 1 �ічн� 1970 року, коли пароль було во�таннє змінено\&. Дату може бути також вказано у форматі РРРР\-ММ\-ДД (або форматі, �кий поширений у вашій країні)\&. Якщо дл�
-\fIОСТ���ІЙ_ДЕ�Ь\fR
-в�тановлено значенн�
-\fI0\fR, кори�тувачеві доведеть�� змінити пароль під ча� на�тупного входу до �и�теми\&.
+Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. If the
+\fILAST_DAY\fR
+is set to
+\fI0\fR
+the user is forced to change his password on the next log on\&.
 .RE
 .PP
-\fB\-E\fR, \fB\-\-expiredate\fR \fIД�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ\fR
+\fB\-E\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
 .RS 4
 В�тановити дату або кількі�ть днів з 1 �ічн� 1970 року, коли �лід заборонити до�туп до облікового запи�у кори�тувача\&. Дату може бути також вказано у форматі РРРР\-ММ\-ДД (або форматі, �кий поширений у вашій країні)\&. Кори�тувач, чий обліковий запи� заблоковано, має звернути�� до адміні�тратора �и�теми, перш ніж знову зможе кори�тувати�� �и�темою\&.
 .sp
@@ -66,11 +68,11 @@ chage \-E $(date \-d +180days +%Y\-%m\-%d)
 .RE
 .\}
 .sp
-Передаванн� чи�ла
+Passing the number
 \fI\-1\fR
-у полі
-\fIД�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ\fR
-призведе до вилученн� дати завершенн� �троку дії облікового запи�у\&.
+as the
+\fIEXPIRE_DATE\fR
+will remove an account expiration date\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -83,17 +85,17 @@ chage \-E $(date \-d +180days +%Y\-%m\-%d)
 При виведенні дат кори�тувати�� форматом РРРР\-ММ\-ДД\&.
 .RE
 .PP
-\fB\-I\fR, \fB\-\-inactive\fR \fI�Е�КТИВ�ИЙ\fR
+\fB\-I\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
 .RS 4
-В�тановити кількі�ть днів неактивно�ті пі�л� завершенн� �троку дії парол�, перш ніж обліковий запи� буде заблоковано\&. Значенн�м параметра
-\fI�Е�КТИВ�ИЙ\fR
-має бути кількі�ть днів неактивно�ті\&. Кори�тувач, чий обліковий запи� заблоковано, має звернути�� до адміні�тратора �и�теми, перш ніж знову зможе кори�тувати�� �и�темою\&.
+Set the number of days of inactivity after a password has expired before the account is locked\&. The
+\fIINACTIVE\fR
+option is the number of days of inactivity\&. A user whose account is locked must contact the system administrator before being able to use the system again\&.
 .sp
-Передаванн� чи�ла
+Passing the number
 \fI\-1\fR
-у полі
-\fI�Е�КТИВ�ИЙ\fR
-призведе до вилученн� неактивно�ті облікового запи�у\&.
+as the
+\fIINACTIVE\fR
+will remove an account\*(Aqs inactivity\&.
 .RE
 .PP
 \fB\-l\fR, \fB\-\-list\fR
@@ -101,29 +103,30 @@ chage \-E $(date \-d +180days +%Y\-%m\-%d)
 Показати відомо�ті щодо за�таріванн� облікового запи�у\&.
 .RE
 .PP
-\fB\-m\fR, \fB\-\-mindays\fR \fIД�І\fR
+\fB\-m\fR, \fB\-\-mindays\fR\ \&\fIMIN_DAYS\fR
 .RS 4
-В�тановити мінімальну кількі�ть днів між змінами парол�
-\fIД�І\fR\&. �ульове значенн� дл� цього пол� вказує, що кори�тувач може змінювати пароль будь\-коли\&.
+Set the minimum number of days between password changes to
+\fIMIN_DAYS\fR\&. A value of zero for this field indicates that the user may change their password at any time\&.
 .RE
 .PP
-\fB\-M\fR, \fB\-\-maxdays\fR \fIМ�КСИМ�ЛЬ�О_Д�ІВ\fR
+\fB\-M\fR, \fB\-\-maxdays\fR\ \&\fIMAX_DAYS\fR
 .RS 4
-В�тановити мак�имальну кількі�ть днів, прот�гом �ких буде чинним пароль\&. Якщо
-\fIМ�КСИМ�ЛЬ�О_Д�ІВ\fR
-разом із
-\fIОСТ���ІЙ_ДЕ�Ь\fR
-буде меншим за поточну дату, �и�тема про�итиме кори�тувача змінити пароль, перш ніж він зможе увійти до �вого облікового запи�у\&. Цю подію можна наперед запланувати за допомогою параметра
-\fB\-W\fR, викори�танн� �кого призведе до того, що �и�тема заздалегідь попереджуватиме кори�тувача про потребу змінити пароль\&.
+Set the maximum number of days during which a password is valid\&. When
+\fIMAX_DAYS\fR
+plus
+\fILAST_DAY\fR
+is less than the current day, the user will be required to change their password before being able to use their account\&. This occurrence can be planned for in advance by use of the
+\fB\-W\fR
+option, which provides the user with advance warning\&.
 .sp
-Передаванн� чи�ла
+Passing the number
 \fI\-1\fR
-у полі
-\fIМ�КСИМ�ЛЬ�О_Д�ІВ\fR
-призведе до вилученн� перевірки чинно�ті паролів\&.
+as
+\fIMAX_DAYS\fR
+will remove checking a password\*(Aqs validity\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -132,38 +135,48 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-W\fR, \fB\-\-warndays\fR \fIД�І\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
+\fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
-В�тановити кількі�ть днів між попередженн�м про потребу у зміні парол� і завершенн�м �троку дії парол�\&. Параметром
-\fIД�І\fR
-є кількі�ть днів до завершенн� �троку дії парол�, коли �и�тема попереджуватиме кори�тувача про те, що пароль невдовзі доведеть�� змінити\&.
+Set the number of days of warning before a password change is required\&. The
+\fIWARN_DAYS\fR
+option is the number of days prior to the password expiring that a user will be warned their password is about to expire\&.
 .RE
 .PP
-Якщо не буде вказано жодного параметра,
+If none of the options are selected,
 \fBchage\fR
-буде запущено в інтерактивному режимі \(em програма покаже кори�тувачеві поточні значенн� дл� у�іх полів\&. Введіть нове значенн�, щоб змінити поле або нічого не вводьте, щоб лишити поточне значенн�\&. Поточне значенн� буде вз�то у квадратні дужки (\fI[ ]\fR)\&.
+operates in an interactive fashion, prompting the user with the current values for all of the fields\&. Enter the new value to change the field, or leave the line blank to use the current value\&. The current value is displayed between a pair of
+\fI[ ]\fR
+marks\&.
 .SH "З�УВ�ЖЕ��Я"
 .PP
-Дл� роботи програми
+The
 \fBchage\fR
-потрібна до�тупні�ть файла прихованих паролів\&.
+program requires a shadow password file to be available\&.
 .PP
 Програма chage повідомл�тиме дані лише на о�нові файла паролів shadow\&. Таким чином, налаштуванн� з інших джерел (наприклад, LDAP або порожнього пол� хешу парол� з файла passwd), �кі впливають на вхід кори�тувачів до �и�теми, не буде показано у виведених chage даних\&.
 .PP
-Крім того, програма
+The
 \fBchage\fR
-не повідомл�тиме про не�умі�но�ті у файлах shadow і passwd (наприклад, про те, що у файлі passwd немає �кого�ь запи�у)\&. Дл� пошуку подібних не�умі�но�тей можна �кори�тати�� програмою
-\fBpwck\fR\&.
+program will also not report any inconsistency between the shadow and passwd files (e\&.g\&. missing x in the passwd file)\&. The
+\fBpwck\fR
+can be used to check for this kind of inconsistencies\&.
 .PP
-Кори�тувати�� командою
+The
 \fBchage\fR
-може лише кори�тувач root, окрім варіанта з параметром
-\fB\-l\fR, �ким може �кори�тати�� непривілейований кори�тувач дл� отриманн� даних щодо �троку дії вла�ного парол� або облікового запи�у\&.
+command is restricted to the root user, except for the
+\fB\-l\fR
+option, which may be used by an unprivileged user to determine when their password or account is due to expire\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
@@ -177,28 +190,28 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBchage\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI1\fR
 .RS 4
-відмовлено у до�тупі
+permission denied
 .RE
 .PP
 \fI2\fR
 .RS 4
-некоректний �интак�и� команди
+invalid command syntax
 .RE
 .PP
 \fI15\fR
 .RS 4
-не вдало�� знайти файл прихованих паролів
+can\*(Aqt find the shadow password file
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
diff --git a/man/uk/man1/chfn.1 b/man/uk/man1/chfn.1
index 2e10ac2..fbce48e 100644
--- a/man/uk/man1/chfn.1
+++ b/man/uk/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "chfn" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "chfn" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,48 +31,50 @@
 chfn \- зміна �правжнього імені кори�тувача і відомо�тей щодо нього
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBchfn\fR\ 'u
-\fBchfn\fR [\fIпараметри\fR] [\fIЗ�ПИС\fR]
+\fBchfn\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBchfn\fR
-змінює повне ім\*(Aq� кори�тувача, номер кімнати в офі�і, номер телефону в офі�і і дані щодо домашнього телефону дл� облікового запи�у кори�тувача\&. Ці дані, зазвичай, виводить
+command changes user fullname, office room number, office phone number, and home phone number information for a user\*(Aqs account\&. This information is typically printed by
 \fBfinger\fR(1)
-та подібні програми\&. Звичайні кори�тувачі можуть змінювати значенн� полів лише дл� вла�ного облікового запи�у, відповідно до обмежень у
-/etc/login\&.defs\&. (Типовими налаштуванн�ми кори�тувачам заборонено змінювати вла�не повне ім\*(Aq�\&.) �адкори�тувач може змінювати будь\-�ке поле будь\-�кого облікового запи�у\&. Крім того, лише надкори�тувач може викори�товувати параметр
+and similar programs\&. A normal user may only change the fields for her own account, subject to the restrictions in
+/etc/login\&.defs\&. (The default configuration is to prevent users from changing their fullname\&.) The superuser may change any field for any account\&. Additionally, only the superuser may use the
 \fB\-o\fR
-дл� зміни невизначених ча�тин пол� GECOS\&.
+option to change the undefined portions of the GECOS field\&.
 .PP
-Ці пол� не повинні мі�тити двокрапок\&. Окрім пол�
-\fIother\fR, у пол�х не повинно мі�тити�� ком та знаків рівно�ті\&. Також рекомендуємо уникати �имволів поза US\-ASCII, втім, приму�ово це обмеженн� за�то�овуєть�� лише до номерів телефонів\&. Поле
+These fields must not contain any colons\&. Except for the
 \fIother\fR
-викори�товують дл� зберіганн� облікових даних, �кі викори�товують інші програми\&.
+field, they should not contain any comma or equal sign\&. It is also recommended to avoid non\-US\-ASCII characters, but this is only enforced for the phone numbers\&. The
+\fIother\fR
+field is used to store accounting information used by other applications\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBchfn\fR, є такими:
+The options which apply to the
+\fBchfn\fR
+command are:
 .PP
-\fB\-f\fR, \fB\-\-full\-name\fR \fIІМ\*(AqЯ_ПОВ�ІСТЮ\fR
+\fB\-f\fR, \fB\-\-full\-name\fR\ \&\fIFULL_NAME\fR
 .RS 4
 Змінити повне ім\*(Aq� кори�тувача\&.
 .RE
 .PP
-\fB\-h\fR, \fB\-\-home\-phone\fR \fIДОМ�Ш�ІЙ_ТЕЛЕФО�\fR
+\fB\-h\fR, \fB\-\-home\-phone\fR\ \&\fIHOME_PHONE\fR
 .RS 4
 Змінити домашній телефон кори�тувача\&.
 .RE
 .PP
-\fB\-o\fR, \fB\-\-other\fR \fIІ�ШЕ\fR
+\fB\-o\fR, \fB\-\-other\fR\ \&\fIOTHER\fR
 .RS 4
 Змінити інші відомо�ті GECOS кори�тувача\&. Це поле викори�товують дл� зберіганн� облікових даних, �кі викори�товують інші програми, його вмі�т може змінювати надкори�тувач\&.
 .RE
 .PP
-\fB\-r\fR, \fB\-\-room\fR \fI�ОМЕР_КІМ��ТИ\fR
+\fB\-r\fR, \fB\-\-room\fR\ \&\fIROOM_NUMBER\fR
 .RS 4
 Змінити номер кімнати кори�тувача\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -86,21 +88,23 @@ directory\&. Only absolute paths are supported\&.
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-w\fR, \fB\-\-work\-phone\fR \fIРОБОЧИЙ_ТЕЛЕФО�\fR
+\fB\-w\fR, \fB\-\-work\-phone\fR\ \&\fIWORK_PHONE\fR
 .RS 4
 Змінити робочий телефон кори�тувача\&.
 .RE
 .PP
-Якщо не буде вказано жодного параметра,
+If none of the options are selected,
 \fBchfn\fR
-буде запущено в інтерактивному режимі \(em програма покаже кори�тувачеві поточні значенн� дл� у�іх полів\&. Введіть нове значенн�, щоб змінити поле або нічого не вводьте, щоб лишити поточне значенн�\&. Поточне значенн� буде вз�то у квадратні дужки (\fB[ ]\fR)\&. Без параметрів
+operates in an interactive fashion, prompting the user with the current values for all of the fields\&. Enter the new value to change the field, or leave the line blank to use the current value\&. The current value is displayed between a pair of
+\fB[ ]\fR
+marks\&. Without options,
 \fBchfn\fR
-попро�ить вказати поточний обліковий запи� кори�тувача\&.\&.
+prompts for the current user account\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/login\&.defs
diff --git a/man/uk/man1/chsh.1 b/man/uk/man1/chsh.1
index ce8c3da..50d1566 100644
--- a/man/uk/man1/chsh.1
+++ b/man/uk/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "chsh" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "chsh" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,23 +31,24 @@
 chsh \- зміна оболонки входу
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBchsh\fR\ 'u
-\fBchsh\fR [\fIпараметри\fR] [\fIЗ�ПИС\fR]
+\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBchsh\fR
-змінює оболонку входу кори�тувача\&. Команда визначає назву початкової команди входу кори�тувача\&. Звичайний кори�тувач може змінювати оболонку входу лише дл� вла�ного облікового запи�у; надкори�тувач може змінювати оболонку входу дл� будь\-�кого облікового запи�у\&.
+command changes the user login shell\&. This determines the name of the user\*(Aqs initial login command\&. A normal user may only change the login shell for her own account; the superuser may change the login shell for any account\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBchsh\fR, є такими:
+The options which apply to the
+\fBchsh\fR
+command are:
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -56,27 +57,37 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-s\fR, \fB\-\-shell\fR \fIОБОЛО�К�\fR
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
 .RS 4
 �азва нової оболонки дл� входу кори�тувача\&. В�тановленн� дл� цього пол� порожнього значенн� призведе до того, що �и�тема вибере типову оболонку дл� входу\&.
 .RE
 .PP
-Якщо не буде вказано параметра
-\fB\-s\fR,
+If the
+\fB\-s\fR
+option is not selected,
 \fBchsh\fR
-буде запущено в інтерактивному режимі \(em програма покаже кори�тувачеві поточне значенн� дл� оболонки входу\&. Введіть нове значенн�, щоб змінити оболонку або нічого не вводьте, щоб лишити поточну\&. Поточну оболонку буде вз�то у квадратні дужки (\fI[ ]\fR)\&.
+operates in an interactive fashion, prompting the user with the current login shell\&. Enter the new value to change the shell, or leave the line blank to use the current one\&. The current shell is displayed between a pair of
+\fI[ ]\fR
+marks\&.
 .SH "З�УВ�ЖЕ��Я"
 .PP
-Єдиним обмеженн�м, �ке накладають на оболонку входу є те, що назва команди має бути ча�тиною �пи�ку у
-/etc/shells, �кщо команду не викликано від імені надкори�тувача\&. �адкори�тувач може додавати будь\-�ке значенн�\&. Вла�ники облікових запи�ів із обмеженою оболонкою дл� входу не може змінювати вла�ну оболонку\&. З цієї причини не варто додавати
+The only restriction placed on the login shell is that the command name must be listed in
+/etc/shells, unless the invoker is the superuser, and then any value may be added\&. An account with a restricted login shell may not change her login shell\&. For this reason, placing
 /bin/rsh
-у
-/etc/shells, о�кільки випадкова зміна обмеженої командної оболонки призведе до повної заборони дл� кори�тувача змінювати оболонку входу та початкову\&.
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
diff --git a/man/uk/man1/expiry.1 b/man/uk/man1/expiry.1
index f51a451..fc6211b 100644
--- a/man/uk/man1/expiry.1
+++ b/man/uk/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "expiry" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "expiry" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,17 @@
 expiry \- перевірка і в�тановленн� правил за�таріванн� паролів
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBexpiry\fR\ 'u
-\fBexpiry\fR \fIпараметр\fR
+\fBexpiry\fR \fIoption\fR
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBexpiry\fR
-перевір�є (\fB\-c\fR) поточний пароль на за�таріванн� і примушує до його зміни (\fB\-f\fR), �кщо це потрібно\&. Команду можна викликати від імені звичайного кори�тувача\&.
+command checks (\fB\-c\fR) the current password expiration and forces (\fB\-f\fR) changes when required\&. It is callable as a normal user command\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBexpiry\fR, є такими:
+The options which apply to the
+\fBexpiry\fR
+command are:
 .PP
 \fB\-c\fR, \fB\-\-check\fR
 .RS 4
diff --git a/man/uk/man1/gpasswd.1 b/man/uk/man1/gpasswd.1
index 5094275..6e872c8 100644
--- a/man/uk/man1/gpasswd.1
+++ b/man/uk/man1/gpasswd.1
@@ -2,12 +2,12 @@
 .\"     Title: gpasswd
 .\"    Author: Rafal Maszkowski
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "gpasswd" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "gpasswd" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -28,59 +28,63 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "��ЗВ�"
-gpasswd \- адміні�труванн� /etc/group і /etc/gshadow
+gpasswd \- administer /etc/group and /etc/gshadow
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBgpasswd\fR\ 'u
-\fBgpasswd\fR [\fIпараметр\fR] \fIгрупа\fR
+\fBgpasswd\fR [\fIoption\fR] \fIgroup\fR
 .SH "ОПИС"
 .PP
-Команду
+The
 \fBgpasswd\fR
-викори�товують дл� адміні�труванн�
-/etc/group, and /etc/gshadow\&. У кожної групи може �кладати�� з
-адміні�траторів,
-уча�ників і мати пароль\&.
+command is used to administer
+/etc/group, and /etc/gshadow\&. Every group can have
+administrators,
+members and a password\&.
 .PP
-�дміні�тратори �и�теми можуть �кори�тати�� параметром
+System administrators can use the
 \fB\-A\fR
-дл� визначенн� адміні�траторів групи і параметром
+option to define group administrator(s) and the
 \fB\-M\fR
-дл� визначенн� уча�ників\&. Вони мають у�і права адміні�траторів і уча�ників груп\&.
+option to define members\&. They have all rights of group administrators and members\&.
 .PP
-Виклик
-\fBgpasswd\fR, �кщо його здій�нює групи \(Foадміні�тратор групи\(Fc лише із назвою групи, призведе до запиту щодо нового парол� дл� групи
-\fIгрупа\fR\&.
+\fBgpasswd\fR
+called by
+a group administrator
+with a group name only prompts for the new password of the
+\fIgroup\fR\&.
 .PP
-Якщо пароль в�тановлено, уча�ники зможуть продовжити кори�тувати��
+If a password is set the members can still use
 \fBnewgrp\fR(1)
-без парол�, а тим, хто не є уча�ником, доведеть�� вказати пароль\&.
+without a password, and non\-members must supply the password\&.
 .SS "�отатки щодо паролів груп"
 .PP
 Паролі груп мають неу�увну проблему захи�ту, о�кільки пароль знатимуть декілька о�іб\&. Втім, групи є кори�ним ін�трументом дл� забезпеченн� взаємодії між різними кори�тувачами\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Окрім параметрів
+Except for the
 \fB\-A\fR
-Ñ–
-\fB\-M\fR, параметри не можна поєднувати\&.
+and
+\fB\-M\fR
+options, the options cannot be combined\&.
 .PP
-Параметри, �кі за�то�овують до команди
-\fBgpasswd\fR, є такими:
+The options which apply to the
+\fBgpasswd\fR
+command are:
 .PP
-\fB\-a\fR, \fB\-\-add\fR \fIкори�тувач\fR
+\fB\-a\fR, \fB\-\-add\fR\ \&\fIuser\fR
 .RS 4
-Додати
-\fIкори�тувач\fR
-до іменованого
-\fIгрупа\fR\&.
+Add the
+\fIuser\fR
+to the named
+\fIgroup\fR\&.
 .RE
 .PP
-\fB\-d\fR, \fB\-\-delete\fR \fIкори�тувач\fR
+\fB\-d\fR, \fB\-\-delete\fR\ \&\fIuser\fR
 .RS 4
-Вилучити
-\fIкори�тувач\fR
-з іменованого
-\fIгрупа\fR\&.
+Remove the
+\fIuser\fR
+from the named
+\fIgroup\fR\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -88,7 +92,7 @@ gpasswd \- адміні�труванн� /etc/group і /etc/gshadow
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-Q\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-Q\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -99,44 +103,42 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-r\fR, \fB\-\-remove\-password\fR
 .RS 4
-Вилучити пароль із вказаної за назвою групи
-\fIгрупа\fR\&. Пароль групи �тане порожнім\&. Скори�тати��
+Remove the password from the named
+\fIgroup\fR\&. The group password will be empty\&. Only group members will be allowed to use
 \fBnewgrp\fR
-дл� долученн� до іменованої групи
-\fIгрупа\fR
-зможуть лише уча�ники групи\&.
+to join the named
+\fIgroup\fR\&.
 .RE
 .PP
 \fB\-R\fR, \fB\-\-restrict\fR
 .RS 4
-Обмежити до�туп до вказаної за назвою групи
-\fIгрупа\fR\&. Дл� парол� групи буде в�тановлено значенн� \(Fo!\(Fc\&. Скори�тати��
+Restrict the access to the named
+\fIgroup\fR\&. The group password is set to "!"\&. Only group members with a password will be allowed to use
 \fBnewgrp\fR
-дл� долученн� до іменованої групи
-\fIгрупа\fR
-зможуть лише уча�ники групи з паролем\&.
+to join the named
+\fIgroup\fR\&.
 .RE
 .PP
-\fB\-A\fR, \fB\-\-administrators\fR \fIкори�тувач\fR,\&.\&.\&.
+\fB\-A\fR, \fB\-\-administrators\fR\ \&\fIuser\fR,\&.\&.\&.
 .RS 4
 В�тановити �пи�ок адміні�тративних кори�тувачів\&.
 .RE
 .PP
-\fB\-M\fR, \fB\-\-members\fR \fIкори�тувач\fR,\&.\&.\&.
+\fB\-M\fR, \fB\-\-members\fR\ \&\fIuser\fR,\&.\&.\&.
 .RS 4
 В�тановити �пи�ок уча�ників групи\&.
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
-Цей ін�трумент працює лише з файлами
+This tool only operates on the
 /etc/group
 and /etc/gshadow files\&.
-Отже, за його допомогою ви не зможете вне�ти зміни до груп NIS або LDAP\&. Зміни доведеть�� вно�ити на відповідному �ервері\&.
+Thus you cannot change any NIS or LDAP group\&. This must be performed on the corresponding server\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -155,4 +157,4 @@ and /etc/gshadow files\&.
 \fBgroupdel\fR(8),
 \fBgroupmod\fR(8),
 \fBgrpck\fR(8),
-\fBгрупа\fR(5), \fBgshadow\fR(5)\&.
+\fBgroup\fR(5), \fBgshadow\fR(5)\&.
diff --git a/man/uk/man1/groups.1 b/man/uk/man1/groups.1
index ac7d0d4..420b935 100644
--- a/man/uk/man1/groups.1
+++ b/man/uk/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "groups" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "groups" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,24 +31,25 @@
 groups \- показ поточних назв груп
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fIкори�тувач\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBgroups\fR
-виводить назви або значенн� ідентифікаторів поточних груп\&. Якщо у значенн� немає відповідного запи�у у
-/etc/group, значенн� буде виведено �к чи�лове значенн� групи\&. Викори�танн� необов\*(Aq�зкового параметра
-\fIкори�тувач\fR
-призведе до показу груп іменованого кори�тувача\&.
+command displays the current group names or ID values\&. If the value does not have a corresponding entry in
+/etc/group, the value will be displayed as the numerical group value\&. The optional
+\fIuser\fR
+parameter will display the groups for the named user\&.
 .SH "З�УВ�ЖЕ��Я"
 .PP
-Дл� �и�тем, у �ких не передбачено підтримку додаткових груп (див\&.
-\fBinitgroups\fR(3)) буде показано відомо�ті з
-/etc/group\&. Кори�тувач має �кори�тати��
+Systems which do not support supplementary groups (see
+\fBinitgroups\fR(3)) will have the information from
+/etc/group
+reported\&. The user must use
 \fBnewgrp\fR
-або
+or
 \fBsg\fR
-дл� зміни його поточного �правжнього і ефективного ідентифікатора групи\&.
+to change his current real and effective group ID\&.
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
diff --git a/man/uk/man1/id.1 b/man/uk/man1/id.1
index 50baa95..f37ac67 100644
--- a/man/uk/man1/id.1
+++ b/man/uk/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "id" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "id" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/uk/man1/login.1 b/man/uk/man1/login.1
index 01dd61e..411f26d 100644
--- a/man/uk/man1/login.1
+++ b/man/uk/man1/login.1
@@ -2,12 +2,12 @@
 .\"     Title: login
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "login" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "login" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,74 +31,78 @@
 login \- розпочати �еан� у �и�темі
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIкори�тувач\fR] [\fIСЕРЕДОВИЩЕ=ЗМІ���\fR...]
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIusername\fR] [\fIENV=VAR\fR...]
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIкори�тувач\fR
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIusername\fR
 .HP \w'\fBlogin\fR\ 'u
 \fBlogin\fR [\-p] \-r\ \fIhost\fR
 .SH "ОПИС"
 .PP
-Програму
+The
 \fBlogin\fR
-призначено дл� в�тановленн� нового �еан�у роботи з �и�темою\&. Зазвичай, її виклик відбуваєть�� автоматично у відповідь на запит
+program is used to establish a new session with the system\&. It is normally invoked automatically by responding to the
 \fIlogin:\fR
-у терміналі кори�тувача\&.
+prompt on the user\*(Aqs terminal\&.
 \fBlogin\fR
-може бути �пеціалізованою дл� оболонки і непридатною до виклику у форматі підлеглого проце�у\&. Якщо програму викликано з оболонки,
+may be special to the shell and may not be invoked as a sub\-process\&. When called from a shell,
 \fBlogin\fR
-має бути виконано �к
-\fBexec login\fR, що �причинить вихід кори�тувача з поточної оболонки (і, таким чином, запобігатиме поверненню кори�тувача, �кий увійшов до �и�теми, до �еан�у того, хто віддав команду)\&. Спроба виконати
+should be executed as
+\fBexec login\fR
+which will cause the user to exit from the current shell (and thus will prevent the new logged in user to return to the session of the caller)\&. Attempting to execute
 \fBlogin\fR
-з будь\-�кої командної оболонки, окрім оболонки входу, призведе до виведенн� повідомленн� про помилку\&.
+from any shell but the login shell will produce an error message\&.
 .PP
-Пі�л� цього, кори�тувачеві, �кщо це потрібно, буде запропоновано вве�ти пароль\&. Відтворенн� парол� на екрані буде вимкнено, щоб запобігти розкриттю парол�\&. Кількі�ть �проб буде �уттєво обмежено\&. При перевищенні граничної кілько�ті �проб вве�ти пароль
+The user is then prompted for a password, where appropriate\&. Echoing is disabled to prevent revealing the password\&. Only a small number of password failures are permitted before
 \fBlogin\fR
-завершить роботу і перерве зв\*(Aq�зок дл� обміну даними\&.
+exits and the communications link is severed\&.
 .PP
-Якщо дл� вашого облікового запи�у було увімкнено за�таріванн� паролів, програма може попро�ити ва� вве�ти новий пароль, перш ніж продовжити роботу\&. Вам доведеть�� вве�ти �тарий і новий пароль, перш ніж продовжити роботу\&. Будь ла�ка, зверніть�� до підручника з
-\fBpasswd\fR(1), щоб дізнати�� більше\&.
+If password aging has been enabled for your account, you may be prompted for a new password before proceeding\&. You will be forced to provide your old password and the new password before continuing\&. Please refer to
+\fBpasswd\fR(1)
+for more information\&.
 .PP
-Пі�л� у�пішного входу до �и�теми ва� буде проінформовано про у�і повідомленн� �и�теми та на�вні�ть пошти\&. Ви можете вимкнути виведенн� даних до файла повідомлень �и�теми,
-/etc/motd, �творенн�м файла нульового розміру
+After a successful login, you will be informed of any system messages and the presence of mail\&. You may turn off the printing of the system message file,
+/etc/motd, by creating a zero\-length file
 \&.hushlogin
-у вашому каталозі дл� входу\&. Повідомленн�м про пошту буде одне з таких повідомлень: \(Fo\fIВи отримали нову пошту\&.\fR\(Fc, \(Fo\fIДл� ва� є пошта\&.\fR\(Fc або \(Fo\fIПошти немає\&.\fR\(Fc, відповідно до �тану вашої поштової �криньки\&.
+in your login directory\&. The mail message will be one of "\fIYou have new mail\&.\fR", "\fIYou have mail\&.\fR", or "\fINo Mail\&.\fR" according to the condition of your mailbox\&.
 .PP
-Ваші ідентифікатори кори�тувача і групи буде в�тановлено відповідно до значень у файлі
-/etc/passwd\&. Значенн�
+Your user and group ID will be set according to their values in the
+/etc/passwd
+file\&. The value for
 \fB$HOME\fR,
 \fB$SHELL\fR,
 \fB$PATH\fR,
-\fB$LOGNAME\fR
-Ñ–
+\fB$LOGNAME\fR, and
 \fB$MAIL\fR
-буде в�тановлено відповідно до відповідних полів у запи�і парол�\&. Значенн� ulimit, umask і nice також може бути в�тановлено відповідно до запи�ів у полі GECOS\&.
+are set according to the appropriate fields in the password entry\&. Ulimit, umask and nice values may also be set according to entries in the GECOS field\&.
 .PP
-У де�ких в�тановлених �и�темах змінну �ередовища
+On some installations, the environmental variable
 \fB$TERM\fR
-буде ініціалізовано значенн�м типу термінала у вашому р�дку tty, �к це вказано у
+will be initialized to the terminal type on your tty line, as specified in
 /etc/ttytype\&.
 .PP
 Також може бути виконано �крипт ініціалізації дл� вашого інтерпретатора командного р�дка\&. Будь ла�ка, зверніть�� до відповідного розділу підручника, щоб дізнати�� більше про цю функціональну можливі�ть\&.
 .PP
 Вхід до під�и�теми буде позначено на�вні�тю \(Fo*\(Fc �к першого �имволу оболонки входу\&. Заданий домашній каталог буде викори�тано �к кореневий каталог нової файлової �и�теми, до �кої кори�тувач на�правді увійшов\&.
 .PP
-Програма
+The
 \fBlogin\fR
-�Е відповідає за вилученн� запи�ів кори�тувачів з файла utmp\&. За чищенн� видимого вла�ника �еан�у термінала відповідають
+program is NOT responsible for removing users from the utmp file\&. It is the responsibility of
 \fBgetty\fR(8)
-Ñ–
-\fBinit\fR(8)\&. Якщо ви кори�туєте��
+and
+\fBinit\fR(8)
+to clean up apparent ownership of a terminal session\&. If you use
 \fBlogin\fR
-з запиту командної оболонки без
-\fBexec\fR, викори�таний вами обліковий запи� кори�тувача продовжуватиме \(Foпрацювати\(Fc у �и�темі, навіть пі�л� того, �к ви вийдете з \(Foпідлеглого �еан�у\(Fc\&.
+from the shell prompt without
+\fBexec\fR, the user you use will continue to appear to be logged in even after you log out of the "subsession"\&.
 .SH "П�Р�МЕТРИ"
 .PP
 \fB\-f\fR
 .RS 4
 �е виконувати розпізнаванн�, кори�тувача попередньо розпізнано\&.
 .sp
-Зауваженн�: у цьому випадку обов\*(Aq�зковим є
-\fIкори�тувач\fR\&.
+Note: In that case,
+\fIusername\fR
+is mandatory\&.
 .RE
 .PP
 \fB\-h\fR
@@ -116,40 +120,40 @@ login \- розпочати �еан� у �и�темі
 Виконати протокол автоматичного входу дл� rlogin\&.
 .RE
 .PP
-Параметри
+The
 \fB\-r\fR,
 \fB\-h\fR
-Ñ–
+and
 \fB\-f\fR
-викори�товують, лише �кщо
+options are only used when
 \fBlogin\fR
-викликано від імені кори�тувача root\&.
+is invoked by root\&.
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
-У цієї вер�ії
+This version of
 \fBlogin\fR
-багато параметрів збиранн�\&. У певній збірці може бути викори�тано лише ча�тину з них\&.
+has many compilation options, only some of which may be in use at any particular site\&.
 .PP
 Розташуванн� файлів є різним у різних конфігураці�х �и�теми\&.
 .PP
-Програма
+The
 \fBlogin\fR
-�Е відповідає за вилученн� запи�ів кори�тувачів з файла utmp\&. За чищенн� видимого вла�ника �еан�у термінала відповідають
+program is NOT responsible for removing users from the utmp file\&. It is the responsibility of
 \fBgetty\fR(8)
-Ñ–
-\fBinit\fR(8)\&. Якщо ви кори�туєте��
+and
+\fBinit\fR(8)
+to clean up apparent ownership of a terminal session\&. If you use
 \fBlogin\fR
-з запиту командної оболонки без
-\fBexec\fR, викори�таний вами обліковий запи� кори�тувача продовжуватиме \(Foпрацювати\(Fc у �и�темі, навіть пі�л� того, �к ви вийдете з \(Foпідлеглого �еан�у\(Fc\&.
+from the shell prompt without
+\fBexec\fR, the user you use will continue to appear to be logged in even after you log out of the "subsession"\&.
 .PP
-Як і з будь\-�кою програмою, вигл�д
-\fBlogin\fR
-може бути підроблено\&. Якщо до комп\*(Aqютера мають фізичний до�туп �торонні кори�тувачі, зловми�ник може �кори�тати�� цим дл� отриманн� парол� на�тупного за ним кори�тувача комп\*(Aqютера\&. У Linux кори�тувачі можуть �кори�тати�� механізмом SAK дл� ініціалізації надійного шл�ху і запобіганн� атакам цього типу\&.
+As with any program,
+\fBlogin\fR\*(Aqs appearance can be faked\&. If non\-trusted users have physical access to a machine, an attacker could use this to obtain the password of the next person coming to sit in front of the machine\&. Under Linux, the SAK mechanism can be used by users to initiate a trusted path and prevent this kind of attack\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /var/run/utmp
diff --git a/man/uk/man1/newgrp.1 b/man/uk/man1/newgrp.1
index 2d15737..94f0974 100644
--- a/man/uk/man1/newgrp.1
+++ b/man/uk/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "newgrp" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "newgrp" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,30 +31,35 @@
 newgrp \- увійти до нової групи
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBnewgrp\fR\ 'u
-\fBnewgrp\fR [\-] [\fIгрупа\fR]
+\fBnewgrp\fR [\-] [\fIgroup\fR]
 .SH "ОПИС"
 .PP
-Команду
+The
 \fBnewgrp\fR
-призначено дл� зміни поточного ідентифікатора групи під ча� �еан�у роботи у �и�темі\&. Якщо вказано необов\*(Aq�зковий прапорець
-\fB\-\fR, �ередовища кори�тувача буде повторно ініціалізовано так, наче кори�тувач знову увійшов до �и�теми\&. Якщо прапорець не вказано, лишить�� незмінним поточне �ередовища, включно із поточним робочим каталогом\&.
+command is used to change the current group ID during a login session\&. If the optional
+\fB\-\fR
+flag is given, the user\*(Aqs environment will be reinitialized as though the user had logged in, otherwise the current environment, including current working directory, remains unchanged\&.
 .PP
 \fBnewgrp\fR
-змінює поточний �правжній ідентифікатор групи на ідентифікатор іменованої групи або ідентифікатор типової групи зі �пи�ку у
-/etc/passwd, �кщо назву групи не вказано\&.
+changes the current real group ID to the named group, or to the default group listed in
+/etc/passwd
+if no group name is given\&.
 \fBnewgrp\fR
-також намагаєть�� додати групу до набору груп кори�тувача\&. Якщо команду віддано не від імені root, �и�тема попро�ить кори�тувача вве�ти пароль, �кщо у нього немає парол� (у
-/etc/shadow, �кщо цей кори�тувач має запи� у файлі прихованих паролів, або у
-/etc/passwd, �кщо це не так), а у групи є, або �кщо кори�тувача немає у �пи�ку уча�ників, а групу захищено паролем\&. Кори�тувачеві буде відмовлено у до�тупі, �кщо пароль групи є порожнім, а кори�тувача немає у �пи�ку її уча�ників\&.
+also tries to add the group to the user groupset\&. If not root, the user will be prompted for a password if she does not have a password (in
+/etc/shadow
+if this user has an entry in the shadowed password file, or in
+/etc/passwd
+otherwise) and the group does, or if the user is not listed as a member and the group has a password\&. The user will be denied access if the group password is empty and the user is not listed as a member\&.
 .PP
-Якщо у цієї групи є запи� у
-/etc/gshadow, �пи�ок уча�ників і пароль до цієї групи буде вз�то з цього файла\&. Якщо запи�у немає, буде враховано запи� у
-/etc/group\&.
+If there is an entry for this group in
+/etc/gshadow, then the list of members and the password of this group will be taken from this file, otherwise, the entry in
+/etc/group
+is considered\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
@@ -83,4 +88,4 @@ newgrp \- увійти до нової групи
 \fBsu\fR(1),
 \fBsg\fR(1),
 \fBgpasswd\fR(1),
-\fBгрупа\fR(5), \fBgshadow\fR(5)\&.
+\fBgroup\fR(5), \fBgshadow\fR(5)\&.
diff --git a/man/uk/man1/passwd.1 b/man/uk/man1/passwd.1
index 9ccb811..cf6d809 100644
--- a/man/uk/man1/passwd.1
+++ b/man/uk/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "passwd" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "passwd" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,81 +31,50 @@
 passwd \- зміна парол� кори�тувача
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBpasswd\fR\ 'u
-\fBpasswd\fR [\fIпараметри\fR] [\fIЗ�ПИС\fR]
+\fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBpasswd\fR
-змінює паролі до облікових запи�ів кори�тувачів\&. Звичайний кори�тувач може змінювати пароль лише дл� вла�ного облікового запи�у, а надкори�тувач може змінювати пароль дл� будь\-�кого облікового запи�у\&.
+command changes passwords for user accounts\&. A normal user may only change the password for their own account, while the superuser may change the password for any account\&.
 \fBpasswd\fR
-також змінює період чинно�ті облікового запи�у або пов\*(Aq�заного з ним парол�\&.
+also changes the account or associated password validity period\&.
 .SS "Зміни паролів"
 .PP
 Спочатку програма попро�ить кори�тувача вве�ти �тарий пароль, �кщо такий і�нує\&. Потім цей пароль буде зашифровано і порівн�но із збереженим паролем\&. Кори�тувачу буде надано лише одну �пробу вве�ти правильний пароль\&. �адкори�тувач може обійти цей крок, тому може змінювати забуті паролі\&.
 .PP
-Пі�л� введенн� парол� буде перевірено дані щодо віку парол�, щоб визначити, чи може кори�тувач змінювати пароль на поточний момент ча�у\&. Якщо кори�тувач не може цього робити,
+After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time\&. If not,
 \fBpasswd\fR
-відмовить у зміні парол� і завершить роботу\&.
+refuses to change the password and exits\&.
 .PP
 Потім програма попро�ить кори�тувача вве�ти пароль\-замінник двічі\&. Друге введене значенн� буде порівн�но із першим \(em вони мають бути однаковими, щоб пароль було змінено\&.
 .PP
-Далі, пароль буде перевірено на �кладні�ть\&. Загальним правилом є те, що пароль має �кладати�� з від 6 до 8 �имволів, включаючи один або декілька �имволів з кожного з таких наборів:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-малі літери латин�ької абетки
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-цифри від 0 до 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-�имволи пунктуації
-.RE
-.PP
-До парол� не можна включати типові �имволи вилученн� або витиранн� �и�теми\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-не прийме парол�, �кий не є до�татньо �кладним\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "Підказки дл� паролів кори�тувача"
 .PP
-Захи�т парол� залежить від �кладно�ті алгоритму шифруванн� та розміру про�тору ключів\&. За�тарілий �по�іб шифруванн� �и�теми
+The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
 \fIUNIX\fR
-за�новано на алгоритмі DES NBS\&. �а �ьогодні, рекомендують �уча�ніші методи (див\&.
-\fBENCRYPT_METHOD\fR)\&. Розмір про�тору ключів залежить від випадково�ті парол�, �ку було вибрано\&.
+System encryption method is based on the NBS DES algorithm\&. More recent methods are now recommended (see
+\fBENCRYPT_METHOD\fR)\&. The size of the key space depends upon the randomness of the password which is selected\&.
 .PP
 По�лабленн� захи�ту парол�ми, зазвичай, є результатом необдуманого вибору парол� або поводженн� з ним\&. З цієї причини, не �лід вибирати пароль зі �ловника або де�ь його запи�увати\&. �е �лід також вибирати дл� парол� вла�не ім\*(Aq�, номер водій�ького по�відченн�, дату народженн� або назву вулиці, на �кій ви мешкаєте\&. Вибір будь\-�кого з цих варіантів може призве�ти до вгадуванн� парол� і компрометації захи�ту �и�теми\&.
 .PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
 Поради щодо вибору надійного парол� можна знайти на �торінці https://uk\&.wikipedia\&.org/wiki/�адійні�ть_парол�
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBpasswd\fR, є такими:
+The options which apply to the
+\fBpasswd\fR
+command are:
 .PP
 \fB\-a\fR, \fB\-\-all\fR
 .RS 4
-Цим параметром можна �кори�тати�� лише у поєднанні із
-\fB\-S\fR\&. Його викори�танн� призведе до показу �тану дл� у�іх кори�тувачів\&.
+This option can be used only with
+\fB\-S\fR
+and causes show status for all users\&.
 .RE
 .PP
 \fB\-d\fR, \fB\-\-delete\fR
@@ -123,11 +92,11 @@ passwd \- зміна парол� кори�тувача
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-i\fR, \fB\-\-inactive\fR \fI�Е�КТИВ�ИЙ\fR
+\fB\-i\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
 .RS 4
-Цей параметр викори�товують дл� вимиканн� облікового запи�у за вказану кількі�ть днів пі�л� завершенн� �троку дії парол�\&. Пі�л� того, �к мине
-\fI�Е�КТИВ�ИЙ\fR
-днів з моменту завершенн� �троку дії парол�, кори�тувач не зможе увійти до облікового запи�у\&.
+This option is used to disable an account after the password has been expired for a number of days\&. After a user account has had an expired password for
+\fIINACTIVE\fR
+days, the user may no longer sign on to the account\&.
 .RE
 .PP
 \fB\-k\fR, \fB\-\-keep\-tokens\fR
@@ -139,17 +108,17 @@ passwd \- зміна парол� кори�тувача
 .RS 4
 Заблокувати пароль іменованого облікового запи�у\&. За допомогою цього параметра можна вимкнути пароль, змінивши його на значенн�, �ке не відповідає зашифрованому значенню (буде додано \(aa!\(aa на початку парол�)\&.
 .sp
-Зауважте, що це не призведе до вимиканн� облікового запи�у\&. Кори�тувач зможе входити до �и�теми за допомогою іншого жетона розпізнаванн� (наприклад ключа SSH)\&. Щоб вимкнути обліковий запи�, адміні�траторам �лід кори�тувати��
+Note that this does not disable the account\&. The user may still be able to login using another authentication token (e\&.g\&. an SSH key)\&. To disable the account, administrators should use
 \fBusermod \-\-expiredate 1\fR
-(ц� команда в�тановить дл� дати завершенн� �троку дії облікового запи�у значенн� 2 �ічн� 1970 року)\&.
+(this set the account\*(Aqs expire date to Jan 2, 1970)\&.
 .sp
 Кори�тувачі із заблокованим паролем не зможуть змінювати вла�ний пароль\&.
 .RE
 .PP
-\fB\-n\fR, \fB\-\-mindays\fR \fIД�І\fR
+\fB\-n\fR, \fB\-\-mindays\fR\ \&\fIMIN_DAYS\fR
 .RS 4
-В�тановити мінімальну кількі�ть днів між змінами парол�
-\fIД�І\fR\&. �ульове значенн� дл� цього пол� вказує, що кори�тувач може змінювати пароль будь\-коли\&.
+Set the minimum number of days between password changes to
+\fIMIN_DAYS\fR\&. A value of zero for this field indicates that the user may change their password at any time\&.
 .RE
 .PP
 \fB\-q\fR, \fB\-\-quiet\fR
@@ -157,13 +126,14 @@ passwd \- зміна парол� кори�тувача
 Режим без повідомлень\&.
 .RE
 .PP
-\fB\-r\fR, \fB\-\-repository\fR \fIСХОВИЩЕ\fR
+\fB\-r\fR, \fB\-\-repository\fR\ \&\fIREPOSITORY\fR
 .RS 4
-змінити пароль у �ховищі
-\fIСХОВИЩЕ\fR
+change password in
+\fIREPOSITORY\fR
+repository
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -172,6 +142,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
 Виве�ти дані щодо �тану облікового запи�у\&. Дані щодо �тану �кладають�� з 7 полів\&. Першим полем є назва облікового запи�у кори�тувача\&. Друге поле вказує на те, чи є обліковий запи� таким, дл� �кого заблоковано пароль (L), немає парол� (NP) або має придатний до кори�туванн� пароль (P)\&. Третє поле задає дату о�танньої зміни парол�\&. �а�тупними чотирма пол�ми є мінімальний вік, мак�имальний вік, період попередженн� та період неактивно�ті дл� парол�\&. Ці значенн� віку виражають�� у дн�х\&.
@@ -179,27 +155,33 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-u\fR, \fB\-\-unlock\fR
 .RS 4
-Розблокувати пароль дл� іменованого облікового запи�у\&. Цей параметр повторно вмикає пароль, замінюючи пароль на попереднє його значенн� (на значенн� до викори�танн� параметра
-\fB\-l\fR)\&.
+Unlock the password of the named account\&. This option re\-enables a password by changing the password back to its previous value (to the value before using the
+\fB\-l\fR
+option)\&.
 .RE
 .PP
-\fB\-w\fR, \fB\-\-warndays\fR \fIД�І\fR
+\fB\-w\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
-В�тановити кількі�ть днів між попередженн�м про потребу у зміні парол� і завершенн�м �троку дії парол�\&. Параметром
-\fIД�І\fR
-є кількі�ть днів до завершенн� �троку дії парол�, коли �и�тема попереджуватиме кори�тувача про те, що пароль невдовзі доведеть�� змінити\&.
+Set the number of days of warning before a password change is required\&. The
+\fIWARN_DAYS\fR
+option is the number of days prior to the password expiring that a user will be warned that their password is about to expire\&.
 .RE
 .PP
-\fB\-x\fR, \fB\-\-maxdays\fR \fIМ�КСИМ�ЛЬ�О_Д�ІВ\fR
+\fB\-x\fR, \fB\-\-maxdays\fR\ \&\fIMAX_DAYS\fR
 .RS 4
-В�тановити мак�имальну кількі�ть днів, прот�гом �ких пароль лишатиметь�� чинним\&. Щойно мине
-\fIМ�КСИМ�ЛЬ�О_Д�ІВ\fR, �и�тема вимагатиме від кори�тувача змінити пароль\&.
+Set the maximum number of days a password remains valid\&. After
+\fIMAX_DAYS\fR, the password is required to be changed\&.
 .sp
-Передаванн� чи�ла
+Passing the number
 \fI\-1\fR
-у полі
-\fIМ�КСИМ�ЛЬ�О_Д�ІВ\fR
-призведе до вилученн� перевірки чинно�ті паролів\&.
+as
+\fIMAX_DAYS\fR
+will remove checking a password\*(Aqs validity\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
@@ -208,9 +190,9 @@ directory\&. Only absolute paths are supported\&.
 Можливо, кори�тувачі не зможуть змінити �вій пароль у �и�темі, �кщо увімкнено NIS, і кори�тувачі не увійшли до �ервера NIS\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
@@ -229,51 +211,54 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBpasswd\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI1\fR
 .RS 4
-відмовлено у до�тупі
+permission denied
 .RE
 .PP
 \fI2\fR
 .RS 4
-некоректне поєднанн� параметрів
+invalid combination of options
 .RE
 .PP
 \fI3\fR
 .RS 4
-неочікувана помилка, нічого не виконано
+unexpected failure, nothing done
 .RE
 .PP
 \fI4\fR
 .RS 4
-неочікувана помилка, не ви�тачає файла
+unexpected failure,
 passwd
+file missing
 .RE
 .PP
 \fI5\fR
 .RS 4
-файл
 passwd
-зайн�то, повторіть �пробу
+file busy, try again
 .RE
 .PP
 \fI6\fR
 .RS 4
-некоректний аргумент параметра
+invalid argument to option
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/uk/man1/sg.1 b/man/uk/man1/sg.1
index b4ca933..df439f4 100644
--- a/man/uk/man1/sg.1
+++ b/man/uk/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "sg" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "sg" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,30 +31,34 @@
 sg \- виконанн� команди від імені іншого ідентифікатора групи
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBsg\fR\ 'u
-\fBsg\fR [\-] [група\ [\-c]\ команда]
+\fBsg\fR [\-] [group\ [\-c\ ]\ command]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBsg\fR
-працює подібно до команди
-\fBnewgrp\fR, але приймає команду\&. Цю команду буде виконано за допомогою оболонки
-/bin/sh\&. У більшо�ті оболонок, з �ких ви можете запу�тити
-\fBsg\fR, вам доведеть�� брати багато�лівні команди у лапки\&. Іншою відмінні�тю між
+command works similar to
 \fBnewgrp\fR
-Ñ–
+but accepts a command\&. The command will be executed with the
+/bin/sh
+shell\&. With most shells you may run
 \fBsg\fR
-є те, що де�кі оболонки обробл�ють
+from, you need to enclose multi\-word commands in quotes\&. Another difference between
 \fBnewgrp\fR
-по\-о�обливому, замінюючи �ебе новим екземпл�ром оболонки, �кий �творює
-\fBnewgrp\fR\&. Такого не трапл�єть�� з
-\fBsg\fR\&. Отже, пі�л� виходу з команди
+and
 \fBsg\fR
-ви повернете�� до вашого попереднього ідентифікатора групи\&.
+is that some shells treat
+\fBnewgrp\fR
+specially, replacing themselves with a new instance of a shell that
+\fBnewgrp\fR
+creates\&. This doesn\*(Aqt happen with
+\fBsg\fR, so upon exit from a
+\fBsg\fR
+command you are returned to your previous group ID\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
@@ -83,4 +87,4 @@ sg \- виконаннÑ� команди від імені іншого іденÑ
 \fBnewgrp\fR(1),
 \fBsu\fR(1),
 \fBgpasswd\fR(1),
-\fBгрупа\fR(5), \fBgshadow\fR(5)\&.
+\fBgroup\fR(5), \fBgshadow\fR(5)\&.
diff --git a/man/uk/man1/su.1 b/man/uk/man1/su.1
index fd6a061..722a9ba 100644
--- a/man/uk/man1/su.1
+++ b/man/uk/man1/su.1
@@ -2,12 +2,12 @@
 .\"     Title: su
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди кори�тувача
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "su" "1" "08/11/2022" "shadow\-utils 4\&.13" "Команди кори�тувача"
+.TH "su" "1" "21/06/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,50 +31,53 @@
 su \- зміна ідентифікатора кори�тувача або набутт� прав надкори�тувача
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBsu\fR\ 'u
-\fBsu\fR [\fIпараметри\fR] [\fI\-\fR] [\fIкори�тувач\fR\ [\ \fIаргументи\fR\ ]]
+\fBsu\fR [\fIoptions\fR] [\fI\-\fR] [\fIusername\fR\ [\ \fIargs\fR\ ]]
 .SH "ОПИС"
 .PP
-Команду
+The
 \fBsu\fR
-викори�товують дл� набутт� прав іншого кори�тувача під ча� робочого �еан�у у �и�темі\&. Якщо команду викликано без
-\fBкори�тувач\fR,
-\fBsu\fR, типово, надає до�туп до облікового запи�у надкори�тувача\&. Параметром
+command is used to become another user during a login session\&. Invoked without a
+\fBusername\fR,
+\fBsu\fR
+defaults to becoming the superuser\&. The
 \fB\-\fR
-можна �кори�тати�� дл� забезпеченн� �ередовища, подібного до того, �ке б мав отримати кори�тувач, �кий увійшов до �и�теми безпо�ередньо\&. Параметром
+option may be used to provide an environment similar to what the user would expect had the user logged in directly\&. The
 \fB\-c\fR
-можна �кори�тати�� дл� того, щоб більші�ть командних оболонок вважали на�тупний аргумент командою\&.
+option may be used to treat the next argument as a command by most shells\&.
 .PP
-Параметри буде розпізнано у�юди у �пи�ку аргументів\&. Ви можете �кори�тати�� аргументом
-\fB\-\-\fR, щоб припинити обробку аргументів\&. Параметр
+Options are recognized everywhere in the argument list\&. You can use the
+\fB\-\-\fR
+argument to stop option parsing\&. The
 \fB\-\fR
-є о�обливим: програма розпізнає його також пі�л�
-\fB\-\-\fR, але його �лід розташувати перед
-\fBкори�тувач\fR\&.
+option is special: it is also recognized after
+\fB\-\-\fR, but has to be placed before
+\fBusername\fR\&.
 .PP
 Програма попро�ить кори�тувача вве�ти пароль, �кщо у цьому є потреба\&. Введенн� некоректного парол� призведе до виведенн� повідомленн� про помилку\&. У�і �проби, коректні і некоректні, буде запи�ано до журналу дл� ви�вленн� �проб зловми�ників проникнути у �и�тему\&.
 .PP
-Поточне �ередовище буде передано новій оболонці\&. Значенн�
+The current environment is passed to the new shell\&. The value of
 \fB$PATH\fR
-буде �кинуто до
+is reset to
 /bin:/usr/bin
-дл� звичайних кори�тувачів або
+for normal users, or
 /sbin:/bin:/usr/sbin:/usr/bin
-дл� надкори�тувача\&. Це значенн� можна змінити за допомогою визначень
+for the superuser\&. This may be changed with the
 \fBENV_PATH\fR
-Ñ–
+and
 \fBENV_SUPATH\fR
-у
+definitions in
 /etc/login\&.defs\&.
 .PP
 Вхід до під�и�теми буде позначено на�вні�тю \(Fo*\(Fc �к першого �имволу оболонки входу\&. Заданий домашній каталог буде викори�тано �к кореневий каталог нової файлової �и�теми, до �кої кори�тувач на�правді увійшов\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBsu\fR, є такими:
+The options which apply to the
+\fBsu\fR
+command are:
 .PP
-\fB\-c\fR, \fB\-\-command\fR \fIКОМ��Д�\fR
+\fB\-c\fR, \fB\-\-command\fR\ \&\fICOMMAND\fR
 .RS 4
-Вказати команду, �ку буде викликано командною оболонкою за допомогою її
+Specify a command that will be invoked by the shell using its
 \fB\-c\fR\&.
 .sp
 У виконаної команди не буде керівного термінала\&. Цей параметр не можна викори�товувати дл� виконанн� інтерактивних програм, �ким потрібне дл� керуванн� термінал\&.
@@ -84,15 +87,16 @@ su \- зміна ідентифікатора кори�тувача або на
 .RS 4
 �адає �ередовище, �ке є подібним до �ередовища, �ке мав би отримати кори�тувач пі�л� безпо�ереднього входу до �и�теми\&.
 .sp
-Якщо викори�тано параметр
-\fB\-\fR, його має бути вказано перед будь\-�ким
-\fBкори�тувач\fR\&. З міркувань �умі�но�ті рекомендуємо викори�товувати його �к о�танній параметр, до
-\fBкори�тувач\fR\&. Дл� інших форм (\fB\-l\fR
-Ñ–
-\fB\-\-login\fR) цього обмеженн� не передбачено\&.
+When
+\fB\-\fR
+is used, it must be specified before any
+\fBusername\fR\&. For portability it is recommended to use it as last option, before any
+\fBusername\fR\&. The other forms (\fB\-l\fR
+and
+\fB\-\-login\fR) do not have this restriction\&.
 .RE
 .PP
-\fB\-s\fR, \fB\-\-shell\fR \fIОБОЛО�К�\fR
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
 .RS 4
 Оболонка, �ку буде викликано\&.
 .sp
@@ -103,31 +107,34 @@ su \- зміна ідентифікатора кори�тувача або на
 .RE
 .PP
 .RS 4
-Якщо викори�тано параметр
-\fB\-\-preserve\-environment\fR, оболонка, �ку вказано за допомогою змінної �ередовища
-\fB$SHELL\fR\&.
+If
+\fB\-\-preserve\-environment\fR
+is used, the shell specified by the
+\fB$SHELL\fR
+environment variable\&.
 .RE
 .PP
 .RS 4
-Оболонки, на �ку вказує запи�
+The shell indicated in the
 /etc/passwd
-дл� вибраного кори�тувача\&.
+entry for the target user\&.
 .RE
 .PP
 .RS 4
-/bin/sh, �кщо оболонку не вда�ть�� знайти у жоден із вказаних вище �по�обів\&.
+/bin/sh
+if a shell could not be found by any above method\&.
 .RE
 .sp
-Якщо командну оболонку вказаного кори�тувача обмежено (тобто вмі�ту пол� оболонки запи�у цього кори�тувача у
+If the target user has a restricted shell (i\&.e\&. the shell field of this user\*(Aqs entry in
 /etc/passwd
-немає у �пи�ку
-/etc/shells), параметр
+is not listed in
+/etc/shells), then the
 \fB\-\-shell\fR
-та змінну �ередовища
+option or the
 \fB$SHELL\fR
-не буде вз�то до уваги, �кщо
+environment variable won\*(Aqt be taken into account, unless
 \fBsu\fR
-не викликано від імені кори�тувача root\&.
+is called by root\&.
 .RE
 .PP
 \fB\-m\fR, \fB\-p\fR, \fB\-\-preserve\-environment\fR
@@ -136,12 +143,13 @@ su \- зміна ідентифікатора кори�тувача або на
 .PP
 \fB$PATH\fR
 .RS 4
-відновлено початкове значенн� за параметром
+reset according to the
 /etc/login\&.defs
+options
 \fBENV_PATH\fR
-або
+or
 \fBENV_SUPATH\fR
-(див\&. нижче);
+(see below);
 .RE
 .PP
 \fB$IFS\fR
@@ -150,73 +158,75 @@ su \- зміна ідентифікатора кори�тувача або на
 \(Fo<space><tab><newline>\(Fc, �кщо було в�тановлено інше значенн�\&.
 .RE
 .sp
-Якщо у кори�тувача призначенн� командну оболонку обмежено, цей параметр ні на що не вплине (�кщо
+If the target user has a restricted shell, this option has no effect (unless
 \fBsu\fR
-не викликано від імені кори�тувача root)\&.
+is called by root)\&.
 .sp
 Зауважте, що типовою поведінкою дл� �ередовища є така:
 .PP
 .RS 4
-Буде відновлено початкові значенн� змінних �ередовища
+The
 \fB$HOME\fR,
 \fB$SHELL\fR,
 \fB$USER\fR,
 \fB$LOGNAME\fR,
-\fB$PATH\fR
-Ñ–
-\fB$IFS\fR\&.
+\fB$PATH\fR, and
+\fB$IFS\fR
+environment variables are reset\&.
 .RE
 .PP
 .RS 4
-Якщо не викори�тано
-\fB\-\-login\fR, �ередовище буде �копійовано, окрім вказаних вище змінних\&.
+If
+\fB\-\-login\fR
+is not used, the environment is copied, except for the variables above\&.
 .RE
 .PP
 .RS 4
-Якщо викори�тано
-\fB\-\-login\fR, змінні �ередовища
+If
+\fB\-\-login\fR
+is used, the
 \fB$TERM\fR,
 \fB$COLORTERM\fR,
-\fB$DISPLAY\fR
-Ñ–
+\fB$DISPLAY\fR, and
 \fB$XAUTHORITY\fR
-буде �копійовано, �кщо було в�тановлено їхні значенн�\&.
+environment variables are copied if they were set\&.
 .RE
 .PP
 .RS 4
-Якщо викори�тано
-\fB\-\-login\fR, значенн� змінних �ередовища
+If
+\fB\-\-login\fR
+is used, the
 \fB$TZ\fR,
-\fB$HZ\fR
-Ñ–
+\fB$HZ\fR, and
 \fB$MAIL\fR
-буде в�тановлено за параметрами
+environment variables are set according to the
 /etc/login\&.defs
+options
 \fBENV_TZ\fR,
 \fBENV_HZ\fR,
-\fBMAIL_DIR\fR
-Ñ–
+\fBMAIL_DIR\fR, and
 \fBMAIL_FILE\fR
-(див\&. нижче)\&.
+(see below)\&.
 .RE
 .PP
 .RS 4
-Якщо викори�тано
-\fB\-\-login\fR, значенн� дл� інших змінних �ередовища можна в�тановити за допомогою файла
+If
+\fB\-\-login\fR
+is used, other environment variables might be set by the
 \fBENVIRON_FILE\fR
-(див\&. нижче)\&.
+file (see below)\&.
 .RE
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
-У цієї вер�ії
+This version of
 \fBsu\fR
-багато параметрів збиранн�\&. У певній збірці може бути викори�тано лише ча�тину з них\&.
+has many compilation options, only some of which may be in use at any particular site\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
@@ -235,41 +245,41 @@ su \- зміна ідентифікатора кори�тувача або на
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Якщо виконано у�пішно,
+On success,
 \fBsu\fR
-повертає значенн� виходу виконаної команди\&.
+returns the exit value of the command it executed\&.
 .PP
-Якщо цю команду перервано �игналом,
+If this command was terminated by a signal,
 \fBsu\fR
-повертає номер цього �игналу плю� 128\&.
+returns the number of this signal plus 128\&.
 .PP
-Якщо su довело�� перервати виконанн� команди (о�кільки було наді�лано команду щодо перериванн� роботи, але команда не перервала роботу вча�но),
+If su has to kill the command (because it was asked to terminate, and the command did not terminate in time),
 \fBsu\fR
-поверне 255\&.
+returns 255\&.
 .PP
-Де�кі значенн� виходу з
+Some exit values from
 \fBsu\fR
-є незалежними від виконаної команди:
+are independent from the executed command:
 .PP
 \fI0\fR
 .RS 4
-у�піх (лише
-\fB\-\-help\fR)
+success (\fB\-\-help\fR
+only)
 .RE
 .PP
 \fI1\fR
 .RS 4
-Помилка �и�теми або розпізнаванн�
+System or authentication failure
 .RE
 .PP
 \fI126\fR
 .RS 4
-Потрібну команду не знайдено
+The requested command was not found
 .RE
 .PP
 \fI127\fR
 .RS 4
-Потрібну команду не вдало�� виконати
+The requested command could not be executed
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
diff --git a/man/uk/man3/shadow.3 b/man/uk/man3/shadow.3
index 3cb5513..0639108 100644
--- a/man/uk/man3/shadow.3
+++ b/man/uk/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Виклики бібліотеки
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: Library Calls
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "shadow" "3" "08/11/2022" "shadow\-utils 4\&.13" "Виклики бібліотеки"
+.TH "shadow" "3" "21/06/2024" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,7 +50,7 @@ shadow, getspnam \- підпрограми длÑ� файла зашифроваÐ
 .PP
 \fIint putspent(struct spwd\fR
 \fI*p,\fR
-\fIФ�ЙЛ\fR
+\fIFILE\fR
 \fI*fp\fR\fI);\fR
 .PP
 \fIint lckpwdf();\fR
@@ -59,9 +59,10 @@ shadow, getspnam \- підпрограми длÑ� файла зашифроваÐ
 .SH "ОПИС"
 .PP
 \fIshadow\fR
-керує вмі�том файла прихованих паролів,
-/etc/shadow\&. Структура файла
-\fI#include\fR:
+manipulates the contents of the shadow password file,
+/etc/shadow\&. The structure in the
+\fI#include\fR
+file is:
 .sp
 .if n \{\
 .RS 4
@@ -177,45 +178,47 @@ sp_flag \- зарезервовано длÑ� викориÑ�таннÑ� у майÐ
 .PP
 \fIgetspent\fR,
 \fIgetspname\fR,
-\fIfgetspent\fR
-Ñ–
+\fIfgetspent\fR, and
 \fIsgetspent\fR
-у�і повертають вказівник на
+each return a pointer to a
 \fIstruct spwd\fR\&.
 \fIgetspent\fR
-повертає на�тупний запи� з файла, а
+returns the next entry from the file, and
 \fIfgetspent\fR
-повертає на�тупний запи� з заданого потоку даних, �ким має бути файл у належному форматі\&.
+returns the next entry from the given stream, which is assumed to be a file of the proper format\&.
 \fIsgetspent\fR
-повертає вказівник на
-\fIstruct spwd\fR, викори�товуючи вхідні дані з наданого р�док\&.
+returns a pointer to a
+\fIstruct spwd\fR
+using the provided string as input\&.
 \fIgetspnam\fR
-шукає з поточної позиції у файлів запи�, що відповідає р�дку
+searches from the current position in the file for an entry matching
 \fIname\fR\&.
 .PP
 \fIsetspent\fR
-Ñ–
+and
 \fIendspent\fR
-можна �кори�тати�� дл� того, щоб відкрити або закрити, відповідно, до�туп до файла прихованих паролів\&.
+may be used to begin and end, respectively, access to the shadow password file\&.
 .PP
-Підпрограмами
+The
 \fIlckpwdf\fR
-Ñ–
+and
 \fIulckpwdf\fR
-�лід кори�тувати�� дл� забезпеченн� виключного до�тупу до файла
-/etc/shadow\&.
+routines should be used to insure exclusive access to the
+/etc/shadow
+file\&.
 \fIlckpwdf\fR
-намагаєть�� отримати блокуванн� за допомогою
+attempts to acquire a lock using
 \fIpw_lock\fR
-прот�гом періоду до 15 �екунд\&. Підпрограма продовжує �проби отримати друге блокуванн�
+for up to 15 seconds\&. It continues by attempting to acquire a second lock using
 \fIspw_lock\fR
-за решту початкових 15 �екунд\&. Якщо прот�гом загального періоду у 15 �екунд �проби завершать�� невдачею,
+for the remainder of the initial 15 seconds\&. Should either attempt fail after a total of 15 seconds,
 \fIlckpwdf\fR
-повертає \-1\&. Якщо вда�ть�� отримати обидва блокуванн�, буде повернуто 0\&.
+returns \-1\&. When both locks are acquired 0 is returned\&.
 .SH "ДІ�Г�ОСТИК�"
 .PP
-Підпрограми повертають NULL, �кщо не залишило�� до�тупних запи�ів або �кщо �танеть�� помилка під ча� обробки даних\&. Підпрограми, �кі повертають значенн� типу
-\fIint\fR, повертають 0, �кщо підпрограму виконано у�пішно, і \-1, �кщо виконанн� підпрограми завершило�� помилкою\&.
+Routines return NULL if no more entries are available or if an error occurs during processing\&. Routines which have
+\fIint\fR
+as the return value return 0 for success and \-1 for failure\&.
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
 Цими підпрограмами може кори�тувати�� лише надкори�тувач, о�кільки до�туп до файла прихованих паролів обмежено\&.
diff --git a/man/uk/man5/faillog.5 b/man/uk/man5/faillog.5
index f88747f..2363207 100644
--- a/man/uk/man5/faillog.5
+++ b/man/uk/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual:  File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "faillog" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "faillog" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -32,7 +32,7 @@ faillog \- файл журналу невдалих �проб увійти до
 .SH "ОПИС"
 .PP
 /var/log/faillog
-зберігає кількі�ть помилок під ча� входу і обмеженн� дл� кожного з облікових запи�ів\&.
+maintains a count of login failures and the limits for each account\&.
 .PP
 У файлі мі�т�ть�� запи�и фік�ованої довжини, індек�овані за чи�ловим UID\&. Кожен запи� мі�тить кількі�ть помилок при вході з моменту о�таннього у�пішного входу до �и�теми; мак�имальну кількі�ть помилок до вимиканн� облікового запи�у; р�док, на �кому �тала�� помилка під ча� о�танньої �проби увійти до �и�теми; дату о�танньої помилки під ча� �проби увійти до �и�теми та період ча�у (у �екундах), прот�гом �кого обліковий запи� буде заблоковано пі�л� помилки\&.
 .PP
diff --git a/man/uk/man5/gshadow.5 b/man/uk/man5/gshadow.5
index f2a5f25..68fd5ef 100644
--- a/man/uk/man5/gshadow.5
+++ b/man/uk/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "gshadow" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "gshadow" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -32,37 +32,38 @@ gshadow \- файл зашифрованих груп
 .SH "ОПИС"
 .PP
 /etc/gshadow
-мі�тить зашифровані відомо�ті щодо облікових запи�ів груп\&.
+contains the shadowed information for group accounts\&.
 .PP
 Цей файл має бути недо�тупним дл� читанн� звичайними кори�тувачами, �кщо ви хочете підтримувати захи�т паролів\&.
 .PP
 У кожному р�дку цього файла мі�т�ть�� такі відокремлені двокрапками пол�:
 .PP
-\fBназва групи\fR
+\fBgroup name\fR
 .RS 4
 Це має бути коректна назва групи, �ка і�нує у �и�темі\&.
 .RE
 .PP
-\fBшифрований пароль\fR
+\fBencrypted password\fR
 .RS 4
-Зверніть�� до
-\fBcrypt\fR(3), щоб дізнати�� більше про те, �к буде оброблено цей р�док\&.
+Refer to
+\fBcrypt\fR(3)
+for details on how this string is interpreted\&.
 .sp
-Якщо у полі парол� мі�тить�� �кий�ь р�док, �кий не є коректним результатом виконанн�
-\fBcrypt\fR(3), наприклад, ! або *, кори�тувачі не зможуть �кори�тати�� паролем unix дл� до�тупу до групи (але уча�ники групи парол� не потребуватимуть)\&.
+If the password field contains some string that is not a valid result of
+\fBcrypt\fR(3), for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password)\&.
 .sp
-Пароль викори�товуватиметь��, коли кори�тувач, �кий не є уча�ником групи, захоче отримати права до�тупу до цієї групи (див\&.
+The password is used when a user who is not a member of the group wants to gain the permissions of this group (see
 \fBnewgrp\fR(1))\&.
 .sp
 Це поле може бути порожнім\&. Якщо поле є порожнім, лише уча�ники групи зможуть отримувати права до�тупу групи\&.
 .sp
 Поле парол�, �ке починаєть�� зі знаку оклику, означає, що пароль заблоковано\&. Решта �имволів у р�дку є вмі�том пол� парол� до того, �к пароль було заблоковано\&.
 .sp
-Цей пароль має пріоритет над будь\-�ким паролем, �кий вказано у
+This password supersedes any password specified in
 /etc/group\&.
 .RE
 .PP
-\fBадміні�тратори\fR
+\fBadministrators\fR
 .RS 4
 Це має бути �пи�ок відокремлених комами імен кори�тувачів\&.
 .sp
@@ -71,13 +72,13 @@ gshadow \- файл зашифрованих груп
 Також адміні�тратори мають ті �амі права до�тупу, що і уча�ники (див\&. нижче)\&.
 .RE
 .PP
-\fBуча�ники\fR
+\fBmembers\fR
 .RS 4
 Це має бути �пи�ок відокремлених комами імен кори�тувачів\&.
 .sp
 Уча�ники можуть отримувати до�туп до групи без над�иланн� запиту щодо парол�\&.
 .sp
-Вам �лід викори�товувати той �амий �пи�ок кори�тувачів, що і у
+You should use the same list of users as in
 /etc/group\&.
 .RE
 .SH "Ф�ЙЛИ"
@@ -94,7 +95,7 @@ gshadow \- файл зашифрованих груп
 .SH "ДИВ\&. Т�КОЖ"
 .PP
 \fBgpasswd\fR(5),
-\fBгрупа\fR(5),
+\fBgroup\fR(5),
 \fBgrpck\fR(8),
 \fBgrpconv\fR(8),
 \fBnewgrp\fR(1)\&.
diff --git a/man/uk/man5/login.access.5 b/man/uk/man5/login.access.5
index 6526549..9d1669a 100644
--- a/man/uk/man5/login.access.5
+++ b/man/uk/man5/login.access.5
@@ -2,12 +2,12 @@
 .\"     Title: login.access
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "login\&.access" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "login\&.access" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,29 +31,29 @@
 login.access \- таблиц� керуванн� до�тупом до входу до �и�теми
 .SH "ОПИС"
 .PP
-У файлі
+The
 \fIlogin\&.access\fR
-задають комбінації (кори�тувач, вузол) і/або (кори�тувач, термінал), дл� �ких вхід до �и�теми буде прийн�тним або забороненим\&.
+file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&.
 .PP
-Коли хто�ь входить до �и�теми, �и�тема виконує �кануванн�
+When someone logs in, the
 \fIlogin\&.access\fR
-на перший запи�, �кий відповідає комбінації (кори�тувач, вузол), або, у випадку позамережевих входів, перший запи�, �кий відповідає комбінації (кори�тувач, термінал)\&. Поле прав до�тупу у запи�і цієї таблиці визначає, буде вхід прийн�то чи заборонено\&.
+is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&.
 .PP
 Кожен р�док таблиці керуванн� до�тупом до входу до �и�теми мі�тить три пол�, �кі відокремлено �имволом \(Fo:\(Fc:
 .PP
-\fIправа до�тупу\fR:\fIкори�тувачі\fR:\fIorigins\fR
+\fIpermission\fR:\fIusers\fR:\fIorigins\fR
 .PP
-Першим полем має бути �имвол \(Fo\fI+\fR\(Fc (до�туп надано) або \(Fo\fI\-\fR\(Fc (до�туп заборонено)\&. У другому полі має бути �пи�ок одного або декількох назв облікових запи�ів, назв груп або
+The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or
 \fIALL\fR
-(універ�альний відповідник)\&. У третьому полі має бути �пи�ок одного або декількох терміналів (дл� немережевих входів), назв вузлів, назв доменів (починають�� з \(Fo\&.\(Fc), адре� вузлів, мережевих чи�ел інтернету (завершують�� \(Fo\&.\(Fc),
+(always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."),
 \fIALL\fR
-(універ�альний відповідник) або
+(always matches) or
 \fILOCAL\fR
-(відповідник будь\-�кого р�дка, �кий не мі�тить �имволу \(Fo\&.\(Fc)\&. Якщо ви працюєте з NIS ви можете �кори�тати�� @netgroupname у взірц�х вузла або кори�тувача\&.
+(matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&.
 .PP
-Оператор
+The
 \fIEXCEPT\fR
-уможливлює напи�анн� дуже компактних правил\&.
+operator makes it possible to write very compact rules\&.
 .PP
 Пошук у файлі груп відбуватиметь��, лише �кщо ім\*(Aq� не збігатиметь�� із іменем кори�тувача, що увійшов до �и�теми\&. Відповідними вважатимуть�� лише ті групи, кори�тувачів �ких вказано �вно: програма не шукатиме у значенн� ідентифікаторів о�новної групи кори�тувача\&.
 .SH "Ф�ЙЛИ"
diff --git a/man/uk/man5/login.defs.5 b/man/uk/man5/login.defs.5
index 5b265cb..d075f74 100644
--- a/man/uk/man5/login.defs.5
+++ b/man/uk/man5/login.defs.5
@@ -2,12 +2,12 @@
 .\"     Title: login.defs
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "login\&.defs" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "login\&.defs" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,27 +31,28 @@
 login.defs \- �алаштуванн� комплек�у дл� роботи з прихованими парол�ми
 .SH "ОПИС"
 .PP
-Файл
+The
 /etc/login\&.defs
-визначає �пецифічні дл� �и�теми налаштуванн� дл� комплек�у керуванн� парол�ми shadow\&. Цей файл є необхідним\&. Якщо цього файла не завадить працездатно�ті �и�теми, але, ймовірно, призведе до небажаних на�лідків\&.
+file defines the site\-specific configuration for the shadow password suite\&. This file is required\&. Absence of this file will not prevent system operation, but will probably result in undesirable operation\&.
 .PP
 Цей файл є придатним до читанн� тек�товим файлом, кожен з р�дків �кого опи�ує один параметр налаштувань\&. Р�дки �кладають�� з назви налаштуванн� та значенн�, �кі відокремлено пробілом\&. Порожні р�дки і р�дки коментарів буде проігноровано\&. Коментарі позначають �имволом \(Fo#\(Fc, цей �имвол має бути першим непробільним �имволом р�дка\&.
 .PP
-Значенн� параметрів мають належати до чотирьох типів: р�дки, булеві значенн�, чи�ла та чи�ла з подвійною точні�тю\&. Р�док �кладаєть�� з будь\-�ких друкованих �имволів\&. Булеве значенн� має бути одним з двох:
-\fIтак\fR
-або
-\fIno\fR\&. �евизначеному булевому параметру або булевому параметру, значенн�м �кого не є одне з цих двох значень, буде надано значенн�
-\fIno\fR\&. Чи�ла (звичайні і з подвійною точні�тю) можуть бути де��тковими, ві�імковими (їхні запи�и починають�� з
-\fI0\fR) або ші�тнадц�тковими (їхні запи�и починають�� з
-\fI0x\fR)\&. Мак�имальне значенн� звичайного чи�лового параметра або чи�лового параметра з подвійною точні�тю визначаєть�� характери�тиками �и�теми\&.
+Parameter values may be of four types: strings, booleans, numbers, and long numbers\&. A string is comprised of any printable characters\&. A boolean should be either the value
+\fIyes\fR
+or
+\fIno\fR\&. An undefined boolean parameter or one with a value other than these will be given a
+\fIno\fR
+value\&. Numbers (both regular and long) may be either decimal values, octal values (precede the value with
+\fI0\fR) or hexadecimal values (precede the value with
+\fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&.
 .PP
 У ваше розпор�дженн� надано такі пункти налаштувань:
 .PP
 \fBPASS_MAX_DAYS\fR,
 \fBPASS_MIN_DAYS\fR
-Ñ–
+and
 \fBPASS_WARN_AGE\fR
-буде викори�тано лише у момент �творенн� облікового запи�у\&. Будь\-�кі зміни у цих параметрах не вплинуть на на�вні облікові запи�и\&.
+are only used at the time of account creation\&. Any changes to these settings won\*(Aqt affect existing accounts\&.
 .SH "ПЕРЕХРЕС�І ПОСИЛ���Я"
 .PP
 �аведені нижче по�иланн� показують, �кі програми комплек�у дл� роботи з парол�ми shadow викори�товують відповідні параметри\&.
@@ -191,8 +192,7 @@ USERGROUPS_ENAB
 .PP
 sulogin
 .RS 4
-ENV_HZ
-ENV_TZ
+ENV_HZ ENV_TZ
 .RE
 .PP
 useradd
diff --git a/man/uk/man5/passwd.5 b/man/uk/man5/passwd.5
index 82fa63b..280322d 100644
--- a/man/uk/man5/passwd.5
+++ b/man/uk/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "passwd" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "passwd" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -32,7 +32,7 @@ passwd \- файл паролів
 .SH "ОПИС"
 .PP
 /etc/passwd
-мі�тить по одному р�дку дл� кожного з облікових запи�ів кори�тувача із �імома пол�ми, �кі відокремлено двокрапками (\(Fo:\(Fc)\&. Цими пол�ми є такі:
+contains one line for each user account, with seven fields delimited by colons (\(Fo:\(Fc)\&. These fields are:
 .sp
 .RS 4
 .ie n \{\
@@ -111,47 +111,54 @@ passwd \- файл паролів
 необов\*(Aq�зковий інтерпретатор команд кори�тувача
 .RE
 .PP
-Якщо у полі
-\fIпароль\fR
-мі�тить��
-\(Fox\(Fc
-у нижньому регі�трі, зашифрований пароль на�правді зберігаєть�� у файлі
-\fBshadow\fR(5);
-\fIмає\fR
-бути відповідний р�док у файлі
-/etc/shadow, інакше обліковий запи� кори�тувача буде некоректним\&.
+If the
+\fIpassword\fR
+field is a lower\-case
+\(Fox\(Fc, then the encrypted password is actually stored in the
+\fBshadow\fR(5)
+file instead; there
+\fImust\fR
+be a corresponding line in the
+/etc/shadow
+file, or else the user account is invalid\&.
 .PP
-Поле, у �кому зберігаєть�� зашифрований
-\fIпароль\fR, може бути порожнім\&. Якщо пароль є порожнім, дл� розпізнаванн� за вказаним іменем кори�тувача не потрібен буде пароль\&. Втім, де�кі програми, �кі читають дані з файла
-/etc/passwd, можуть взагалі вирішити не дозволити
-\fIдовільний\fR
-до�туп, �кщо поле
-\fIпароль\fR
-є порожнім\&.
+The encrypted
+\fIpassword\fR
+field may be empty, in which case no password is required to authenticate as the specified login name\&. However, some applications which read the
+/etc/passwd
+file may decide not to permit
+\fIany\fR
+access at all if the
+\fIpassword\fR
+field is blank\&.
 .PP
-Поле
-\fIпароль\fR, �ке починаєть�� зі знаку оклику, означає, що пароль заблоковано\&. Решта �имволів у р�дку є вмі�том пол�
-\fIпароль\fR
-до того, �к пароль було заблоковано\&.
+A
+\fIpassword\fR
+field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the
+\fIpassword\fR
+field before the password was locked\&.
 .PP
-Зверніть�� до
-\fBcrypt\fR(3), щоб дізнати�� більше про те, �к буде оброблено цей р�док\&.
+Refer to
+\fBcrypt\fR(3)
+for details on how this string is interpreted\&.
 .PP
-Якщо у полі парол� мі�тить�� �кий�ь р�док, �кий не є коректним результатом виконанн�
-\fBcrypt\fR(3), наприклад, ! або *, кори�тувач не зможе �кори�тати�� паролем unix дл� входу до облікового запи�у (але кори�тувач зможе увійти до �и�теми в інший �по�іб)\&.
+If the password field contains some string that is not a valid result of
+\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
 .PP
-Поле коментар�, також відоме �к поле gecos, викори�товують різноманітні загально�и�темні ін�трументи, зокрема
-\fBfinger\fR(1)\&. �мпер�анд у цьому полі буде замінено запи�аним великим літерами іменем кори�тувача, коли поле буде викори�тано або показано у таких загально�и�темних ін�трументах\&.
+The comment field, also known as the gecos field, is used by various system utilities, such as
+\fBfinger\fR(1)\&. The use of an ampersand here will be replaced by the capitalised login name when the field is used or displayed by such system utilities\&.
 .PP
-Поле домашнього каталогу задає назву початкового робочого каталогу\&. Програма
+The home directory field provides the name of the initial working directory\&. The
 \fBlogin\fR
-викори�товує ці дані дл� в�тановленн� значенн� змінної �ередовища
-\fB$HOME\fR\&.
+program uses this information to set the value of the
+\fB$HOME\fR
+environmental variable\&.
 .PP
-Поле інтерпретатора команд задає назву командного інтерпретатора мови програмуванн� кори�тувача або назву початкової програми дл� виконанн�\&. Програма
+The command interpreter field provides the name of the user\*(Aqs command language interpreter, or the name of the initial program to execute\&. The
 \fBlogin\fR
-викори�товує ці дані дл� в�тановленн� значенн� змінної �ередовища
-\fB$SHELL\fR\&. Якщо значенн� у цьому полі є порожнім, типовим його значенн�м буде значенн�
+program uses this information to set the value of the
+\fB$SHELL\fR
+environmental variable\&. If this field is empty, it defaults to the value
 /bin/sh\&.
 .SH "Ф�ЙЛИ"
 .PP
diff --git a/man/uk/man5/porttime.5 b/man/uk/man5/porttime.5
index bf74916..690a22e 100644
--- a/man/uk/man5/porttime.5
+++ b/man/uk/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "porttime" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "porttime" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -32,41 +32,41 @@ porttime \- файл ча�у до�тупу до портів
 .SH "ОПИС"
 .PP
 \fIporttime\fR
-мі�тить �пи�ок при�троїв терміналів, імен кори�тувачів та даних щодо дозволеного ча�у входу до �и�теми\&.
+contains a list of tty devices, user names, and permitted login times\&.
 .PP
 Кожен запи� �кладаєть�� з трьох відокремлених двокрапками полів\&. Перше поле є �пи�ком відокремлених комами при�троїв tty або зірочкою на позначенн�, що цьому запи�у відповідають у�і при�трої tty\&. Друге поле є �пи�ком відокремлених комами імен кори�тувачів або зірочкою на позначенн�, що цьому запи�у відповідають у�і імена кори�тувачів\&. Третє поле є �пи�ком відокремлених комами дозволених ча�ів до�тупу\&.
 .PP
-Кожен запи� ча�у до�тупу �кладаєть�� з нул� або більшої кілько�ті �корочених запи�ів днів тижн�:
+Each access time entry consists of zero or more days of the week, abbreviated
 \fISu\fR,
 \fIMo\fR,
 \fITu\fR,
 \fIWe\fR,
 \fITh\fR,
-\fIFr\fR
-Ñ–
-\fISa\fR, пі�л� �ких вказано проміжок ча�у з двох значень, �кі відокремлено дефі�ом\&. Можна �кори�тати�� �короченн�м
+\fIFr\fR, and
+\fISa\fR, followed by a pair of times separated by a hyphen\&. The abbreviation
 \fIWk\fR
-дл� позначенн� ча�у від понеділка до п\*(Aq�тниці і �короченн�м
+may be used to represent Monday thru Friday, and
 \fIAl\fR
-дл� позначенн� будь\-�кого дн�\&. Якщо дні не вказано, буде викори�тано
-\fIAl\fR\&.
+may be used to indicate every day\&. If no days are given,
+\fIAl\fR
+is assumed\&.
 .SH "ПРИКЛ�ДИ"
 .PP
-Вказаний нижче запи� дозвол�є до�туп до кори�тувача
+The following entry allows access to user
 \fBjfh\fR
-на будь\-�кому порту прот�гом робочого тижн� з 9 ранку до 5 вечора\&.
+on every port during weekdays from 9am to 5pm\&.
 .PP
 *:jfh:Wk0900\-1700
 .PP
-Вказані нижче запи�и дозвол�ють до�туп лише до кори�тувачів
+The following entries allow access only to the users
 \fIroot\fR
-Ñ–
+and
 \fIoper\fR
-на
+on
 /dev/console
-будь\-коли\&. Цей приклад ілю�трує �по�іб, у �кий файл
+at any time\&. This illustrates how the
 /etc/porttime
-є упор�дкованим �пи�ком ча�ів до�тупу\&. Другому запи�у відповідає будь\-�кий інший кори�тувач, �кому буде заборонено до�туп будь\-коли\&.
+file is an ordered list of access times\&. Any other user would match the second entry which does not permit access at any time\&.
 .sp
 .if n \{\
 .RS 4
@@ -78,9 +78,9 @@ console:root,oper:Al0000\-2400 console:*:
 .RE
 .\}
 .PP
-�аведений нижче запи� дозвол�є до�туп дл� кори�тувача
+The following entry allows access for the user
 \fIgames\fR
-до будь\-�кого порту у неробочий ча�\&.
+on any port during non\-working hours\&.
 .PP
 *:games:Wk1700\-0900,SaSu0000\-2400
 .SH "Ф�ЙЛИ"
diff --git a/man/uk/man5/shadow.5 b/man/uk/man5/shadow.5
index c5715fc..9780f75 100644
--- a/man/uk/man5/shadow.5
+++ b/man/uk/man5/shadow.5
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "shadow" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "shadow" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -32,32 +32,34 @@ shadow \- файли прихованих паролів
 .SH "ОПИС"
 .PP
 shadow
-є файлом, �кий мі�тить дані паролів дл� облікових запи�ів �и�теми і необов\*(Aq�зкові дані щодо за�таріванн�\&.
+is a file which contains the password information for the system\*(Aqs accounts and optional aging information\&.
 .PP
 Цей файл має бути недо�тупним дл� читанн� звичайними кори�тувачами, �кщо ви хочете підтримувати захи�т паролів\&.
 .PP
 У кожному р�дку файла мі�тить�� 9 полів, дані �ких відокремлено двокрапками (\(Fo:\(Fc), у такому пор�дку:
 .PP
-\fBім\*(Aq� кори�тувача\fR
+\fBlogin name\fR
 .RS 4
 Це має бути коректна назва облікового запи�у, �ка і�нує у �и�темі\&.
 .RE
 .PP
-\fBшифрований пароль\fR
+\fBencrypted password\fR
 .RS 4
-Це поле може бути порожнім\&. Якщо поле порожнє, дл� розпізнаванн� за вказаним іменем кори�тувача не потрібен буде пароль\&. Втім, де�кі програми, �кі читають дані з файла
-/etc/shadow, можуть взагалі вирішити не дозволити будь\-�кий до�туп, �кщо поле парол� є порожнім\&.
+This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the
+/etc/shadow
+file may decide not to permit any access at all if the password field is empty\&.
 .sp
 Поле парол�, �ке починаєть�� зі знаку оклику, означає, що пароль заблоковано\&. Решта �имволів у р�дку є вмі�том пол� парол� до того, �к пароль було заблоковано\&.
 .sp
-Зверніть�� до
-\fBcrypt\fR(3), щоб дізнати�� більше про те, �к буде оброблено цей р�док\&.
+Refer to
+\fBcrypt\fR(3)
+for details on how this string is interpreted\&.
 .sp
-Якщо у полі парол� мі�тить�� �кий�ь р�док, �кий не є коректним результатом виконанн�
-\fBcrypt\fR(3), наприклад, ! або *, кори�тувач не зможе �кори�тати�� паролем unix дл� входу до облікового запи�у (але кори�тувач зможе увійти до �и�теми в інший �по�іб)\&.
+If the password field contains some string that is not a valid result of
+\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
 .RE
 .PP
-\fBдата о�танньої зміни парол�\fR
+\fBdate of last password change\fR
 .RS 4
 Дата о�танньої зміни парол�, �ку вказано у кілько�ті днів з моменту 1 �ічн� 1970 року 00:00 UTC\&.
 .sp
@@ -66,14 +68,14 @@ shadow
 Якщо поле є порожнім, можливо�ті за�таріванн� паролів буде вимкнено\&.
 .RE
 .PP
-\fBмінімальний вік парол�\fR
+\fBminimum password age\fR
 .RS 4
 Мінімальний вік парол� є кількі�тю днів з моменту о�танньої зміни парол�, прот�гом �ких кори�тувачеві буде заборонено змінювати пароль\&.
 .sp
 Порожнє значенн� або значенн� 0 означають, що мінімальний вік парол� не викори�товуватиметь��\&.
 .RE
 .PP
-\fBмак�имальний вік парол�\fR
+\fBmaximum password age\fR
 .RS 4
 Мак�имальний вік парол� є кількі�тю днів з моменту о�танньої зміни парол�, по завершенню �ких кори�тувачеві доведеть�� змінити пароль\&.
 .sp
@@ -84,14 +86,14 @@ shadow
 Якщо мак�имальний вік парол� є меншим за мінімальний вік парол�, кори�тувач не зможе змінити пароль\&.
 .RE
 .PP
-\fBперіод попередженн� щодо парол�\fR
+\fBpassword warning period\fR
 .RS 4
 Кількі�ть днів до моменту завершенн� �троку дії парол� (див\&. мак�имальний вік парол� вище), коли кори�тувача має бути попереджено про завершенн� �троку дії парол�\&.
 .sp
 Порожнє значенн� або значенн� 0 означають, що не буде періоду попередженн� щодо завершенн� �троку дії парол�\&.
 .RE
 .PP
-\fBперіод неактивно�ті парол�\fR
+\fBpassword inactivity period\fR
 .RS 4
 Кількі�ть днів з моменту завершенн� �троку дії парол� (див\&. мак�имальний вік парол� вище), прот�гом �ких пароль лишатиметь�� прийн�тним (і кори�тувач зможе оновити пароль під ча� на�тупного входу до �и�теми)\&.
 .sp
@@ -100,7 +102,7 @@ shadow
 Порожнє значенн� пол� означає, що не буде приму�ового періоду неактивно�ті\&.
 .RE
 .PP
-\fBдата про�троченн� облікового запи�у\fR
+\fBaccount expiration date\fR
 .RS 4
 Дата завершенн� �троку дії облікового запи�у, �ку вказано у кілько�ті днів з моменту 1 �ічн� 1970 року 00:00 UTC\&.
 .sp
@@ -111,7 +113,7 @@ shadow
 �е �лід викори�товувати значенн� 0, о�кільки його можна вважати вказівкою на те, що або у облікового запи�у немає завершенн� �троку дії, або �к те, що �трок дії облікового запи�у завершив�� 1 �ічн� 1970 року\&.
 .RE
 .PP
-\fBзарезервоване поле\fR
+\fBreserved field\fR
 .RS 4
 Це поле зарезервовано дл� викори�танн� у майбутньому\&.
 .RE
diff --git a/man/uk/man5/suauth.5 b/man/uk/man5/suauth.5
index 02793b6..4f5e91c 100644
--- a/man/uk/man5/suauth.5
+++ b/man/uk/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Формати файлів і файли налаштувань
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: File Formats and Configuration Files
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "suauth" "5" "08/11/2022" "shadow\-utils 4\&.13" "Формати файлів і файли налашту"
+.TH "suauth" "5" "21/06/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -34,9 +34,9 @@ suauth \- докладний файл керуванн� su
 \fB/etc/suauth\fR
 .SH "ОПИС"
 .PP
-Файл
+The file
 /etc/suauth
-буде викори�тано під ча� кожного виклику su\&. Він може змінити поведінку команди su на о�нові таких даних:
+is referenced whenever the su command is called\&. It can change the behaviour of the su command, based upon:
 .sp
 .if n \{\
 .RS 4
@@ -62,16 +62,20 @@ suauth \- докладний файл керуванн� su
 .RE
 .\}
 .PP
-Де \(Foідентифікатор\-призначенн�\(Fc є �ловом
-\fIALL\fR, �пи�ком відокремлених \(Fo,\(Fc імен кори�тувачів або �ловами
-\fIALL EXCEPT\fR, пі�л� �ких вказано �пи�ок відокремлених \(Fo,\(Fc імен кори�тувачів\&.
+Where to\-id is either the word
+\fIALL\fR, a list of usernames delimited by "," or the words
+\fIALL EXCEPT\fR
+followed by a list of usernames delimited by ","\&.
 .PP
-Форматуванн� запи�у \(Foпохідний\-ідентифікатор\(Fc є таким �амим, що і дл� запи�у \(Foідентифікатор\-призначенн�\(Fc, окрім розпізнаванн� додаткового �лова
-\fIGROUP\fR\&. Можна також без проблем кори�тувати��
-\fIALL EXCEPT GROUP\fR\&. Пі�л�
+from\-id is formatted the same as to\-id except the extra word
 \fIGROUP\fR
-можна вказати назви однієї або декількох груп, відокремлених \(Fo,\(Fc\&. Ідентифікатора о�новної групи відповідної групи недо�татньо, потрібен запи� у
-\fB/etc/group\fR(5)\&.
+is recognized\&.
+\fIALL EXCEPT GROUP\fR
+is perfectly valid too\&. Following
+\fIGROUP\fR
+appears one or more group names, delimited by ","\&. It is not sufficient to have primary group id of the relevant group, an entry in
+\fB/etc/group\fR(5)
+is necessary\&.
 .PP
 Дією може бути лише один із наведених нижче підтримуваних у поточній вер�ії варіантів\&.
 .PP
@@ -130,9 +134,9 @@ terry:birddog:NOPASS birddog:terry:NOPASS
 Може бути доволі багато проблем\&. Зокрема, обробник файла не пробачає �интак�ичних помилок, не дає додавати пробіли у довільні мі�ц� (окрім початку і кінц� р�дків) і має �пецифічні правила щодо розмежуванн� запи�ів\&.
 .SH "ДІ�Г�ОСТИК�"
 .PP
-Про помилку при обробці файла буде повідомлено за допомогою
+An error parsing the file is reported using
 \fBsyslogd\fR(8)
-у формі рівн� ERR дл� можливо�ті AUTH\&.
+as level ERR on facility AUTH\&.
 .SH "ДИВ\&. Т�КОЖ"
 .PP
 \fBsu\fR(1)\&.
diff --git a/man/uk/man8/chgpasswd.8 b/man/uk/man8/chgpasswd.8
index d5bfe71..7a067ef 100644
--- a/man/uk/man8/chgpasswd.8
+++ b/man/uk/man8/chgpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chgpasswd
 .\"    Author: Thomas K\(/loczko <kloczek@pld.org.pl>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "chgpasswd" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "chgpasswd" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,38 +31,44 @@
 chgpasswd \- оновленн� паролів груп у пакетному режимі
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBchgpasswd\fR\ 'u
-\fBchgpasswd\fR [\fIпараметри\fR]
+\fBchgpasswd\fR [\fIoptions\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBchgpasswd\fR
-читає �пи�ок пар назва групи \(em пароль зі �тандартного джерела вхідних даних і викори�товує ці дані дл� оновленн� набору на�вних груп\&. Кожен р�док запи�уєть�� у такому форматі:
+command reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups\&. Each line is of the format:
 .PP
-\fIназва_групи\fR:\fIпароль\fR
+\fIgroup_name\fR:\fIpassword\fR
 .PP
-Типово, наданий пароль має бути про�тим тек�товим\&. Його буде зашифровано за допомогою
+By default the supplied password must be in clear\-text, and is encrypted by
 \fBchgpasswd\fR\&.
 .PP
-Типовий алгоритм шифруванн� може бути визначено дл� �и�теми за допомогою змінної
+The default encryption algorithm can be defined for the system with the
 \fBENCRYPT_METHOD\fR
-у
-/etc/login\&.defs, і може бути перезапи�ано за допомогою параметрів
+variable of
+/etc/login\&.defs, and can be overwritten with the
 \fB\-e\fR,
-\fB\-m\fR
-або
-\fB\-c\fR\&.
+\fB\-m\fR, or
+\fB\-c\fR
+options\&.
 .PP
 Цю команду призначено дл� викори�танн� у великих �и�темних �ередовищах, де одноча�но �творюють багато облікових запи�ів\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBchgpasswd\fR, є такими:
+The options which apply to the
+\fBchgpasswd\fR
+command are:
 .PP
 \fB\-c\fR, \fB\-\-crypt\-method\fR
 .RS 4
 Скори�тати�� дл� шифруванн� паролів вказаним методом\&.
 .sp
-До�тупними методами є DES, MD5, NONE і SHA256 або SHA512, �кщо у вашій libc передбачено підтримку цих методів\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
@@ -80,7 +86,7 @@ chgpasswd \- оновленн� паролів груп у пакетному р
 Скори�тати�� шифруванн�м MD5 замі�ть DES, �кщо надані паролі не зашифровано\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -93,14 +99,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Викори�тати вказану кількі�ть циклів шифруванн� паролів\&.
 .sp
-Значенн� 0 означає, що �и�тема вибере типову кількі�ть проходів дл� методу шифруванн� (5000)\&.
-.sp
-Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� 999999999\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Ви можете �кори�тати�� цим параметром у поєднанні із методами шифруванн� SHA256 або SHA512\&.
-.sp
-Типово, кількі�ть проходів визначаєть�� за допомогою змінних SHA_CRYPT_MIN_ROUNDS і SHA_CRYPT_MAX_ROUNDS у
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
@@ -109,9 +114,9 @@ directory\&. Only absolute paths are supported\&.
 Вам �лід переконати��, що паролі і метод шифруванн� відповідає правилам поводженн� з парол�ми у �и�темі\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
diff --git a/man/uk/man8/chpasswd.8 b/man/uk/man8/chpasswd.8
index 2b75a3c..7b7d86b 100644
--- a/man/uk/man8/chpasswd.8
+++ b/man/uk/man8/chpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chpasswd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "chpasswd" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "chpasswd" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,53 +31,59 @@
 chpasswd \- оновленн� паролів у пакетному режимі
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBchpasswd\fR\ 'u
-\fBchpasswd\fR [\fIпараметри\fR]
+\fBchpasswd\fR [\fIoptions\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBchpasswd\fR
-читає �пи�ок пар ім\*(Aq� кори�тувача \(em пароль зі �тандартного джерела вхідних даних і викори�товує ці дані дл� оновленн� набору на�вних запи�ів кори�тувачів\&. Кожен р�док запи�уєть�� у такому форматі:
+command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users\&. Each line is of the format:
 .PP
-\fIім\*(Aq�_кори�тувача\fR:\fIпароль\fR
+\fIuser_name\fR:\fIpassword\fR
 .PP
-Типово, паролі має бути надано про�тим тек�том\&. Паролі буде зашифровано за допомогою
-\fBchpasswd\fR\&. Також буде оновлено дані щодо віку парол�, �кщо такі збережено\&.
+By default the passwords must be supplied in clear\-text, and are encrypted by
+\fBchpasswd\fR\&. Also the password age will be updated, if present\&.
 .PP
-Типовий алгоритм шифруванн� може бути визначено дл� �и�теми за допомогою змінної
+The default encryption algorithm can be defined for the system with the
 \fBENCRYPT_METHOD\fR
-або
+or
 \fBMD5_CRYPT_ENAB\fR
-у
-/etc/login\&.defs, і може бути перезапи�ано за допомогою параметрів
+variables of
+/etc/login\&.defs, and can be overwritten with the
 \fB\-e\fR,
-\fB\-m\fR
-або
-\fB\-c\fR\&.
+\fB\-m\fR, or
+\fB\-c\fR
+options\&.
 .PP
 \fBchpasswd\fR
-�першу оновлює у�і паролі у пам\*(Aq�ті, а потім запи�ує у�і зміни на ди�к, �кщо не �тало�� помилок дл� �кого�ь з кори�тувачів\&.
+first updates all the passwords in memory, and then commits all the changes to disk if no errors occurred for any user\&.
 .PP
 Цю команду призначено дл� викори�танн� у великих �и�темних �ередовищах, де одноча�но �творюють багато облікових запи�ів\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBchpasswd\fR, є такими:
+The options which apply to the
+\fBchpasswd\fR
+command are:
 .PP
-\fB\-c\fR, \fB\-\-crypt\-method\fR \fIMETHOD\fR
+\fB\-c\fR, \fB\-\-crypt\-method\fR\ \&\fIMETHOD\fR
 .RS 4
 Скори�тати�� дл� шифруванн� паролів вказаним методом\&.
 .sp
-До�тупними методами є DES, MD5, NONE і SHA256 або SHA512, �кщо у вашій libc передбачено підтримку цих методів\&.
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .sp
-Типово, (�кщо не вказано жодного з параметрів
+By default (if none of the
 \fB\-c\fR,
-\fB\-m\fR
-або
-\fB\-e\fR), метод шифруванн� буде визначено змінною
+\fB\-m\fR, or
+\fB\-e\fR
+options are specified), the encryption method is defined by the
 \fBENCRYPT_METHOD\fR
-або
+or
 \fBMD5_CRYPT_ENAB\fR
-у
+variables of
 /etc/login\&.defs\&.
 .RE
 .PP
@@ -96,7 +102,7 @@ chpasswd \- оновленн� паролів у пакетному режимі
 Скори�тати�� шифруванн�м MD5 замі�ть DES, �кщо надані паролі не зашифровано\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -105,31 +111,32 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-s\fR, \fB\-\-sha\-rounds\fR \fIROUNDS\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
 .RS 4
 Викори�тати вказану кількі�ть циклів шифруванн� паролів\&.
 .sp
-Значенн� 0 означає, що �и�тема вибере типову кількі�ть проходів дл� методу шифруванн� (5000)\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� 999999999\&.
-.sp
-Ви можете �кори�тати�� цим параметром у поєднанні із методами шифруванн� SHA256 або SHA512\&.
-.sp
-Типово, кількі�ть проходів визначено змінними
-\fBSHA_CRYPT_MIN_ROUNDS\fR
-Ñ–
-\fBSHA_CRYPT_MAX_ROUNDS\fR
-у
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
 �е забудьте в�тановити права до�тупу або umask, щоб запобігти до�тупно�ті до читанн� нешифрованих файлів �торонніми кори�тувачами\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 
 .SH "Ф�ЙЛИ"
 .PP
diff --git a/man/uk/man8/faillog.8 b/man/uk/man8/faillog.8
index 33f48ac..f19d424 100644
--- a/man/uk/man8/faillog.8
+++ b/man/uk/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "faillog" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "faillog" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,34 +31,37 @@
 faillog \- виве�ти запи�и faillog або в�тановити обмеженн� на невдалі �проби увійти до �и�теми
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBfaillog\fR\ 'u
-\fBfaillog\fR [\fIпараметри\fR]
+\fBfaillog\fR [\fIoptions\fR]
 .SH "ОПИС"
 .PP
 \fBfaillog\fR
-показує вмі�т бази даних помилок під ча� входу до �и�теми (/var/log/faillog)\&. Ц� програма також може в�тановлювати лічильник і обмеженн� помилок\&. Якщо
+displays the contents of the failure log database (/var/log/faillog)\&. It can also set the failure counters and limits\&. When
 \fBfaillog\fR
-запущено без аргументів, програма покаже лише запи�и кори�тувачів, при �пробах входу до �и�теми �ких �тала�� помилка\&.
+is run without arguments, it only displays the faillog records of the users who had a login failure\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBfaillog\fR, є такими:
+The options which apply to the
+\fBfaillog\fR
+command are:
 .PP
 \fB\-a\fR, \fB\-\-all\fR
 .RS 4
-Виве�ти (або виконати дію) над запи�ами faillog дл� у�іх кори�тувачів, запи� �ких мі�тить�� у базі даних
-faillog\&.
+Display (or act on) faillog records for all users having an entry in the
+faillog
+database\&.
 .sp
-Діапазон уча�ників можна обмежити за допомогою параметра
-\fB\-u\fR\&.
+The range of users can be restricted with the
+\fB\-u\fR
+option\&.
 .sp
 У режимі показу діапазон буде обмежено на�вними кори�тувачами, але буде приму�ово показано запи�и faillog, навіть �кщо вони є порожніми\&.
 .sp
-З параметрами
+With the
 \fB\-l\fR,
 \fB\-m\fR,
 \fB\-r\fR,
 \fB\-t\fR
-запи�и кори�тувачів буде змінено, навіть �кщо запи�у кори�тувача не і�нує у �и�темі\&. Це кори�но дл� �киданн� запи�ів кори�тувачів, облікові запи�и �ких було вилучено, або в�тановленн� наперед правил дл� діапазону кори�тувачів\&.
+options, the users\*(Aq records are changed, even if the user does not exist on the system\&. This is useful to reset records of users that have been deleted or to set a policy in advance for a range of users\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -66,42 +69,45 @@ faillog\&.
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-l\fR, \fB\-\-lock\-secs\fR \fIСЕК\fR
+\fB\-l\fR, \fB\-\-lock\-secs\fR\ \&\fISEC\fR
 .RS 4
-Заблокувати обліковий запи� на
-\fIСЕК\fR
-�екунд пі�л� невдалої �проби увійти до �и�теми\&.
+Lock account for
+\fISEC\fR
+seconds after failed login\&.
 .sp
-Дл� кори�туванн� цим параметром потрібен до�туп до запи�у дл� файла
-/var/log/faillog\&.
+Write access to
+/var/log/faillog
+is required for this option\&.
 .RE
 .PP
-\fB\-m\fR, \fB\-\-maximum\fR \fIМ�КСИМУМ\fR
+\fB\-m\fR, \fB\-\-maximum\fR\ \&\fIMAX\fR
 .RS 4
-В�тановити мак�имальну кількі�ть невдалих �проб, пі�л� �кої обліковий запи� буде вимкнено, у значенн�
-\fIМ�КСИМУМ\fR\&.
+Set the maximum number of login failures after the account is disabled to
+\fIMAX\fR\&.
 .sp
-Вибір дл�
-\fIМ�КСИМУМ\fR
-значенн� 0 призведе до у�уванн� обмеженн� на кількі�ть невдалих �проб увійти до �и�теми\&.
+Selecting a
+\fIMAX\fR
+value of 0 has the effect of not placing a limit on the number of failed logins\&.
 .sp
-Дл�
+The maximum failure count should always be 0 for
 \fIroot\fR
-мак�имальною кількі�тю невдалих �проб увійти до �и�теми має завжди бути 0, щоб запобігти �пробам атакувати �и�тему, викликавши відмову в об�луговуванні\&.
+to prevent a denial of services attack against the system\&.
 .sp
-Дл� кори�туванн� цим параметром потрібен до�туп до запи�у дл� файла
-/var/log/faillog\&.
+Write access to
+/var/log/faillog
+is required for this option\&.
 .RE
 .PP
 \fB\-r\fR, \fB\-\-reset\fR
 .RS 4
 Скинути лічильники помилок входу\&.
 .sp
-Дл� кори�туванн� цим параметром потрібен до�туп до запи�у дл� файла
-/var/log/faillog\&.
+Write access to
+/var/log/faillog
+is required for this option\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -110,41 +116,43 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-t\fR, \fB\-\-time\fR \fIД�І\fR
+\fB\-t\fR, \fB\-\-time\fR\ \&\fIDAYS\fR
 .RS 4
-Показати запи�и faillog, �кі є �віжішими за
-\fIД�І\fR\&.
+Display faillog records more recent than
+\fIDAYS\fR\&.
 .RE
 .PP
-\fB\-u\fR, \fB\-\-user\fR \fIЗ�ПИС\fR|\fIДІ�П�ЗО�\fR
+\fB\-u\fR, \fB\-\-user\fR\ \&\fILOGIN\fR|\fIRANGE\fR
 .RS 4
-Виве�ти запи� журналу помилок або лічильників помилок і обмежень на помилки (�кщо викори�тано з
+Display faillog record or maintains failure counters and limits (if used with
 \fB\-l\fR,
 \fB\-m\fR
-або
-\fB\-r\fR) лише дл� вказаних кори�тувачів\&.
+or
+\fB\-r\fR
+options) only for the specified user(s)\&.
 .sp
-Кори�тувачів можна задавати за обліковим запи�ом дл� входу, чи�ловим ідентифікатором кори�тувача або значенн�м
-\fIДІ�П�ЗО�\fR
-дл� кори�тувачів\&.
-\fIДІ�П�ЗО�\fR
-кори�тувачів можна вказати за допомогою мінімального і мак�имального значень (\fIUID_MIN\-UID_MAX\fR), мак�имального значенн� (\fI\-UID_MAX\fR) або мінімального значенн� (\fIUID_MIN\-\fR)\&.
+The users can be specified by a login name, a numerical user ID, or a
+\fIRANGE\fR
+of users\&. This
+\fIRANGE\fR
+of users can be specified with a min and max values (\fIUID_MIN\-UID_MAX\fR), a max value (\fI\-UID_MAX\fR), or a min value (\fIUID_MIN\-\fR)\&.
 .RE
 .PP
-Якщо не вказано жодного з параметрів
+When none of the
 \fB\-l\fR,
-\fB\-m\fR
-або
-\fB\-r\fR,
+\fB\-m\fR, or
+\fB\-r\fR
+options are used,
 \fBfaillog\fR
-показує запи� faillog вказаних кори�тувачів\&.
+displays the faillog record of the specified user(s)\&.
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
 \fBfaillog\fR
-виводить дані лише кори�тувачів, �кі не мали у�пішних входів до �и�теми з моменту о�танньої помилки\&. Щоб було виведено запи� кори�тувача, �кий у�пішно входив до �и�теми з ча�у о�танньої помилки, вам �лід �вним чином наді�лати запит щодо кори�тувача за допомогою прапорц�
+only prints out users with no successful login since the last failure\&. To print out a user who has had a successful login since their last failure, you must explicitly request the user with the
 \fB\-u\fR
-або наказати програмі виве�ти дані у�іх кори�тувачів за допомогою прапорц�
-\fB\-a\fR\&.
+flag, or print out all users with the
+\fB\-a\fR
+flag\&.
 .SH "Ф�ЙЛИ"
 .PP
 /var/log/faillog
diff --git a/man/uk/man8/groupadd.8 b/man/uk/man8/groupadd.8
index a6ac855..3268541 100644
--- a/man/uk/man8/groupadd.8
+++ b/man/uk/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "groupadd" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "groupadd" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,41 +31,45 @@
 groupadd \- �творенн� нової групи
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBgroupadd\fR\ 'u
-\fBgroupadd\fR [\fIП�Р�МЕТРИ\fR] \fI�ОВ�_ГРУП�\fR
+\fBgroupadd\fR [\fIOPTIONS\fR] \fINEWGROUP\fR
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBgroupadd\fR
-�творює обліковий запи� групи з викори�танн�м значень, �кі вказано у командному р�дку, і типових дл� �и�теми значень\&. Запи� нової групи буде додано до файлів �и�теми, �кщо у цьому буде потреба\&.
+command creates a new group account using the values specified on the command line plus the default values from the system\&. The new group will be entered into the system files as needed\&.
 .PP
 Groupnames may contain only lower and upper case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. Dashes are not allowed at the beginning of the groupname\&. Fully numeric groupnames and groupnames \&. or \&.\&. are also disallowed\&.
 .PP
 Довжина назв груп не може перевищувати 32 �имволи\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBgroupadd\fR, є такими:
+The options which apply to the
+\fBgroupadd\fR
+command are:
 .PP
 \fB\-f\fR, \fB\-\-force\fR
 .RS 4
-Викори�танн� цього параметра призведе до про�того виходу з команди зі �таном у�піху, �кщо вказана група вже і�нує\&. Якщо викори�тано разом із
-\fB\-g\fR, і вказаний GID вже і�нує, буде вибрано інший (унікальний) GID (тобто буде вимкнено
-\fB\-g\fR)\&.
+This option causes the command to simply exit with success status if the specified group already exists\&. When used with
+\fB\-g\fR, and the specified GID already exists, another (unique) GID is chosen (i\&.e\&.
+\fB\-g\fR
+is turned off)\&.
 .RE
 .PP
-\fB\-g\fR, \fB\-\-gid\fR \fIGID\fR
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGID\fR
 .RS 4
-Чи�лове значенн� ідентифікатора групи\&.
+The numerical value of the group\*(Aqs ID\&.
 \fIGID\fR
-має бути унікальним, �кщо не викори�тано параметр
-\fB\-o\fR\&. Значенн� має бути невід\*(Aqємним\&. Типовим є викори�танн� найменшого значенн� ідентифікатора, �ке дорівнює або перевищує
-\fBМІ�ІМ�ЛЬ�ИЙ_GID\fR
-і є більшим за значенн� ідентифікатора будь\-�кої іншої групи\&.
+must be unique, unless the
+\fB\-o\fR
+option is used\&. The value must be non\-negative\&. The default is to use the smallest ID value greater than or equal to
+\fBGID_MIN\fR
+and greater than every other group\&.
 .sp
-Див\&. також опи�и параметрів
+See also the
 \fB\-r\fR
-Ñ–
-\fBМ�КСИМ�ЛЬ�ИЙ_GID\fR\&.
+option and the
+\fBGID_MAX\fR
+description\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -73,47 +77,43 @@ Groupnames may contain only lower and upper case letters, digits, underscores, o
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-K\fR, \fB\-\-key\fR \fIКЛЮЧ\fR=\fIЗ��ЧЕ��Я\fR
+\fB\-K\fR, \fB\-\-key\fR\ \&\fIKEY\fR=\fIVALUE\fR
 .RS 4
-Має пріоритет над типовими значенн�м у
+Overrides
 /etc/login\&.defs
-(GID_MIN, GID_MAX та іншими)\&. Може бути вказано декілька параметрів
-\fB\-K\fR\&.
-.sp
-Приклад:
+defaults (GID_MIN, GID_MAX and others)\&. Multiple
 \fB\-K\fR
-\fIМІ�ІМ�ЛЬ�ИЙ_GID\fR=\fI100\fR
-\fB\-K\fR
-\fIМ�КСИМ�ЛЬ�ИЙ_GID\fR=\fI499\fR
+options can be specified\&.
 .sp
-Зауваженн�:
-\fB\-K\fR
-\fIМІ�ІМ�ЛЬ�ИЙ_GID\fR=\fI10\fR,\fIМ�КСИМ�ЛЬ�ИЙ_GID\fR=\fI499\fR
-ще не працює\&.
+Example:
+\fB\-K\fR\ \&\fIGID_MIN\fR=\fI100\fR\ \&
+\fB\-K\fR\ \&\fIGID_MAX\fR=\fI499\fR
+.sp
+Note:
+\fB\-K\fR\ \&\fIGID_MIN\fR=\fI10\fR,\fIGID_MAX\fR=\fI499\fR
+doesn\*(Aqt work yet\&.
 .RE
 .PP
 \fB\-o\fR, \fB\-\-non\-unique\fR
 .RS 4
-уможливлює �творенн� груп із вже викори�таним чи�ловим ідентифікатором\&. У результаті дл� цього
-\fIGID\fR
-прив\*(Aq�зка до групи
-\fI�ОВ�_ГРУП�\fR
-може бути неунікальною\&.
+permits the creation of a group with an already used numerical ID\&. As a result, for this
+\fIGID\fR, the mapping towards group
+\fINEWGROUP\fR
+may not be unique\&.
 .RE
 .PP
-\fB\-p\fR, \fB\-\-password\fR \fIП�РОЛЬ\fR
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
 .RS 4
-визначає початковий пароль до облікового запи�у групи\&. П�РОЛЬ має бути зашифровано у форматі, �кий повертає
-\fBcrypt\fR(3)\&.
+defines an initial password for the group account\&. PASSWORD is expected to be encrypted, as returned by
+\fBcrypt \fR(3)\&.
 .sp
-Без цього параметра обліковий запи� групи буде заблоковано; дл� нього також не буде визначено парол�, тобто у відповідному полі файла облікових запи�ів �и�теми
+Without this option, the group account will be locked and with no password defined, i\&.e\&. a single exclamation mark in the respective field of ths system account file
 /etc/group
-або
-/etc/gshadow
-буде вказано одинарний знак оклику\&.
+or
+/etc/gshadow\&.
 .sp
-\fBЗауваженн�:\fR
-не рекомендуємо кори�тувати�� цим параметром, о�кільки пароль (або шифрований пароль) буде видимим дл� кори�тувачів, �кі мають до�туп до �пи�ку проце�ів\&.
+\fBNote:\fR
+This option is not recommended because the password (or encrypted password) will be visible by users listing the processes\&.
 .sp
 Вам �лід переконати��, що пароль відповідає правилам �кладанн� паролів �и�теми\&.
 .RE
@@ -122,14 +122,14 @@ Groupnames may contain only lower and upper case letters, digits, underscores, o
 .RS 4
 Створити загально�и�темну групу\&.
 .sp
-Чи�лові ідентифікатори нових груп �и�теми буде вибрано у діапазоні
+The numeric identifiers of new system groups are chosen in the
 \fBSYS_GID_MIN\fR\-\fBSYS_GID_MAX\fR
 range, defined in
-login\&.defs, замі�ть діапазону
-\fBМІ�ІМ�ЛЬ�ИЙ_GID\fR\-\fBМ�КСИМ�ЛЬ�ИЙ_GID\fR\&.
+login\&.defs, instead of
+\fBGID_MIN\fR\-\fBGID_MAX\fR\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -138,30 +138,30 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-P\fR, \fB\-\-prefix\fR \fIК�Т�ЛОГ_ПРЕФІКС�\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
 .RS 4
-За�то�увати зміни до файлів налаштувань у кореневій файловій �и�темі з каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR\&. Викори�танн� цього параметра не змінює кореневої теки\&. Параметр призначено лише дл� приготуванн� цілі дл� компіл�ції коду дл� іншої операційної �и�теми\&. Обмеженн�: не буде виконано перевірку кори�тувачів/груп NIS і LDAP\&. При розпізнаванні у PAM буде викори�тано файли о�новної �и�теми\&. Підтримки SELINUX не передбачено\&.
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
 .RE
 .PP
 \fB\-U\fR, \fB\-\-users\fR
 .RS 4
 Спи�ок імен кори�тувачів, �ких �лід додати �к уча�ників групи\&.
 .sp
-Типову поведінку (�кщо не вказано параметрів
+The default behavior (if the
 \fB\-g\fR,
-\fB\-N\fR
-Ñ–
-\fB\-U\fR) буде визначено змінною
+\fB\-N\fR, and
+\fB\-U\fR
+options are not specified) is defined by the
 \fBUSERGROUPS_ENAB\fR
-у
+variable in
 /etc/login\&.defs\&.
 .RE
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -182,44 +182,44 @@ directory\&. Only absolute paths are supported\&.
 .PP
 �е можна додавати групи NIS або LDAP\&. Дл� таких груп цю дію має бути виконано на відповідному �ервері\&.
 .PP
-Якщо назва групи вже і�нує у зовнішній базі даних груп, зокрема NIS або LDAP,
+If the groupname already exists in an external group database such as NIS or LDAP,
 \fBgroupadd\fR
-відмовить у запиті щодо �творенн� групи\&.
+will deny the group creation request\&.
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBgroupadd\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI2\fR
 .RS 4
-некоректний �интак�и� команди
+invalid command syntax
 .RE
 .PP
 \fI3\fR
 .RS 4
-некоректний аргумент параметра
+invalid argument to option
 .RE
 .PP
 \fI4\fR
 .RS 4
-GID вже викори�тано (�кщо викликано без
+GID is already used (when called without
 \fB\-o\fR)
 .RE
 .PP
 \fI9\fR
 .RS 4
-назву групи вже викори�тано
+group name is already used
 .RE
 .PP
 \fI10\fR
 .RS 4
-не вдало�� оновити файл груп
+can\*(Aqt update group file
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
diff --git a/man/uk/man8/groupdel.8 b/man/uk/man8/groupdel.8
index 1bc3ce7..dbbf8e7 100644
--- a/man/uk/man8/groupdel.8
+++ b/man/uk/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "groupdel" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "groupdel" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,18 @@
 groupdel \- вилученн� групи
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fIпараметри\fR] \fIGROUP\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBgroupdel\fR
-вно�ить зміни до файлів загально�и�темних облікових запи�ів, вилучаючи у�і запи�и, �кі �то�ують�� імені кори�тувача\fIGROUP\fR\&. Іменована група має і�нувати\&.
+command modifies the system account files, deleting all entries that refer to
+\fIGROUP\fR\&. The named group must exist\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBgroupdel\fR, є такими:
+The options which apply to the
+\fBgroupdel\fR
+command are:
 .PP
 \fB\-f\fR, \fB\-\-force\fR
 .RS 4
@@ -52,7 +54,7 @@ groupdel \- вилученн� групи
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -61,12 +63,13 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-P\fR, \fB\-\-prefix\fR \fIК�Т�ЛОГ_ПРЕФІКС�\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
 .RS 4
-За�то�увати зміни до каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR
-і викори�тати файли налаштувань з каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR\&. Викори�танн� цього параметра не змінює кореневої теки\&. Параметр призначено лише дл� приготуванн� цілі дл� компіл�ції коду дл� іншої операційної �и�теми\&. Обмеженн�: не буде виконано перевірку кори�тувачів/груп NIS і LDAP\&. При розпізнаванні у PAM буде викори�тано файли о�новної �и�теми\&. Підтримки SELINUX не передбачено\&.
+Apply changes in the
+\fIPREFIX_DIR\fR
+directory and use the configuration files from the
+\fIPREFIX_DIR\fR
+directory\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
@@ -75,9 +78,9 @@ directory\&. Only absolute paths are supported\&.
 Вам �лід виконати перевірку у�іх файлових �и�тем вручну, щоб переконати��, щоб не лишило�� жодних файлів, �кі належать цій групі\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -91,33 +94,33 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBgroupdel\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI2\fR
 .RS 4
-некоректний �интак�и� команди
+invalid command syntax
 .RE
 .PP
 \fI6\fR
 .RS 4
-вказаної групи не і�нує
+specified group doesn\*(Aqt exist
 .RE
 .PP
 \fI8\fR
 .RS 4
-не вдало�� вилучити о�новну групу кори�тувача
+can\*(Aqt remove user\*(Aqs primary group
 .RE
 .PP
 \fI10\fR
 .RS 4
-не вдало�� оновити файл груп
+can\*(Aqt update group file
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
diff --git a/man/uk/man8/groupmems.8 b/man/uk/man8/groupmems.8
index 997f6d2..6270c57 100644
--- a/man/uk/man8/groupmems.8
+++ b/man/uk/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "groupmems" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "groupmems" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,46 +31,51 @@
 groupmems \- адміні�труванн� уча�ників о�новної групи кори�тувача
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBgroupmems\fR\ 'u
-\fBgroupmems\fR \-a\ \fIім\*(Aq�_кори�тувача\fR | \-d\ \fIім\*(Aq�_кори�тувача\fR | [\-g\ \fIназва_групи\fR] | \-l | \-p 
+\fBgroupmems\fR \-a\ \fIuser_name\fR | \-d\ \fIuser_name\fR | [\-g\ \fIgroup_name\fR] | \-l | \-p 
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBgroupmems\fR
-надає змогу кори�тувачеві адміні�трувати �пи�ок уча�ників вла�ної групи без потреби у привіле�х надкори�тувача\&. Допоміжну програму
+command allows a user to administer their own group membership list without the requirement of superuser privileges\&. The
 \fBgroupmems\fR
-призначено дл� �и�тем, у �ких облікові запи� кори�тувачів налаштовують так, щоб о�новною групою дл� них була група із назвою, �ка збігаєть�� із назвою облікового запи�у кори�тувача (тобто guest / guest)\&.
+utility is for systems that configure its users to be in their own name sake primary group (i\&.e\&., guest / guest)\&.
 .PP
-Лише надкори�тувач, �к адміні�тратор, може викори�товувати
+Only the superuser, as administrator, can use
 \fBgroupmems\fR
-дл� зміни уча�ників інших груп\&.
+to alter the memberships of other groups\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBgroupmems\fR, є такими:
+The options which apply to the
+\fBgroupmems\fR
+command are:
 .PP
-\fB\-a\fR, \fB\-\-add\fR \fIім\*(Aq�_кори�тувача\fR
+\fB\-a\fR, \fB\-\-add\fR\ \&\fIuser_name\fR
 .RS 4
 Додати кори�тувача до �пи�ку уча�ті у групі\&.
 .sp
-Якщо і�нує файл
-/etc/gshadow, і у групи немає запи�у у файлі
-/etc/gshadow, буде �творено новий запи�\&.
+If the
+/etc/gshadow
+file exist, and the group has no entry in the
+/etc/gshadow
+file, a new entry will be created\&.
 .RE
 .PP
-\fB\-d\fR, \fB\-\-delete\fR \fIім\*(Aq�_кори�тувача\fR
+\fB\-d\fR, \fB\-\-delete\fR\ \&\fIuser_name\fR
 .RS 4
 Вилучити кори�тувача зі �пи�ку уча�ті у групі\&.
 .sp
-Якщо файл
+If the
 /etc/gshadow
-і�нує, кори�тувача буде вилучено зі �пи�ку уча�ників і адміні�траторів групи\&.
+file exist, the user will be removed from the list of members and administrators of the group\&.
 .sp
-Якщо і�нує файл
-/etc/gshadow, і у групи немає запи�у у файлі
-/etc/gshadow, буде �творено новий запи�\&.
+If the
+/etc/gshadow
+file exist, and the group has no entry in the
+/etc/gshadow
+file, a new entry will be created\&.
 .RE
 .PP
-\fB\-g\fR, \fB\-\-group\fR \fIназва_групи\fR
+\fB\-g\fR, \fB\-\-group\fR\ \&\fIgroup_name\fR
 .RS 4
 �адкори�тувач може вказувати, до �кого �пи�ку уча�ників груп �лід вне�ти зміни\&.
 .RE
@@ -89,12 +94,14 @@ groupmems \- адміні�труванн� уча�ників о�новної
 .RS 4
 Витерти у�іх кори�тувачів зі �пи�ку уча�ників групи\&.
 .sp
-Якщо і�нує файл
-/etc/gshadow, і у групи немає запи�у у файлі
-/etc/gshadow, буде �творено новий запи�\&.
+If the
+/etc/gshadow
+file exist, and the group has no entry in the
+/etc/gshadow
+file, a new entry will be created\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -104,32 +111,37 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "КО�ФІГУР�ЦІЯ"
 .PP
-Режимом до�тупу до виконуваного файла
+The
 \fBgroupmems\fR
-має бути
+executable should be in mode
 2710
-із вла�ником
+as user
 \fIroot\fR
-і групою
-\fIgroups\fR\&. �дміні�тратор �и�теми може додавати кори�тувачів до групи
-\fIgroups\fR, щоб дозволити або заборонити їм кори�тувати�� програмою
+and in group
+\fIgroups\fR\&. The system administrator can add users to group
+\fIgroups\fR
+to allow or disallow them using the
 \fBgroupmems\fR
-дл� керуванн� �пи�ком уча�ників їхньої вла�ної групи\&.
+utility to manage their own group membership list\&.
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
-$ groupadd \-r groups $ chmod 2710 groupmems $ chown root\&.groups groupmems $ groupmems \-g groups \-a gk4
+	$ groupadd \-r groups
+	$ chmod 2710 groupmems
+	$ chown root:groups groupmems
+	$ groupmems \-g groups \-a gk4
+    
 .fi
 .if n \{\
 .RE
 .\}
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
diff --git a/man/uk/man8/groupmod.8 b/man/uk/man8/groupmod.8
index 4251b82..0e584c1 100644
--- a/man/uk/man8/groupmod.8
+++ b/man/uk/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "groupmod" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "groupmod" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,49 +31,50 @@
 groupmod \- зміна визначенн� групи у �и�темі
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fIпараметри\fR] \fIGROUP\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBgroupmod\fR
-змінює визначенн� вказаної аргументом групи
-\fIGROUP\fR, вно��чи зміни до відповідного запи�у у базі даних груп\&.
+command modifies the definition of the specified
+\fIGROUP\fR
+by modifying the appropriate entry in the group database\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBgroupmod\fR, є такими:
+The options which apply to the
+\fBgroupmod\fR
+command are:
 .PP
-\fB\-a\fR, \fB\-\-append\fR \fIGID\fR
+\fB\-a\fR, \fB\-\-append\fR\ \&\fIGID\fR
 .RS 4
 Уча�ників групи вказують за допомогою параметра \-U\&. Запи�и буде допи�ано до на�вного �пи�ку уча�ників, а не викори�тано дл� заміни цього �пи�ку\&.
 .RE
 .PP
-\fB\-g\fR, \fB\-\-gid\fR \fIGID\fR
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGID\fR
 .RS 4
-Ідентифікатор групи вказаного запи�у
+The group ID of the given
 \fIGROUP\fR
-буде змінено на
+will be changed to
 \fIGID\fR\&.
 .sp
-Значенн�м
+The value of
 \fIGID\fR
-має бути невід\*(Aqємне де��ткове ціле чи�ло\&. Це значенн� має бути унікальним, �кщо не викори�тано параметр
-\fB\-o\fR\&.
+must be a non\-negative decimal integer\&. This value must be unique, unless the
+\fB\-o\fR
+option is used\&.
 .sp
 Запи�и кори�тувачів, �кі викори�товують групу, �к о�новну групу, буде оновлено з метою збереженн� групи, �к їхньої о�новної групи\&.
 .sp
-Ідентифікатор групи у�іх файли, вла�ником �ких є група зі �тарим ідентифікатором, і �кі мають належати
-\fIGROUP\fR, доведеть�� змінити вручну\&.
+Any files that have the old group ID and must continue to belong to
+\fIGROUP\fR, must have their group ID changed manually\&.
 .sp
-Перевірок щодо
-\fBМІ�ІМ�ЛЬ�ИЙ_GID\fR,
-\fBМ�КСИМ�ЛЬ�ИЙ_GID\fR,
-\fBSYS_GID_MIN\fR
-або
+No checks will be performed with regard to the
+\fBGID_MIN\fR,
+\fBGID_MAX\fR,
+\fBSYS_GID_MIN\fR, or
 \fBSYS_GID_MAX\fR
-з
-/etc/login\&.defs
-виконано не буде\&.
+from
+/etc/login\&.defs\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -81,34 +82,36 @@ groupmod \- зміна визначенн� групи у �и�темі
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-n\fR, \fB\-\-new\-name\fR \fI�ОВ�_ГРУП�\fR
+\fB\-n\fR, \fB\-\-new\-name\fR\ \&\fINEW_GROUP\fR
 .RS 4
-�азву групи буде змінено з
+The name of the group will be changed from
 \fIGROUP\fR
-на
-\fI�ОВ�_ГРУП�\fR\&.
+to
+\fINEW_GROUP\fR
+name\&.
 .RE
 .PP
 \fB\-o\fR, \fB\-\-non\-unique\fR
 .RS 4
-Якщо викори�тано у поєднанні із параметром
-\fB\-g\fR, дозволити зміну групи
+When used with the
+\fB\-g\fR
+option, allow to change the group
 \fIGID\fR
-на неунікальне значенн�\&.
+to a non\-unique value\&.
 .RE
 .PP
-\fB\-p\fR, \fB\-\-password\fR \fIП�РОЛЬ\fR
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
 .RS 4
-Зашифрований пароль, �к його повертає
+The encrypted password, as returned by
 \fBcrypt\fR(3)\&.
 .sp
-\fBЗауваженн�:\fR
-не рекомендуємо кори�тувати�� цим параметром, о�кільки пароль (або шифрований пароль) буде видимим дл� кори�тувачів, �кі мають до�туп до �пи�ку проце�ів\&.
+\fBNote:\fR
+This option is not recommended because the password (or encrypted password) will be visible by users listing the processes\&.
 .sp
 Вам �лід переконати��, що пароль відповідає правилам �кладанн� паролів �и�теми\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -117,32 +120,33 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-P\fR, \fB\-\-prefix\fR \fIК�Т�ЛОГ_ПРЕФІКС�\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
 .RS 4
-За�то�увати зміни до каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR
-і викори�тати файли налаштувань з каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR\&. Викори�танн� цього параметра не змінює кореневої теки\&. Параметр призначено лише дл� приготуванн� цілі дл� компіл�ції коду дл� іншої операційної �и�теми\&. Обмеженн�: не буде виконано перевірку кори�тувачів/груп NIS і LDAP\&. При розпізнаванні у PAM буде викори�тано файли о�новної �и�теми\&. Підтримки SELINUX не передбачено\&.
+Apply changes in the
+\fIPREFIX_DIR\fR
+directory and use the configuration files from the
+\fIPREFIX_DIR\fR
+directory\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
 .RE
 .PP
 \fB\-U\fR, \fB\-\-users\fR
 .RS 4
 Спи�ок імен кори�тувачів, �ких �лід додати �к уча�ників групи\&.
 .sp
-Типову поведінку (�кщо не вказано параметрів
+The default behavior (if the
 \fB\-g\fR,
-\fB\-N\fR
-Ñ–
-\fB\-U\fR) буде визначено змінною
+\fB\-N\fR, and
+\fB\-U\fR
+options are not specified) is defined by the
 \fBUSERGROUPS_ENAB\fR
-у
+variable in
 /etc/login\&.defs\&.
 .RE
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -166,58 +170,58 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBgroupmod\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-E_SUCCESS: у�піх
+E_SUCCESS: success
 .RE
 .PP
 \fI2\fR
 .RS 4
-E_USAGE: некоректний �интак�и� команди
+E_USAGE: invalid command syntax
 .RE
 .PP
 \fI3\fR
 .RS 4
-E_BAD_ARG: некоректний аргумент параметра
+E_BAD_ARG: invalid argument to option
 .RE
 .PP
 \fI4\fR
 .RS 4
-E_GID_IN_USE: ідентифікатор групи вже викори�тано
+E_GID_IN_USE: group id already in use
 .RE
 .PP
 \fI6\fR
 .RS 4
-E_NOTFOUND: вказаної групи не і�нує
+E_NOTFOUND: specified group doesn\*(Aqt exist
 .RE
 .PP
 \fI9\fR
 .RS 4
-E_NAME_IN_USE: назву групи вже викори�тано
+E_NAME_IN_USE: group name already in use
 .RE
 .PP
 \fI10\fR
 .RS 4
-E_GRP_UPDATE: не вдало�� оновити файл групи
+E_GRP_UPDATE: can\*(Aqt update group file
 .RE
 .PP
 \fI11\fR
 .RS 4
-E_CLEANUP_SERVICE: не вдало�� налаштувати �лужбу чищенн�
+E_CLEANUP_SERVICE: can\*(Aqt setup cleanup service
 .RE
 .PP
 \fI12\fR
 .RS 4
-E_PAM_USERNAME: не вдало�� визначити ваше ім\*(Aq� кори�тувача дл� викори�танн� разом із pam
+E_PAM_USERNAME: can\*(Aqt determine your username for use with pam
 .RE
 .PP
 \fI13\fR
 .RS 4
-E_PAM_ERROR: pam повернуто повідомленн� про помилку, див\&. ідентифікатор groupmod у журналі syslog, щоб ознайомити�� із повідомленн�м про помилку PAM
+E_PAM_ERROR: pam returned an error, see syslog facility id groupmod for the PAM error message
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
diff --git a/man/uk/man8/grpck.8 b/man/uk/man8/grpck.8
index 134d7d1..3e574d9 100644
--- a/man/uk/man8/grpck.8
+++ b/man/uk/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "grpck" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "grpck" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,15 +31,15 @@
 grpck \- перевірка цілі�но�ті файлів груп
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [параметри] [\fIгрупа\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "ОПИС"
 .PP
-Команду
+The
 \fBgrpck\fR
-призначено дл� перевірки цілі�но�ті даних щодо груп\&. Вона перевір�є, чи у�і запи�и у
+command verifies the integrity of the groups information\&. It checks that all entries in
 /etc/group
 and /etc/gshadow
-мають належне форматуванн� і мі�т�ть чинні дані\&. Програма попро�ить кори�тувача вилучити запи�и із помилковим форматуванн�м або іншими непридатними до виправленн� помилками\&.
+have the proper format and contain valid data\&. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors\&.
 .PP
 Буде виконано перевірки з метою переконати��, що кожен запи� має:
 .sp
@@ -97,32 +97,36 @@ and /etc/gshadow
 .sp -1
 .IP \(bu 2.3
 .\}
-відповідний запи� у файлі
+a corresponding entry in the
 /etc/gshadow
-(відповідно,
+file (respectively
 /etc/group
-дл� перевірок
-gshadow)
+for the
+gshadow
+checks)
 .RE
 .PP
-Перевірки належної кілько�ті полів та унікально�ті назв груп є критичними\&. Якщо у запи�і помилкова кількі�ть полів, програма попро�ить кори�тувача вилучити уве�ь р�док\&. Якщо кори�тувач не підтвердить дію з вилученн�, у�і на�тупні перевірки буде пропущено\&. Якщо буде ви�влено запи� із дублюванн�м групи, програма попро�ить вилучити його, але �кщо у цьому буде відмовлено, виконає решту перевірок\&. У�і інші помилки вважатимуть�� незначними \(em кори�тувачу буде рекомендовано віддати команду
-\fBgroupmod\fR, щоб виправити помилку\&.
+The checks for correct number of fields and unique group name are fatal\&. If an entry has the wrong number of fields, the user will be prompted to delete the entire line\&. If the user does not answer affirmatively, all further checks are bypassed\&. An entry with a duplicated group name is prompted for deletion, but the remaining checks will still be made\&. All other errors are warnings and the user is encouraged to run the
+\fBgroupmod\fR
+command to correct the error\&.
 .PP
-Команди, �кі мають �праву з
+The commands which operate on the
 /etc/group
-and /etc/gshadow files, не зможуть змінити пошкоджені або дубльовані запи�и\&. У цих випадках �лід �кори�тати��
+and /etc/gshadow files
+are not able to alter corrupted or duplicated entries\&.
 \fBgrpck\fR
-дл� вилученн� помилкових запи�ів\&.
+should be used in those circumstances to remove the offending entries\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри
+The
 \fB\-r\fR
-Ñ–
+and
 \fB\-s\fR
-не можна поєднувати\&.
+options cannot be combined\&.
 .PP
-Параметри, �кі за�то�овують до команди
-\fBgrpck\fR, є такими:
+The options which apply to the
+\fBgrpck\fR
+command are:
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
@@ -131,14 +135,14 @@ and /etc/gshadow files, не зможуть змінити пошкоджені
 .PP
 \fB\-r\fR, \fB\-\-read\-only\fR
 .RS 4
-Виконати команду
+Execute the
 \fBgrpck\fR
-у режимі лише читанн�\&. Це призведе до того, що програма вважатиме відповід�ми на у�і �вої питанн� значенн�
+command in read\-only mode\&. This causes all questions regarding changes to be answered
 \fIno\fR
-і ні про що не запитуватиме кори�тувача\&.
+without user intervention\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -149,32 +153,32 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-s\fR, \fB\-\-sort\fR
 .RS 4
-Упор�дкувати запи�и у
+Sort entries in
 /etc/group
 and /etc/gshadow
-за GID\&.
+by GID\&.
 .RE
 .PP
 \fB\-S\fR, \fB\-\-silence\-warnings\fR
 .RS 4
-Придушити �умнівні попередженн�, зокрема попередженн� щодо неузгоджено�ті між �пи�ками уча�ників групи у
+Suppress more controversial warnings, in particular warnings about inconsistency between group members listed in
 /etc/group
-Ñ–
+and
 /etc/ghadow\&.
 .RE
 .PP
-Типово,
+By default,
 \fBgrpck\fR
-працює з
+operates on
 /etc/group
-and /etc/gshadow\&. Кори�тувач може вибрати альтернативні файли за допомогою
-\fIгрупа\fR
+and /etc/gshadow\&. The user may select alternate files with the
+\fIgroup\fR
 and \fIshadow\fR parameters\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -193,42 +197,42 @@ and \fIshadow\fR parameters\&.
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBgrpck\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI1\fR
 .RS 4
-некоректний �интак�и� команди
+invalid command syntax
 .RE
 .PP
 \fI2\fR
 .RS 4
-один або декілька помилкових запи�ів груп
+one or more bad group entries
 .RE
 .PP
 \fI3\fR
 .RS 4
-не вдало�� відкрити файли груп
+can\*(Aqt open group files
 .RE
 .PP
 \fI4\fR
 .RS 4
-не вдало�� заблокувати файли груп
+can\*(Aqt lock group files
 .RE
 .PP
 \fI5\fR
 .RS 4
-не вдало�� оновити файли груп
+can\*(Aqt update group files
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
-\fBгрупа\fR(5),
+\fBgroup\fR(5),
 \fBgroupmod\fR(8),
 \fBgshadow\fR(5),
 \fBpasswd\fR(5),
diff --git a/man/uk/man8/lastlog.8 b/man/uk/man8/lastlog.8
index d37b777..0fdc9f2 100644
--- a/man/uk/man8/lastlog.8
+++ b/man/uk/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "lastlog" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "lastlog" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,31 +31,33 @@
 lastlog \- виведенн� даних щодо о�таннього входу до �и�теми дл� у�іх кори�тувачів або дл� вказаного кори�тувача\&.
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBlastlog\fR\ 'u
-\fBlastlog\fR [\fIпараметри\fR]
+\fBlastlog\fR [\fIoptions\fR]
 .SH "ОПИС"
 .PP
 \fBlastlog\fR
-форматує і виводить вмі�т журналу запи�ів о�таннього входу до �и�теми у файлі
-/var/log/lastlog\&. Буде виведено дані
-\fIім\*(Aq� кори�тувача\fR,
-\fIпорт\fR
-Ñ–
-\fIча� о�таннього входу до �и�теми\fR\&. Типовий варіант (без прапорців) призведе до виведенн� запи�ів lastlog, �кі буде упор�дковано за пор�дком у
+formats and prints the contents of the last login log
+/var/log/lastlog
+file\&. The
+\fIlogin\-name\fR,
+\fIport\fR, and
+\fIlast login time\fR
+will be printed\&. The default (no flags) causes lastlog entries to be printed, sorted by their order in
 /etc/passwd\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBlastlog\fR, є такими:
+The options which apply to the
+\fBlastlog\fR
+command are:
 .PP
-\fB\-b\fR, \fB\-\-before\fR \fIД�І\fR
+\fB\-b\fR, \fB\-\-before\fR\ \&\fIDAYS\fR
 .RS 4
-Виве�ти лише ті запи�и lastlog, вік �ких перевищує
-\fIД�І\fR\&.
+Print only lastlog records older than
+\fIDAYS\fR\&.
 .RE
 .PP
 \fB\-C\fR, \fB\-\-clear\fR
 .RS 4
-Вилучити запи� lastlog кори�тувача\&. Цей параметр можна викори�товувати лише разом із
+Clear lastlog record of a user\&. This option can be used only together with
 \fB\-u\fR
 (\fB\-\-user\fR))\&.
 .RE
@@ -65,7 +67,7 @@ lastlog \- виведеннÑ� даних щодо оÑ�таннього входÑ
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -76,48 +78,45 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-S\fR, \fB\-\-set\fR
 .RS 4
-В�тановити дл� запи�у lastlog кори�тувача поточний ча�\&. Цей параметр можна викори�товувати лише разом із
+Set lastlog record of a user to the current time\&. This option can be used only together with
 \fB\-u\fR
 (\fB\-\-user\fR))\&.
 .RE
 .PP
-\fB\-t\fR, \fB\-\-time\fR \fIД�І\fR
+\fB\-t\fR, \fB\-\-time\fR\ \&\fIDAYS\fR
 .RS 4
-Виве�ти запи�и lastlog, �кі є �віжішими за
-\fIД�І\fR\&.
+Print the lastlog records more recent than
+\fIDAYS\fR\&.
 .RE
 .PP
-\fB\-u\fR, \fB\-\-user\fR \fIЗ�ПИС\fR|\fIДІ�П�ЗО�\fR
+\fB\-u\fR, \fB\-\-user\fR\ \&\fILOGIN\fR|\fIRANGE\fR
 .RS 4
 Виве�ти запи� lastlog дл� вказаних кори�тувачів\&.
 .sp
-Кори�тувачів можна задавати за обліковим запи�ом дл� входу, чи�ловим ідентифікатором кори�тувача або значенн�м
-\fIДІ�П�ЗО�\fR
-дл� кори�тувачів\&.
-\fIДІ�П�ЗО�\fR
-кори�тувачів можна вказати за допомогою мінімального і мак�имального значень (\fIUID_MIN\-UID_MAX\fR), мак�имального значенн� (\fI\-UID_MAX\fR) або мінімального значенн� (\fIUID_MIN\-\fR)\&.
+The users can be specified by a login name, a numerical user ID, or a
+\fIRANGE\fR
+of users\&. This
+\fIRANGE\fR
+of users can be specified with a min and max values (\fIUID_MIN\-UID_MAX\fR), a max value (\fI\-UID_MAX\fR), or a min value (\fIUID_MIN\-\fR)\&.
 .RE
 .PP
-Якщо кори�тувач ніколи не входив до �и�теми, буде виведено повідомленн�
-\fI** �іколи не входив **\fR
-замі�ть порту і ча�у\&.
+If the user has never logged in the message
+\fI** Never logged in**\fR
+will be displayed instead of the port and time\&.
 .PP
 Буде виведено запи�и лише дл� поточних кори�тувачів �и�теми\&. У �и�темі можуть і�нувати дані дл� запи�ів кори�тувачів, �кі було раніше вилучено\&.
 .SH "З�УВ�ЖЕ��Я"
 .PP
-Файл
+The
 lastlog
-є базою даних, �кі мі�тить дані щодо о�таннього входу до �и�теми кожного з кори�тувачів\&. Вам не �лід оновлювати його вмі�т вручну\&. Це розріджений файл, тому його розмір на ди�ку, зазвичай, є набагато меншим за показаний
-\fBls \-l\fR
-(ц� команда може показати дуже великий розмір, �кщо у вашому
+file is a database which contains info on the last login of each user\&. You should not rotate it\&. It is a sparse file, so its size on the disk is usually much smaller than the one shown by "\fBls \-l\fR" (which can indicate a really big file if you have in
 passwd
-є запи�и із великими значенн�ми UID)\&. Перегл�нути �правжній розмір файла можна за допомогою команди
-\fBls \-s\fR\&.
+users with a high UID)\&. You can display its real size with "\fBls \-s\fR"\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /var/log/lastlog
@@ -128,6 +127,6 @@ passwd
 .PP
 Великі прогалини у чи�лах UID призведуть до того, що програма lastlog працюватиме довше без виведенн� даних на екран (тобто, �кщо у базі даних lastlog немає запи�ів дл� кори�тувачів із UID між 170 і 800, може здати��, що lastlog зави�ла, доки програма обробл�є UID у діапазоні 171\-799)\&.
 .PP
-�а�вні�ть великих значень UID може �творити проблеми при обробці
-<term>/var/log/lastlog</term>
-за допомогою зовнішніх ін�трументів\&. Хоча �ам файл є розрідженим і він не викори�товує надто багато мі�ц� на ди�ку, де�кі програми типово не призначено дл� визначенн� розріджених файлів \(em такі програми можуть потребувати дл� обробки певного параметра\&.
+Having high UIDs can create problems when handling the
+/var/log/lastlog
+with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/uk/man8/logoutd.8 b/man/uk/man8/logoutd.8
index 1206913..f86a741 100644
--- a/man/uk/man8/logoutd.8
+++ b/man/uk/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "logoutd" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "logoutd" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -35,13 +35,15 @@ logoutd \- приму�ово за�то�увати обмеженн� щодо
 .SH "ОПИС"
 .PP
 \fBlogoutd\fR
-накладає обмеженн� на ча� входу та порт, �кі вказано у
+enforces the login time and port restrictions specified in
 /etc/porttime\&.
 \fBlogoutd\fR
-має бути запущено з
-/etc/rc\&. Си�тема виконуватиме регул�рне �кануванн�
-/var/run/utmp\&. Буде виконано перевірку кожного кори�тувача з метою визначенн� того, чи має до�туп кори�тувач до іменованого порту у поточний момент ча�у\&. У�і �еан�и роботи, �кі порушуватимуть обмеженн� у
-/etc/porttime, буде перервано\&.
+should be started from
+/etc/rc\&. The
+/var/run/utmp
+file is scanned periodically and each user name is checked to see if the named user is permitted on the named port at the current time\&. Any login session which is violating the restrictions in
+/etc/porttime
+is terminated\&.
 .SH "Ф�ЙЛИ"
 .PP
 /etc/porttime
diff --git a/man/uk/man8/newusers.8 b/man/uk/man8/newusers.8
index 61d72dd..1bc4f25 100644
--- a/man/uk/man8/newusers.8
+++ b/man/uk/man8/newusers.8
@@ -2,12 +2,12 @@
 .\"     Title: newusers
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "newusers" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "newusers" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,15 +31,15 @@
 newusers \- пакетне оновленн� і �творенн� облікових запи�ів кори�тувачів
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBnewusers\fR\ 'u
-\fBnewusers\fR [\fIпараметри\fR] [\fIфайл\fR]
+\fBnewusers\fR [\fIoptions\fR] [\fIfile\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBnewusers\fR
-читає
-\fIфайл\fR
-(або, типово, �тандартного джерела вхідних даних) і викори�товує ці дані дл� оновленн� набору на�вних запи�ів кори�тувачів або �творенн� запи�ів нових кори�тувачів\&. Кожен р�док запи�ано у тому �амому форматі, що і �тандартний файл паролів (див\&.
-\fBpasswd\fR(5))\&. Вин�тки з цього правила опи�ано нижче:
+command reads a
+\fIfile\fR
+(or the standard input by default) and uses this information to update a set of existing users or to create new users\&. Each line is in the same format as the standard password file (see
+\fBpasswd\fR(5)) with the exceptions explained below:
 .PP
 pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
 .PP
@@ -47,8 +47,8 @@ pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
 .RS 4
 Це ім\*(Aq� кори�тувача\&.
 .sp
-Це може бути ім\*(Aq� нового кори�тувача або ім\*(Aq� на�вного кори�тувача (або кори�тувача, запи� �кого �творено раніше за допомогою
-\fBnewusers\fR)\&. У випадку на�вного кори�тувача буде змінено дані щодо кори�тувача\&. Якщо запи�у кори�тувача не і�нуватиме, його буде �творено\&.
+It can be the name of a new user or the name of an existing user (or a user created before by
+\fBnewusers\fR)\&. In case of an existing user, the user\*(Aqs information will be changed, otherwise a new user will be created\&.
 .RE
 .PP
 \fIpw_passwd\fR
@@ -60,14 +60,13 @@ pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
 .RS 4
 Це поле буде викори�тано дл� визначенн� UID кори�тувача\&.
 .sp
-Якщо поле є порожнім, новий (невикори�таний) UID буде визначено
-\fBnewusers\fR
-автоматично\&.
+If the field is empty, a new (unused) UID will be defined automatically by
+\fBnewusers\fR\&.
 .sp
 Якщо у цьому полі мі�тить�� чи�ло, це чи�ло буде викори�тано �к UID\&.
 .sp
-Якщо у цьому полі мі�тить�� ім\*(Aq� на�вного кори�тувача (або ім\*(Aq� кори�тувача, запи� �кого було �творено раніше за допомогою
-\fBnewusers\fR), буде викори�тано UID вказаного кори�тувача\&.
+If this field contains the name of an existing user (or the name of a user created before by
+\fBnewusers\fR), the UID of the specified user will be used\&.
 .sp
 Якщо буде змінено UID на�вного кори�тувача, вла�ні�ть на файли файла кори�тувача має бути виправлено вручну\&.
 .RE
@@ -76,19 +75,19 @@ pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
 .RS 4
 Це поле викори�товують дл� визначенн� ідентифікатора о�новної групи кори�тувача\&.
 .sp
-Якщо у цьому полі мі�тить�� ім\*(Aq� на�вної групи (або групи, �ку раніше �творено за допомогою
-\fBnewusers\fR), GID цієї групи буде викори�тано �к ідентифікатор о�новної групи кори�тувача\&.
+If this field contains the name of an existing group (or a group created before by
+\fBnewusers\fR), the GID of this group will be used as the primary group ID for the user\&.
 .sp
 Якщо у цьому полі запи�ано чи�ло, це чи�ло буде викори�тано �к ідентифікатор о�новної групи кори�тувача\&. Якщо груп із цим GID не і�нує, буде �творено нову групу з цим GID і назвою, �ка збігаєть�� із іменем кори�тувача\&.
 .sp
-Якщо це поле є порожнім, буде �творено нову групу із назвою, �ка збігаєть�� із іменем кори�тувача, а GID буде автоматично визначено за допомогою
+If this field is empty, a new group will be created with the name of the user and a GID will be automatically defined by
 \fBnewusers\fR
-дл� викори�танн� �к ідентифікатора о�новної групи дл� кори�тувача і �к GID дл� нової групи\&.
+to be used as the primary group ID for the user and as the GID for the new group\&.
 .sp
-Якщо у цьому полі мі�тить�� назва групи, �кої не і�нує (і її не було �творено раніше за допомогою
-\fBnewusers\fR), буде �творено нову групу із вказаною назвою, а GID буде автоматично визначено за допомогою
+If this field contains the name of a group which does not exist (and was not created before by
+\fBnewusers\fR), a new group will be created with the specified name and a GID will be automatically defined by
 \fBnewusers\fR
-дл� викори�танн� �к ідентифікатора о�новної групи дл� кори�тувача і GID дл� нової групи\&.
+to be used as the primary group ID for the user and GID for the new group\&.
 .RE
 .PP
 \fIpw_gecos\fR
@@ -100,13 +99,13 @@ pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
 .RS 4
 Це поле призначено дл� визначенн� домашнього каталогу кори�тувача\&.
 .sp
-Якщо це поле не вказує на на�вний каталог, вказаний каталог буде �творено\&. Вла�ником буде кори�тувач, обліковий запи� �кого буде �творено або оновлено, та його о�новна група\&. Зауважте, що
-\fInewusers не �творює батьків�ьких каталогів\fR
-домашнього каталогу нового кори�тувача\&. Команда newusers не зможе �творити домашній каталог, �кщо не і�нує батьків�ьких щодо нього каталогів, і надішле повідомленн� до stderr із інформуванн�м кори�тувача про помилку\&. Команда newusers не перерве роботу і не поверне помилку до оболонки, з �кої її віддано, �кщо їй не вда�ть�� �творити домашній каталог, а продовжить обробку пакета вказаних нових кори�тувачів\&.
+If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that
+\fInewusers does not create parent directories \fR
+of the new user\*(Aqs home directory\&. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure\&. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&.
 .sp
-Якщо буде змінено домашній каталог на�вного кори�тувача,
+If the home directory of an existing user is changed,
 \fBnewusers\fR
-не пере�уватиме і не копіюватиме вмі�т �тарого каталогу до нового мі�ц�\&. Це доведеть�� зробити вручну\&.
+does not move or copy the content of the old directory to the new location\&. This should be done manually\&.
 .RE
 .PP
 \fIpw_shell\fR
@@ -115,13 +114,14 @@ pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
 .RE
 .PP
 \fBnewusers\fR
-�початку намагаєть�� �творити або змінити дані у�іх вказаних кори�тувачів, а потім запи�ує ці зміни до баз даних кори�тувачів або груп\&. Якщо �танеть�� помилка (окрім о�таточного запи�у до баз даних), змін до баз даних не вно�итимуть��\&.
+first tries to create or change all the specified users, and then write these changes to the user or group databases\&. If an error occurs (except in the final writes to the databases), no changes are committed to the databases\&.
 .PP
 Цю команду призначено дл� викори�танн� у великих �и�темних �ередовищах, де одноча�но оновлюють багато облікових запи�ів\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBnewusers\fR, є такими:
+The options which apply to the
+\fBnewusers\fR
+command are:
 .PP
 \fB\-\-badname\fR\ \&
 .RS 4
@@ -144,17 +144,18 @@ pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
 .RS 4
 Створити загально�и�темний обліковий запи�\&.
 .sp
-Запи�и загально�и�темних кори�тувачів буде �творено без даних щодо за�таріванн� у
-/etc/shadow, а їхні чи�лові ідентифікатори буде вибрано у діапазоні
-\fBSYS_UID_MIN\fR\-\fBSYS_UID_MAX\fR, �кий визначено у
-login\&.defs, а не у
+System users will be created with no aging information in
+/etc/shadow, and their numeric identifiers are chosen in the
+\fBSYS_UID_MIN\fR\-\fBSYS_UID_MAX\fR
+range, defined in
+login\&.defs, instead of
 \fBUID_MIN\fR\-\fBUID_MAX\fR
-(та їхніх відповідників
+(and their
 \fBGID\fR
-дл� �творенн� груп)\&.
+counterparts for the creation of groups)\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -167,14 +168,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 Викори�тати вказану кількі�ть циклів шифруванн� паролів\&.
 .sp
-Значенн� 0 означає, що �и�тема вибере типову кількі�ть проходів дл� методу шифруванн� (5000)\&.
-.sp
-Буде приму�ово в�тановлено мінімальне значенн� 1000 і мак�имальне значенн� 999999999\&.
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-Ви можете �кори�тати�� цим параметром у поєднанні із методами шифруванн� SHA256 або SHA512\&.
-.sp
-Типово, кількі�ть проходів визначаєть�� за допомогою змінних SHA_CRYPT_MIN_ROUNDS і SHA_CRYPT_MAX_ROUNDS у
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default is 5000\&.
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
@@ -183,9 +183,9 @@ directory\&. Only absolute paths are supported\&.
 Вам �лід переконати��, що паролі і метод шифруванн� відповідає правилам поводженн� з парол�ми у �и�темі\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 
 
 
diff --git a/man/uk/man8/nologin.8 b/man/uk/man8/nologin.8
index ee731e2..ae3599b 100644
--- a/man/uk/man8/nologin.8
+++ b/man/uk/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "nologin" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "nologin" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -34,21 +34,22 @@ nologin \- увічливо відмовити у вході до �и�теми
 \fBnologin\fR
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBnologin\fR
-виводить повідомленн� про те, що обліковий запи� є недо�тупним, і завершує роботу із ненульовим �таном\&. Команду призначено на заміну пол� командної оболонки дл� облікових запи�ів, �кі було вимкнено\&.
+command displays a message that an account is not available and exits non\-zero\&. It is intended as a replacement shell field for accounts that have been disabled\&.
 .PP
-Щоб взагалі вимкнути можливі�ть входу, ознайомте�� із документацією до
+To disable all logins, investigate
 \fBnologin\fR(5)\&.
 .PP
-Якщо в�тановлено значенн�
-\fBSSH_ORIGINAL_COMMAND\fR, дані буде запи�ано до журналу\&.
+If
+\fBSSH_ORIGINAL_COMMAND\fR
+is populated it will be logged\&.
 .SH "ДИВ\&. Т�КОЖ"
 .PP
 \fBlogin\fR(1),
 \fBnologin\fR(5)\&.
 .SH "ІСТОРІЯ"
 .PP
-Команда
+The
 \fBnologin\fR
-з\*(Aq�вила�� у BSD 4\&.4\&.
+command appeared in BSD 4\&.4\&.
diff --git a/man/uk/man8/pwck.8 b/man/uk/man8/pwck.8
index 8fdc3f7..bb3c08d 100644
--- a/man/uk/man8/pwck.8
+++ b/man/uk/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "pwck" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "pwck" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,15 +31,16 @@
 pwck \- перевірка цілі�но�ті файлів паролів
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBpwck\fR\ 'u
-\fBpwck\fR [параметри] [\fIФ�ЙЛ_П�РОЛІВ\fR\ [\ \fIФ�ЙЛ_SHADOW\fR\ ]]
+\fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
 .SH "ОПИС"
 .PP
-Команду
+The
 \fBpwck\fR
-призначено дл� перевірки цілі�но�ті даних щодо кори�тувачів і розпізнаванн�\&. Вона перевір�є, чи у�і запи�и у
+command verifies the integrity of the users and authentication information\&. It checks that all entries in
 /etc/passwd
-Ñ–
-/etc/shadowмають належне форматуванн� і мі�т�ть чинні дані\&. Програма попро�ить кори�тувача вилучити запи�и із помилковим форматуванн�м або іншими непридатними до виправленн� помилками\&.
+and
+/etc/shadow
+have the proper format and contain valid data\&. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors\&.
 .PP
 Буде виконано перевірки з метою переконати��, що кожен запи� має:
 .sp
@@ -109,10 +110,11 @@ pwck \- перевірка цілі�но�ті файлів паролів
 чинна оболонка входу
 .RE
 .PP
-Перевірки дл� даних прихованих паролів буде увімкнено, �кщо вказано другий параметр файла
-\fIФ�ЙЛ_SHADOW\fR
-або �кщо у �и�темі і�нує
-/etc/shadow\&.
+Checks for shadowed password information are enabled when the second file parameter
+\fISHADOWFILE\fR
+is specified or when
+/etc/shadow
+exists on the system\&.
 .PP
 Цими перевірками є такі:
 .sp
@@ -171,23 +173,26 @@ pwck \- перевірка цілі�но�ті файлів паролів
 о�танні зміни паролів не позначено ча�овими позначками у майбутньому
 .RE
 .PP
-Перевірки належної кілько�ті полів та унікально�ті імен кори�тувачів є критичними\&. Якщо у запи�і помилкова кількі�ть полів, програма попро�ить кори�тувача вилучити уве�ь р�док\&. Якщо кори�тувач не підтвердить дію з вилученн�, у�і на�тупні перевірки буде пропущено\&. Якщо буде ви�влено запи� із дублюванн�м імені кори�тувача, програма попро�ить вилучити його, але �кщо у цьому буде відмовлено, виконає решту перевірок\&. У�і інші помилки вважатимуть�� незначними \(em кори�тувачу буде рекомендовано віддати команду
-\fBusermod\fR, щоб виправити помилку\&.
+The checks for correct number of fields and unique user name are fatal\&. If the entry has the wrong number of fields, the user will be prompted to delete the entire line\&. If the user does not answer affirmatively, all further checks are bypassed\&. An entry with a duplicated user name is prompted for deletion, but the remaining checks will still be made\&. All other errors are warnings and the user is encouraged to run the
+\fBusermod\fR
+command to correct the error\&.
 .PP
-Команди, �кі мають �праву з файлом
-/etc/passwd, не зможуть змінити пошкоджені або дубльовані запи�и\&. У цих випадках �лід �кори�тати��
+The commands which operate on the
+/etc/passwd
+file are not able to alter corrupted or duplicated entries\&.
 \fBpwck\fR
-дл� вилученн� помилкового запи�у\&.
+should be used in those circumstances to remove the offending entry\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри
+The
 \fB\-r\fR
-Ñ–
+and
 \fB\-s\fR
-не можна поєднувати\&.
+options cannot be combined\&.
 .PP
-Параметри, �кі за�то�овують до команди
-\fBpwck\fR, є такими:
+The options which apply to the
+\fBpwck\fR
+command are:
 .PP
 \fB\-\-badname\fR\ \&
 .RS 4
@@ -206,12 +211,12 @@ pwck \- перевірка цілі�но�ті файлів паролів
 .PP
 \fB\-r\fR, \fB\-\-read\-only\fR
 .RS 4
-Виконати команду
+Execute the
 \fBpwck\fR
-у режимі лише читанн�\&.
+command in read\-only mode\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -222,27 +227,28 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fB\-s\fR, \fB\-\-sort\fR
 .RS 4
-Упор�дкувати запи�и у
+Sort entries in
 /etc/passwd
-Ñ–
+and
 /etc/shadow
-за UID\&.
+by UID\&.
 .RE
 .PP
-Типово,
+By default,
 \fBpwck\fR
-працює з файлами
+operates on the files
 /etc/passwd
-Ñ–
-/etc/shadow\&. Кори�тувач може вибрати альтернативні файли за допомогою параметрів
+and
+/etc/shadow\&. The user may select alternate files with the
 \fIpasswd\fR
-Ñ–
-\fIshadow\fR\&.
+and
+\fIshadow\fR
+parameters\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -261,47 +267,47 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBpwck\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI1\fR
 .RS 4
-некоректний �интак�и� команди
+invalid command syntax
 .RE
 .PP
 \fI2\fR
 .RS 4
-одна або декілька невдалих �проб вве�ти пароль
+one or more bad password entries
 .RE
 .PP
 \fI3\fR
 .RS 4
-не вдало�� відкрити файли паролів
+can\*(Aqt open password files
 .RE
 .PP
 \fI4\fR
 .RS 4
-не вдало�� заблокувати файли паролів
+can\*(Aqt lock password files
 .RE
 .PP
 \fI5\fR
 .RS 4
-не вдало�� оновити файли паролів
+can\*(Aqt update password files
 .RE
 .PP
 \fI6\fR
 .RS 4
-не вдало�� упор�дкувати файли паролів
+can\*(Aqt sort password files
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
-\fBгрупа\fR(5),
+\fBgroup\fR(5),
 \fBgrpck\fR(8),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
diff --git a/man/uk/man8/pwconv.8 b/man/uk/man8/pwconv.8
index 8264a36..9f2ec23 100644
--- a/man/uk/man8/pwconv.8
+++ b/man/uk/man8/pwconv.8
@@ -2,12 +2,12 @@
 .\"     Title: pwconv
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "pwconv" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "pwconv" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,98 +31,98 @@
 pwconv, pwunconv, grpconv, grpunconv \- перетворенн� на приховані паролі і групи, і навпаки
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBpwconv\fR\ 'u
-\fBpwconv\fR [\fIпараметри\fR]
+\fBpwconv\fR [\fIoptions\fR]
 .HP \w'\fBpwunconv\fR\ 'u
-\fBpwunconv\fR [\fIпараметри\fR]
+\fBpwunconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpconv\fR\ 'u
-\fBgrpconv\fR [\fIпараметри\fR]
+\fBgrpconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpunconv\fR\ 'u
-\fBgrpunconv\fR [\fIпараметри\fR]
+\fBgrpunconv\fR [\fIoptions\fR]
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBpwconv\fR
-�творює
+command creates
 \fIshadow\fR
-на о�нові
+from
 \fIpasswd\fR
-і, необов\*(Aq�зково, на�вного
+and an optionally existing
 \fIshadow\fR\&.
 .PP
-Команда
+The
 \fBpwunconv\fR
-�творює
+command creates
 \fIpasswd\fR
-на о�нові
+from
 \fIpasswd\fR
-Ñ–
-\fIshadow\fR, а потім вилучає
+and
+\fIshadow\fR
+and then removes
 \fIshadow\fR\&.
 .PP
-Команда
+The
 \fBgrpconv\fR
-�творює
+command creates
 \fIgshadow\fR
-на о�нові
-\fIгрупа\fR
-і, необов\*(Aq�зково, на�вного
+from
+\fIgroup\fR
+and an optionally existing
 \fIgshadow\fR\&.
 .PP
-Команда
+The
 \fBgrpunconv\fR
-�творює
-\fIгрупа\fR
-на о�нові
-\fIгрупа\fR
-Ñ–
-\fIgshadow\fR, а потім вилучає
+command creates
+\fIgroup\fR
+from
+\fIgroup\fR
+and
+\fIgshadow\fR
+and then removes
 \fIgshadow\fR\&.
 .PP
-Ці чотири програми працюють зі звичайними парол�ми та парол�ми shadow та файлами груп:
+These four programs all operate on the normal and shadow password and group files:
 /etc/passwd,
 /etc/group,
-/etc/shadow
-Ñ–
+/etc/shadow, and
 /etc/gshadow\&.
 .PP
-Кожна програма виконує належні блокуванн� перед перетворенн�м\&. Команди
+Each program acquires the necessary locks before conversion\&.
 \fBpwconv\fR
-Ñ–
+and
 \fBgrpconv\fR
-є еквівалентними\&. Спочатку, буде вилучено запи�и у файлі shadow, �ких немає в о�новному файлі\&. Потім буде оновлено запи�и shadow, у �ких не вказано \(Fox\(Fc, �к пароль, в о�новному файлі\&. Буде додано у�і пропущені запи�и shadow\&. �арешті, паролі в о�новному файлі буде замінено на \(Fox\(Fc\&. Цими програмами можна �кори�тати�� дл� початкового перетворенн�, а також дл� оновленн� файла shadow, �кщо до о�новного файла було вне�ено зміни вручну\&.
+are similar\&. First, entries in the shadowed file which don\*(Aqt exist in the main file are removed\&. Then, shadowed entries which don\*(Aqt have `x\*(Aq as the password in the main file are updated\&. Any missing shadowed entries are added\&. Finally, passwords in the main file are replaced with `x\*(Aq\&. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand\&.
 .PP
 \fBpwconv\fR
-викори�тає значенн�
+will use the values of
 \fIPASS_MIN_DAYS\fR,
-\fIPASS_MAX_DAYS\fR
-Ñ–
+\fIPASS_MAX_DAYS\fR, and
 \fIPASS_WARN_AGE\fR
-з
+from
 /etc/login\&.defs
-при додаванні нових запи�ів до
+when adding new entries to
 /etc/shadow\&.
 .PP
-Так �амо, є подібними команди
-\fBpwunconv\fR
-Ñ–
-\fBgrpunconv\fR\&. Паролі в о�новному файлі буде оновлено з файла shadow\&. Запи�и, �кі і�нують у о�новному файлі, але �ких немає у файлі shadow, буде залишено\&. �арешті, файл shadow буде вилучено\&. Робота
+Likewise
 \fBpwunconv\fR
-призведе до втрати де�ких даних щодо за�таріванн� паролів\&. Програма виконає перетворенн� лише тих даних, �кі можна перетворити\&.
+and
+\fBgrpunconv\fR
+are similar\&. Passwords in the main file are updated from the shadowed file\&. Entries which exist in the main file but not in the shadowed file are left alone\&. Finally, the shadowed file is removed\&. Some password aging information is lost by
+\fBpwunconv\fR\&. It will convert what it can\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
+The options which apply to the
 \fBpwconv\fR,
 \fBpwunconv\fR,
-\fBgrpconv\fR
-та
-\fBgrpunconv\fR, є такими:
+\fBgrpconv\fR, and
+\fBgrpunconv\fR
+commands are:
 .PP
 \fB\-h\fR, \fB\-\-help\fR
 .RS 4
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -132,23 +132,23 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "В�ДИ"
 .PP
-Помилки у файлах паролів або груп (зокрема некоректні або дубльовані запи�и) можуть �причинити зави�анн� або помилки у роботі цих програм\&. Будь ла�ка, запу�тіть
+Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways\&. Please run
 \fBpwck\fR
-Ñ–
+and
 \fBgrpck\fR
-дл� виправленн� таких помилок до перетворенн� паролів або груп shadow\&.
+to correct any such errors before converting to or from shadow passwords or groups\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказана нижче змінна налаштувань у
+The following configuration variable in
 /etc/login\&.defs
-змінює поведінку
+changes the behavior of
 \fBgrpconv\fR
-Ñ–
+and
 \fBgrpunconv\fR:
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку
+change the behavior of
 \fBpwconv\fR:
 .SH "Ф�ЙЛИ"
 .PP
diff --git a/man/uk/man8/sulogin.8 b/man/uk/man8/sulogin.8
index 1197390..66496ca 100644
--- a/man/uk/man8/sulogin.8
+++ b/man/uk/man8/sulogin.8
@@ -2,12 +2,12 @@
 .\"     Title: sulogin
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "sulogin" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "sulogin" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -76,9 +76,9 @@ should execute the sulogin command in single user mode\&.
 As complete an environment as possible is created\&. However, various devices may be unmounted or uninitialized and many of the user commands may be unavailable or nonfunctional as a result\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
diff --git a/man/uk/man8/useradd.8 b/man/uk/man8/useradd.8
index 1f92e73..573e877 100644
--- a/man/uk/man8/useradd.8
+++ b/man/uk/man8/useradd.8
@@ -2,12 +2,12 @@
 .\"     Title: useradd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "useradd" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "useradd" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,69 +31,73 @@
 useradd \- �творенн� запи�у кори�тувача або оновленн� відомо�тей щодо типового нового кори�тувача
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR [\fIпараметри\fR] \fIЗ�ПИС\fR
+\fBuseradd\fR [\fIoptions\fR] \fILOGIN\fR
 .HP \w'\fBuseradd\fR\ 'u
 \fBuseradd\fR \-D
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR \-D [\fIпараметри\fR]
+\fBuseradd\fR \-D [\fIoptions\fR]
 .SH "ОПИС"
 .PP
-Якщо програму викликано без параметра
-\fB\-D\fR, команда
+When invoked without the
+\fB\-D\fR
+option, the
 \fBuseradd\fR
-�творити обліковий запи� кори�тувача з викори�танн�м значень, �кі вказано у р�дку команди, і значень, �кі є типовими дл� �и�теми\&. Залежно від параметрів р�дка команди, команда
+command creates a new user account using the values specified on the command line plus the default values from the system\&. Depending on command line options, the
 \fBuseradd\fR
-оновить файли �и�теми і також може �творити домашній каталог нового кори�тувача і �копіювати туди початкові файли\&.
+command will update system files and may also create the new user\*(Aqs home directory and copy initial files\&.
 .PP
-Типово, дл� нового кори�тувача також буде �творено його вла�ну групу (див\&.
+By default, a group will also be created for the new user (see
 \fB\-g\fR,
 \fB\-N\fR,
-\fB\-U\fR
-Ñ–
+\fB\-U\fR, and
 \fBUSERGROUPS_ENAB\fR)\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBuseradd\fR, є такими:
+The options which apply to the
+\fBuseradd\fR
+command are:
 .PP
 \fB\-\-badname\fR\ \&
 .RS 4
 Дозволити назви, �кі не відповідають �тандартам\&.
 .RE
 .PP
-\fB\-b\fR, \fB\-\-base\-dir\fR \fIБ�ЗОВИЙ_К�Т�ЛОГ\fR
+\fB\-b\fR, \fB\-\-base\-dir\fR\ \&\fIBASE_DIR\fR
 .RS 4
-Типовий базовий каталог дл� �и�теми, �кщо не вказано
-\fB\-d\fR
-\fIДОМ�Ш�ІЙ_К�Т�ЛОГ\fR\&. Дл� визначенн� домашнього каталогу
-\fIБ�ЗОВИЙ_К�Т�ЛОГ\fR
-буде поєднано із назвою облікового запи�у\&.
+The default base directory for the system if
+\fB\-d\fR\ \&\fIHOME_DIR\fR
+is not specified\&.
+\fIBASE_DIR\fR
+is concatenated with the account name to define the home directory\&.
 .sp
-Якщо цей параметр не вказано,
+If this option is not specified,
 \fBuseradd\fR
-викори�тає базовий каталог, �кий вказано змінною
+will use the base directory specified by the
 \fBHOME\fR
-у
-/etc/default/useradd, або типовий каталог
-/home\&.
+variable in
+/etc/default/useradd, or
+/home
+by default\&.
 .RE
 .PP
-\fB\-c\fR, \fB\-\-comment\fR \fIКОМЕ�Т�Р\fR
+\fB\-c\fR, \fB\-\-comment\fR\ \&\fICOMMENT\fR
 .RS 4
 Будь\-�кий р�док тек�ту\&. Зазвичай, це короткий опи� облікового запи�у\&. У поточній вер�ії викори�тано �к поле дл� повного імені кори�тувача\&.
 .RE
 .PP
-\fB\-d\fR, \fB\-\-home\-dir\fR \fIДОМ�Ш�ІЙ_К�Т�ЛОГ\fR
+\fB\-d\fR, \fB\-\-home\-dir\fR\ \&\fIHOME_DIR\fR
 .RS 4
-�овий запи� кори�тувача буде �творено з викори�танн�м
-\fIДОМ�Ш�ІЙ_К�Т�ЛОГ\fR, �к значенн� дл� каталогу входу до �и�теми кори�тувача\&. Типовим значенн�м є допи�уванн� імені
-\fIЗ�ПИС\fR
-до
-\fIБ�ЗОВИЙ_К�Т�ЛОГ\fR
-і викори�танн� результату �к назви каталогу облікового запи�у\&. Якщо каталогу
-\fIДОМ�Ш�ІЙ_К�Т�ЛОГ\fR
-не і�нує, його буде �творено, �кщо не вказано параметр
-\fB\-M\fR\&.
+The new user will be created using
+\fIHOME_DIR\fR
+as the value for the user\*(Aqs login directory\&. The default is to append the
+\fILOGIN\fR
+name to
+\fIBASE_DIR\fR
+and use that as the login directory name\&. If the directory
+\fIHOME_DIR\fR
+does not exist, then it will be created unless the
+\fB\-M\fR
+option is specified\&.
 .RE
 .PP
 \fB\-D\fR, \fB\-\-defaults\fR
@@ -101,30 +105,30 @@ useradd \- Ñ�твореннÑ� запиÑ�у кориÑ�тувача або оноÐ
 Див\&. нижче, підрозділ \(FoЗміна типових значень\(Fc\&.
 .RE
 .PP
-\fB\-e\fR, \fB\-\-expiredate\fR \fIД�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ\fR
+\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
 .RS 4
-Дата, у �ку буде вимкнено обліковий запи� кори�тувача\&. Дату вказують у форматі
-\fIРРРР\-ММ\-ДД\fR\&.
+The date on which the user account will be disabled\&. The date is specified in the format
+\fIYYYY\-MM\-DD\fR\&.
 .sp
-Якщо не вказано,
+If not specified,
 \fBuseradd\fR
-викори�тає типову дату �троку дії, �кий вказано змінною
+will use the default expiry date specified by the
 \fBEXPIRE\fR
-у
-/etc/default/useradd, або типовий порожній р�док (необмежений �трок дії)\&.
+variable in
+/etc/default/useradd, or an empty string (no expiry) by default\&.
 .RE
 .PP
-\fB\-f\fR, \fB\-\-inactive\fR \fI�Е�КТИВ�ИЙ\fR
+\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
 .RS 4
-Визначає кількі�ть днів пі�л� перевищенн� паролем мак�имального віку, прот�гом �ких �и�тема очікуватиме на заміну парол� кори�тувачем\&. Значенн� зберігаєть�� у файлі паролів shadow\&. Вхідне значенн� 0 вимкне пароль, �трок дії �кого вичерпано, без затримки\&. Вхідне значенн� \-1 призведе до вилученн� відповідного пол� у файлі паролів shadow\&. Див\&.
-\fBshadow\fR(5), щоб дізнати�� більше\&.
+defines the number of days after the password exceeded its maximum age where the user is expected to replace this password\&. The value is stored in the shadow password file\&. An input of 0 will disable an expired password with no delay\&. An input of \-1 will blank the respective field in the shadow password file\&. See
+\fBshadow\fR(5)for more information\&.
 .sp
-Якщо не вказано,
+If not specified,
 \fBuseradd\fR
-викори�тає типовий період неактивно�ті, �кий вказано змінною
-\fB�Е�КТИВ�ИЙ\fR
-у
-/etc/default/useradd, або типове значенн� \-1\&.
+will use the default inactivity period specified by the
+\fBINACTIVE\fR
+variable in
+/etc/default/useradd, or \-1 by default\&.
 .RE
 .PP
 \fB\-F\fR, \fB\-\-add\-subids\-for\-system\fR
@@ -138,7 +142,7 @@ even when creating a system account with
 option\&.
 .RE
 .PP
-\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
 .RS 4
 �азва або номер о�новної групи кори�тувача\&. Відповідна група має і�нувати\&. �омер групи має вказувати на вже на�вну групу\&.
 .sp
@@ -161,10 +165,15 @@ variable in
 /etc/default/useradd, or 1000 by default\&.
 .RE
 .PP
-\fB\-G\fR, \fB\-\-groups\fR \fIГРУП�1\fR[\fI,ГРУП�2,\&.\&.\&.\fR[\fI,ГРУП�N\fR]]]
+\fB\-G\fR, \fB\-\-groups\fR\ \&\fIGROUP1\fR[\fI,GROUP2,\&.\&.\&.\fR[\fI,GROUPN\fR]]]
 .RS 4
-Спи�ок додаткових груп, уча�ником �ких також буде кори�тувач\&. Групи у �пи�ку �лід відокремлювати комою, без проміжного пробілу\&. Групи підл�гатимуть тим �амим обмеженн�м, що і група, �ку задано параметром
-\fB\-g\fR\&. Типовою поведінкою є належні�ть кори�тувача лише до початкової групи\&.
+A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
+\fB\-g\fR
+option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
+\fBGROUPS\fR
+to the file
+/etc/default/useradd
+which in turn will add all users to those supplementary groups\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -172,45 +181,47 @@ variable in
 Показати довідкове повідомленн� і завершити роботу\&.
 .RE
 .PP
-\fB\-k\fR, \fB\-\-skel\fR \fISKEL_DIR\fR
+\fB\-k\fR, \fB\-\-skel\fR\ \&\fISKEL_DIR\fR
 .RS 4
-Карка�ний каталог, �кий мі�тить файли і каталоги, �кі буде �копійовано до домашнього каталогу кори�тувача, коли такий домашній каталог �творюєть�� командою
+The skeleton directory, which contains files and directories to be copied in the user\*(Aqs home directory, when the home directory is created by
 \fBuseradd\fR\&.
 .sp
-Цей параметр є чинним, лише �кщо вказано параметр
+This option is only valid if the
 \fB\-m\fR
-(або
-\fB\-\-create\-home\fR)\&.
+(or
+\fB\-\-create\-home\fR) option is specified\&.
 .sp
-Якщо не вказано цей параметр, каталог карка�них даних буде визначено змінною
+If this option is not set, the skeleton directory is defined by the
 \fBSKEL\fR
-у
+variable in
 /etc/default/useradd
-або, типово,
+or, by default,
 /etc/skel\&.
 .sp
+Absolute symlinks that link back to the skel directory will have the
+/etc/skel
+prefix replaced with the user\*(Aqs home directory\&.
+.sp
 Якщо можна, буде �копійовано ACL і розширені атрибути\&.
 .RE
 .PP
-\fB\-K\fR, \fB\-\-key\fR \fIКЛЮЧ\fR=\fIЗ��ЧЕ��Я\fR
+\fB\-K\fR, \fB\-\-key\fR\ \&\fIKEY\fR=\fIVALUE\fR
 .RS 4
-Має пріоритет на типовими значенн�ми з
+Overrides
 /etc/login\&.defs
-(\fBUID_MIN\fR,
+defaults (\fBUID_MIN\fR,
 \fBUID_MAX\fR,
 \fBUMASK\fR,
 \fBPASS_MAX_DAYS\fR
-та іншими)\&.
+and others)\&.
 .sp
-Приклад: можна �кори�тати��
-\fB\-K\fR
-\fIPASS_MAX_DAYS\fR=\fI\-1\fR
-при �творенні облікового запи�у дл� вимиканн� за�таріванн� парол�\&. Може бути вказано декілька параметрів
-\fB\-K\fR\&. Приклад:
-\fB\-K\fR
-\fIUID_MIN\fR
-=\fI100\fR
+Example:
+\fB\-K\fR\ \&\fIPASS_MAX_DAYS \fR=\fI\-1\fR
+can be used when creating an account to turn off password aging\&. Multiple
 \fB\-K\fR
+options can be specified, e\&.g\&.:
+\fB\-K\fR\ \&\fIUID_MIN\fR
+=\fI100\fR\ \&\fB\-K\fR\ \&
 \fIUID_MAX\fR=\fI499\fR
 .RE
 .PP
@@ -220,21 +231,24 @@ variable in
 .sp
 Типово, запи�и кори�тувачів у базах даних lastlog і faillog буде �кинуто до початкових даних, щоб уникнути повторного викори�танн� запи�ів, �кі лишили�� від раніше вилучених кори�тувачів\&.
 .sp
-Якщо не вказано цей параметр,
+If this option is not specified,
 \fBuseradd\fR
-також врахує значенн� змінної
+will also consult the variable
 \fBLOG_INIT\fR
-у
-/etc/default/useradd, �кщо дл� неї в�тановлено значенн� no, запи� кори�тувача не буде додано до баз даних lastlog і faillog\&.
+in the
+/etc/default/useradd
+if set to no the user will not be added to the lastlog and faillog databases\&.
 .RE
 .PP
 \fB\-m\fR, \fB\-\-create\-home\fR
 .RS 4
-Створити домашній каталог кори�тувача, �кщо такого ще не і�нує\&. До такого домашнього каталогу буде �копійовано файли і каталоги з карка�ного каталогу (�кий можна визначити за допомогою параметра
-\fB\-k\fR)\&.
+Create the user\*(Aqs home directory if it does not exist\&. The files and directories contained in the skeleton directory (which can be defined with the
+\fB\-k\fR
+option) will be copied to the home directory\&.
 .sp
-Типово, �кщо цей параметр не вказано і не увімкнено
-\fBCREATE_HOME\fR, програма не �творюватиме домашніх каталогів\&.
+By default, if this option is not specified and
+\fBCREATE_HOME\fR
+is not enabled, no home directories are created\&.
 .sp
 Каталог, де буде �творено домашній каталог кори�тувача, має і�нувати і мати належний контек�т SELinux і права до�тупу\&. Якщо ці умови не буде виконано, програма не зможе �творити домашній каталог кори�тувача або �творений каталог буде недо�тупним\&.
 .RE
@@ -249,20 +263,20 @@ Do not create the user\*(Aqs home directory, even if the system wide setting fro
 .PP
 \fB\-N\fR, \fB\-\-no\-user\-group\fR
 .RS 4
-�е �творювати групи, назва �кої збігаєть�� із назвою облікового запи�у кори�тувача, а додати кори�тувача до групи, �ку вказано параметром
+Do not create a group with the same name as the user, but add the user to the group specified by the
 \fB\-g\fR
-або змінною
+option or by the
 \fBGROUP\fR
-у
+variable in
 /etc/default/useradd\&.
 .sp
-Типову поведінку (�кщо не вказано параметрів
+The default behavior (if the
 \fB\-g\fR,
-\fB\-N\fR
-Ñ–
-\fB\-U\fR) буде визначено змінною
+\fB\-N\fR, and
+\fB\-U\fR
+options are not specified) is defined by the
 \fBUSERGROUPS_ENAB\fR
-у
+variable in
 /etc/login\&.defs\&.
 .RE
 .PP
@@ -270,20 +284,20 @@ Do not create the user\*(Aqs home directory, even if the system wide setting fro
 .RS 4
 Дозвол�є �творенн� облікового запи�у із на�вним UID\&.
 .sp
-Цей параметр можна викори�товувати лише у поєднанні із параметром
-\fB\-u\fR\&. О�кільки профіль кори�тувача �лугує ключем дл� прив\*(Aq�зки кори�тувачів до прав до�тупу, прав вла�но�ті на файли та інших а�пектів загально�и�темної поведінки, до�туп до облікового запи�у із заданим UID матимуть декілька облікових запи�ів дл� входу до �и�теми\&.
+This option is only valid in combination with the
+\fB\-u\fR
+option\&. As a user identity serves as key to map between users on one hand and permissions, file ownerships and other aspects that determine the system\*(Aqs behavior on the other hand, more than one login name will access the account of the given UID\&.
 .RE
 .PP
-\fB\-p\fR, \fB\-\-password\fR \fIП�РОЛЬ\fR
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
 .RS 4
-визначає початковий пароль до облікового запи�у\&. П�РОЛЬ має бути зашифровано у форматі, �кий повертає
-\fBcrypt\fR(3)\&. У �крипті оболонки цей параметр надає змогу ефективно �творювати запи�и кори�тувачів у пакетному режимі\&.
+defines an initial password for the account\&. PASSWORD is expected to be encrypted, as returned by
+\fBcrypt \fR(3)\&. Within a shell script, this option allows to create efficiently batches of users\&.
 .sp
-Без цього параметра новий обліковий запи� буде заблоковано; дл� нього також не буде визначено парол�, тобто у відповідному полі файла
-/etc/shadow\&. Це �тан, у �кому кори�тувач не зможе отримати до�туп до облікового запи�у або визначити пароль вла�норуч\&.
+Without this option, the new account will be locked and with no password defined, i\&.e\&. a single exclamation mark in the respective field of
+/etc/shadow\&. This is a state where the user won\*(Aqt be able to access the account or to define a password himself\&.
 .sp
-\fBЗауваженн�:\fR
-не рекомендуємо кори�тувати�� цим параметром у командному р�дку, о�кільки пароль (або шифрований пароль) буде видимим дл� кори�тувачів, �кі мають до�туп до �пи�ку проце�ів\&.
+\fBNote:\fRAvoid this option on the command line because the password (or encrypted password) will be visible by users listing the processes\&.
 .sp
 Вам �лід переконати��, що пароль відповідає правилам �кладанн� паролів �и�теми\&.
 .RE
@@ -292,21 +306,23 @@ Do not create the user\*(Aqs home directory, even if the system wide setting fro
 .RS 4
 Створити загально�и�темний обліковий запи�\&.
 .sp
-Запи�и загально�и�темних кори�тувачів буде �творено без даних щодо за�таріванн� у
-/etc/shadow, а їхні чи�лові ідентифікатори буде вибрано у діапазоні
-\fBSYS_UID_MIN\fR\-\fBSYS_UID_MAX\fR, �кий визначено у
-/etc/login\&.defs, а не у
+System users will be created with no aging information in
+/etc/shadow, and their numeric identifiers are chosen in the
+\fBSYS_UID_MIN\fR\-\fBSYS_UID_MAX\fR
+range, defined in
+/etc/login\&.defs, instead of
 \fBUID_MIN\fR\-\fBUID_MAX\fR
-(та їхніх відповідників
+(and their
 \fBGID\fR
-дл� �творенн� груп)\&.
+counterparts for the creation of groups)\&.
 .sp
-Зауважте, що
+Note that
 \fBuseradd\fR
-не �творюватиме домашнього каталогу дл� такого кори�тувача, незалежно від того, �ким є типове значенн� параметра у
+will not create a home directory for such a user, regardless of the default setting in
 /etc/login\&.defs
-(\fBCREATE_HOME\fR)\&. вам �лід вказати параметри
-\fB\-m\fR, �кщо ви хочете, щоб дл� загально�и�темного облікового запи�у було �творено домашній каталог\&.
+(\fBCREATE_HOME\fR)\&. You have to specify the
+\fB\-m\fR
+options if you want a home directory for a system account to be created\&.
 .sp
 Note that this option will not update
 /etc/subuid
@@ -316,7 +332,7 @@ and
 options if you want to update the files for a system account to be created\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -325,13 +341,13 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-P\fR, \fB\-\-prefix\fR \fIК�Т�ЛОГ_ПРЕФІКС�\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
 .RS 4
-За�то�увати зміни до файлів налаштувань у кореневій файловій �и�темі з каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR\&. Викори�танн� цього параметра не змінює кореневої теки\&. Параметр призначено лише дл� приготуванн� цілі дл� компіл�ції коду дл� іншої операційної �и�теми\&. Обмеженн�: не буде виконано перевірку кори�тувачів/груп NIS і LDAP\&. При розпізнаванні у PAM буде викори�тано файли о�новної �и�теми\&. Підтримки SELINUX не передбачено\&.
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
 .RE
 .PP
-\fB\-s\fR, \fB\-\-shell\fR \fIОБОЛО�К�\fR
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
 .RS 4
 sets the path to the user\*(Aqs login shell\&. Without this option, the system will use the
 \fBSHELL\fR
@@ -341,127 +357,144 @@ variable specified in
 remains empty\&.
 .RE
 .PP
-\fB\-u\fR, \fB\-\-uid\fR \fIUID\fR
+\fB\-u\fR, \fB\-\-uid\fR\ \&\fIUID\fR
 .RS 4
-Чи�лове значенн� ідентифікатора кори�тувача\&. Це значенн� має бути унікальним, �кщо не викори�тано параметр
-\fB\-o\fR\&. Значенн� має бути невід\*(Aqємним\&. Типово, буде викори�тано найменше значенн� ідентифікатора, �ке перевищує або дорівнює значенню
+The numerical value of the user\*(Aqs ID\&. This value must be unique, unless the
+\fB\-o\fR
+option is used\&. The value must be non\-negative\&. The default is to use the smallest ID value greater than or equal to
 \fBUID_MIN\fR
-і є більшим за значенн� дл� будь\-�кого іншого кори�тувача\&.
+and greater than every other user\&.
 .sp
-Див\&. також опи�и параметрів
+See also the
 \fB\-r\fR
-Ñ–
-\fBUID_MAX\fR\&.
+option and the
+\fBUID_MAX\fR
+description\&.
 .RE
 .PP
 \fB\-U\fR, \fB\-\-user\-group\fR
 .RS 4
 Створити групу, назва �кої збігаєть�� із назвою облікового запи�у кори�тувача, додати кори�тувача до цієї групи\&.
 .sp
-Типову поведінку (�кщо не вказано параметрів
+The default behavior (if the
 \fB\-g\fR,
-\fB\-N\fR
-Ñ–
-\fB\-U\fR) буде визначено змінною
+\fB\-N\fR, and
+\fB\-U\fR
+options are not specified) is defined by the
 \fBUSERGROUPS_ENAB\fR
-у
+variable in
 /etc/login\&.defs\&.
 .RE
 .PP
-\fB\-Z\fR, \fB\-\-selinux\-user\fR \fISEКОРИСТУВ�Ч\fR
+\fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-Визначає кори�тувача SELinux дл� нового облікового запи�у\&. Без цього параметра, SELinux викори�тає типового кори�тувача\&. Зауважте, що �и�тема shadow не зберігає кори�тувача selinux \(em дл� цього вона викори�товує
-\fBsemanage\fR(8)\&.
+defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+\fBsemanage\fR(8)
+for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SS "Зміна типових значень"
 .PP
-Якщо програму викликано лише з параметром
-\fB\-D\fR,
+When invoked with only the
+\fB\-D\fR
+option,
 \fBuseradd\fR
-виведе поточні типові значенн�\&. Якщо виклик відбув�� з параметром
+will display the current default values\&. When invoked with
 \fB\-D\fR
-та іншими параметрами,
+plus other options,
 \fBuseradd\fR
-оновить типові значенн� дл� вказаних параметрів\&. Коректними параметрами дл� зміни типових значень є такі:
+will update the default values for the specified options\&. Valid default\-changing options are:
 .PP
-\fB\-b\fR, \fB\-\-base\-dir\fR \fIБ�ЗОВИЙ_К�Т�ЛОГ\fR
+\fB\-b\fR, \fB\-\-base\-dir\fR\ \&\fIBASE_DIR\fR
 .RS 4
-В�тановлює префік� шл�ху дл� домашнього каталогу нового кори�тувача\&. �азву облікового запи�у кори�тувача буде допи�ано наприкінці
-\fIБ�ЗОВИЙ_К�Т�ЛОГ\fR
-дл� �творенн� назви домашнього каталогу нового кори�тувача, �кщо під ча� �творенн� облікового запи�у не було викори�тано параметр
-\fB\-d\fR\&.
+sets the path prefix for a new user\*(Aqs home directory\&. The user\*(Aqs name will be affixed to the end of
+\fIBASE_DIR\fR
+to form the new user\*(Aqs home directory name, if the
+\fB\-d\fR
+option is not used when creating a new account\&.
 .sp
-Цей параметр в�тановлює значенн� змінної
+This option sets the
 \fBHOME\fR
-у
+variable in
 /etc/default/useradd\&.
 .RE
 .PP
-\fB\-e\fR, \fB\-\-expiredate\fR \fIД�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ\fR
+\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
 .RS 4
 В�тановлює дату вимиканн� ново�творених облікових запи�ів кори�тувачів\&.
 .sp
-Цей параметр в�тановлює значенн� змінної
+This option sets the
 \fBEXPIRE\fR
-у
+variable in
 /etc/default/useradd\&.
 .RE
 .PP
-\fB\-f\fR, \fB\-\-inactive\fR \fI�Е�КТИВ�ИЙ\fR
+\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
 .RS 4
-Визначає кількі�ть днів пі�л� перевищенн� паролем мак�имального віку, прот�гом �ких �и�тема очікуватиме на заміну парол� кори�тувачем\&. Див\&.
-\fBshadow\fR(5), щоб дізнати�� більше\&.
+defines the number of days after the password exceeded its maximum age where the user is expected to replace this password\&. See
+\fBshadow\fR(5)for more information\&.
 .sp
-Цей параметр в�тановлює значенн� змінної
-\fB�Е�КТИВ�ИЙ\fR
-у
+This option sets the
+\fBINACTIVE\fR
+variable in
 /etc/default/useradd\&.
 .RE
 .PP
-\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
 .RS 4
 В�тановлює типову о�новну групу дл� ново�творених запи�ів кори�тувачів\&. Можна вказати назву групи або чи�ловий ідентифікатор групи\&. Вказана за назвою група має і�нувати, а GID має бути на�вним запи�ом\&.
 .sp
-Цей параметр в�тановлює значенн� змінної
+This option sets the
 \fBGROUP\fR
-у
+variable in
 /etc/default/useradd\&.
 .RE
 .PP
-\fB\-s\fR, \fB\-\-shell\fR \fIОБОЛО�К�\fR
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
 .RS 4
 Визначає типову оболонку входу дл� нових кори�тувачів\&.
 .sp
-Цей параметр в�тановлює значенн� змінної
-\fBОБОЛО�К�\fR
-у
+This option sets the
+\fBSHELL\fR
+variable in
 /etc/default/useradd\&.
 .RE
 .SH "ПРИМІТКИ"
 .PP
-За розташуванн� типових файлів кори�тувача у каталозі
+The system administrator is responsible for placing the default user files in the
 /etc/skel/
-(або будь\-�кому іншому карка�ному каталозі, �кий вказано у
+directory (or any other skeleton directory specified in
 /etc/default/useradd
-або р�дку команди) відповідає адміні�тратор �и�теми\&.
+or on the command line)\&.
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
 �е можна додавати кори�тувача до групи NIS або LDAP\&. Дл� таких груп цю дію має бути виконано на відповідному �ервері\&.
 .PP
-Так �амо, �кщо ім\*(Aq� кори�тувача вже і�нує у зовнішній базі даних кори�тувачів, зокрема NIS або LDAP,
+Similarly, if the username already exists in an external user database such as NIS or LDAP,
 \fBuseradd\fR
-відмовить у запиті щодо �творенн� облікового запи�у кори�тувача\&.
+will deny the user account creation request\&.
 .PP
 Usernames may contain only lower and upper case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. Dashes are not allowed at the beginning of the username\&. Fully numeric usernames and usernames \&. or \&.\&. are also disallowed\&. It is not recommended to use usernames beginning with \&. character as their home directories will be hidden in the
 \fBls\fR
 output\&.
 .PP
-Довжина імен кори�тувачів не може перевищувати 32 �имволи\&.
+Довжина імен кори�тувачів не може перевищувати 256 �имволи\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/passwd
@@ -491,14 +524,16 @@ output\&.
 .PP
 /etc/shadow\-maint/useradd\-pre\&.d/*, /etc/shadow\-maint/useradd\-post\&.d/*
 .RS 4
-Файли, �кі буде виконано під ча� додаванн� запи�у кори�тувача\&. Змінну �ередовища
+Run\-part files to execute during user addition\&. The environment variable
 \fBACTION\fR
-буде заповнено командою useradd, а змінну �ередовища
+will be populated with useradd and
 \fBSUBJECT\fR
-\(em
-\fBкори�тувач\fR\&. Перед додаванн�м запи�у кори�тувача буде виконано
-useradd\-pre\&.d\&. Пі�л� додаванн� запи�у кори�тувача буде виконано
-useradd\-post\&.d\&. Якщо �таном виходу зі �крипту буде ненульове значенн�, виконанн� дій буде перервано\&.
+with the
+\fBusername\fR\&.
+useradd\-pre\&.d
+will be executed prior to any user addition\&.
+useradd\-post\&.d
+will execute after user addition\&. If a script exits non\-zero then execution will terminate\&.
 .RE
 .PP
 /etc/skel/
@@ -522,39 +557,39 @@ useradd\-post\&.d\&. Якщо �таном виходу зі �крипту бу
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBuseradd\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI1\fR
 .RS 4
-не вдало�� оновити файл паролів
+can\*(Aqt update password file
 .RE
 .PP
 \fI2\fR
 .RS 4
-некоректний �интак�и� команди
+invalid command syntax
 .RE
 .PP
 \fI3\fR
 .RS 4
-некоректний аргумент параметра
+invalid argument to option
 .RE
 .PP
 \fI4\fR
 .RS 4
-UID вже викори�тано (і не вказано
+UID already in use (and no
 \fB\-o\fR)
 .RE
 .PP
 \fI6\fR
 .RS 4
-вказаної групи не і�нує
+specified group doesn\*(Aqt exist
 .RE
 .PP
 \fI9\fR
@@ -564,17 +599,17 @@ username or group name already in use
 .PP
 \fI10\fR
 .RS 4
-не вдало�� оновити файл груп
+can\*(Aqt update group file
 .RE
 .PP
 \fI12\fR
 .RS 4
-не вдало�� �творити домашній каталог
+can\*(Aqt create home directory
 .RE
 .PP
 \fI14\fR
 .RS 4
-не вдало�� оновити прив\*(Aq�зку кори�тувача SELinux
+can\*(Aqt update SELinux user mapping
 .RE
 .SH "ДИВ\&. Т�КОЖ"
 .PP
diff --git a/man/uk/man8/userdel.8 b/man/uk/man8/userdel.8
index aa40150..014809e 100644
--- a/man/uk/man8/userdel.8
+++ b/man/uk/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "userdel" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "userdel" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,31 +31,33 @@
 userdel \- вилученн� облікового запи�у кори�тувача і пов\*(Aq�заних файлів
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBuserdel\fR\ 'u
-\fBuserdel\fR [параметри] \fIЗ�ПИС\fR
+\fBuserdel\fR [options] \fILOGIN\fR
 .SH "ОПИС"
 .PP
-Команда
+The
 \fBuserdel\fR
-вно�ить зміни до файлів загально�и�темних облікових запи�ів, вилучаючи у�і запи�и, �кі �то�ують�� імені кори�тувача
-\fIЗ�ПИС\fR\&. Іменований запи� кори�тувача має і�нувати\&.
+command modifies the system account files, deleting all entries that refer to the user name
+\fILOGIN\fR\&. The named user must exist\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBuserdel\fR, є такими:
+The options which apply to the
+\fBuserdel\fR
+command are:
 .PP
 \fB\-f\fR, \fB\-\-force\fR
 .RS 4
-Цей параметр наказує програмі вилучити обліковий запи� кори�тувача, навіть �кщо кори�тувач у�е ще працює у �и�темі\&. Також він наказує
+This option forces the removal of the user account, even if the user is still logged in\&. It also forces
 \fBuserdel\fR
-вилучити домашній каталог кори�тувача і поштовий буфер, навіть �кщо цим домашнім каталогом кори�туєть�� інший кори�тувач або �кщо вла�ником поштового буфера не є вказаний кори�тувач\&. Якщо дл�
+to remove the user\*(Aqs home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user\&. If
 \fBUSERGROUPS_ENAB\fR
-в�тановлено значенн�
-\fIтак\fR
-у
-/etc/login\&.defs, і �кщо і�нує група із тією �амою назвою, що і назва облікового запи�у, цю групу буде вилучено, навіть �кщо вона в�е ще є о�новною групою іншого кори�тувача\&.
+is defined to
+\fIyes\fR
+in
+/etc/login\&.defs
+and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user\&.
 .sp
-\fIЗауваженн�:\fR
-цей параметр є небезпечним і може переве�ти вашу �и�тему у неузгоджений �тан\&.
+\fINote:\fR
+This option is dangerous and may leave your system in an inconsistent state\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -67,13 +69,14 @@ userdel \- вилученн� облікового запи�у кори�тув
 .RS 4
 Файли у домашньому каталозі кори�тувача буде вилучено разом з �амим домашнім каталогом та поштовим буфером кори�тувача\&. Файли у інших файлових �и�темах �лід знайти і вилучити вручну\&.
 .sp
-Поштовий буфер визначаєть�� змінною
+The mail spool is defined by the
 \fBMAIL_DIR\fR
-у файлі
-login\&.defs\&.
+variable in the
+login\&.defs
+file\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -82,12 +85,13 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-P\fR, \fB\-\-prefix\fR \fIК�Т�ЛОГ_ПРЕФІКС�\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
 .RS 4
-За�то�увати зміни до каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR
-і викори�тати файли налаштувань з каталогу
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR\&. Викори�танн� цього параметра не змінює кореневої теки\&. Параметр призначено лише дл� приготуванн� цілі дл� компіл�ції коду дл� іншої операційної �и�теми\&. Обмеженн�: не буде виконано перевірку кори�тувачів/груп NIS і LDAP\&. При розпізнаванні у PAM буде викори�тано файли о�новної �и�теми\&. Підтримки SELINUX не передбачено\&.
+Apply changes in the
+\fIPREFIX_DIR\fR
+directory and use the configuration files from the
+\fIPREFIX_DIR\fR
+directory\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
 .RE
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR
@@ -96,9 +100,9 @@ directory\&. Only absolute paths are supported\&.
 .RE
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -123,15 +127,17 @@ directory\&. Only absolute paths are supported\&.
 .PP
 /etc/shadow\-maint/userdel\-pre\&.d/*, /etc/shadow\-maint/userdel\-post\&.d/*
 .RS 4
-Файли, �кі буде виконано під ча� вилученн� запи�у кори�тувача\&. Змінну �ередовища
+Run\-part files to execute during user deletion\&. The environment variable
 \fBACTION\fR
-буде заповнено командами
+will be populated with
 \fBuserdel\fR
-Ñ–
+and
 \fBSUBJECT\fR
-з іменем кори�тувача\&. Перед вилученн�м запи�у кори�тувача буде виконано
-userdel\-pre\&.d\&. Пі�л� додаванн� запи�у кори�тувача буде виконано
-userdel\-post\&.d\&. Якщо �таном виходу зі �крипту буде ненульове значенн�, виконанн� дій буде перервано\&.
+with the username\&.
+userdel\-pre\&.d
+will be executed prior to any user deletion\&.
+userdel\-post\&.d
+will execute after user deletion\&. If a script exits non\-zero then execution will terminate\&.
 .RE
 .PP
 /etc/subgid
@@ -145,65 +151,67 @@ userdel\-post\&.d\&. Якщо �таном виходу зі �крипту бу
 .RE
 .SH "З��ЧЕ��Я ВИХОДУ"
 .PP
-Команда
+The
 \fBuserdel\fR
-завершує роботу із такими значенн�ми:
+command exits with the following values:
 .PP
 \fI0\fR
 .RS 4
-у�піх
+success
 .RE
 .PP
 \fI1\fR
 .RS 4
-не вдало�� оновити файл паролів
+can\*(Aqt update password file
 .RE
 .PP
 \fI2\fR
 .RS 4
-некоректний �интак�и� команди
+invalid command syntax
 .RE
 .PP
 \fI6\fR
 .RS 4
-вказаного запи�у кори�тувача не і�нує
+specified user doesn\*(Aqt exist
 .RE
 .PP
 \fI8\fR
 .RS 4
-поточний кори�тувач �и�теми
+user currently logged in
 .RE
 .PP
 \fI10\fR
 .RS 4
-не вдало�� оновити файл груп
+can\*(Aqt update group file
 .RE
 .PP
 \fI12\fR
 .RS 4
-не вдало�� вилучити домашній каталог
+can\*(Aqt remove home directory
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
 \fBuserdel\fR
-не дозволить вам вилучити обліковий запи�, �кщо цьому обліковому запи�у належать �кі�ь запущені проце�и\&. У випадку на�вно�ті таких проце�ів ви можете завершити їх роботу або заблокувати пароль чи обліковий запи� кори�тувача і вилучити обліковий запи� пізніше\&. Виконати вилученн� цього облікового запи�у у приму�овому режимі можна за допомогою параметра
-\fB\-f\fR\&.
+will not allow you to remove an account if there are running processes which belong to this account\&. In that case, you may have to kill those processes or lock the user\*(Aqs password or account and remove the account later\&. The
+\fB\-f\fR
+option can force the deletion of this account\&.
 .PP
 Вам �лід виконати перевірку у�іх файлових �и�тем вручну, щоб переконати��, щоб не лишило�� жодних файлів, �кі належать цьому кори�тувачу\&.
 .PP
 Ви не зможете вилучити атрибути NIS з клієнта NIS\&. Виконати це завданн� можна лише на �ервері NIS\&.
 .PP
-Якщо дл�
+If
 \fBUSERGROUPS_ENAB\fR
-в�тановлено значенн�
-\fIтак\fR
-у
+is defined to
+\fIyes\fR
+in
 /etc/login\&.defs,
 \fBuserdel\fR
-вилучить групу, �ка має назву, що збігаєть�� із назвою облікового запи�у кори�тувача\&. Щоб уникнути неузгоджено�тей у базах даних passwd і груп,
+will delete the group with the same name as the user\&. To avoid inconsistencies in the passwd and group databases,
 \fBuserdel\fR
-виконає перевірку того, чи не викори�товуєть�� ц� група �к о�новна група іншого кори�тувача\&. Якщо викори�товуєть��, програма попередить ва� без вилученн� групи\&. Приму�ово вилучити цю групу можна за допомогою параметра
-\fB\-f\fR\&.
+will check that this group is not used as a primary group for another user, and will just warn without deleting the group otherwise\&. The
+\fB\-f\fR
+option can force the deletion of this group\&.
 .SH "ДИВ\&. Т�КОЖ"
 .PP
 \fBchfn\fR(1),
diff --git a/man/uk/man8/usermod.8 b/man/uk/man8/usermod.8
index 40151ca..66e6861 100644
--- a/man/uk/man8/usermod.8
+++ b/man/uk/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "usermod" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "usermod" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,20 +31,23 @@
 usermod \- зміна облікового запи�у кори�тувача
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBusermod\fR\ 'u
-\fBusermod\fR [\fIпараметри\fR] \fIЗ�ПИС\fR
+\fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "ОПИС"
 .PP
+The
 \fBusermod\fR
-вно�ить зміни до файлів загально�и�темних облікових запи�ів\&.
+command modifies the system account files\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команди
-\fBusermod\fR, є такими:
+The options which apply to the
+\fBusermod\fR
+command are:
 .PP
 \fB\-a\fR, \fB\-\-append\fR
 .RS 4
-Додати кори�тувача до допоміжних груп\&. Викори�товуйте лише у поєднанні з параметром
-\fB\-G\fR\&.
+Add the user to the supplementary group(s)\&. Use only with the
+\fB\-G\fR
+option\&.
 .RE
 .PP
 \fB\-b\fR, \fB\-\-badname\fR
@@ -52,46 +55,51 @@ usermod \- зміна облікового запи�у кори�тувача
 Дозволити назви, �кі не відповідають �тандартам\&.
 .RE
 .PP
-\fB\-c\fR, \fB\-\-comment\fR \fIКОМЕ�Т�Р\fR
+\fB\-c\fR, \fB\-\-comment\fR\ \&\fICOMMENT\fR
 .RS 4
-Оновити поле коментар� дл� запи�у кори�тувача у
-/etc/passwd, зміни до �кого, зазвичай, вно��ть за допомогою допоміжного за�обу
-\fBchfn\fR(1)\&.
+update the comment field of the user in
+/etc/passwd, which is normally modified using the
+\fBchfn\fR(1)
+utility\&.
 .RE
 .PP
-\fB\-d\fR, \fB\-\-home\fR \fIДОМ�Ш�ІЙ_К�Т�ЛОГ\fR
+\fB\-d\fR, \fB\-\-home\fR\ \&\fIHOME_DIR\fR
 .RS 4
 �овий каталог кори�тувача дл� облікового запи�у входу до �и�теми\&.
 .sp
-Якщо вказано параметр
-\fB\-m\fR, вмі�т поточного домашнього каталогу буде пере�унуто до нового домашнього каталогу, �кий буде �творено, �кщо його ще не і�нує\&. Якщо поточного домашнього каталогу не і�нує, новий домашній каталог �творено не буде\&.
+If the
+\fB\-m\fR
+option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&. If the current home directory does not exist the new home directory will not be created\&.
 .RE
 .PP
-\fB\-e\fR, \fB\-\-expiredate\fR \fIД�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ\fR
+\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
 .RS 4
-Дата, у �ку буде вимкнено обліковий запи� кори�тувача\&. Дату вказують у форматі
-\fIРРРР\-ММ\-ДД\fR\&. Цілі вхідні чи�ла буде оброблено �к дні пі�л� 1 �ічн� 1970 року\&.
+The date on which the user account will be disabled\&. The date is specified in the format
+\fIYYYY\-MM\-DD\fR\&. Integers as input are interpreted as days after 1970\-01\-01\&.
 .sp
 Вхідне значенн� \-1 або порожній р�док призведуть до вилученн� вмі�ту пол� �троку дії облікового запи�у у файлі паролів shadow\&. Обліковий запи� лишить�� до�тупним, але без обмеженн� за датами\&.
 .sp
-Цей параметр потребує файла
-/etc/shadow\&. Запи�
+This option requires a
+/etc/shadow
+file\&. A
 /etc/shadow
-буде �творено, �кщо такого ще немає\&.
+entry will be created if there were none\&.
 .RE
 .PP
-\fB\-f\fR, \fB\-\-inactive\fR \fI�Е�КТИВ�ИЙ\fR
+\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
 .RS 4
-Визначає період у кілько�ті днів пі�л� перевищенн� мак�имального віку, прот�гом �кого кори�тувач у�е ще матиме змогу увійти до �и�теми з негайною зміною парол�\&. Цей період ло�льно�ті до того, �к обліковий запи� �тане неактивним, зберігаєть�� у файлі прихованих паролів (shadow)\&. Вхідне значенн� 0 означає негайне вимиканн� парол�, �трок дії �кого вичерпано\&. Вхідне значенн� \-1 призведе до вилученн� вмі�ту відповідного пол� у файлі прихованих паролів (shadow)\&. Див\&.
-\fBshadow\fR(5), щоб дізнати�� більше\&.
+defines the number of days after the password exceeded its maximum age during which the user may still login by immediately replacing the password\&. This grace period before the account becomes inactive is stored in the shadow password file\&. An input of 0 will disable an expired password with no delay\&. An input of \-1 will blank the respective field in the shadow password file\&. See
+\fBshadow\fR(5)
+for more information\&.
 .sp
-Цей параметр потребує файла
-/etc/shadow\&. Запи�
+This option requires a
+/etc/shadow
+file\&. A
 /etc/shadow
-буде �творено, �кщо такого ще немає\&.
+entry will be created if there were none\&.
 .RE
 .PP
-\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
 .RS 4
 �азва або чи�ловий ідентифікатор нової о�новної групи кори�тувача\&. Група має і�нувати\&.
 .sp
@@ -99,36 +107,37 @@ usermod \- зміна облікового запи�у кори�тувача
 .sp
 Права вла�но�ті на файли поза домашнім каталогом кори�тувача має бути виправлено вручну\&.
 .sp
-Зміну групи\-вла�ника дл� файлів у домашньому каталозі кори�тувача також не буде виконано, �кщо uid вла�ника домашнього каталогу відрізн�єть�� від ідентифікатора поточного або нового кори�тувача\&. Це захід безпеки дл� о�обливих домашніх каталогів, зокрема
+The change of the group ownership of files inside of the user\*(Aqs home directory is also not done if the home dir owner uid is different from the current or new user id\&. This is a safety measure for special home directories such as
 /\&.
 .RE
 .PP
-\fB\-G\fR, \fB\-\-groups\fR \fIГРУП�1\fR[\fI,ГРУП�2,\&.\&.\&.\fR[\fI,ГРУП�N\fR]]]
+\fB\-G\fR, \fB\-\-groups\fR\ \&\fIGROUP1\fR[\fI,GROUP2,\&.\&.\&.\fR[\fI,GROUPN\fR]]]
 .RS 4
 Спи�ок допоміжних груп, уча�ником �ких є кори�тувач\&. Запи�и у �пи�ку �лід відокремлювати комами, без проміжного пробілу\&. Групи мають і�нувати\&.
 .sp
-Якщо кори�тувач у поточний момент є уча�ником групи, �кої немає у �пи�ку, його запи� буде вилучено з цієї групи\&. Змінити цю поведінку можна за допомогою параметра
-\fB\-a\fR, �кий допи�ує запи� кори�тувача до поточного �пи�ку допоміжних груп\&.
+If the user is currently a member of a group which is not listed, the user will be removed from the group\&. This behaviour can be changed via the
+\fB\-a\fR
+option, which appends the user to the current supplementary group list\&.
 .RE
 .PP
-\fB\-l\fR, \fB\-\-login\fR \fI�ОВИЙ_З�ПИС\fR
+\fB\-l\fR, \fB\-\-login\fR\ \&\fINEW_LOGIN\fR
 .RS 4
-Ім\*(Aq� кори�тувача буде змінено з
-\fIЗ�ПИС\fR
-на
-\fI�ОВИЙ_З�ПИС\fR\&. �ічого, окрім цього, змінено не буде\&. Зокрема, ймовірно, назву домашнього каталогу кори�тувача та поштового буфера доведеть�� змінювати вручну, щоб �инхронізувати їх із новою назвою облікового запи�у дл� входу до �и�теми\&.
+The name of the user will be changed from
+\fILOGIN\fR
+to
+\fINEW_LOGIN\fR\&. Nothing else is changed\&. In particular, the user\*(Aqs home directory or mail spool should probably be renamed manually to reflect the new login name\&.
 .RE
 .PP
 \fB\-L\fR, \fB\-\-lock\fR
 .RS 4
-Заблокувати пароль кори�тувача\&. У відповідь на команду програма допише \(Fo!\(Fc перед зашифрованим паролем, фактично, вимкнувши пароль\&. Цей параметр не можна поєднувати з
+Lock a user\*(Aqs password\&. This puts a \*(Aq!\*(Aq in front of the encrypted password, effectively disabling the password\&. You can\*(Aqt use this option with
 \fB\-p\fR
-та
+or
 \fB\-U\fR\&.
 .sp
-Зауваженн�: �кщо ви хочете заблокувати обліковий запи� (а не лише до�туп за допомогою парол�), вам також �лід в�тановити дл�
-\fIД�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ\fR
-значенн�
+Note: if you wish to lock the account (not only access with a password), you should also set the
+\fIEXPIRE_DATE\fR
+to
 \fI1\fR\&.
 .RE
 .PP
@@ -136,41 +145,43 @@ usermod \- зміна облікового запи�у кори�тувача
 .RS 4
 Пере�уває вмі�т домашнього каталогу кори�тувача у нове мі�це\&. Якщо поточного домашнього каталогу не і�нує, буде �творено новий домашній каталог\&.
 .sp
-Цей параметр є чинним, лише у поєднанні із параметром
+This option is only valid in combination with the
 \fB\-d\fR
-(або
-\fB\-\-home\fR)\&.
+(or
+\fB\-\-home\fR) option\&.
 .sp
 \fBusermod\fR
-�пробує адаптувати права вла�но�ті на файли і �копіювати режими до�тупу, ACL та розширені атрибути, але згодом може знадобити�� вне�енн� змін вручну\&.
+will try to adapt the ownership of the files and to copy the modes, ACL and extended attributes, but manual changes might be needed afterwards\&.
 .RE
 .PP
 \fB\-o\fR, \fB\-\-non\-unique\fR
 .RS 4
 Дозвол�є зміну ідентифікатора кори�тувача на неунікальне значенн�\&.
 .sp
-Цей параметр можна викори�товувати лише у поєднанні із параметром
-\fB\-u\fR\&. О�кільки профіль кори�тувача �лугує ключем дл� прив\*(Aq�зки кори�тувачів до прав до�тупу, прав вла�но�ті на файли та інших а�пектів загально�и�темної поведінки, до�туп до облікового запи�у із заданим UID матимуть декілька облікових запи�ів дл� входу до �и�теми\&.
+This option is only valid in combination with the
+\fB\-u\fR
+option\&. As a user identity serves as key to map between users on one hand and permissions, file ownerships and other aspects that determine the system\*(Aqs behavior on the other hand, more than one login name will access the account of the given UID\&.
 .RE
 .PP
-\fB\-p\fR, \fB\-\-password\fR \fIП�РОЛЬ\fR
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
 .RS 4
-Визначає новий пароль до облікового запи�у кори�тувача\&. П�РОЛЬ має бути зашифровано у форматі, �кий повертає
-\fBcrypt\fR(3)\&.
+defines a new password for the user\&. PASSWORD is expected to be encrypted, as returned by
+\fBcrypt \fR(3)\&.
 .sp
-\fBЗауваженн�:\fR
-не рекомендуємо кори�тувати�� цим параметром у командному р�дку, о�кільки пароль (або шифрований пароль) буде видимим дл� кори�тувачів, �кі мають до�туп до �пи�ку проце�ів\&.
+\fBNote:\fR
+Avoid this option on the command line because the password (or encrypted password) will be visible by users listing the processes\&.
 .sp
 Вам �лід переконати��, що пароль відповідає правилам �кладанн� паролів �и�теми\&.
 .RE
 .PP
 \fB\-r\fR, \fB\-\-remove\fR
 .RS 4
-Вилучити кори�тувача з іменованих допоміжних груп\&. Викори�товуйте лише у поєднанні з параметром
-\fB\-G\fR\&.
+Remove the user from named supplementary group(s)\&. Use only with the
+\fB\-G\fR
+option\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -179,146 +190,155 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
-\fB\-P\fR, \fB\-\-prefix\fR \fIК�Т�ЛОГ_ПРЕФІКС�\fR
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
 .RS 4
-За�то�увати зміни в ієрархії каталогів, що починаєть�� з
-\fIК�Т�ЛОГ_ПРЕФІКС�\fR
-і викори�тати також файли налаштувань, �кі там зберігають��\&. Викори�танн� цього параметра не змінює кореневої теки\&. Параметр призначено лише дл� приготуванн� цілі дл� компіл�ції коду дл� іншої операційної �и�теми\&. Обмеженн�: не буде виконано перевірку кори�тувачів/груп NIS і LDAP\&. При розпізнаванні у PAM буде викори�тано файли о�новної �и�теми\&. Підтримки SELINUX не передбачено\&.
+Apply changes within the directory tree starting with
+\fIPREFIX_DIR\fR
+and use as well the configuration files located there\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
 .RE
 .PP
-\fB\-s\fR, \fB\-\-shell\fR \fIОБОЛО�К�\fR
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
 .RS 4
-Змінює оболонку дл� входу до �и�теми кори�тувача\&. Визначенн� порожнього р�дка дл� ОБОЛО�КИ вилучає вмі�т пол� у
+changes the user\*(Aqs login shell\&. An empty string for SHELL blanks the field in
 /etc/passwd
-і виконає вхід кори�тувача до типової оболонки �и�теми\&.
+and logs the user into the system\*(Aqs default shell\&.
 .RE
 .PP
-\fB\-u\fR, \fB\-\-uid\fR \fIUID\fR
+\fB\-u\fR, \fB\-\-uid\fR\ \&\fIUID\fR
 .RS 4
 �ове значенн� ідентифікатора кори�тувача\&.
 .sp
-Це значенн� має бути унікальним, �кщо не викори�тано параметр
-\fB\-o\fR\&. Значенн� має бути невід\*(Aqємним\&.
+This value must be unique, unless the
+\fB\-o\fR
+option is used\&. The value must be non\-negative\&.
 .sp
 Ідентифікатори кори�тувача файла поштової �криньки кори�тувача і у�іх файлів, вла�ником �ких є кори�тувач і �кі зберігають�� у домашньому каталозі кори�тувача, буде змінено автоматично\&.
 .sp
 Права вла�но�ті на файли поза домашнім каталогом кори�тувача має бути виправлено вручну\&.
 .sp
-Зміну кори�тувача\-вла�ника дл� файлів у домашньому каталозі кори�тувача також не буде виконано, �кщо uid вла�ника домашнього каталогу відрізн�єть�� від ідентифікатора поточного або нового кори�тувача\&. Це захід безпеки дл� о�обливих домашніх каталогів, зокрема
+The change of the user ownership of files inside of the user\*(Aqs home directory is also not done if the home dir owner uid is different from the current or new user id\&. This is a safety measure for special home directories such as
 /\&.
 .sp
-Перевірок щодо
+No checks will be performed with regard to the
 \fBUID_MIN\fR,
 \fBUID_MAX\fR,
-\fBSYS_UID_MIN\fR
-або
+\fBSYS_UID_MIN\fR, or
 \fBSYS_UID_MAX\fR
-з
-/etc/login\&.defs
-виконано не буде\&.
+from
+/etc/login\&.defs\&.
 .RE
 .PP
 \fB\-U\fR, \fB\-\-unlock\fR
 .RS 4
-Розблокувати пароль кори�тувача\&. У відповідь на команду програма вилучить \(Fo!\(Fc перед зашифрованим паролем\&. Цей параметр не можна поєднувати з
+Unlock a user\*(Aqs password\&. This removes the \*(Aq!\*(Aq in front of the encrypted password\&. You can\*(Aqt use this option with
 \fB\-p\fR
-та
+or
 \fB\-L\fR\&.
 .sp
-Зауваженн�: �кщо ви хочете розблокувати обліковий запи� (а не лише до�туп за допомогою парол�), вам також �лід в�тановити значенн� дл�
-\fIД�Т�_З�ВЕРШЕ��Я_СТРОКУ_ДІЇ\fR
-(наприклад,
-\fI99999\fR
-або значенн�
+Note: if you wish to unlock the account (not only access with a password), you should also set the
+\fIEXPIRE_DATE\fR
+(for example to
+\fI99999\fR, or to the
 \fBEXPIRE\fR
-з
+value from
 /etc/default/useradd)\&.
 .RE
 .PP
-\fB\-v\fR, \fB\-\-add\-subuids\fR \fIПЕРШИЙ\fR\-\fIОСТ���ІЙ\fR
+\fB\-v\fR, \fB\-\-add\-subuids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
 Додати діапазон підлеглих UID до облікового запи�у кори�тувача\&.
 .sp
 Цей параметр можна вказувати декілька разів у одній команді, щоб додати декілька діапазонів до облікового запи�у кори�тувача\&.
 .sp
-Перевірок щодо
+No checks will be performed with regard to
 \fBSUB_UID_MIN\fR,
-\fBSUB_UID_MAX\fR
-та
+\fBSUB_UID_MAX\fR, or
 \fBSUB_UID_COUNT\fR
-з /etc/login\&.defs не виконуватиметь��\&.
+from /etc/login\&.defs\&.
 .RE
 .PP
-\fB\-V\fR, \fB\-\-del\-subuids\fR \fIПЕРШИЙ\fR\-\fIОСТ���ІЙ\fR
+\fB\-V\fR, \fB\-\-del\-subuids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
 Вилучити діапазон підлеглих UID з облікового запи�у кори�тувача\&.
 .sp
-Цей параметр можна вказати декілька разів, щоб вилучити декілька діапазонів з облікового запи�у кори�тувача\&. Якщо вказано одразу
+This option may be specified multiple times to remove multiple ranges to a user\*(Aqs account\&. When both
 \fB\-\-del\-subuids\fR
-Ñ–
-\fB\-\-add\-subuids\fR, вилученн� у�іх підлеглих діапазонів UID �танеть�� до додаванн� будь\-�ких підлеглих UID\&.
+and
+\fB\-\-add\-subuids\fR
+are specified, the removal of all subordinate uid ranges happens before any subordinate uid range is added\&.
 .sp
-Перевірок щодо
+No checks will be performed with regard to
 \fBSUB_UID_MIN\fR,
-\fBSUB_UID_MAX\fR
-та
+\fBSUB_UID_MAX\fR, or
 \fBSUB_UID_COUNT\fR
-з /etc/login\&.defs не виконуватиметь��\&.
+from /etc/login\&.defs\&.
 .RE
 .PP
-\fB\-w\fR, \fB\-\-add\-subgids\fR \fIПЕРШИЙ\fR\-\fIОСТ���ІЙ\fR
+\fB\-w\fR, \fB\-\-add\-subgids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
 Додати діапазон підлеглих GID до облікового запи�у кори�тувача\&.
 .sp
 Цей параметр можна вказувати декілька разів у одній команді, щоб додати декілька діапазонів до облікового запи�у кори�тувача\&.
 .sp
-Перевірок щодо
+No checks will be performed with regard to
 \fBSUB_GID_MIN\fR,
-\fBSUB_GID_MAX\fR
-та
+\fBSUB_GID_MAX\fR, or
 \fBSUB_GID_COUNT\fR
-з /etc/login\&.defs не виконуватиметь��\&.
+from /etc/login\&.defs\&.
 .RE
 .PP
-\fB\-W\fR, \fB\-\-del\-subgids\fR \fIПЕРШИЙ\fR\-\fIОСТ���ІЙ\fR
+\fB\-W\fR, \fB\-\-del\-subgids\fR\ \&\fIFIRST\fR\-\fILAST\fR
 .RS 4
 Вилучити діапазон підлеглих GID з облікового запи�у кори�тувача\&.
 .sp
-Цей параметр можна вказати декілька разів, щоб вилучити декілька діапазонів з облікового запи�у кори�тувача\&. Якщо вказано одразу
+This option may be specified multiple times to remove multiple ranges to a user\*(Aqs account\&. When both
 \fB\-\-del\-subgids\fR
-Ñ–
-\fB\-\-add\-subgids\fR, вилученн� у�іх підлеглих діапазонів GID �танеть�� до додаванн� будь\-�ких підлеглих GID\&.
+and
+\fB\-\-add\-subgids\fR
+are specified, the removal of all subordinate gid ranges happens before any subordinate gid range is added\&.
 .sp
-Перевірок щодо
+No checks will be performed with regard to
 \fBSUB_GID_MIN\fR,
-\fBSUB_GID_MAX\fR
-та
+\fBSUB_GID_MAX\fR, or
 \fBSUB_GID_COUNT\fR
-з /etc/login\&.defs не виконуватиметь��\&.
+from /etc/login\&.defs\&.
 .RE
 .PP
-\fB\-Z\fR, \fB\-\-selinux\-user\fR \fISEКОРИСТУВ�Ч\fR
+\fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-Визначає пов\*(Aq�заного кори�тувача SELinux за допомогою
-\fIЗ�ПИС\fR\&. Якщо вказати порожній р�док (""), відповідний запи� (�кщо такий був) буде вилучено\&. Зауважте, що �и�тема shadow не зберігає кори�тувача selinux, а викори�товує дл� цього semanage(8)\&.
+defines the SELinux user to be mapped with
+\fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SH "З�СТЕРЕЖЕ��Я"
 .PP
-Вам �лід переконати��, що від імені вказаного кори�тувача не виконуєть�� жодних проце�ів на момент відданн� цієї команди, �кщо вно��ть�� зміни до чи�лового ідентифікатора кори�тувача, імені кори�тувача або домашнього каталогу кори�тувача\&. У Linux перевірку цього виконує
-\fBusermod\fR\&. У інших операційних �и�темах програма викори�товує лише utmp дл� перевірки того, чи увійшов кори�тувач до �и�теми\&.
+You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
+\fBusermod\fR
+checks this on Linux\&. On other operating systems it only uses utmp to check if the user is logged in\&.
 .PP
-Вам �лід змінити вла�ника у�іх файлів
+You must change the owner of any
 \fBcrontab\fR
-або завдань
+files or
 \fBat\fR
-вручну\&.
+jobs manually\&.
 .PP
 Вам �лід вне�ти у�і зміни щодо NIS на �ервері NIS\&.
 .SH "��Л�ШТУВ���Я"
 .PP
-Вказані нижче змінні налаштувань у
+The following configuration variables in
 /etc/login\&.defs
-змінюють поведінку цього ін�трумента:
+change the behavior of this tool:
 .SH "Ф�ЙЛИ"
 .PP
 /etc/group
@@ -328,7 +348,7 @@ directory\&. Only absolute paths are supported\&.
 .PP
 /etc/gshadow
 .RS 4
-Відомо�ті щодо захищених груп облікових запи�ів\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/uk/man8/vipw.8 b/man/uk/man8/vipw.8
index 9d92de3..d0bb175 100644
--- a/man/uk/man8/vipw.8
+++ b/man/uk/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 08/11/2022
-.\"    Manual: Команди керуванн� �и�темою
-.\"    Source: shadow-utils 4.13
+.\"      Date: 21/06/2024
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Ukrainian
 .\"
-.TH "vipw" "8" "08/11/2022" "shadow\-utils 4\&.13" "Команди керуванн� �и�темою"
+.TH "vipw" "8" "21/06/2024" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,33 +31,34 @@
 vipw, vigr \- редагуванн� файла паролів, груп, прихованих паролів та прихованих груп
 .SH "КОРОТКИЙ ОГЛЯД"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fIпараметри\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fIпараметри\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "ОПИС"
 .PP
-Команди
+The
 \fBvipw\fR
-Ñ–
+and
 \fBvigr\fR
-призначено дл� редагуванн� файлів
+commands edit the files
 /etc/passwd
-Ñ–
-/etc/group, відповідно\&. З прапорцем
+and
+/etc/group, respectively\&. With the
 \fB\-s\fR
-вони відкриватимуть shadow\-вер�ії цих файлів,
+flag, they will edit the shadow versions of those files,
 /etc/shadow
-Ñ–
-/etc/gshadow, відповідно\&. Ці програми в�тановлюють відповідні блокуванн� дл� запобіганн� пошкодженню файлів\&. При пошуку редактора програми �початку намагатимуть�� �кори�тати�� вмі�том змінної �ередовища
-\fB$VISUAL\fR, потім змінної �ередовища
-\fB$EDITOR\fR, і нарешті, типовим редактором,
+and
+/etc/gshadow, respectively\&. The programs will set the appropriate locks to prevent file corruption\&. When looking for an editor, the programs will first try the environment variable
+\fB$VISUAL\fR, then the environment variable
+\fB$EDITOR\fR, and finally the default editor,
 \fBvi\fR(1)\&.
 .SH "П�Р�МЕТРИ"
 .PP
-Параметри, �кі за�то�овують до команд
+The options which apply to the
 \fBvipw\fR
-Ñ–
-\fBvigr\fR, є такими:
+and
+\fBvigr\fR
+commands are:
 .PP
 \fB\-g\fR, \fB\-\-group\fR
 .RS 4
@@ -79,7 +80,7 @@ vipw, vigr \- редагуванн� файла паролів, груп, при
 Режим без повідомлень\&.
 .RE
 .PP
-\fB\-R\fR, \fB\-\-root\fR \fIК�Т�ЛОГ_CHROOT\fR
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
 .RS 4
 Apply changes in the
 \fICHROOT_DIR\fR
@@ -101,8 +102,9 @@ directory\&. Only absolute paths are supported\&.
 .PP
 \fBEDITOR\fR
 .RS 4
-Редактор, �ким �лід �кори�тати��, що не в�тановлено значенн�
-\fBVISUAL\fR\&.
+Editor to be used if
+\fBVISUAL\fR
+is not set\&.
 .RE
 .SH "Ф�ЙЛИ"
 .PP
@@ -128,7 +130,7 @@ directory\&. Only absolute paths are supported\&.
 .SH "ДИВ\&. Т�КОЖ"
 .PP
 \fBvi\fR(1),
-\fBгрупа\fR(5),
+\fBgroup\fR(5),
 \fBgshadow\fR(5)
 ,
 \fBpasswd\fR(5), ,
diff --git a/man/useradd.8.xml b/man/useradd.8.xml
index a36db79..001e7d1 100644
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -263,7 +263,9 @@
 	    intervening whitespace. The groups are subject to the same
 	    restrictions as the group given with the <option>-g</option>
 	    option. The default is for the user to belong only to the
-	    initial group.
+	    initial group. In addition to passing in the -G flag, you can
+		add the option <option>GROUPS</option> to the file <filename>/etc/default/useradd</filename>
+		which in turn will add all users to those supplementary groups.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -294,6 +296,11 @@
 	    <filename>/etc/skel</filename>.
 	  </para>
 	  <para>
+	    Absolute symlinks that link back to the skel directory will have
+	    the <filename>/etc/skel</filename> prefix replaced with the user's
+	    home directory.
+	  </para>
+	  <para>
 	    If possible, the ACLs and extended attributes are copied.
 	  </para>
 	</listitem>
@@ -568,13 +575,31 @@
 	<listitem>
 	  <para>
 	    defines the SELinux user for the new account. Without this
-	    option, a SELinux uses the default user. Note that the
+	    option, SELinux uses the default user. Note that the
 	    shadow system doesn't store the selinux-user, it uses
 	    <citerefentry><refentrytitle>semanage</refentrytitle>
 	    <manvolnum>8</manvolnum></citerefentry> for that.
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>--selinux-range</option>&nbsp;<replaceable>SERANGE</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    defines the SELinux MLS range for the new account. Without this
+	    option, SELinux uses the default range. Note that the
+	    shadow system doesn't store the selinux-range, it uses
+	    <citerefentry><refentrytitle>semanage</refentrytitle>
+	    <manvolnum>8</manvolnum></citerefentry> for that.
+	  </para>
+	  <para>
+	    This option is only valid if the <option>-Z</option> (or
+	    <option>--selinux-user</option>) option is specified.
+	  </para>
+	</listitem>
+      </varlistentry>
     </variablelist>
 
     <refsect2 id='changing_the_default_values'>
@@ -702,7 +727,7 @@
       the <command>ls</command> output.
     </para>
     <para>
-      Usernames may only be up to 32 characters long.
+      Usernames may only be up to 256 characters long.
     </para>
   </refsect1>
 
diff --git a/man/usermod.8.xml b/man/usermod.8.xml
index 7e1342c..349248b 100644
--- a/man/usermod.8.xml
+++ b/man/usermod.8.xml
@@ -510,6 +510,23 @@
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>--selinux-range</option>&nbsp;<replaceable>SERANGE</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    defines the SELinux MLS range for the new account.
+	    Note that the shadow system doesn't store the selinux-range,
+	    it uses <citerefentry><refentrytitle>semanage</refentrytitle>
+	    <manvolnum>8</manvolnum></citerefentry> for that.
+	  </para>
+	  <para>
+	    This option is only valid if the <option>-Z</option> (or
+	    <option>--selinux-user</option>) option is specified.
+	  </para>
+	</listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -562,7 +579,7 @@
       <varlistentry condition="gshadow">
 	<term><filename>/etc/gshadow</filename></term>
 	<listitem>
-	  <para>Secure group account informatio.</para>
+	  <para>Secure group account information</para>
 	</listitem>
       </varlistentry>
       <varlistentry>
diff --git a/man/vipw.8.xml b/man/vipw.8.xml
index 4caddcb..fb80582 100644
--- a/man/vipw.8.xml
+++ b/man/vipw.8.xml
@@ -64,7 +64,7 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>
-      The <command>vipw</command> and <command>vigr</command> commands edits
+      The <command>vipw</command> and <command>vigr</command> commands edit
       the files <filename>/etc/passwd</filename> and
       <filename>/etc/group</filename>, respectively. With the
       <option>-s</option> flag, they will edit the shadow versions of those
diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
index e9d8f2c..a8b93a5 100644
--- a/man/zh_CN/Makefile.am
+++ b/man/zh_CN/Makefile.am
@@ -21,7 +21,6 @@ man_MANS = \
 	man8/grpconv.8 \
 	man8/grpunconv.8 \
 	man5/gshadow.5 \
-	man8/lastlog.8 \
 	man1/login.1 \
 	man5/login.defs.5 \
 	man8/logoutd.8 \
@@ -44,6 +43,10 @@ man_MANS = \
 	man8/vigr.8 \
 	man8/vipw.8
 
+if ENABLE_LASTLOG
+man_MANS += man8/lastlog.8
+endif
+
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
diff --git a/man/zh_CN/Makefile.in b/man/zh_CN/Makefile.in
index 58e4b9d..7f100a7 100644
--- a/man/zh_CN/Makefile.in
+++ b/man/zh_CN/Makefile.in
@@ -87,8 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@USE_PAM_FALSE@am__append_1 = $(man_nopam)
-@USE_PAM_TRUE@am__append_2 = $(man_nopam)
+@ENABLE_LASTLOG_TRUE@am__append_1 = man8/lastlog.8
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@USE_PAM_TRUE@am__append_3 = $(man_nopam)
 subdir = man/zh_CN
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -176,6 +177,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -194,6 +197,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -209,9 +213,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -227,6 +237,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -235,6 +246,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -257,6 +270,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -332,20 +348,22 @@ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
 	man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
 	man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
 	man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
-	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
-	man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
-	man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
-	man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
-	man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
-	man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
-	man8/vipw.8 $(am__append_1)
+	man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man1/login.1 \
+	man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 man8/newusers.8 \
+	man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+	man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man3/shadow.3 \
+	man5/shadow.5 man1/su.1 man5/suauth.5 man8/useradd.8 \
+	man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+	$(am__append_1) $(am__append_2)
 man_nopam = \
 	man5/limits.5 \
 	man5/login.access.5 \
 	man5/porttime.5
 
-EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_2)
+EXTRA_DIST = $(man_MANS) man1/id.1 man8/sulogin.8 $(am__append_3)
 LANG = $(notdir $(CURDIR))
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_FALSE@VENDORDIR_COND = without_vendordir
+@ENABLE_REGENERATE_MAN_TRUE@@HAVE_VENDORDIR_TRUE@VENDORDIR_COND = with_vendordir
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
 @ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
 @ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
@@ -354,8 +372,15 @@ LANG = $(notdir $(CURDIR))
 @ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
 @ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_FALSE@BCRYPT_COND = no_bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_BCRYPT_TRUE@BCRYPT_COND = bcrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_FALSE@YESCRYPT_COND = no_yescrypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_YESCRYPT_TRUE@YESCRYPT_COND = yescrypt
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
 @ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_LASTLOG_FALSE@@ENABLE_REGENERATE_MAN_TRUE@LASTLOG_COND = no_lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@LASTLOG_COND = lastlog
+@ENABLE_LASTLOG_TRUE@@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@LASTLOG_COND = no_lastlog
 CLEANFILES = messages.mo login.defs.d $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
 all: all-am
 
@@ -739,10 +764,10 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	cp ../config.xml $@
 
 @ENABLE_REGENERATE_MAN_TRUE@messages.mo: ../po/$(LANG).po
-@ENABLE_REGENERATE_MAN_TRUE@	msgfmt ../po/$(LANG).po -o messages.mo
+@ENABLE_REGENERATE_MAN_TRUE@	msgfmt $< -o messages.mo
 
 @ENABLE_REGENERATE_MAN_TRUE@login.defs.d:
-@ENABLE_REGENERATE_MAN_TRUE@	ln -sf ../login.defs.d login.defs.d
+@ENABLE_REGENERATE_MAN_TRUE@	ln -sf $(srcdir)/../login.defs.d login.defs.d
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml: ../%.xml messages.mo login.defs.d
 @ENABLE_REGENERATE_MAN_TRUE@	if grep -q SHADOW-CONFIG-HERE $< ; then \
@@ -750,7 +775,7 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	else \
 @ENABLE_REGENERATE_MAN_TRUE@	    sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
-@ENABLE_REGENERATE_MAN_TRUE@	itstool -d -l $(LANG) -m messages.mo -o . $@
+@ENABLE_REGENERATE_MAN_TRUE@	itstool -i $(srcdir)/../its.rules -d -l $(LANG) -m messages.mo -o . $@
 @ENABLE_REGENERATE_MAN_TRUE@	sed -i 's:\(^<refentry .*\)>:\1 lang="$(LANG)">:' $@
 
 @ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
@@ -761,11 +786,13 @@ uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
 @ENABLE_REGENERATE_MAN_TRUE@	fi
 
 @ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.authors.section.enabled" "0" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@	            --stringparam vendordir "$(VENDORDIR)" \
 @ENABLE_REGENERATE_MAN_TRUE@	            --param "man.output.in.separate.dir" "1" \
-@ENABLE_REGENERATE_MAN_TRUE@	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+@ENABLE_REGENERATE_MAN_TRUE@	            --path "$(srcdir)/login.defs.d" \
+@ENABLE_REGENERATE_MAN_TRUE@	            -nonet $(top_srcdir)/man/shadow-man.xsl $<
 
 @ENABLE_REGENERATE_MAN_TRUE@clean-local:
 @ENABLE_REGENERATE_MAN_TRUE@	rm -rf man1 man3 man5 man8
diff --git a/man/zh_CN/man1/chage.1 b/man/zh_CN/man1/chage.1
index 1383387..88d574a 100644
--- a/man/zh_CN/man1/chage.1
+++ b/man/zh_CN/man1/chage.1
@@ -2,12 +2,12 @@
 .\"     Title: chage
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "CHAGE" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "CHAGE" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chage \- 更改用户密�过期信�
 .SH "大纲"
 .HP \w'\fBchage\fR\ 'u
-\fBchage\fR [\fI选项\fR] \fI登录\fR
+\fBchage\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "�述"
 .PP
 The
@@ -136,6 +136,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
 .RS 4
 Set the number of days of warning before a password change is required\&. The
diff --git a/man/zh_CN/man1/chfn.1 b/man/zh_CN/man1/chfn.1
index cc5b4bf..17ed971 100644
--- a/man/zh_CN/man1/chfn.1
+++ b/man/zh_CN/man1/chfn.1
@@ -2,12 +2,12 @@
 .\"     Title: chfn
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "CHFN" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "CHFN" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chfn \- 更改真�和信�
 .SH "大纲"
 .HP \w'\fBchfn\fR\ 'u
-\fBchfn\fR [\fI选项\fR] [\fI登录\fR]
+\fBchfn\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man1/chsh.1 b/man/zh_CN/man1/chsh.1
index f81758c..52c6dee 100644
--- a/man/zh_CN/man1/chsh.1
+++ b/man/zh_CN/man1/chsh.1
@@ -2,12 +2,12 @@
 .\"     Title: chsh
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "CHSH" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "CHSH" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chsh \- 更改登录 shell
 .SH "大纲"
 .HP \w'\fBchsh\fR\ 'u
-\fBchsh\fR [\fI选项\fR] [\fI登录\fR]
+\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "�述"
 .PP
 The
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
 in
 /etc/shells
 is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
 .SH "�置文件"
 .PP
 The following configuration variables in
diff --git a/man/zh_CN/man1/expiry.1 b/man/zh_CN/man1/expiry.1
index 3ebd733..e4b528b 100644
--- a/man/zh_CN/man1/expiry.1
+++ b/man/zh_CN/man1/expiry.1
@@ -2,12 +2,12 @@
 .\"     Title: expiry
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "EXPIRY" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "EXPIRY" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 expiry \- check and enforce password expiration policy
 .SH "大纲"
 .HP \w'\fBexpiry\fR\ 'u
-\fBexpiry\fR \fI选项\fR
+\fBexpiry\fR \fIoption\fR
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man1/gpasswd.1 b/man/zh_CN/man1/gpasswd.1
index 1f4623f..8648209 100644
--- a/man/zh_CN/man1/gpasswd.1
+++ b/man/zh_CN/man1/gpasswd.1
@@ -2,12 +2,12 @@
 .\"     Title: gpasswd
 .\"    Author: Rafal Maszkowski
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GPASSWD" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "GPASSWD" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 gpasswd \- administer /etc/group and /etc/gshadow
 .SH "大纲"
 .HP \w'\fBgpasswd\fR\ 'u
-\fBgpasswd\fR [\fI选项\fR] \fIgroup\fR
+\fBgpasswd\fR [\fIoption\fR] \fIgroup\fR
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man1/groups.1 b/man/zh_CN/man1/groups.1
index 3845897..d7b66f9 100644
--- a/man/zh_CN/man1/groups.1
+++ b/man/zh_CN/man1/groups.1
@@ -2,12 +2,12 @@
 .\"     Title: groups
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GROUPS" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "GROUPS" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groups \- 显示当�组�
 .SH "大纲"
 .HP \w'\fBgroups\fR\ 'u
-\fBgroups\fR [\fI用户\fR]
+\fBgroups\fR [\fIuser\fR]
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man1/id.1 b/man/zh_CN/man1/id.1
index 31ecf86..30f53a7 100644
--- a/man/zh_CN/man1/id.1
+++ b/man/zh_CN/man1/id.1
@@ -2,12 +2,12 @@
 .\"     Title: id
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "ID" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "ID" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man1/login.1 b/man/zh_CN/man1/login.1
index 5c43d13..03f92b8 100644
--- a/man/zh_CN/man1/login.1
+++ b/man/zh_CN/man1/login.1
@@ -2,12 +2,12 @@
 .\"     Title: login
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "LOGIN" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "LOGIN" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,9 +31,9 @@
 login \- 在系统上�动回�
 .SH "大纲"
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fI用户�\fR] [\fIENV=VAR\fR...]
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIusername\fR] [\fIENV=VAR\fR...]
 .HP \w'\fBlogin\fR\ 'u
-\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fI用户�\fR
+\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIusername\fR
 .HP \w'\fBlogin\fR\ 'u
 \fBlogin\fR [\-p] \-r\ \fIhost\fR
 .SH "�述"
diff --git a/man/zh_CN/man1/newgrp.1 b/man/zh_CN/man1/newgrp.1
index a66be46..f34266c 100644
--- a/man/zh_CN/man1/newgrp.1
+++ b/man/zh_CN/man1/newgrp.1
@@ -2,12 +2,12 @@
 .\"     Title: newgrp
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "NEWGRP" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "NEWGRP" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man1/passwd.1 b/man/zh_CN/man1/passwd.1
index 89e0e07..cfc0016 100644
--- a/man/zh_CN/man1/passwd.1
+++ b/man/zh_CN/man1/passwd.1
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "PASSWD" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "PASSWD" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 passwd \- 更改用户密�
 .SH "大纲"
 .HP \w'\fBpasswd\fR\ 'u
-\fBpasswd\fR [\fI选项\fR] [\fI登录\fR]
+\fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR]
 .SH "�述"
 .PP
 The
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
 .PP
 �示用户输入两次新密�。第二次和第一次进行比较，并且需�相��能更改密�。
 .PP
-然�，测试密�的负责程度。一般�讲，密�应该包� 6 到 8 �字符，从下边的一个或多个集�中选择：
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-�写字�
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-数字 0 到 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-标点符�
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
 \fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
 .SS "关于用户密�的�示"
 .PP
 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method
 .PP
 由于粗心地或处�选择密�，会��密�的安全。由于这个原因，您�应该选择出现在�典中或者必须�写下��能记�的密�。密�也�应该是一个�字�许����生日或者街��。所有这些�以用于猜测��害系统安全。
 .PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
 You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
 .SH "选项"
 .PP
@@ -175,6 +142,12 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-S\fR, \fB\-\-status\fR
 .RS 4
 显示账户状�信�。状�信�包� 7 个字段。首个字段是用户的登录�，第二个字段表示用户账户是�已��定密�(L)�没有密� (NP)或者密��用(P)，第三个字段给出最�一次更改密�的日期。接下�的四个字段分别是密�的最�年龄�最大年龄�警告期和�用期。这些年龄以天为��计算。
@@ -205,6 +178,11 @@ as
 \fIMAX_DAYS\fR
 will remove checking a password\*(Aqs validity\&.
 .RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
 .SH "CAVEATS"
 .PP
 密���性检查在��机器间��。用户应该选择适�的尽���的密�。
@@ -277,7 +255,10 @@ invalid argument to option
 .SH "��"
 .PP
 \fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
 \fBpasswd\fR(5),
 \fBshadow\fR(5),
 \fBlogin.defs\fR(5),
 \fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/zh_CN/man1/sg.1 b/man/zh_CN/man1/sg.1
index daae817..163e0b2 100644
--- a/man/zh_CN/man1/sg.1
+++ b/man/zh_CN/man1/sg.1
@@ -2,12 +2,12 @@
 .\"     Title: sg
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "SG" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "SG" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man1/su.1 b/man/zh_CN/man1/su.1
index 91a304f..51cde5c 100644
--- a/man/zh_CN/man1/su.1
+++ b/man/zh_CN/man1/su.1
@@ -2,12 +2,12 @@
 .\"     Title: su
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 用户命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: User Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "SU" "1" "2022-11-08" "shadow\-utils 4\&.13" "用户命令"
+.TH "SU" "1" "2024-06-21" "shadow\-utils 4\&.15\&.2" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 su \- 更改用户 ID 或�为超级用户
 .SH "大纲"
 .HP \w'\fBsu\fR\ 'u
-\fBsu\fR [\fI选项\fR] [\fI\-\fR] [\fI用户�\fR\ [\ \fIargs\fR\ ]]
+\fBsu\fR [\fIoptions\fR] [\fI\-\fR] [\fIusername\fR\ [\ \fIargs\fR\ ]]
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man3/shadow.3 b/man/zh_CN/man3/shadow.3
index 57bb8e5..8521b3a 100644
--- a/man/zh_CN/man3/shadow.3
+++ b/man/zh_CN/man3/shadow.3
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 库函数调用
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: Library Calls
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "SHADOW" "3" "2022-11-08" "shadow\-utils 4\&.13" "库函数调用"
+.TH "SHADOW" "3" "2024-06-21" "shadow\-utils 4\&.15\&.2" "Library Calls"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man5/faillog.5 b/man/zh_CN/man5/faillog.5
index 5ac8f2b..7603c8e 100644
--- a/man/zh_CN/man5/faillog.5
+++ b/man/zh_CN/man5/faillog.5
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual:  File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "FAILLOG" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuratio"
+.TH "FAILLOG" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man5/gshadow.5 b/man/zh_CN/man5/gshadow.5
index 04ff51d..3faeb89 100644
--- a/man/zh_CN/man5/gshadow.5
+++ b/man/zh_CN/man5/gshadow.5
@@ -2,12 +2,12 @@
 .\"     Title: gshadow
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GSHADOW" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "GSHADOW" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ contains the shadowed information for group accounts\&.
 .PP
 此文件的�行包�逗�分隔的如下字段：
 .PP
-\fB组�\fR
+\fBgroup name\fR
 .RS 4
 必须是系统中已�存在的有效组。
 .RE
 .PP
-\fB加密了的密�\fR
+\fBencrypted password\fR
 .RS 4
 Refer to
 \fBcrypt\fR(3)
@@ -63,7 +63,7 @@ This password supersedes any password specified in
 /etc/group\&.
 .RE
 .PP
-\fB管�员\fR
+\fBadministrators\fR
 .RS 4
 必须是一个逗�分隔的用户�列表。
 .sp
@@ -72,7 +72,7 @@ This password supersedes any password specified in
 管�员也有�员一样的��(请看下边)。
 .RE
 .PP
-\fB�员\fR
+\fBmembers\fR
 .RS 4
 必须是一个逗�分隔的用户�列表。
 .sp
diff --git a/man/zh_CN/man5/limits.5 b/man/zh_CN/man5/limits.5
index b2fe040..18aa71e 100644
--- a/man/zh_CN/man5/limits.5
+++ b/man/zh_CN/man5/limits.5
@@ -2,12 +2,12 @@
 .\"     Title: limits
 .\"    Author: Luca Berra
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "LIMITS" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LIMITS" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man5/login.access.5 b/man/zh_CN/man5/login.access.5
index 19ccadd..f4aaabd 100644
--- a/man/zh_CN/man5/login.access.5
+++ b/man/zh_CN/man5/login.access.5
@@ -2,12 +2,12 @@
 .\"     Title: login.access
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "LOGIN\&.ACCESS" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.ACCESS" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man5/login.defs.5 b/man/zh_CN/man5/login.defs.5
index 5db13e4..f53439f 100644
--- a/man/zh_CN/man5/login.defs.5
+++ b/man/zh_CN/man5/login.defs.5
@@ -2,12 +2,12 @@
 .\"     Title: login.defs
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "LOGIN\&.DEFS" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "LOGIN\&.DEFS" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -192,8 +192,7 @@ USERGROUPS_ENAB
 .PP
 sulogin
 .RS 4
-ENV_HZ
-ENV_TZ
+ENV_HZ ENV_TZ
 .RE
 .PP
 useradd
diff --git a/man/zh_CN/man5/passwd.5 b/man/zh_CN/man5/passwd.5
index 13c1853..eeb6262 100644
--- a/man/zh_CN/man5/passwd.5
+++ b/man/zh_CN/man5/passwd.5
@@ -2,12 +2,12 @@
 .\"     Title: passwd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "PASSWD" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PASSWD" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man5/porttime.5 b/man/zh_CN/man5/porttime.5
index 7a6b29f..3199137 100644
--- a/man/zh_CN/man5/porttime.5
+++ b/man/zh_CN/man5/porttime.5
@@ -2,12 +2,12 @@
 .\"     Title: porttime
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "PORTTIME" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "PORTTIME" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man5/shadow.5 b/man/zh_CN/man5/shadow.5
index 4d4b090..7991081 100644
--- a/man/zh_CN/man5/shadow.5
+++ b/man/zh_CN/man5/shadow.5
@@ -2,12 +2,12 @@
 .\"     Title: shadow
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "SHADOW" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SHADOW" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -38,12 +38,12 @@ is a file which contains the password information for the system\*(Aqs accounts
 .PP
 Each line of this file contains 9 fields, separated by colons (\(lq:\(rq), in the following order:
 .PP
-\fB登录�\fR
+\fBlogin name\fR
 .RS 4
 必须是有效的账户�，且已�存在于系统中。
 .RE
 .PP
-\fB加密了的密�\fR
+\fBencrypted password\fR
 .RS 4
 This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the
 /etc/shadow
@@ -59,7 +59,7 @@ If the password field contains some string that is not a valid result of
 \fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
 .RE
 .PP
-\fB最�一次更改密�的日期\fR
+\fBdate of last password change\fR
 .RS 4
 The date of the last password change, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -68,14 +68,14 @@ The value 0 has a special meaning, which is that the user should change her pass
 空字段表示密�年龄功能被�用。
 .RE
 .PP
-\fB密�的最�年龄\fR
+\fBminimum password age\fR
 .RS 4
 最�密�年龄是指，用户一次更改密�之�，�等多长时间��次被�许更改密�。
 .sp
 An empty field and value 0 mean that there is no minimum password age\&.
 .RE
 .PP
-\fB最大密�年龄\fR
+\fBmaximum password age\fR
 .RS 4
 最大密�年龄是指，这写天之�，用户必须更改密�。
 .sp
@@ -86,14 +86,14 @@ An empty field and value 0 mean that there is no minimum password age\&.
 如果最大密�年龄�于最�密�年龄，用户将会�能更改密�。
 .RE
 .PP
-\fB密�警告时间段\fR
+\fBpassword warning period\fR
 .RS 4
 密�过期之�，��警告用户的的天数(请�考上边的密�的最大年龄)。
 .sp
 空字段或者 0 表示没有密�警告期。
 .RE
 .PP
-\fB密��用期\fR
+\fBpassword inactivity period\fR
 .RS 4
 密�过期(查看上边的密�最大年龄)�，�然接�此密�的天数(在此期间，用户应该在下次登录时修改密�)。
 .sp
@@ -102,7 +102,7 @@ After expiration of the password and this expiration period is elapsed, no login
 空字段表示没有强制密�过期。
 .RE
 .PP
-\fB账户过期日期\fR
+\fBaccount expiration date\fR
 .RS 4
 The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
 .sp
@@ -113,7 +113,7 @@ Note that an account expiration differs from a password expiration\&. In case of
 应该��使用 0，因为它既能�解�永�过期也能�解�在1970年1月1日过期。
 .RE
 .PP
-\fB�留字段\fR
+\fBreserved field\fR
 .RS 4
 此字段�留作将�使用。
 .RE
diff --git a/man/zh_CN/man5/suauth.5 b/man/zh_CN/man5/suauth.5
index 55434bf..176649b 100644
--- a/man/zh_CN/man5/suauth.5
+++ b/man/zh_CN/man5/suauth.5
@@ -2,12 +2,12 @@
 .\"     Title: suauth
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
+.\"      Date: 2024-06-21
 .\"    Manual: File Formats and Configuration Files
-.\"    Source: shadow-utils 4.13
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "SUAUTH" "5" "2022-11-08" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.TH "SUAUTH" "5" "2024-06-21" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man8/chgpasswd.8 b/man/zh_CN/man8/chgpasswd.8
index c462a32..29228e1 100644
--- a/man/zh_CN/man8/chgpasswd.8
+++ b/man/zh_CN/man8/chgpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chgpasswd
 .\"    Author: Thomas K\(/loczko <kloczek@pld.org.pl>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "CHGPASSWD" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "CHGPASSWD" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chgpasswd \- 批�更新组密�
 .SH "大纲"
 .HP \w'\fBchgpasswd\fR\ 'u
-\fBchgpasswd\fR [\fI选项\fR]
+\fBchgpasswd\fR [\fIoptions\fR]
 .SH "�述"
 .PP
 The
@@ -63,7 +63,12 @@ command are:
 .RS 4
 使用指定的方法加密密�。
 .sp
-�用的方法有 DES, MD5, NONE, and SHA256 或 SHA512，��是您的 libc 支�这写方法。
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .RE
 .PP
 \fB\-e\fR, \fB\-\-encrypted\fR
@@ -94,14 +99,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 使用指定次数的轮转�加密密�。
 .sp
-值 0 表示让系统为加密方法选择默认的轮转次数 (5000)。
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-会强制最� 1,000，最大 9,9999,9999
-.sp
-您��以对 SHA256 或 SHA512 使用此选项。
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "CAVEATS"
 .PP
diff --git a/man/zh_CN/man8/chpasswd.8 b/man/zh_CN/man8/chpasswd.8
index fa03ab8..3729e51 100644
--- a/man/zh_CN/man8/chpasswd.8
+++ b/man/zh_CN/man8/chpasswd.8
@@ -2,12 +2,12 @@
 .\"     Title: chpasswd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "CHPASSWD" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "CHPASSWD" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 chpasswd \- 批�更新密�
 .SH "大纲"
 .HP \w'\fBchpasswd\fR\ 'u
-\fBchpasswd\fR [\fI选项\fR]
+\fBchpasswd\fR [\fIoptions\fR]
 .SH "�述"
 .PP
 The
@@ -68,7 +68,12 @@ command are:
 .RS 4
 使用指定的方法加密密�。
 .sp
-�用的方法有 DES, MD5, NONE, and SHA256 或 SHA512，��是您的 libc 支�这写方法。
+The available methods are
+\fIDES\fR,
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR
+and
+\fINONE\fR
+if your libc supports these methods\&.
 .sp
 By default (if none of the
 \fB\-c\fR,
@@ -106,22 +111,23 @@ directory and use the configuration files from the
 directory\&. Only absolute paths are supported\&.
 .RE
 .PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
 \fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
 .RS 4
 使用指定次数的轮转�加密密�。
 .sp
-值 0 表示让系统为加密方法选择默认的轮转次数 (5000)。
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-会强制最� 1,000，最大 9,9999,9999
-.sp
-您��以对 SHA256 或 SHA512 使用此选项。
-.sp
-By default, the number of rounds is defined by the
-\fBSHA_CRYPT_MIN_ROUNDS\fR
-and
-\fBSHA_CRYPT_MAX_ROUNDS\fR
-variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default number of rounds is 5000\&.
 .RE
 .SH "CAVEATS"
 .PP
diff --git a/man/zh_CN/man8/faillog.8 b/man/zh_CN/man8/faillog.8
index 9386374..0151be4 100644
--- a/man/zh_CN/man8/faillog.8
+++ b/man/zh_CN/man8/faillog.8
@@ -2,12 +2,12 @@
 .\"     Title: faillog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "FAILLOG" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "FAILLOG" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 faillog \- 显示登录失败记录或设置登录失败�制
 .SH "大纲"
 .HP \w'\fBfaillog\fR\ 'u
-\fBfaillog\fR [\fI选项\fR]
+\fBfaillog\fR [\fIoptions\fR]
 .SH "�述"
 .PP
 \fBfaillog\fR
diff --git a/man/zh_CN/man8/groupadd.8 b/man/zh_CN/man8/groupadd.8
index dcadcb1..5f846fc 100644
--- a/man/zh_CN/man8/groupadd.8
+++ b/man/zh_CN/man8/groupadd.8
@@ -2,12 +2,12 @@
 .\"     Title: groupadd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GROUPADD" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "GROUPADD" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupadd \- 创建一个新组
 .SH "大纲"
 .HP \w'\fBgroupadd\fR\ 'u
-\fBgroupadd\fR [\fI选项\fR] \fINEWGROUP\fR
+\fBgroupadd\fR [\fIOPTIONS\fR] \fINEWGROUP\fR
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man8/groupdel.8 b/man/zh_CN/man8/groupdel.8
index d20b5db..6cd0f67 100644
--- a/man/zh_CN/man8/groupdel.8
+++ b/man/zh_CN/man8/groupdel.8
@@ -2,12 +2,12 @@
 .\"     Title: groupdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GROUPDEL" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "GROUPDEL" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupdel \- 删除一个组
 .SH "大纲"
 .HP \w'\fBgroupdel\fR\ 'u
-\fBgroupdel\fR [\fI选项\fR] \fIGROUP\fR
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man8/groupmems.8 b/man/zh_CN/man8/groupmems.8
index 84a3f7d..8570809 100644
--- a/man/zh_CN/man8/groupmems.8
+++ b/man/zh_CN/man8/groupmems.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmems
 .\"    Author: George Kraft, IV
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GROUPMEMS" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "GROUPMEMS" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ utility to manage their own group membership list\&.
 .nf
 	$ groupadd \-r groups
 	$ chmod 2710 groupmems
-	$ chown root\&.groups groupmems
+	$ chown root:groups groupmems
 	$ groupmems \-g groups \-a gk4
     
 .fi
diff --git a/man/zh_CN/man8/groupmod.8 b/man/zh_CN/man8/groupmod.8
index d0df2e0..79b5648 100644
--- a/man/zh_CN/man8/groupmod.8
+++ b/man/zh_CN/man8/groupmod.8
@@ -2,12 +2,12 @@
 .\"     Title: groupmod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GROUPMOD" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "GROUPMOD" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 groupmod \- modify a group definition on the system
 .SH "大纲"
 .HP \w'\fBgroupmod\fR\ 'u
-\fBgroupmod\fR [\fI选项\fR] \fIGROUP\fR
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man8/grpck.8 b/man/zh_CN/man8/grpck.8
index a75388c..38a7a9d 100644
--- a/man/zh_CN/man8/grpck.8
+++ b/man/zh_CN/man8/grpck.8
@@ -2,12 +2,12 @@
 .\"     Title: grpck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "GRPCK" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "GRPCK" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 grpck \- 检查组文件的完整性
 .SH "大纲"
 .HP \w'\fBgrpck\fR\ 'u
-\fBgrpck\fR [选项] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man8/lastlog.8 b/man/zh_CN/man8/lastlog.8
index d3bafd0..30ab644 100644
--- a/man/zh_CN/man8/lastlog.8
+++ b/man/zh_CN/man8/lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: lastlog
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "LASTLOG" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "LASTLOG" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 lastlog \- 报告所有用户的最近登录情况，或者指定用户的最近登录情况
 .SH "大纲"
 .HP \w'\fBlastlog\fR\ 'u
-\fBlastlog\fR [\fI选项\fR]
+\fBlastlog\fR [\fIoptions\fR]
 .SH "�述"
 .PP
 \fBlastlog\fR
@@ -128,5 +128,5 @@ Database times of previous user logins\&.
 Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i\&.e\&. if in lastlog database there is no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171\-799)\&.
 .PP
 Having high UIDs can create problems when handling the
-<term> /var/log/lastlog</term>
+/var/log/lastlog
 with external tools\&. Although the actual file is sparse and does not use too much space, certain applications are not designed to identify sparse files by default and may require a specific option to handle them\&.
diff --git a/man/zh_CN/man8/logoutd.8 b/man/zh_CN/man8/logoutd.8
index 4481346..bded756 100644
--- a/man/zh_CN/man8/logoutd.8
+++ b/man/zh_CN/man8/logoutd.8
@@ -2,12 +2,12 @@
 .\"     Title: logoutd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "LOGOUTD" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "LOGOUTD" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man8/newusers.8 b/man/zh_CN/man8/newusers.8
index 01242e3..7f31ec0 100644
--- a/man/zh_CN/man8/newusers.8
+++ b/man/zh_CN/man8/newusers.8
@@ -2,12 +2,12 @@
 .\"     Title: newusers
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "NEWUSERS" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "NEWUSERS" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 newusers \- 批�更新和创建新用户
 .SH "大纲"
 .HP \w'\fBnewusers\fR\ 'u
-\fBnewusers\fR [\fI选项\fR] [\fI文件\fR]
+\fBnewusers\fR [\fIoptions\fR] [\fIfile\fR]
 .SH "�述"
 .PP
 The
@@ -168,14 +168,13 @@ directory\&. Only absolute paths are supported\&.
 .RS 4
 使用指定次数的轮转�加密密�。
 .sp
-值 0 表示让系统为加密方法选择默认的轮转次数 (5000)。
+You can only use this option with crypt method:
+\fISHA256\fR \fISHA512\fR
 .sp
-会强制最� 1,000，最大 9,9999,9999
-.sp
-您��以对 SHA256 或 SHA512 使用此选项。
-.sp
-By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+By default, the number of rounds for SHA256 or SHA512 is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 /etc/login\&.defs\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced for SHA256 and SHA512\&. The default is 5000\&.
 .RE
 .SH "CAVEATS"
 .PP
diff --git a/man/zh_CN/man8/nologin.8 b/man/zh_CN/man8/nologin.8
index 286ba0f..a5cc0d2 100644
--- a/man/zh_CN/man8/nologin.8
+++ b/man/zh_CN/man8/nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: nologin
 .\"    Author: Nicolas Fran\(,cois <nicolas.francois@centraliens.net>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "NOLOGIN" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "NOLOGIN" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man8/pwck.8 b/man/zh_CN/man8/pwck.8
index 4bae586..b3088a2 100644
--- a/man/zh_CN/man8/pwck.8
+++ b/man/zh_CN/man8/pwck.8
@@ -2,12 +2,12 @@
 .\"     Title: pwck
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "PWCK" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "PWCK" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pwck \- verify the integrity of password files
 .SH "大纲"
 .HP \w'\fBpwck\fR\ 'u
-\fBpwck\fR [选项] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
+\fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]]
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man8/pwconv.8 b/man/zh_CN/man8/pwconv.8
index c519a90..cc29def 100644
--- a/man/zh_CN/man8/pwconv.8
+++ b/man/zh_CN/man8/pwconv.8
@@ -2,12 +2,12 @@
 .\"     Title: pwconv
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "PWCONV" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "PWCONV" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,13 +31,13 @@
 pwconv, pwunconv, grpconv, grpunconv \- 在影�密�和组以�其它直接转�
 .SH "大纲"
 .HP \w'\fBpwconv\fR\ 'u
-\fBpwconv\fR [\fI选项\fR]
+\fBpwconv\fR [\fIoptions\fR]
 .HP \w'\fBpwunconv\fR\ 'u
-\fBpwunconv\fR [\fI选项\fR]
+\fBpwunconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpconv\fR\ 'u
-\fBgrpconv\fR [\fI选项\fR]
+\fBgrpconv\fR [\fIoptions\fR]
 .HP \w'\fBgrpunconv\fR\ 'u
-\fBgrpunconv\fR [\fI选项\fR]
+\fBgrpunconv\fR [\fIoptions\fR]
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man8/sulogin.8 b/man/zh_CN/man8/sulogin.8
index e7fdf61..555b60d 100644
--- a/man/zh_CN/man8/sulogin.8
+++ b/man/zh_CN/man8/sulogin.8
@@ -2,12 +2,12 @@
 .\"     Title: sulogin
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "SULOGIN" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "SULOGIN" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/zh_CN/man8/useradd.8 b/man/zh_CN/man8/useradd.8
index 580372e..1739175 100644
--- a/man/zh_CN/man8/useradd.8
+++ b/man/zh_CN/man8/useradd.8
@@ -2,12 +2,12 @@
 .\"     Title: useradd
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "USERADD" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "USERADD" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,11 +31,11 @@
 useradd \- 创建一个新用户或更新默认新用户信�
 .SH "大纲"
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR [\fI选项\fR] \fI登录\fR
+\fBuseradd\fR [\fIoptions\fR] \fILOGIN\fR
 .HP \w'\fBuseradd\fR\ 'u
 \fBuseradd\fR \-D
 .HP \w'\fBuseradd\fR\ 'u
-\fBuseradd\fR \-D [\fI选项\fR]
+\fBuseradd\fR \-D [\fIoptions\fR]
 .SH "�述"
 .PP
 When invoked without the
@@ -169,7 +169,11 @@ variable in
 .RS 4
 A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
 \fB\-g\fR
-option\&. The default is for the user to belong only to the initial group\&.
+option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
+\fBGROUPS\fR
+to the file
+/etc/default/useradd
+which in turn will add all users to those supplementary groups\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -194,6 +198,10 @@ variable in
 or, by default,
 /etc/skel\&.
 .sp
+Absolute symlinks that link back to the skel directory will have the
+/etc/skel
+prefix replaced with the user\*(Aqs home directory\&.
+.sp
 如果�以，也�制 ACL 和扩展属性。
 .RE
 .PP
@@ -380,9 +388,21 @@ variable in
 .PP
 \fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
 .RS 4
-defines the SELinux user for the new account\&. Without this option, a SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
+\fBsemanage\fR(8)
+for that\&.
+.RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
 \fBsemanage\fR(8)
 for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
 .RE
 .SS "更改默认值"
 .PP
@@ -469,7 +489,7 @@ Usernames may contain only lower and upper case letters, digits, underscores, or
 \fBls\fR
 output\&.
 .PP
-用户��能超过 32 个字符长。
+用户��能超过 256 个字符长。
 .SH "�置文件"
 .PP
 The following configuration variables in
diff --git a/man/zh_CN/man8/userdel.8 b/man/zh_CN/man8/userdel.8
index c6700ae..d03dd71 100644
--- a/man/zh_CN/man8/userdel.8
+++ b/man/zh_CN/man8/userdel.8
@@ -2,12 +2,12 @@
 .\"     Title: userdel
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "USERDEL" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "USERDEL" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 userdel \- 删除用户账户和相关文件
 .SH "大纲"
 .HP \w'\fBuserdel\fR\ 'u
-\fBuserdel\fR [选项] \fI登录\fR
+\fBuserdel\fR [options] \fILOGIN\fR
 .SH "�述"
 .PP
 The
diff --git a/man/zh_CN/man8/usermod.8 b/man/zh_CN/man8/usermod.8
index 2b5a91d..6bc9f59 100644
--- a/man/zh_CN/man8/usermod.8
+++ b/man/zh_CN/man8/usermod.8
@@ -2,12 +2,12 @@
 .\"     Title: usermod
 .\"    Author: Julianne Frances Haugh
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "USERMOD" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "USERMOD" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 usermod \- 修改一个用户账户
 .SH "大纲"
 .HP \w'\fBusermod\fR\ 'u
-\fBusermod\fR [\fI选项\fR] \fI登录\fR
+\fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
 .SH "�述"
 .PP
 The
@@ -309,6 +309,18 @@ from /etc/login\&.defs\&.
 defines the SELinux user to be mapped with
 \fILOGIN\fR\&. An empty string ("") will remove the respective entry (if any)\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses semanage(8) for that\&.
 .RE
+.PP
+\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
+.RS 4
+defines the SELinux MLS range for the new account\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
+\fBsemanage\fR(8)
+for that\&.
+.sp
+This option is only valid if the
+\fB\-Z\fR
+(or
+\fB\-\-selinux\-user\fR) option is specified\&.
+.RE
 .SH "CAVEATS"
 .PP
 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
@@ -336,7 +348,7 @@ Group account information
 .PP
 /etc/gshadow
 .RS 4
-Secure group account informatio\&.
+Secure group account information
 .RE
 .PP
 /etc/login\&.defs
diff --git a/man/zh_CN/man8/vipw.8 b/man/zh_CN/man8/vipw.8
index edc156f..c28295d 100644
--- a/man/zh_CN/man8/vipw.8
+++ b/man/zh_CN/man8/vipw.8
@@ -2,12 +2,12 @@
 .\"     Title: vipw
 .\"    Author: Marek Micha\(/lkiewicz
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 2022-11-08
-.\"    Manual: 系统管�命令
-.\"    Source: shadow-utils 4.13
+.\"      Date: 2024-06-21
+.\"    Manual: System Management Commands
+.\"    Source: shadow-utils 4.15.2
 .\"  Language: Chinese Simplified
 .\"
-.TH "VIPW" "8" "2022-11-08" "shadow\-utils 4\&.13" "系统管�命令"
+.TH "VIPW" "8" "2024-06-21" "shadow\-utils 4\&.15\&.2" "System Management Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,16 +31,16 @@
 vipw, vigr \- 编辑密��组�影�密�或影�组文件。
 .SH "大纲"
 .HP \w'\fBvipw\fR\ 'u
-\fBvipw\fR [\fI选项\fR]
+\fBvipw\fR [\fIoptions\fR]
 .HP \w'\fBvigr\fR\ 'u
-\fBvigr\fR [\fI选项\fR]
+\fBvigr\fR [\fIoptions\fR]
 .SH "�述"
 .PP
 The
 \fBvipw\fR
 and
 \fBvigr\fR
-commands edits the files
+commands edit the files
 /etc/passwd
 and
 /etc/group, respectively\&. With the
diff --git a/man/zh_TW/Makefile.in b/man/zh_TW/Makefile.in
index 65c57b9..aa24541 100644
--- a/man/zh_TW/Makefile.in
+++ b/man/zh_TW/Makefile.in
@@ -172,6 +172,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -190,6 +192,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -205,9 +208,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -223,6 +232,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -231,6 +241,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -253,6 +265,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 61b79db..9ff6100 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -1,24 +1,65 @@
 # List of files which contain translatable strings.
 
+lib/addgrps.c
+lib/age.c
+lib/audit_help.c
+lib/basename.c
+lib/chkname.c
+lib/chowndir.c
+lib/chowntty.c
+lib/cleanup.c
+lib/cleanup_group.c
+lib/cleanup_user.c
 lib/commonio.c
+lib/console.c
+lib/copydir.c
 lib/encrypt.c
+lib/env.c
+lib/failure.c
 lib/fields.c
+lib/find_new_gid.c
+lib/find_new_sub_gids.c
+lib/find_new_sub_uids.c
+lib/find_new_uid.c
 lib/fputsx.c
-lib/getdef.c
 lib/get_gid.c
-lib/getlong.c
 lib/get_uid.c
+lib/getdef.c
+lib/getgr_nam_gid.c
+lib/getrange.c
 lib/groupio.c
 lib/groupmem.c
 lib/gshadow.c
+lib/hushed.c
+lib/idmapping.c
+lib/isexpired.c
+lib/limits.c
+lib/list.c
 lib/lockpw.c
+lib/log.c
+lib/loginprompt.c
+lib/mail.c
+lib/motd.c
+lib/myname.c
 lib/nscd.c
+lib/obscure.c
+lib/pam_pass.c
+lib/pam_pass_non_interactive.c
 lib/port.c
 lib/pwauth.c
+lib/pwd_init.c
+lib/pwd2spwd.c
+lib/pwdcheck.c
 lib/pwio.c
 lib/pwmem.c
+lib/remove_tree.c
+lib/rlogin.c
+lib/root_flag.c
+lib/salt.c
 lib/selinux.c
 lib/semanage.c
+lib/setugid.c
+lib/setupenv.c
 lib/sgetgrent.c
 lib/sgetpwent.c
 lib/sgetspent.c
@@ -26,66 +67,20 @@ lib/sgroupio.c
 lib/shadow.c
 lib/shadowio.c
 lib/shadowmem.c
+lib/shell.c
 lib/spawn.c
+lib/strtoday.c
+lib/sub.c
+lib/sulog.c
 lib/tcbfuncs.c
-lib/utent.c
-libmisc/addgrps.c
-libmisc/age.c
-libmisc/audit_help.c
-libmisc/basename.c
-libmisc/chkname.c
-libmisc/chowndir.c
-libmisc/chowntty.c
-libmisc/cleanup.c
-libmisc/cleanup_group.c
-libmisc/cleanup_user.c
-libmisc/console.c
-libmisc/copydir.c
-libmisc/date_to_str.c
-libmisc/entry.c
-libmisc/env.c
-libmisc/failure.c
-libmisc/find_new_gid.c
-libmisc/find_new_sub_gids.c
-libmisc/find_new_sub_uids.c
-libmisc/find_new_uid.c
-libmisc/getgr_nam_gid.c
-libmisc/getrange.c
-libmisc/hushed.c
-libmisc/idmapping.c
-libmisc/isexpired.c
-libmisc/limits.c
-libmisc/list.c
-libmisc/log.c
-libmisc/loginprompt.c
-libmisc/mail.c
-libmisc/motd.c
-libmisc/myname.c
-libmisc/obscure.c
-libmisc/pam_pass.c
-libmisc/pam_pass_non_interactive.c
-libmisc/pwd2spwd.c
-libmisc/pwdcheck.c
-libmisc/pwd_init.c
-libmisc/remove_tree.c
-libmisc/rlogin.c
-libmisc/root_flag.c
-libmisc/salt.c
-libmisc/setugid.c
-libmisc/setupenv.c
-libmisc/shell.c
-libmisc/strtoday.c
-libmisc/sub.c
-libmisc/sulog.c
-libmisc/ttytype.c
-libmisc/tz.c
-libmisc/ulimit.c
-libmisc/user_busy.c
-libmisc/utmp.c
-libmisc/valid.c
-libmisc/xgetXXbyYY.c
-libmisc/xmalloc.c
-libmisc/yesno.c
+lib/ttytype.c
+lib/tz.c
+lib/ulimit.c
+lib/user_busy.c
+lib/utmp.c
+lib/valid.c
+lib/xgetXXbyYY.c
+lib/yesno.c
 src/chage.c
 src/chfn.c
 src/chgpasswd.c
diff --git a/po/bs.po b/po/bs.po
index 980cb02..e97797c 100644
--- a/po/bs.po
+++ b/po/bs.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2004-05-09 12:03+0100\n"
 "Last-Translator: Safir Šećerović <sapphire@linux.org.ba>\n"
 "Language-Team: Bosnian <lokal@lugbih.org>\n"
@@ -18,218 +18,6 @@ msgstr ""
 "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Å ifra:"
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s's Å ifra: "
-
-msgid "Cannot open audit interface.\n"
-msgstr ""
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: nepoznat �lan %s\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: nepoznat �lan %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: nepoznat �lan %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: nepoznat �lan %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: grupa %s postoji\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: nepoznat �lan %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr ""
 
@@ -276,13 +64,19 @@ msgid "%s: failed to unlock %s\n"
 msgstr ""
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
+#, c-format
 msgid "%s: "
 msgstr ""
 
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
 msgstr ""
 
 #, c-format
@@ -378,7 +172,14 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+
+msgid "Could not allocate space for config info.\n"
+msgstr ""
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
 
 #, fuzzy, c-format
@@ -406,9 +207,9 @@ msgstr ""
 msgid "%s: Could not set caps\n"
 msgstr "%s: nepoznat �lan %s\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: stpeprintf failed!\n"
+msgstr "nepoznata grupa: %s\n"
 
 #, fuzzy, c-format
 msgid "%s: open of %s failed: %s\n"
@@ -418,9 +219,19 @@ msgstr "nepoznata grupa: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Previše prijavljivanja.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+
 msgid "You have new mail."
 msgstr "Imate novu poštu."
 
@@ -430,6 +241,14 @@ msgstr "Nema pošte."
 msgid "You have mail."
 msgstr "Imate poštu."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr ""
 
@@ -442,9 +261,6 @@ msgstr ""
 msgid "too similar"
 msgstr ""
 
-msgid "too simple"
-msgstr ""
-
 msgid "rotated"
 msgstr ""
 
@@ -488,6 +304,13 @@ msgid ""
 "%s\n"
 msgstr ""
 
+msgid "Password: "
+msgstr "Å ifra:"
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s's Å ifra: "
+
 #, fuzzy, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Mijenjam Å¡ifru za grupu %s\n"
@@ -513,18 +336,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -537,6 +356,105 @@ msgid ""
 "method.\n"
 msgstr ""
 
+msgid "Cannot open audit interface.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: nepoznat �lan %s\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: nepoznat �lan %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr ""
@@ -549,6 +467,10 @@ msgid "Cannot execute %s"
 msgstr ""
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr ""
 
@@ -556,6 +478,84 @@ msgstr ""
 msgid "Can't change root directory to '%s'\n"
 msgstr ""
 
+#, c-format
+msgid "%s: out of memory\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: nepoznat �lan %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: nepoznat �lan %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: grupa %s postoji\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: nepoznat �lan %s\n"
+
 #, fuzzy, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: grupa %s postoji\n"
@@ -613,6 +613,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -638,13 +641,16 @@ msgstr "Å ifra neaktivna"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Datum isteka ra�una (GGGG-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr ""
-
 #, fuzzy
 msgid "never"
 msgstr "Nikad"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr ""
+
 msgid "password must be changed"
 msgstr ""
 
@@ -815,14 +821,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: grupa %s postoji\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr ""
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr ""
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr ""
 
@@ -851,6 +849,10 @@ msgid ""
 msgstr ""
 
 #, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
+#, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr ""
 
@@ -900,6 +902,14 @@ msgstr ""
 msgid "Login Shell"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr ""
@@ -913,6 +923,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr ""
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: grupa %s postoji\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: grupa %s postoji\n"
 
@@ -1120,9 +1134,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1135,6 +1146,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: grupa %s postoji\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: nepoznat �lan %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "nepoznata grupa: %s\n"
 
@@ -1176,14 +1191,6 @@ msgstr ""
 msgid "%s: group '%s' does not exist\n"
 msgstr "%s: grupa %s postoji\n"
 
-#, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: grupa %s postoji\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr ""
-
 #, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr ""
@@ -1260,10 +1267,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr ""
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr ""
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr ""
 
@@ -1378,7 +1381,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1467,9 +1470,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-
 #, c-format
 msgid ""
 "\n"
@@ -1502,12 +1502,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: nepoznat �lan %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr ""
 
@@ -1540,7 +1534,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1564,17 +1559,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "nepoznata grupa: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1608,14 +1599,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "nepoznata grupa: %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1636,6 +1626,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr ""
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr ""
 
@@ -1655,6 +1649,10 @@ msgstr "nepoznata grupa: %s\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: grupa %s postoji\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr ""
@@ -1675,15 +1673,15 @@ msgstr "nepoznata grupa: %s\n"
 msgid "%s: line %d: can't update entry\n"
 msgstr ""
 
-#, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "nepoznata grupa: %s\n"
-
 #, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr ""
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "nepoznata grupa: %s\n"
 
@@ -1741,6 +1739,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Stara Å¡ifra:"
 
@@ -1756,6 +1757,10 @@ msgid ""
 "Please use a combination of upper and lower case letters and numbers.\n"
 msgstr ""
 
+#, fuzzy
+msgid "Password is too long.\n"
+msgstr "Vaša šifra je istekla."
+
 msgid "New password: "
 msgstr "Nova Å¡ifra:"
 
@@ -1796,6 +1801,10 @@ msgid "%s: repository %s not supported\n"
 msgstr ""
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1938,11 +1947,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2003,6 +2010,10 @@ msgid "No passwd entry for user '%s'\n"
 msgstr ""
 
 #, c-format
+msgid "Overlong user name '%s'\n"
+msgstr ""
+
+#, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr ""
 
@@ -2045,6 +2056,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "nepoznata grupa: %s\n"
@@ -2054,10 +2071,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr ""
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr ""
 
@@ -2073,10 +2086,6 @@ msgstr "nepoznata grupa: %s\n"
 msgid "%s: rename: %s: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
-#, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: grupa %s postoji\n"
-
 #, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr ""
@@ -2186,6 +2195,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr ""
@@ -2312,6 +2326,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr ""
 
+msgid "Synchronize mailbox file"
+msgstr ""
+
+msgid "Closing mailbox file"
+msgstr ""
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2425,10 +2445,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr ""
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr ""
 
@@ -2525,6 +2541,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2607,10 +2627,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr ""
@@ -2706,7 +2734,7 @@ msgstr ""
 msgid "failed to stat edited file"
 msgstr ""
 
-msgid "failed to allocate memory"
+msgid "asprintf(3) failed"
 msgstr ""
 
 msgid "failed to create backup file"
@@ -2721,14 +2749,22 @@ msgid "%s: failed to find tcb directory for %s\n"
 msgstr ""
 
 #, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: grupa %s postoji\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: grupa %s postoji\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Upozorenje o isteku Å¡ifre"
 
 #, fuzzy
-#~ msgid "Password set to expire."
-#~ msgstr "Vaša šifra je istekla."
-
-#, fuzzy
 #~ msgid "\tRoom Number: %s\n"
 #~ msgstr "Broj sobe"
 
diff --git a/po/ca.gmo b/po/ca.gmo
index 342d852..f55a2eb 100644
--- a/po/ca.gmo
+++ b/po/ca.gmo
diff --git a/po/ca.po b/po/ca.po
index 500db39..87a8d25 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2012-01-22 18:25+0100\n"
 "Last-Translator: Innocent De Marchi <tangram.peces@gmail.com>\n"
 "Language-Team: Catalan <debian-l10n-catalan@lists.debian.org>\n"
@@ -19,230 +19,6 @@ msgstr ""
 "X-Poedit-Country: SPAIN\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Diverses entrades de nom «%s» a %s. Corregiu això amb «pwck» o «grpck».\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "el mètode «crypt» no és compatible amb «libcrypt»? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "error en la configuració - no és possible analitzar el valor %s: «%s»"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "No s'ha pogut reservar espai per a la informació de configuració.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"error de configuració - element «%s» desconegut (notifiqueu-ho a "
-"l'administrador)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd no ha acabat correctament (senyal %d)\n"
-
-#, fuzzy, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: «nscd» ha sortit amb l'estat %d"
-
-msgid "Password: "
-msgstr "Contrasenya: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Contrasenya de l'usuari %s: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "No es pot obrir la interfície d'auditoria - cancel·lant.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "No es pot generar l'identificador de gestió SELinux\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "No és possible gestionar la directiva SELinux\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "No es pot llegir el magatzem de directives de SELinux\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "No es pot establir la connexió de gestió SELinux\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "No es pot iniciar la transacció SELinux\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "No es pot consultar el «seuser» per a %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "No s'ha pogut definir el «serange» per a %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "No es pot establir «sename» per a %s.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "No es pot modificar el mapatge d'inici de sessió per a %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "No es pot generar el mapatge d'inici de sessió SELinux per a %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "No s'ha pogut establir el nom per a %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "No s'ha pogut establir l'usuari SELinux per a %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "No s'ha pogut afegir l'assignació de connexió per a  %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "No es pot iniciar el gestor SELinux\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "No es pot generar la clau SELinux de l'usuari.\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "No es pot verificar l'usuari de SELinux\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "No es pot modificar l'assignació d'usuaris de SELinux\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "No es pot afegir l'assignació de l'usuari de SELinux\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "No es pot validar la transacció SELinux\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"L'assignació d'inici de sessió per a %s no està definida, seleccionau «OK» "
-"si s'utilitzava l'assignació per defecte\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"L'assignació d'inici de sessió per a %s està definida a la directiva de "
-"seguretat, no és possible eliminar-la\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "No es pot eliminar el mapatge d'inici de sessió per a %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: s'ha exhaurit la memòria\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: no es pot generar el fitxer %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s:  %s no és ni un directori ni un enllaç simbòlic.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: no es pot llegir l'enllaç simbòlic %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: enllaç simbòlic sospitosament llarg:  %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: no es pot crear el directori %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: no es pot canviar el propietari de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: no es pot canviar el mode de %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: desvincular: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: no es pot eliminar el directori %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: no es pot reanomenar  %s a %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: no es pot eliminar %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: no es pot generar l'enllaç simbòlic %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: no es pot canviar els propietaris de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: no es pot «lstat» %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: advertència, els usuaris %s no tenen el fitxer «tcb shadow».\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: emergència: el fitxer «tcb sahdow» %s no és un fitxer regular amb "
-"st_nlink=1.\n"
-"El compte queda bloquejat.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: reanomena: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: no es pot obrir el fitxer %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Avís: el grup %s és desconegut\n"
 
@@ -290,14 +66,21 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: ha fallat el desbloqueig de %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Diverses entrades de nom «%s» a %s. Corregiu això amb «pwck» o «grpck».\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Desbordament d'entorn\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "el mètode «crypt» no és compatible amb «libcrypt»? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -415,8 +198,17 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: no es pot obtenir un GID únic (no hi ha més GID disponibles)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "error en la configuració - no és possible analitzar el valor %s: «%s»"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "No s'ha pogut reservar espai per a la informació de configuració.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"error de configuració - element «%s» desconegut (notifiqueu-ho a "
+"l'administrador)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -448,7 +240,7 @@ msgstr "No s'ha pogut establir el nom per a %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: no es pot obrir el fitxer\n"
 
 #, fuzzy, c-format
@@ -463,9 +255,23 @@ msgid "%s: write to %s failed: %s\n"
 msgstr ""
 "%s: línia %d: no s'ha pogut canviar el propietari (ordre «chown»)  %s: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr ""
+"%s: línia %d: no s'ha pogut canviar el propietari (ordre «chown»)  %s: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Massa entrades.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s usuari: "
+
 msgid "You have new mail."
 msgstr "Teniu correu nou."
 
@@ -475,6 +281,14 @@ msgstr "No hi ha correu."
 msgid "You have mail."
 msgstr "Teniu correu."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd no ha acabat correctament (senyal %d)\n"
+
+#, fuzzy, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: «nscd» ha sortit amb l'estat %d"
+
 msgid "no change"
 msgstr "no hi ha canvis"
 
@@ -487,9 +301,6 @@ msgstr "només canvis de majúscules/minúscules"
 msgid "too similar"
 msgstr "massa similar"
 
-msgid "too simple"
-msgstr "massa senzilla"
-
 msgid "rotated"
 msgstr "rotada"
 
@@ -535,6 +346,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() ha fallat, error %d\n"
 
+msgid "Password: "
+msgstr "Contrasenya: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Contrasenya de l'usuari %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "La contrasenya és incorrecta per a «%s».\n"
@@ -560,17 +378,13 @@ msgstr "%s: camí «chroot» incorrecta  «%s»\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: no es pot accedir al directori «chroot» %s: %s\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: no es pot accedir al directori «chroot» %s: %s\n"
-
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: no es pot executar «chroot» en el directori %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: no es pot accedir al directori «chroot» %s: %s\n"
 
 #, c-format
 msgid ""
@@ -587,6 +401,112 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "No es pot obrir la interfície d'auditoria - cancel·lant.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "No es pot generar l'identificador de gestió SELinux\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "No és possible gestionar la directiva SELinux\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "No es pot llegir el magatzem de directives de SELinux\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "No es pot establir la connexió de gestió SELinux\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "No es pot iniciar la transacció SELinux\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "No es pot consultar el «seuser» per a %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "No s'ha pogut definir el «serange» per a %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "No es pot establir «sename» per a %s.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "No es pot modificar el mapatge d'inici de sessió per a %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "No es pot generar el mapatge d'inici de sessió SELinux per a %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "No s'ha pogut establir el nom per a %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "No s'ha pogut establir l'usuari SELinux per a %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "No s'ha pogut afegir l'assignació de connexió per a  %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "No es pot iniciar el gestor SELinux\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "No es pot generar la clau SELinux de l'usuari.\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "No es pot verificar l'usuari de SELinux\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "No es pot modificar l'assignació d'usuaris de SELinux\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "No es pot afegir l'assignació de l'usuari de SELinux\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "No es pot validar la transacció SELinux\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"L'assignació d'inici de sessió per a %s no està definida, seleccionau «OK» "
+"si s'utilitzava l'assignació per defecte\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"L'assignació d'inici de sessió per a %s està definida a la directiva de "
+"seguretat, no és possible eliminar-la\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "No es pot eliminar el mapatge d'inici de sessió per a %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "No es pot canviar al directori «%s»\n"
@@ -599,6 +519,10 @@ msgid "Cannot execute %s"
 msgstr "No es pot executar %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "El directori arrel «%s» no és vàlid\n"
 
@@ -607,6 +531,87 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "No es pot canviar el directori arrel a «%s»\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: s'ha exhaurit la memòria\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: no es pot generar el fitxer %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s:  %s no és ni un directori ni un enllaç simbòlic.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: no es pot llegir l'enllaç simbòlic %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: enllaç simbòlic sospitosament llarg:  %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: no es pot crear el directori %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: no es pot canviar el propietari de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: no es pot canviar el mode de %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: desvincular: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: no es pot eliminar el directori %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: no es pot reanomenar  %s a %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: no es pot eliminar %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: no es pot generar l'enllaç simbòlic %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: no es pot canviar els propietaris de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: no es pot «lstat» %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: advertència, els usuaris %s no tenen el fitxer «tcb shadow».\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: emergència: el fitxer «tcb sahdow» %s no és un fitxer regular amb "
+"st_nlink=1.\n"
+"El compte queda bloquejat.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: reanomena: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: no es pot obrir el fitxer %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: l'usuari %s està actualment dins el sistema\n"
 
@@ -685,6 +690,12 @@ msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 "  -R, --root CHROOT_DIR         fes «chroot» en el directori CHROOT_DIR \n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+"  -R, --root CHROOT_DIR         fes «chroot» en el directori CHROOT_DIR \n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -712,12 +723,15 @@ msgstr "Contrasenya inactiva"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Data de caducitat per al compte (AAAA-MM-YY)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Últim canvi de contrasenya\t\t\t\t: "
-
 msgid "never"
 msgstr "mai"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Últim canvi de contrasenya\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "s'ha de canviar la contrasenya"
 
@@ -898,14 +912,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: l'usuari «%s» no existeix\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: no s'ha pogut canviar l'usuari «%s» al client NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: «%s» és el mestre NIS per a aquest client.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "S'està canviant la informació d'usuari per a %s\n"
 
@@ -947,6 +953,11 @@ msgstr ""
 " -s, --sha-rounds              nombre de passos SHA pel\n"
 "                                algorisme de xifratge SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s:  mètode de xifratge no està implementat: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: el senyalador %s només és permet amb el senyalador %s\n"
@@ -999,6 +1010,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Intèrpret d'accés"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: No es pot obtenir la mida de %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: no es pot crear un fitxer nou de preferències predeterminades\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "No podeu canviar l'intèrpret («shell») per a «%s».\n"
@@ -1011,6 +1032,11 @@ msgstr "S'està canviant l'intèrpret d'accés per a %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: L'entrada no és vàlida: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s no és un intèrpret («shell») vàlid.\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s no és un intèrpret («shell») vàlid.\n"
@@ -1266,12 +1292,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  genera un compte del sistema\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-"  -R, --root CHROOT_DIR         fes «chroot» en el directori CHROOT_DIR \n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    llista els membres del grup\n"
@@ -1285,6 +1305,11 @@ msgstr "el nom d'usuari «%s» no és vàlid\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: «%s» no és un nom de grup vàlid\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: no es pot obrir el fitxer %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: l'ID de grup «%s» no és vàlid\n"
@@ -1331,14 +1356,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: el grup «%s» no existeix\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: el grup «%s» és un grup NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s és el mestre NIS\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: l'usuari «%s» és membre de %s\n"
 
@@ -1437,10 +1454,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: el nom de grup «%s» no és vàlid\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: el grup %s no és un grup NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: usuari %s desconegut\n"
 
@@ -1567,7 +1580,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     mostra els registres «faillog» per a tots "
@@ -1669,10 +1682,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: no es pot treballar sense ésser administrador\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"No hi ha entrada utmp. Heu d'executar «login» des del «sh» de nivell més baix"
-
 #, c-format
 msgid ""
 "\n"
@@ -1707,14 +1716,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "No es pot trobar l'usuari (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s usuari: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: fallada al fer fork: %s"
 
@@ -1749,7 +1750,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1777,19 +1779,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: ha fallat el desbloqueig de %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: no es pot generar el directori «tcb» per a %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1822,14 +1819,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: no es pot generar el directori «tcb» per a %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1853,6 +1850,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: el nom d'usuari «%s» no és vàlid\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: línia %d: la línia no és vàlida\n"
 
@@ -1874,6 +1875,11 @@ msgstr "%s: línia %d: no es pot generar el grup\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: line %d: l'usuari «%s» no existeix a %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: desvincular: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: línia %d: no es pot actualitzar la contrasenya\n"
@@ -1899,14 +1905,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: línia %d: no es pot actualitzar l'entrada\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: ha fallat la preparació de la nova entrada %s: «%s»\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: no es pot generar l'usuari\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: ha fallat la preparació de la nova entrada %s: «%s»\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: no es pot actualitzar el fitxer de grups\n"
 
@@ -1981,6 +1987,12 @@ msgstr ""
 "  -x, --maxdays DIES_MÀX        estableix els dies màxims abans del canvi\n"
 "                                de contrasenya a DIES_MÀX\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    mostra informació d'envelliment del compte\n"
+
 msgid "Old password: "
 msgstr "Contrasenya antiga: "
 
@@ -2001,6 +2013,11 @@ msgstr ""
 "Feu servir una combinació de lletres majúscules i minúscules i\n"
 "números.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: els camps són massa llargs\n"
+
 msgid "New password: "
 msgstr "Contrasenya nova:"
 
@@ -2045,6 +2062,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: el dipòsit %s no és admès\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s:només l'usuari «root» pot fer servir l'opció -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s no està autoritzat per canviar la contrasenya de %s\n"
@@ -2200,11 +2222,9 @@ msgstr "%s: senyal de mal funcionament\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sessió acabada, finalitzant el «shell»..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr "...mort.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr "...esperant al fill per acabar.\n"
 
@@ -2292,6 +2312,11 @@ msgstr "%s:  No estau autoritzat a usar «su» en aquest moment\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "No hi ha entrada de contrasenya per a l'usuari «%s»\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "el nom d'usuari «%s» no és vàlid\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: s'ha d'executar des d'un terminal\n"
@@ -2338,6 +2363,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: la configuració %s a %s serà ignorada\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: la configuració %s a %s serà ignorada\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: no es pot crear un fitxer nou de preferències predeterminades\n"
@@ -2348,10 +2380,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: no es pot crear un fitxer nou de preferències predeterminades\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: no es pot crear un fitxer nou de preferències predeterminades\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: no es pot obrir un fitxer nou de preferències predeterminades\n"
 
@@ -2368,10 +2396,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: reanomena %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: el grup «%s» és un grup NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: s'han especificat massa grups (màx de %d).\n"
 
@@ -2511,6 +2535,17 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     utilitzar un «SEUSER» específic per a "
 "l'assignació d'usuaris «SELinux»\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     utilitzar un «SEUSER» específic per a "
+"l'assignació d'usuaris «SELinux»\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: el directori base «%s» no és vàlid\n"
@@ -2665,6 +2700,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "S'estan establint els permisos de la bústia de correu"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "S'està creant la bústia de correu"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "S'està creant la bústia de correu"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2801,10 +2846,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: no es pot eliminar els fitxers «tcb» de %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: l'usuari %s és un usuari NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: no s'ha trobat el directori personal (%s) de %s \n"
 
@@ -2933,6 +2974,16 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     nova assignació SELinux per al compte "
 "d'usuari\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     nova assignació SELinux per al compte "
+"d'usuari\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3029,12 +3080,26 @@ msgstr ""
 "%s: ha fallat la còpia de l'entrada del darrer registre de l'usuari %lu al "
 "usuari  %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: ha fallat la còpia de l'entrada del darrer registre de l'usuari %lu al "
+"usuari  %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: ha fallat la còpia de l'entrada del registre d'errors del usuari %lu al "
 "usuari  %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: ha fallat la còpia de l'entrada del registre d'errors del usuari %lu al "
+"usuari  %lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: avís: %s no és propietat de %s\n"
@@ -3137,8 +3202,10 @@ msgstr "no s'ha pogut desvincular el fitxer de treball "
 msgid "failed to stat edited file"
 msgstr "no s'ha pogut comptabilitzar el fitxer editat"
 
-msgid "failed to allocate memory"
-msgstr "no es pot assignar memòria"
+#, fuzzy
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: no es pot obrir el fitxer\n"
 
 msgid "failed to create backup file"
 msgstr "no es pot generar el fitxer de còpia de seguretat"
@@ -3151,6 +3218,57 @@ msgstr "%s: no es pot restaurar %s: %s (els seus canvis estan a %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Desbordament d'entorn\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: no s'ha pogut canviar l'usuari «%s» al client NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: «%s» és el mestre NIS per a aquest client.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: el grup «%s» és un grup NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s és el mestre NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: el grup %s no és un grup NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: no es pot crear un fitxer nou de preferències predeterminades\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: el grup «%s» és un grup NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: l'usuari %s és un usuari NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "massa senzilla"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "No hi ha entrada utmp. Heu d'executar «login» des del «sh» de nivell més "
+#~ "baix"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "no es pot assignar memòria"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Forma d'ús: id\n"
 
@@ -3166,10 +3284,6 @@ msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: la informació de caducitat de la contrasenya ha canviat.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "el nom d'usuari «%s» no és vàlid\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Usuari           Port     Des de           Últim"
 
diff --git a/po/cs.gmo b/po/cs.gmo
index 856d108..6d012ce 100644
--- a/po/cs.gmo
+++ b/po/cs.gmo
diff --git a/po/cs.po b/po/cs.po
index b9d48eb..b580859 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2014-08-24 15:07+0200\n"
 "Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
 "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
@@ -18,228 +18,6 @@ msgstr ""
 "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Zjištěno několik záznamů pojmenovaných „%s“ v souboru %s. Napravte to prosím "
-"pomocí pwck nebo grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "typ šifry není knihovnou libcrypt podporován? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "konfigura�ní chyba - nelze zpracovat hodnotu %s: „%s“"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Nelze alokovat dostatek místa pro konfigura�ní údaje.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"konfigura�ní chyba - neznámá položka „%s“ (informujte správce systému)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd nebyl ukon�en normálně (signál %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd skon�il se stavem %d\n"
-
-msgid "Password: "
-msgstr "Heslo: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Heslo uživatele %s: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Nelze otevřít auditní rozhraní - kon�ím.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Nelze vytvořit spojení k SELinuxovému semanage\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "Politika SELinuxu není řízená\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Nelze �íst úložiště SELinux politik\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "Nelze navázat spojení k SELinuxovému semanage\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Nelze zahájit SELinux transakci\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Dotaz na „seuser“ uživatele %s selhal\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Nelze nastavit „serange“ uživatele %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Nelze nastavit „sename“ uživatele %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Nelze změnit mapování uživatele %s na SEuživatele\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Nelze vytvořit mapování uživatele %s na SEuživatele\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Nelze nastavit jméno uživatele %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Nelze nastavit SELinux uživatele pro %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Nelze přidat mapování uživatele %s na SEuživatele\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Nelze inicializovat správu SELinuxu\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Nelze vytvořit uživatelský klí� k SELinuxu\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Nelze ověřit SELinux uživatele\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Nelze změnit mapování na SELinuxového uživatele\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Nelze přidat mapování na SELinuxového uživatele\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "Nelze dokon�it SELinuxovou transakci\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Mapování uživatele %s není definováno, OK, pokud bylo použito výchozí "
-"mapování\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "Mapování uživatele %s je definováno v politice, nemůže být smazáno\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Nelze smazat mapování pro uživatele %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: došla paměť\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: nelze zavolat stat %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s není ani adresář, ani symbolický odkaz.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Nelze �íst symbolický odkaz %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Podezřele dlouhý symbolický odkaz: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: Nelze vytvořit adresář %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Nelze změnit vlastníka %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Nelze změnit oprávnění k %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: smazání: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Nelze odstranit adresář %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Nelze přejmenovat %s na %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Nelze odstranit %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Nelze vytvořit symbolický odkaz %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Nelze změnit vlastníky %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Nelze zavolat lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Varování, uživatel %s nemá v tcb svůj soubor shadow.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Krizový stav: shadow v tcb uživatele %s není běžným souborem "
-"(st_nlink=1).\n"
-"Ú�et je ponechán zamknutý.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: vytvoření adresáře: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: Nelze otevřít %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Varování: neznámá skupina %s\n"
 
@@ -286,14 +64,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: nepodařilo se odemknout %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Zjištěno několik záznamů pojmenovaných „%s“ v souboru %s. Napravte to prosím "
+"pomocí pwck nebo grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Přete�ení prostředí\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "typ šifry není knihovnou libcrypt podporován? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -405,8 +191,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Nelze získat jedine�né UID (volná UID neexistují)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr "%s: Nedostatek argumentů pro vytvoření %u mapování\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "konfigura�ní chyba - nelze zpracovat hodnotu %s: „%s“"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Nelze alokovat dostatek místa pro konfigura�ní údaje.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"konfigura�ní chyba - neznámá položka „%s“ (informujte správce systému)\n"
 
 #, c-format
 msgid "%s: Memory allocation failure\n"
@@ -435,8 +229,9 @@ msgstr "Nelze nastavit jméno uživatele %s\n"
 msgid "%s: Could not set caps\n"
 msgstr "Nelze nastavit jméno uživatele %s\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
+#, fuzzy, c-format
+#| msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: snprintf selhalo!\n"
 
 #, c-format
@@ -447,9 +242,22 @@ msgstr "%s: otevření %s selhalo: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: zápis do %s selhal: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: open of %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: otevření %s selhalo: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Příliš mnoho přihlášení.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"Přihlašovací jméno na %s: "
+
 msgid "You have new mail."
 msgstr "Máte novou poštu."
 
@@ -459,6 +267,14 @@ msgstr "Nemáte žádnou poštu."
 msgid "You have mail."
 msgstr "Máte poštu."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd nebyl ukon�en normálně (signál %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd skon�il se stavem %d\n"
+
 msgid "no change"
 msgstr "beze změny"
 
@@ -471,9 +287,6 @@ msgstr "pouze změna velikosti písmen"
 msgid "too similar"
 msgstr "příliš podobné"
 
-msgid "too simple"
-msgstr "příliš jednoduché"
-
 msgid "rotated"
 msgstr "rotované"
 
@@ -519,6 +332,13 @@ msgstr ""
 "%s: (uživatel %s) volání pam_chauthtok() selhalo, chyba:\n"
 "%s\n"
 
+msgid "Password: "
+msgstr "Heslo: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Heslo uživatele %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Chybné heslo pro %s.\n"
@@ -545,16 +365,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: nelze přistoupit k chroot adresáři %s: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: nelze přejít (chdir) do chroot adresáře %s: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: nelze změnit kořen (chroot) na adresář %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: nelze přejít (chdir) do chroot adresáře %s: %s\n"
 
 #, c-format
 msgid ""
@@ -571,6 +388,110 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Nelze otevřít auditní rozhraní - kon�ím.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Nelze vytvořit spojení k SELinuxovému semanage\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "Politika SELinuxu není řízená\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Nelze �íst úložiště SELinux politik\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "Nelze navázat spojení k SELinuxovému semanage\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Nelze zahájit SELinux transakci\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Dotaz na „seuser“ uživatele %s selhal\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "Nelze nastavit „serange“ uživatele %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Nelze nastavit „sename“ uživatele %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Nelze změnit mapování uživatele %s na SEuživatele\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Nelze vytvořit mapování uživatele %s na SEuživatele\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Nelze nastavit jméno uživatele %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Nelze nastavit SELinux uživatele pro %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Nelze přidat mapování uživatele %s na SEuživatele\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Nelze inicializovat správu SELinuxu\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Nelze vytvořit uživatelský klí� k SELinuxu\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Nelze ověřit SELinux uživatele\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Nelze změnit mapování na SELinuxového uživatele\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Nelze přidat mapování na SELinuxového uživatele\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "Nelze dokon�it SELinuxovou transakci\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Mapování uživatele %s není definováno, OK, pokud bylo použito výchozí "
+"mapování\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "Mapování uživatele %s je definováno v politice, nemůže být smazáno\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Nelze smazat mapování pro uživatele %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Nelze přejít do „%s“\n"
@@ -583,6 +504,10 @@ msgid "Cannot execute %s"
 msgstr "%s nelze spustit"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Chybný kořenový adresář „%s“\n"
 
@@ -591,6 +516,87 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Nelze změnit kořenový adresář na „%s“\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: došla paměť\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: nelze zavolat stat %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s není ani adresář, ani symbolický odkaz.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Nelze �íst symbolický odkaz %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Podezřele dlouhý symbolický odkaz: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: Nelze vytvořit adresář %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Nelze změnit vlastníka %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Nelze změnit oprávnění k %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: smazání: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Nelze odstranit adresář %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Nelze přejmenovat %s na %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Nelze odstranit %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Nelze vytvořit symbolický odkaz %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Nelze změnit vlastníky %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Nelze zavolat lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Varování, uživatel %s nemá v tcb svůj soubor shadow.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Krizový stav: shadow v tcb uživatele %s není běžným souborem "
+"(st_nlink=1).\n"
+"Ú�et je ponechán zamknutý.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: vytvoření adresáře: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: Nelze otevřít %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: uživatel %s je právě přihlášen\n"
 
@@ -662,6 +668,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_ADRES�Ř     adresář, do kterého přejít\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_ADRES�Ř     adresář, do kterého přejít\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -689,12 +700,15 @@ msgstr "Vypnuté heslo"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Vypršení platnosti ú�tu (RRRR-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Poslední změna hesla\t\t\t\t\t: "
-
 msgid "never"
 msgstr "nikdy"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Poslední změna hesla\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "heslo musí být změněno"
 
@@ -867,14 +881,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: uživatel „%s“ neexistuje\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: uživatele „%s“ nelze na NIS klientu změnit.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: „%s“ je hlavním NIS serverem pro tohoto klienta.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Měním informace o uživateli %s\n"
 
@@ -911,6 +917,11 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr "  -s, --sha-rounds              po�et SHA iterací algoritmu SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: nepodporovaný typ šifry: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: přepína� %s je povolen pouze s přepína�em %s\n"
@@ -961,6 +972,16 @@ msgstr "  -s, --shell SHELL             nový přihlašovací shell uživatele\n
 msgid "Login Shell"
 msgstr "Přihlašovací shell"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: nelze zjistit velikost %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: nelze vytvořit nový soubor s výchozími hodnotami\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Nemůžete změnit shell pro „%s“.\n"
@@ -973,6 +994,11 @@ msgstr "Měním přihlašovací shell pro %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: chybná položka %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s není platný shell\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s není platný shell\n"
@@ -1211,11 +1237,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  vytvoří systémový ú�et\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_ADRES�Ř     adresář, do kterého přejít\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    vypíše �leny skupiny\n"
@@ -1229,6 +1250,11 @@ msgstr "chybné uživatelské jméno „%s“\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: „%s“ není platným jménem skupiny\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: Nelze otevřít %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: neplatné ID skupiny „%s“\n"
@@ -1274,14 +1300,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: skupina „%s“ neexistuje\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: skupina „%s“ je NIS skupinou\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s je hlavním NIS serverem\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: uživatel „%s“ je již �lenem „%s“\n"
 
@@ -1375,10 +1393,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: neplatné jméno skupiny „%s“\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: skupina %s je NIS skupinou\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: neznámý uživatel %s\n"
 
@@ -1504,7 +1518,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     zobrazí záznamy faillogu o všech "
@@ -1605,9 +1619,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Bez efektivních oprávnění uživatele root nelze pracovat\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "utmp záznam neexistuje. Musíte spustit „login“ z nejnižšího „sh“"
-
 #, c-format
 msgid ""
 "\n"
@@ -1642,14 +1653,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Nelze nalézt uživatele (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"Přihlašovací jméno na %s: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: chyba rozdvojení: %s"
 
@@ -1682,9 +1685,13 @@ msgstr "Použití: logoutd\n"
 msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
 msgstr "%s: rozsah gid [%lu-%lu) -> [%lu-%lu) není povolen\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> "
+#| "<count> ] ... \n"
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 "použití: %s <pid> <gid> <spodnígid> <po�et> [ <gid> <spodnígid> "
 "<po�et> ] ...\n"
@@ -1713,18 +1720,15 @@ msgstr "%s: selhalo odstranění %s\n"
 msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: nepodařilo se odemknout %s\n"
 
-#, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: Nelze otevřít proc adresář cílového procesu %u\n"
-
-#, c-format
-msgid "%s: Could not stat directory for target %u\n"
+#, fuzzy, c-format
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Nelze zavolat stat na adresář cílového procesu %u\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1755,18 +1759,21 @@ msgstr "příliš mnoho skupin\n"
 msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
 msgstr "%s: rozsah uid [%lu-%lu) -> [%lu-%lu) není povolen\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> "
+#| "<count> ] ... \n"
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 "použití: %s <pid> <uid> <spodníuid> <po�et> [ <uid> <spodníuid> "
 "<po�et> ] ...\n"
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Nelze zavolat stat na adresář cílového procesu %u\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1790,6 +1797,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: chybné uživatelské jméno „%s“\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: řádek %d: chybný řádek\n"
 
@@ -1810,6 +1821,11 @@ msgstr "%s: řádek %d: nelze vytvořit skupinu\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: řádek %d: uživatel „%s“ v %s neexistuje\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: smazání: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: řádek %d: heslo nelze aktualizovat\n"
@@ -1832,14 +1848,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: řádek %d: položku nelze aktualizovat\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: příprava nového záznamu %s selhala\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: nelze nalézt rozsah podřízených uživatelů\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: příprava nového záznamu %s selhala\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: nelze nalézt rozsah podřízených skupin\n"
 
@@ -1907,6 +1923,11 @@ msgstr ""
 "  -x, --maxdays MAX_DNŮ         nastaví maximální po�et dnů před změnou\n"
 "                                hesla na MAX_DNÅ®\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    zobrazí informace o ú�tu\n"
+
 msgid "Old password: "
 msgstr "Staré heslo: "
 
@@ -1926,6 +1947,11 @@ msgstr ""
 "Zadejte nové heslo (po�et znaků v intervalu %d až %d).\n"
 "Použijte kombinaci velkých a malých písmen s �íslicemi.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: položka je příliš dlouhá\n"
+
 msgid "New password: "
 msgstr "Nové heslo: "
 
@@ -1970,6 +1996,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: úložna %s není podporována\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: volbu -g/--group může používat pouze root\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s není oprávněn změnit heslo %s\n"
@@ -2122,11 +2153,9 @@ msgstr "%s: chyba signálu\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sezení skon�eno, ukon�uji shell..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...zabit.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...�eká na ukon�ení potomka.\n"
 
@@ -2213,6 +2242,11 @@ msgstr "%s: Toto �asu nejste oprávněni používat su\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "V databázi není záznam pro uživatele „%s“\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "chybné uživatelské jméno „%s“\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: musí být spuštěno z terminálu\n"
@@ -2259,6 +2293,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: nastavení %s v %s bude ignorováno\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: nastavení %s v %s bude ignorováno\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: nelze vytvořit nový soubor s výchozími hodnotami\n"
@@ -2269,10 +2310,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: nelze vytvořit nový soubor s výchozími hodnotami\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: nelze vytvořit nový soubor s výchozími hodnotami\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: nelze otevřít nový soubor s výchozími hodnotami\n"
 
@@ -2289,10 +2326,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: přejmenovat: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: skupina „%s“ je NIS skupinou.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: zadáno příliš mnoho skupin (max %d).\n"
 
@@ -2428,6 +2461,17 @@ msgstr ""
 "  -Z, --selinux-user SEUŽIVATEL pro mapování na SELinuxového uživatele\n"
 "                                použije SEUŽIVATELe\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUŽIVATEL pro mapování na SELinuxového uživatele\n"
+"                                použije SEUŽIVATELe\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: chybný základní adresář „%s“\n"
@@ -2571,6 +2615,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Nastavuji oprávnění k poštovní schránce"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Vytvářím poštovní schránku"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Vytvářím poštovní schránku"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2705,10 +2759,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: Nelze odstranit tcb soubory uživatele %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: uživatel %s je NIS uživatelem\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: domovský adresář uživatele %s (%s) nebyl nalezen\n"
 
@@ -2830,6 +2880,16 @@ msgstr ""
 "  -Z, --selinux-user SEUŽIVATEL nové mapování uživatelského ú�tu na\n"
 "                                uživatele SELinuxu\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUŽIVATEL nové mapování uživatelského ú�tu na\n"
+"                                uživatele SELinuxu\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2924,12 +2984,26 @@ msgstr ""
 "%s: nepodařilo se zkopírovat lastlog záznamy uživatele %lu uživateli %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: nepodařilo se zkopírovat lastlog záznamy uživatele %lu uživateli %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: nepodařilo se zkopírovat faillog záznamy uživatele %lu uživateli %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: nepodařilo se zkopírovat faillog záznamy uživatele %lu uživateli %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: varování: vlastníkem %s není %s\n"
@@ -3030,8 +3104,10 @@ msgstr "do�asný soubor se nepodařilo smazat"
 msgid "failed to stat edited file"
 msgstr "na upravovaný soubor se nepodařilo zavolat stat()"
 
-msgid "failed to allocate memory"
-msgstr "nepodařilo se alokovat paměť"
+#, fuzzy
+#| msgid "%s: snprintf failed!\n"
+msgid "asprintf(3) failed"
+msgstr "%s: snprintf selhalo!\n"
 
 msgid "failed to create backup file"
 msgstr "vytvoření záložního souboru selhalo"
@@ -3044,6 +3120,58 @@ msgstr "%s: %s nelze obnovit: %s (změny jsou v %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: nepodařilo se nalézt tcb adresář uživatele %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Přete�ení prostředí\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: uživatele „%s“ nelze na NIS klientu změnit.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: „%s“ je hlavním NIS serverem pro tohoto klienta.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: skupina „%s“ je NIS skupinou\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s je hlavním NIS serverem\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: skupina %s je NIS skupinou\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: nelze vytvořit nový soubor s výchozími hodnotami\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: skupina „%s“ je NIS skupinou.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: uživatel %s je NIS uživatelem\n"
+
+#, c-format
+#~ msgid "%s: Not enough arguments to form %u mappings\n"
+#~ msgstr "%s: Nedostatek argumentů pro vytvoření %u mapování\n"
+
+#~ msgid "too simple"
+#~ msgstr "příliš jednoduché"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr "utmp záznam neexistuje. Musíte spustit „login“ z nejnižšího „sh“"
+
+#, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: Nelze otevřít proc adresář cílového procesu %u\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "nepodařilo se alokovat paměť"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Použití: id\n"
 
@@ -3059,10 +3187,6 @@ msgstr "%s: nepodařilo se nalézt tcb adresář uživatele %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: informace o vypršení platnosti hesla byly změněny.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "chybné uživatelské jméno „%s“\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Uživatel         Port     Z                Naposledy"
 
diff --git a/po/da.gmo b/po/da.gmo
index 3666a6a..e515ea3 100644
--- a/po/da.gmo
+++ b/po/da.gmo
diff --git a/po/da.po b/po/da.po
index 4a76795..cba6dc0 100644
--- a/po/da.po
+++ b/po/da.po
@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2012-01-26 23:57+0100\n"
 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
 "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
@@ -31,226 +31,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Flere punkter med navnet »%s« i %s. Ret venligst dette med pwck eller "
-"grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "cryptmetode er ikke understøttet af libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "konfigurationsfejl - kan ikke fortolke %s-værdi: »%s«"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Kunne ikke frigøre plads til opsætningsoplysninger.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "opsætningsfejl - ukendt punkt »%s« (informer administrator)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd afsluttedes ikke normalt (signal %d)\n"
-
-#, fuzzy, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd afsluttede med status %d"
-
-msgid "Password: "
-msgstr "Adgangskode: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s's adgangskode: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Kan ikke åbne overvågningsbrugerflade (audit) - afbryder.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Kan ikke oprette SELinux-håndteringshåndtag\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux-politik ikke håndteret\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Kan ikke læse SELinux-politiklageret\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "Kan ikke etablere SELinux-håndteringsforbindelse\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Kan ikke begynde SELinux-transaktion\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Kunne ikke forespørge seuser for %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Kunne ikke angive serange for %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Kunne ikke angive sename for %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Kunne ikke ændre logingkortlægningen for %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Kan ikke oprette SELinux-logindkortlægning for %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Kunne ikke angive navn for %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Kunne ikke angive SELinux-bruger for %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Kunne ikke tilføje logindkortlægning for %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Kan ikke initialisere SELinux-håntering\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Kan ikke oprette SELinux-brugernøgle\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Kan ikke verificere SELinux-brugeren\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Kan ikke ændre SELinux-brugerkortlægning\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Kan ikke tilføje SELinux-brugerkortlægning\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "Kan ikke indsende SELinux-transaktion\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Logindkortlægning for %s er ikke defineret, o.k. hvis standardkortlægning "
-"blev brugt\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "Logindkortlægning for %s er defineret i politik, kan ikke slettes\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Kunne ikke slette logindkortlægning for %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: Hukommelse opbrugt\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: Kan ikke stat %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s er hverken en mappe eller en symbolsk henvisning.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Kan ikke omdøbe symbolsk henvisning %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Mistænkelig lang symbolsk henvisning: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: Kan ikke oprette mappen %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Kan ikke ændre ejer af %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Kan ikke ændre tilstand for %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: Fjern henvisning: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Kan ikke fjerne mappen %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Kan ikke omdøbe %s til %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Kan ikke fjerne %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Kan ikke oprette symbolsk henvisning %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Kan ibkke ændre ejere af %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Kan ikke lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Advarsel, bruger %s har ingen tcb-skyggefil.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Nødsituation: %s's tcb-skygge er ikke en regulær fil med st_nlink=1.\n"
-"Kontoen forbliver låst.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: Kan ikke åbne %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Advarsel: Ukendt gruppe %s\n"
 
@@ -297,14 +77,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: Kunne ikke åbne %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Flere punkter med navnet »%s« i %s. Ret venligst dette med pwck eller "
+"grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Miljøoverløb\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "cryptmetode er ikke understøttet af libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -419,8 +207,15 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Kan ikke indhente unik UID (ikke flere tilgængelige UID'er)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "konfigurationsfejl - kan ikke fortolke %s-værdi: »%s«"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Kunne ikke frigøre plads til opsætningsoplysninger.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "opsætningsfejl - ukendt punkt »%s« (informer administrator)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -450,9 +245,10 @@ msgstr "Kunne ikke angive navn for %s\n"
 msgid "%s: Could not set caps\n"
 msgstr "Kunne ikke angive navn for %s\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: Linje %d: chown %s fejlede: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -464,9 +260,22 @@ msgstr "%s: Linje %d: chown %s fejlede: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: Linje %d: chown %s fejlede: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: Linje %d: chown %s fejlede: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Logget på for mange gange.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s logind: "
+
 msgid "You have new mail."
 msgstr "Du har ny post."
 
@@ -476,6 +285,14 @@ msgstr "Ingen post."
 msgid "You have mail."
 msgstr "Du har post."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd afsluttedes ikke normalt (signal %d)\n"
+
+#, fuzzy, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd afsluttede med status %d"
+
 msgid "no change"
 msgstr "ingen ændring"
 
@@ -488,9 +305,6 @@ msgstr "kun versalændringer"
 msgid "too similar"
 msgstr "for ens"
 
-msgid "too simple"
-msgstr "for simpelt"
-
 msgid "rotated"
 msgstr "omrokeret"
 
@@ -536,6 +350,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() mislykkedes, fejl %d\n"
 
+msgid "Password: "
+msgstr "Adgangskode: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s's adgangskode: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Ugyldig adgangskode for %s.\n"
@@ -561,17 +382,13 @@ msgstr "%s: Ugyldig chroot-sti »%s«\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: Kan ikke tilgå chroot-mappe %s: %s\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: Kan ikke tilgå chroot-mappe %s: %s\n"
-
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: Kan ikke chroot til mappe %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: Kan ikke tilgå chroot-mappe %s: %s\n"
 
 #, c-format
 msgid ""
@@ -588,6 +405,110 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Kan ikke åbne overvågningsbrugerflade (audit) - afbryder.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Kan ikke oprette SELinux-håndteringshåndtag\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux-politik ikke håndteret\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Kan ikke læse SELinux-politiklageret\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "Kan ikke etablere SELinux-håndteringsforbindelse\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Kan ikke begynde SELinux-transaktion\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Kunne ikke forespørge seuser for %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "Kunne ikke angive serange for %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Kunne ikke angive sename for %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Kunne ikke ændre logingkortlægningen for %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Kan ikke oprette SELinux-logindkortlægning for %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Kunne ikke angive navn for %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Kunne ikke angive SELinux-bruger for %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Kunne ikke tilføje logindkortlægning for %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Kan ikke initialisere SELinux-håntering\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Kan ikke oprette SELinux-brugernøgle\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Kan ikke verificere SELinux-brugeren\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Kan ikke ændre SELinux-brugerkortlægning\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Kan ikke tilføje SELinux-brugerkortlægning\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "Kan ikke indsende SELinux-transaktion\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Logindkortlægning for %s er ikke defineret, o.k. hvis standardkortlægning "
+"blev brugt\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "Logindkortlægning for %s er defineret i politik, kan ikke slettes\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Kunne ikke slette logindkortlægning for %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Kunne ikke skifte mappe til »%s«\n"
@@ -600,6 +521,10 @@ msgid "Cannot execute %s"
 msgstr "Kan ikke udføre %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Ugyldig rodmappe »%s«\n"
 
@@ -607,6 +532,86 @@ msgstr "Ugyldig rodmappe »%s«\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "Kan ikke ændre rodmappen til »%s«\n"
 
+#, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: Hukommelse opbrugt\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: Kan ikke stat %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s er hverken en mappe eller en symbolsk henvisning.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Kan ikke omdøbe symbolsk henvisning %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Mistænkelig lang symbolsk henvisning: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: Kan ikke oprette mappen %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Kan ikke ændre ejer af %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Kan ikke ændre tilstand for %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: Fjern henvisning: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Kan ikke fjerne mappen %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Kan ikke omdøbe %s til %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Kan ikke fjerne %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Kan ikke oprette symbolsk henvisning %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Kan ibkke ændre ejere af %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Kan ikke lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Advarsel, bruger %s har ingen tcb-skyggefil.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Nødsituation: %s's tcb-skygge er ikke en regulær fil med st_nlink=1.\n"
+"Kontoen forbliver låst.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: Kan ikke åbne %s: %s\n"
+
 #, fuzzy, c-format
 #| msgid "%s: user '%s' does not exist in %s\n"
 msgid "%s: user %s is currently logged in\n"
@@ -681,6 +686,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_MAPPE       mappe at chroote ind i\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_MAPPE       mappe at chroote ind i\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -708,12 +718,15 @@ msgstr "Adgangskode inaktiv"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Udløbsdato for konto (ÅÅÅÅ-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Sidste ændring af adgangskode\t\t\t\t\t: "
-
 msgid "never"
 msgstr "aldrig"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Sidste ændring af adgangskode\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "adgangskoden skal ændres"
 
@@ -886,14 +899,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: Brugeren »%s« findes ikke\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: Kan ikke ændre brugeren »%s« på NIS-klienten.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: »%s« er NIS-masteren for denne klient.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Ændrer brugeroplysninger for %s\n"
 
@@ -933,6 +938,11 @@ msgstr ""
 "  -s, --sha-rounds              antal SHA-runder for SHA*\n"
 "                                crypt-algoritmerne\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: Crypt-metode er ikke understøttet: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: Flaget %s er kun tilladt med flaget %s\n"
@@ -983,6 +993,16 @@ msgstr "  -s, --shell SKAL              ny logindskal for brugerkontoen\n"
 msgid "Login Shell"
 msgstr "Logindskal"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Kan ikke indhente størrelsen for %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: Kan ikke oprette ny standardværdifil\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Du kan ikke ændre skallen for »%s«.\n"
@@ -995,6 +1015,11 @@ msgstr "Ændrer logindskallen for %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Ugyldigt punkt: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s er en ugyldig skal\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s er en ugyldig skal\n"
@@ -1235,11 +1260,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  opret en systemkonto\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_MAPPE       mappe at chroote ind i\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    vis medlemmer af gruppen\n"
@@ -1253,6 +1273,11 @@ msgstr "ugyldigt brugernavn »%s«\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: »%s« er ikke et gyldigt gruppenavn\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: Kan ikke åbne %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: Ugyldigt gruppe-id »%s«\n"
@@ -1298,14 +1323,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: Gruppe »%s« findes ikke\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: Gruppe »%s« er en NIS-gruppe.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s er NIS-masteren\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: Bruger »%s« er allerede medlem af »%s«\n"
 
@@ -1406,10 +1423,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: Ugyldigt gruppenavn »%s«\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: Gruppen %s er en NIS-gruppe\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: Ukendt bruger %s\n"
 
@@ -1536,7 +1549,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr "  -a, --all                     vis faillog-poster for alle brugere\n"
 
@@ -1635,9 +1648,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Kan umuligt arbejde uden effektiv root\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "Intet utmp-punkt. Du skal køre »login« fra det laveste »sh-niveau«"
-
 #, c-format
 msgid ""
 "\n"
@@ -1672,14 +1682,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Kan ikke finde bruger (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s logind: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: Fejl under forgrening: %s"
 
@@ -1714,7 +1716,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1741,19 +1744,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: Kunne ikke åbne %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: Kunne ikke finde tcb-mappe for %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Kan ikke oprette tcv-mappe for %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1786,14 +1784,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Kan ikke oprette tcv-mappe for %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1817,6 +1815,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: Ugyldigt brugernavn »%s«\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: Linje %d: Ugyldig linje\n"
 
@@ -1837,6 +1839,11 @@ msgstr "%s: Linje %d: Kan ikke oprette gruppe\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: Linje %d: Bruger »%s« findes ikke i %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: Fjern henvisning: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: Linje %d: Kan ikke opdatere adgangskode\n"
@@ -1859,14 +1866,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: Linje %d: Kan ikke opdatere punktet\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: Kunne ikke forberede det nye %s-punkt »%s«\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: Kan ikke oprette bruger\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: Kunne ikke forberede det nye %s-punkt »%s«\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: Kan ikke oprette gruppe\n"
 
@@ -1938,6 +1945,11 @@ msgstr ""
 "  -x, --maxdays MAKS_DAGE       sæt det maksimale antal dage inden skift af\n"
 "                                adgangskode til MAKS_DAGE\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    vis forældelsesoplysninger for konto\n"
+
 msgid "Old password: "
 msgstr "Gammel adgangskode: "
 
@@ -1957,6 +1969,11 @@ msgstr ""
 "Angiv ny adgangskode (mindst %d, højst %d tegn)\n"
 "Brug en kombination af små og store bogstaver samt tal.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: Felter for lange\n"
+
 msgid "New password: "
 msgstr "Ny adgangskode: "
 
@@ -2001,6 +2018,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: Arkiv %s understøttes ikke\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: Kun root kan bruge tilvalget -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s er ikke godkendt til at ændre adgangskoden på %s\n"
@@ -2152,11 +2174,9 @@ msgstr "%s: Forkert signal\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Session termineret, terminerer skal..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...dræbt.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...venter på at underproces termineres.\n"
 
@@ -2243,6 +2263,11 @@ msgstr "%s: Du er ikke autoriseret til at su på det tidspunkt\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Intet adgangskodepunkt for bruger »%s«\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "ugyldigt brugernavn »%s«\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: Skal køres fra en terminal\n"
@@ -2289,6 +2314,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: Konfigurationen %s i %s vil blive ignoreret\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: Konfigurationen %s i %s vil blive ignoreret\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: Kan ikke oprette ny standardværdifil\n"
@@ -2299,10 +2331,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: Kan ikke oprette ny standardværdifil\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: Kan ikke oprette ny standardværdifil\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: Kan ikke åbne ny standardværdifil\n"
 
@@ -2319,10 +2347,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: Omdøb: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: Gruppen »%s« er en NIS-gruppe.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: Der er angivet for mange grupper (højst %d).\n"
 
@@ -2462,6 +2486,17 @@ msgstr ""
 "  -Z, --selinux-user SE_BRUGER   brug en specifik SE_BRUGER for "
 "kortlægningen af SELinux-brugere\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SE_BRUGER   brug en specifik SE_BRUGER for "
+"kortlægningen af SELinux-brugere\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: Ugyldig basismappe »%s«\n"
@@ -2604,6 +2639,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Indstiller postboksfilens rettigheder"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Opretter postboksfil"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Opretter postboksfil"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2737,10 +2782,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: Kan ikke fjerne tcb-filer for %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: Brugeren %s er en NIS-bruger\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s hjemmemappe (%s) er ikke fundet\n"
 
@@ -2871,6 +2912,16 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     ny SELinux-brugerkortlægning for "
 "brugerkontoen\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     ny SELinux-brugerkortlægning for "
+"brugerkontoen\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2965,11 +3016,23 @@ msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: Kunne ikke kopiere lastlog-punktet for bruger %lu til bruger %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: Kunne ikke kopiere lastlog-punktet for bruger %lu til bruger %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: Kunne ikke kopiere faillog-punktet for bruger %lu til bruger %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: Kunne ikke kopiere faillog-punktet for bruger %lu til bruger %lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: Advarsel: %s ejes ikke af %s\n"
@@ -3070,8 +3133,8 @@ msgstr "kunne ikke fjerne henvisning for scratch-fil"
 msgid "failed to stat edited file"
 msgstr "kunne ikke stat redigeret fil"
 
-msgid "failed to allocate memory"
-msgstr "kunne ikke tildele hukommelse"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "kunne ikke oprette sikkerhedskopifil"
@@ -3084,6 +3147,55 @@ msgstr "%s: Kan ikke gendanne %s: %s (dine ændringer er i %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: Kunne ikke finde tcb-mappe for %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Miljøoverløb\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: Kan ikke ændre brugeren »%s« på NIS-klienten.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: »%s« er NIS-masteren for denne klient.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: Gruppe »%s« er en NIS-gruppe.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s er NIS-masteren\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: Gruppen %s er en NIS-gruppe\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: Kan ikke oprette ny standardværdifil\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: Gruppen »%s« er en NIS-gruppe.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: Brugeren %s er en NIS-bruger\n"
+
+#~ msgid "too simple"
+#~ msgstr "for simpelt"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr "Intet utmp-punkt. Du skal køre »login« fra det laveste »sh-niveau«"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: Kunne ikke finde tcb-mappe for %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "kunne ikke tildele hukommelse"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Brug: id\n"
 
@@ -3099,9 +3211,5 @@ msgstr "%s: Kunne ikke finde tcb-mappe for %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: Information om udløb af adgangskode blev ændret.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ugyldigt brugernavn »%s«\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Brugernavn       Port     Fra              Seneste"
diff --git a/po/de.gmo b/po/de.gmo
index 761fe57..cf7dcbd 100644
--- a/po/de.gmo
+++ b/po/de.gmo
diff --git a/po/de.po b/po/de.po
index 63ff245..fdf8c34 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.2-2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2020-09-22 15:10+0200\n"
 "Last-Translator: Björn Esser <besser82@fedoraproject.org>\n"
 "Language-Team: German <debian-l10n-german@lists.debian.org>\n"
@@ -20,232 +20,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Mehrere Einträge namens »%s« in %s. Bitte beheben Sie dies mit pwck oder "
-"grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "Verschlüsselungsmethode von libcrypt nicht unterstützt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "Konfigurationsfehler - Wert für %s kann nicht ausgewertet werden: »%s«"
-
-msgid "Could not allocate space for config info.\n"
-msgstr ""
-"Es konnte kein Speicherplatz für Konfigurationsinformationen reserviert "
-"werden.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"Konfigurationsfehler - Element »%s« unbekannt (Administrator verständigen).\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd wurde nicht normal beendet (Signal %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd wurde mit Status %d beendet\n"
-
-msgid "Password: "
-msgstr "Passwort: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Passwort von %s: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Audit-Schnittstelle konnte nicht geöffnet werden - Abbruch.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "SELinux-Management-Handhabung kann nicht erstellt werden\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux-Richtlinie nicht verwaltet\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "SELinux-Richtlinien-Speicher kann nicht gelesen werden\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "SELinux-Management-Verbindung kann nicht aufgebaut werden\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "SELinux-Vorgang kann nicht gestartet werden\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "seuser für %s konnte nicht abgefragt werden\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "serange für %s konnte nicht gesetzt werden\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "sename für %s konnte nicht gesetzt werden\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Login-Zuordnung für %s konnte nicht verändert werden\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "SELinux-Login-Zuordnung für %s kann nicht erstellt werden\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Name für %s konnte nicht gesetzt werden\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "SELinux-Benutzer für %s konnte nicht gesetzt werden\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Login-Zuordnung für %s konnte nicht hinzugefügt werden\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "SELinux-Management kann nicht initialisiert werden\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "SELinux-Benutzerschlüssel kann nicht erstellt werden\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "SELinux-Benutzer kann nicht verifiziert werden\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "SELinux-Benutzer-Zuordnung kann nicht verändert werden\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "SELinux-Benutzer-Zuordnung kann nicht hinzugefügt werden\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "SELinux-Vorgang kann nicht eingepflegt werden\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Login-Zuordnung für %s ist nicht definiert; dies ist OK, falls die Standard-"
-"Zuordnung verwendet wurde\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"Login-Zuordnung für %s ist in der Richtlinie definiert, kann nicht gelöscht "
-"werden\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Login-Zuordnung für %s konnte nicht gelöscht werden"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: Speicher erschöpft\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: %s kann nicht mit stat abgefragt werden: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s ist weder ein Verzeichnis noch eine symbolische Verknüpfung.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Symbolische Verknüpfung %s kann nicht gelesen werden: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Verdächtig lange symbolische Verknüpfung: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: Verzeichnis %s kann nicht erstellt werden: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Eigentümer von %s kann nicht geändert werden: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Berechtigungen von %s können nicht geändert werden: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: Löschen (unlink): %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Verzeichnis %s kann nicht entfernt werden: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: %s kann nicht in %s umbenannt werden: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: %s kann nicht entfernt werden: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Symbolische Verknüpfung %s kann nicht erstellt werden: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Eigentümer von %s können nicht geändert werden: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: %s kann nicht mit lstat abgefragt werden: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Warnung: Benutzer %s hat keine tcb-shadow-Datei.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Ernstes Problem: %ss tcb-shadow ist keine reguläre Datei mit "
-"st_nlink=1.\n"
-"Der Benutzerzugang bleibt gesperrt.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir (Verzeichnis erstellen): %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: %s kann nicht geöffnet werden: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Warnung: unbekannte Gruppe %s\n"
 
@@ -292,14 +66,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: Entsperren von %s fehlgeschlagen\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Mehrere Einträge namens »%s« in %s. Bitte beheben Sie dies mit pwck oder "
+"grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Umgebungsüberlauf\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "Verschlüsselungsmethode von libcrypt nicht unterstützt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -416,8 +198,18 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Keine einmalige UID bekommen (keine UIDs mehr verfügbar)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "Konfigurationsfehler - Wert für %s kann nicht ausgewertet werden: »%s«"
+
+msgid "Could not allocate space for config info.\n"
+msgstr ""
+"Es konnte kein Speicherplatz für Konfigurationsinformationen reserviert "
+"werden.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"Konfigurationsfehler - Element »%s« unbekannt (Administrator verständigen).\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -447,9 +239,10 @@ msgstr "Name für %s konnte nicht gesetzt werden\n"
 msgid "%s: Could not set caps\n"
 msgstr "Name für %s konnte nicht gesetzt werden\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -461,9 +254,22 @@ msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Zu viele Anmeldungen.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s Login: "
+
 msgid "You have new mail."
 msgstr "Neue E-Mails vorhanden."
 
@@ -473,6 +279,14 @@ msgstr "Keine E-Mails vorhanden."
 msgid "You have mail."
 msgstr "E-Mails vorhanden."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd wurde nicht normal beendet (Signal %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd wurde mit Status %d beendet\n"
+
 msgid "no change"
 msgstr "keine Änderungen"
 
@@ -485,9 +299,6 @@ msgstr "nur Änderungen bei Groß-/Kleinschreibung"
 msgid "too similar"
 msgstr "zu ähnlich"
 
-msgid "too simple"
-msgstr "zu einfach"
-
 msgid "rotated"
 msgstr "rotiert"
 
@@ -533,6 +344,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() fehlgeschlagen, Fehler %d\n"
 
+msgid "Password: "
+msgstr "Passwort: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Passwort von %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Falsches Passwort für %s.\n"
@@ -558,17 +376,13 @@ msgstr "%s: Ungültiger chroot-Pfad »%s«\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: auf chroot-Verzeichnis %s kann nicht zugegriffen werden: %s\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: auf chroot-Verzeichnis %s kann nicht zugegriffen werden: %s\n"
-
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: chroot-Wechsel in Verzeichnis %s nicht möglich: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr "Kann keine zufälligen Bytes beziehen.\n"
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: auf chroot-Verzeichnis %s kann nicht zugegriffen werden: %s\n"
 
 #, c-format
 msgid ""
@@ -588,6 +402,112 @@ msgstr ""
 "ENCRYPT_METHOD und den zugehörigen Konfigurationen der gewählten Hash-"
 "Methode überprüfen.\n"
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Audit-Schnittstelle konnte nicht geöffnet werden - Abbruch.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "SELinux-Management-Handhabung kann nicht erstellt werden\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux-Richtlinie nicht verwaltet\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "SELinux-Richtlinien-Speicher kann nicht gelesen werden\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "SELinux-Management-Verbindung kann nicht aufgebaut werden\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "SELinux-Vorgang kann nicht gestartet werden\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "seuser für %s konnte nicht abgefragt werden\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "serange für %s konnte nicht gesetzt werden\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "sename für %s konnte nicht gesetzt werden\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Login-Zuordnung für %s konnte nicht verändert werden\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "SELinux-Login-Zuordnung für %s kann nicht erstellt werden\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Name für %s konnte nicht gesetzt werden\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "SELinux-Benutzer für %s konnte nicht gesetzt werden\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Login-Zuordnung für %s konnte nicht hinzugefügt werden\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "SELinux-Management kann nicht initialisiert werden\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "SELinux-Benutzerschlüssel kann nicht erstellt werden\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "SELinux-Benutzer kann nicht verifiziert werden\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "SELinux-Benutzer-Zuordnung kann nicht verändert werden\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "SELinux-Benutzer-Zuordnung kann nicht hinzugefügt werden\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "SELinux-Vorgang kann nicht eingepflegt werden\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Login-Zuordnung für %s ist nicht definiert; dies ist OK, falls die Standard-"
+"Zuordnung verwendet wurde\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"Login-Zuordnung für %s ist in der Richtlinie definiert, kann nicht gelöscht "
+"werden\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Login-Zuordnung für %s konnte nicht gelöscht werden"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Es konnte nicht in das Verzeichnis »%s« gewechselt werden.\n"
@@ -600,6 +520,10 @@ msgid "Cannot execute %s"
 msgstr "%s konnte nicht ausgeführt werden"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Ungültiges root-Verzeichnis »%s«\n"
 
@@ -607,6 +531,87 @@ msgstr "Ungültiges root-Verzeichnis »%s«\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "root-Verzeichnis kann nicht auf »%s« geändert werden.\n"
 
+#, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: Speicher erschöpft\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: %s kann nicht mit stat abgefragt werden: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s ist weder ein Verzeichnis noch eine symbolische Verknüpfung.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Symbolische Verknüpfung %s kann nicht gelesen werden: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Verdächtig lange symbolische Verknüpfung: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: Verzeichnis %s kann nicht erstellt werden: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Eigentümer von %s kann nicht geändert werden: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Berechtigungen von %s können nicht geändert werden: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: Löschen (unlink): %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Verzeichnis %s kann nicht entfernt werden: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: %s kann nicht in %s umbenannt werden: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: %s kann nicht entfernt werden: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Symbolische Verknüpfung %s kann nicht erstellt werden: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Eigentümer von %s können nicht geändert werden: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: %s kann nicht mit lstat abgefragt werden: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Warnung: Benutzer %s hat keine tcb-shadow-Datei.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Ernstes Problem: %ss tcb-shadow ist keine reguläre Datei mit "
+"st_nlink=1.\n"
+"Der Benutzerzugang bleibt gesperrt.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir (Verzeichnis erstellen): %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: %s kann nicht geöffnet werden: %s\n"
+
 #, fuzzy, c-format
 #| msgid "%s: user '%s' does not exist in %s\n"
 msgid "%s: user %s is currently logged in\n"
@@ -683,6 +688,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_VERZ        Verzeichnis für chroot\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_VERZ        Verzeichnis für chroot\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -711,12 +721,15 @@ msgstr "Passwort inaktiv"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Ablaufdatum des Benutzerzugangs (JJJJ-MM-TT)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Letzte Passwortänderung\t\t\t\t\t: "
-
 msgid "never"
 msgstr "nie"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Letzte Passwortänderung\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "Passwort muss geändert werden"
 
@@ -895,14 +908,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: Benutzer »%s« ist nicht vorhanden.\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: Benutzer »%s« auf dem NIS-Client konnte nicht geändert werden.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: »%s« ist der NIS-Master für diesen Client.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Benutzerinformationen für %s werden geändert.\n"
 
@@ -944,6 +949,11 @@ msgstr ""
 "  -s, --sha-rounds              Anzahl der SHA-Runden für den SHA*-,\n"
 "                                BCRYPT oder YESCRYPT Hash-Methode.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: Nicht unterstützte Verschlüsselungsmethode: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: %s ist nur zusammen mit %s erlaubt.\n"
@@ -995,6 +1005,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Login-Shell"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Auslesen der Größe von %s fehlgeschlagen: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: Neue defaults-Datei kann nicht erzeugt werden.\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Sie dürfen die Shell für »%s« nicht ändern.\n"
@@ -1007,6 +1027,11 @@ msgstr "Login-Shell für %s wird geändert.\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Ungültiger Eintrag: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s ist eine ungültige Shell\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s ist eine ungültige Shell\n"
@@ -1258,11 +1283,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  Ein Systemkonto erstellen\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_VERZ        Verzeichnis für chroot\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    Die Mitglieder der Gruppe auflisten\n"
@@ -1276,6 +1296,11 @@ msgstr "Ungültiger Benutzername »%s«\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: »%s« ist kein gültiger Gruppenname.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: %s kann nicht geöffnet werden: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: Ungültige Gruppen-ID »%s«\n"
@@ -1322,14 +1347,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: Gruppe »%s« existiert nicht.\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: Gruppe »%s« ist eine NIS-Gruppe.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s ist der NIS-Master.\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: Benutzer »%s« ist bereits ein Mitglied von »%s«.\n"
 
@@ -1433,10 +1450,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: Ungültiger Gruppenname »%s«\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: Gruppe %s ist eine NIS-Gruppe.\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: Unbekannter Benutzer %s\n"
 
@@ -1566,7 +1579,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     Aufzeichnungen fehlgeschlagener Anmeldungen\n"
@@ -1667,11 +1680,7 @@ msgstr ""
 
 #, c-format
 msgid "%s: Cannot possibly work without effective root\n"
-msgstr "%s: Arbeit ohne effektive root-Rechte eventuell nicht möglich\n"
-
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Kein utmp-Eintrag. Sie müssen »login« vom niedrigsten »sh«-Level ausführen."
+msgstr "%s: Arbeit ohne effektive root-Rechte unmöglich\n"
 
 #, c-format
 msgid ""
@@ -1708,14 +1717,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Benutzer kann nicht gefunden werden (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s Login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: Fehler bei Prozessaufspaltung (fork): %s"
 
@@ -1750,7 +1751,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1777,19 +1779,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: Entsperren von %s fehlgeschlagen\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: tcb-Verzeichnis für %s konnte nicht gefunden werden\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Erstellen des tcb-Verzeichnisses für %s fehlgeschlagen\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1822,14 +1819,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Erstellen des tcb-Verzeichnisses für %s fehlgeschlagen\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1854,6 +1851,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: Ungültiger Benutzername »%s«\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: Zeile %d: Ungültige Zeile\n"
 
@@ -1875,6 +1876,11 @@ msgstr "%s: Zeile %d: Gruppe kann nicht erstellt werden.\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: Zeile %d: Benutzer »%s« existiert nicht in %s.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: Löschen (unlink): %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: Zeile %d: Passwort kann nicht aktualisiert werden.\n"
@@ -1897,14 +1903,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: Zeile %d: Eintrag kann nicht aktualisiert werden.\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: Vorbereiten des neuen %s-Eintrags »%s« fehlgeschlagen.\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: Benutzer kann nicht erstellt werden\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: Vorbereiten des neuen %s-Eintrags »%s« fehlgeschlagen.\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: Gruppe kann nicht erzeugt werden\n"
 
@@ -1977,6 +1983,12 @@ msgstr ""
 "  -x, --maxdays MAX_TAGE        Maximale Anzahl der Tage vor\n"
 "                                Passwortänderung auf MAX_TAGE setzen\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    Informationen zu Ablaufdaten usw. anzeigen\n"
+
 msgid "Old password: "
 msgstr "Altes Passwort: "
 
@@ -1998,6 +2010,11 @@ msgstr ""
 "Bitte benutzen Sie eine Kombination aus Groß- und Kleinbuchstaben\n"
 "sowie Ziffern.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: Felder zu lang\n"
+
 msgid "New password: "
 msgstr "Neues Passwort: "
 
@@ -2043,6 +2060,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: Repository %s nicht unterstützt\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: Nur root kann die Option -g/--group nutzen.\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s ist nicht berechtigt, das Passwort von %s zu ändern.\n"
@@ -2196,11 +2218,9 @@ msgstr "%s: Signal-Fehlfunktion\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sitzung abgebrochen, Shell wird beendet ..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ... abgeschossen.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ... Warten auf Beendigung des Kindprozesses.\n"
 
@@ -2287,6 +2307,11 @@ msgstr "%s: su ist Ihnen derzeit nicht erlaubt.\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Kein Passworteintrag für Benutzer »%s«\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "Ungültiger Benutzername »%s«\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: Muss von einem Terminal gestartet werden.\n"
@@ -2333,6 +2358,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: die %s-Konfiguration in %s wird ignoriert.\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: die %s-Konfiguration in %s wird ignoriert.\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: Neue defaults-Datei kann nicht erzeugt werden.\n"
@@ -2343,10 +2375,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: Neue defaults-Datei kann nicht erzeugt werden.\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: Neue defaults-Datei kann nicht erzeugt werden.\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: Neue defaults-Datei kann nicht geöffnet werden.\n"
 
@@ -2363,10 +2391,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: Umbenennen: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: Die Gruppe »%s« ist eine NIS-Gruppe.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: Zu viele Gruppen angegeben (max. %d).\n"
 
@@ -2518,6 +2542,18 @@ msgstr ""
 "SELinux-\n"
 "                                Benutzer-Zuordnung verwenden\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEBENUTZER Den Benutzernamen SEBENUTZER für die "
+"SELinux-\n"
+"                                Benutzer-Zuordnung verwenden\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: Ungültiges Basis-Verzeichnis »%s«\n"
@@ -2660,6 +2696,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Zugriffsrechte der Mailboxdatei werden gesetzt"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Erzeugen der Mailbox-Datei"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Erzeugen der Mailbox-Datei"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2799,10 +2845,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: tcb-Dateien für %s können nicht gelöscht werden: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: Benutzer %s ist ein NIS-Benutzer.\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s-Home-Verzeichnis (%s) nicht gefunden\n"
 
@@ -2936,6 +2978,16 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     neue SELinux-Benutzer-Zuordnung für den\n"
 "                                Benutzerzugang\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     neue SELinux-Benutzer-Zuordnung für den\n"
+"                                Benutzerzugang\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3032,12 +3084,26 @@ msgstr ""
 "%s: Kopieren des lastlog-Eintrags von Benutzer %lu zu Benutzer %lu "
 "fehlgeschlagen: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: Kopieren des lastlog-Eintrags von Benutzer %lu zu Benutzer %lu "
+"fehlgeschlagen: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: Kopieren des faillog-Eintrags von Benutzer %lu zu Benutzer %lu "
 "fehlgeschlagen: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: Kopieren des faillog-Eintrags von Benutzer %lu zu Benutzer %lu "
+"fehlgeschlagen: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: Warnung: %s nicht im Besitz von %s.\n"
@@ -3139,8 +3205,8 @@ msgstr "Löschen (unlink) der scratch-Datei fehlgeschlagen"
 msgid "failed to stat edited file"
 msgstr "stat-Abfrage der editierten Datei fehlgeschlagen"
 
-msgid "failed to allocate memory"
-msgstr "Speicherreservierung fehlgeschlagen"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "Erzeugen der Sicherungsdatei fehlgeschlagen"
@@ -3155,6 +3221,62 @@ msgstr ""
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: tcb-Verzeichnis für %s konnte nicht gefunden werden\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Umgebungsüberlauf\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr ""
+#~ "%s: Benutzer »%s« auf dem NIS-Client konnte nicht geändert werden.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: »%s« ist der NIS-Master für diesen Client.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: Gruppe »%s« ist eine NIS-Gruppe.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s ist der NIS-Master.\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: Gruppe %s ist eine NIS-Gruppe.\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: Neue defaults-Datei kann nicht erzeugt werden.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: Die Gruppe »%s« ist eine NIS-Gruppe.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: Benutzer %s ist ein NIS-Benutzer.\n"
+
+#~ msgid "too simple"
+#~ msgstr "zu einfach"
+
+#, c-format
+#~ msgid "Unable to obtain random bytes.\n"
+#~ msgstr "Kann keine zufälligen Bytes beziehen.\n"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Kein utmp-Eintrag. Sie müssen »login« vom niedrigsten »sh«-Level "
+#~ "ausführen."
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: tcb-Verzeichnis für %s konnte nicht gefunden werden\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "Speicherreservierung fehlgeschlagen"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Aufruf: id\n"
 
@@ -3170,9 +3292,5 @@ msgstr "%s: tcb-Verzeichnis für %s konnte nicht gefunden werden\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: Passwortablauf-Informationen geändert.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "Ungültiger Benutzername »%s«\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Benutzername     Port     Von              Letzter"
diff --git a/po/dz.gmo b/po/dz.gmo
index a7de752..96279ba 100644
--- a/po/dz.gmo
+++ b/po/dz.gmo
diff --git a/po/dz.po b/po/dz.po
index e40d19b..16c7923 100644
--- a/po/dz.po
+++ b/po/dz.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.17\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2006-06-01 15:28+0530\n"
 "Last-Translator: Jurmey Rabgay <jur_gay@yahoo.com>\n"
 "Language-Team: dzongkha <pgeyleg@dit.gov.bt>\n"
@@ -21,220 +21,6 @@ msgstr ""
 "X-Poedit-SourceCharset: utf-8\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོན་ལུ་ བར་སྟོང་སྤྲོད་མ་ཚུགས�\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "རིམ་སྒྲིག་འཚོལ་བ་-མ་ཤེས་པའི་རྣམ་གྲངས་ '%s'(བདག་ས�ྱོང་པ་བརྡ་བས�ུལ་འབད་)�\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "ཆོག་ཡིག་:"
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s's ཆོག་ཡིག་:"
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "ཆོག་ཡིག་ཡིག་སྣོད་ �་ཕྱེ་མི་ཚུགས�\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོན་ལུ་ བར་སྟོང་སྤྲོད་མ་ཚུགས�\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s གི་དོན་ལུ་ རྒས་པའི་བརྡ་དོན་བསྒྱུར་བཅོས་འབད་དོ�\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: �ྱོད་ཀྱི་ལག་ལེན་པའི་མིང་ ག�ན་འབེབས་བཟོ་མི་ཚུགས�\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: གྲལ་�ིག་ %d:ལག་ལེན་པ་ %sའཚོལ་མི་ཚུགས�\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: དྲན་ཚད་ལས་བརྒལ་བ�\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: ཡིག་སྣོད་ %sའདི་ དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: ནུས་མེད་�ྱིམ་གྱི་སྣོད་�ོ་  '%s'�\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: བས�ྱར་མིང་བ�གས་:%s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: ཡིག་སྣོད་ %sའདི་ དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: གྱིབ་མའི་ཡིག་སྣོད་ དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: བས�ྱར་མིང་བ�གས་:%s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: ཡིག་སྣོད་%s �་ཕྱེ་མི་ཚུགས�\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "ཉེན་བརྡ་:མ་ཤེས་པའི་སྡེ་ཚན་%s\n"
 
@@ -280,6 +66,11 @@ msgstr "ཊི་ཊི་à½�འི་ %s བསྒྱུར་བཅོས་à½
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: ས་སྒོ་ཚུ་རིང་དྲགས་པས�\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -287,8 +78,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "མ�འ་འ�ོར་ལུད་སོང་བ�\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -389,9 +181,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: �ུན་མོང་ ཡུ་ཨའི་ཌི་འ�ོབ་མི་ཚུགས�\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོན་ལུ་ བར་སྟོང་སྤྲོད་མ་ཚུགས�\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "རིམ་སྒྲིག་འཚོལ་བ་-མ་ཤེས་པའི་རྣམ་གྲངས་ '%s'(བདག་ས�ྱོང་པ་བརྡ་བས�ུལ་འབད་)�\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: པི་ཨེ་ཨེམ་ བདེན་བཤད་འ�ུས་ཤོར་བྱུང་ཡོདཔ�\n"
@@ -419,7 +218,7 @@ msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོ
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: ཡིག་སྣོད་�་ཕྱེ་མི་ཚུགས�\n"
 
 #, fuzzy, c-format
@@ -430,9 +229,21 @@ msgstr "%s: གྲལ་�ིག་ %d: chown འ�ུས་ཤོར་བྱ
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: གྲལ་�ིག་ %d: chown འ�ུས་ཤོར་བྱུང་ཡོདཔ�\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: གྲལ་�ིག་ %d: chown འ�ུས་ཤོར་བྱུང་ཡོདཔ�\n"
+
 msgid "Too many logins.\n"
 msgstr "ནང་བས�ྱོད་མང་དྲགས་པ�\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s ནང་བས�ྱོད་: "
+
 msgid "You have new mail."
 msgstr "�ྱོད་ལུ་ཡིག་འཕྲིན་གསརཔ་ཅིག་འདུག"
 
@@ -442,6 +253,14 @@ msgstr "ཡིག་འཕྲིན་མེད�"
 msgid "You have mail."
 msgstr "�ྱོད་ལུ་ཡིག་འཕྲིན་འདུག"
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "བསྒྱུར་བཅོས་མེད�"
 
@@ -454,9 +273,6 @@ msgstr "ཡི་གུ་ར�ྱངམ་ཅིག་བསྒྱུར་བ
 msgid "too similar"
 msgstr "ཤིན་�ུ་ཆ་འདྲ་བ�"
 
-msgid "too simple"
-msgstr "ཤིན་�ུ་འཇམ་སམ�"
-
 msgid "rotated"
 msgstr "བསྒྱིར་ཡོདཔ�"
 
@@ -503,6 +319,13 @@ msgid ""
 "%s\n"
 msgstr "ཆོག་ཡིག་:པམ་སི་ཊཊི་()འ�ུས་ཤོར་བྱུང་ཡོདཔ་(_s) འཛོལ་བ་ %d\n"
 
+msgid "Password: "
+msgstr "ཆོག་ཡིག་:"
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s's ཆོག་ཡིག་:"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "%s གི་དོན་ལུ་ བདེན་མེད་ཀྱི་ཆོག་ཡིག\n"
@@ -528,18 +351,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -552,6 +371,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "ཆོག་ཡིག་ཡིག་སྣོད་ �་ཕྱེ་མི་ཚུགས�\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོན་ལུ་ བར་སྟོང་སྤྲོད་མ་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོན་ལུ་ བར་སྟོང་སྤྲོད་མ་ཚུགས�\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s གི་དོན་ལུ་ རྒས་པའི་བརྡ་དོན་བསྒྱུར་བཅོས་འབད་དོ�\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: �ྱོད་ཀྱི་ལག་ལེན་པའི་མིང་ ག�ན་འབེབས་བཟོ་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: གྲལ་�ིག་ %d:ལག་ལེན་པ་ %sའཚོལ་མི་ཚུགས�\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "'%s'ལུ་ སི་ཌི་འབད་མ་ཚུགས་\n"
@@ -564,6 +484,10 @@ msgid "Cannot execute %s"
 msgstr "%sལག་ལེན་འ�བ་མི་ཚུགས�"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "ནུས་མེད་རྩ་བའི་སྣོད་�ོ་ '%s'\n"
 
@@ -572,6 +496,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr " '%s'ལུ་ རྩ་བའི་སྣོད་�ོ་བསྒྱུར་བཅོས་འབད་མི་ཚུགས�\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: དྲན་ཚད་ལས་བརྒལ་བ�\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: ཡིག་སྣོད་ %sའདི་ དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: ནུས་མེད་�ྱིམ་གྱི་སྣོད་�ོ་  '%s'�\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: བས�ྱར་མིང་བ�གས་:%s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: ཉེན་བརྡ་:རྩ་བས�ྲད་ག�ང་མི་ཚུགས�"
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: ཡིག་སྣོད་ %sའདི་ དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: གྱིབ་མའི་ཡིག་སྣོད་ དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: བས�ྱར་མིང་བ�གས་:%s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: ཡིག་སྣོད་%s �་ཕྱེ་མི་ཚུགས�\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: ལག་ལེན་པ་  %sའདི་ ད་ལྟོ་རང་ནང་བས�ྱོད་འབད་ཡི�\n"
 
@@ -630,6 +632,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -655,12 +660,15 @@ msgstr "ཆོག་ཡིག་ནུས་མེད�"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "རྩིས་�ོའི་དུས་ཡོལ་ཚེས་གྲངས་(�འི་�འི་�འི་�འི་-ཨེམ་ཨེམ་-ཌི་ཌི་)�"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "མཇུག་གི་ཆོག་ཡིག་བསྒྱུར་བཅོས་\t\t\t\t\t: "
-
 msgid "never"
 msgstr "ནམ་ཡང་"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "མཇུག་གི་ཆོག་ཡིག་བསྒྱུར་བཅོས་\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "ཆོག་ཡིག་འདི་བསྒྱུར་བཅོས་འབད་དགོ"
 
@@ -829,14 +837,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: ལག་ལེན་པ་  %sའདི་ མེད�\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: ཨེན་ཨའི་ཨེསི་ ཞབས་�ོག་སྤྱོད་མི་གུ་ ལག་ལེན་པ་ '%s' བསྒྱུར་བཅོས་འབད་མི་ཚུགས�\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' འདི་ ཞབས་�ོག་སྤྱོད་མི་འདི་གི་དོན་ལུ་ ཨེན་ཨའི་ཨེསི་ ཨམ་ཨིན�\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%sགི་དོན་ལུ་ ལག་ལེན་པའི་བརྡ་དོན་ བསྒྱུར་བཅོས་འབད་དོ�\n"
 
@@ -864,6 +864,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: -a ཟུར་རྟགས་འདི་ -Gཟུར་རྟགས་དང་གཅིག་�ར་ར�ྱངམ་ཅིག་ཆོག\n"
@@ -915,6 +919,15 @@ msgid "Login Shell"
 msgstr "ནང་བས�ྱོད་ཀྱི་ཤལ�"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: སྔོན་སྒྲིག་ཡིག་སྣོད་གསརཔ་ གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "�ྱོད་ཀྱིས་ %sགི་དོན་ལུ་ ཤལ་བསྒྱུར་བཅོས་མི་འབད�་འོང་�\n"
 
@@ -927,6 +940,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: ནུས་མེད་ཀྱི་�ོ་བཀོད་:%s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s འདི་ནུས་མེད་ཀྱི་ཤལ་ཨིན�\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s འདི་ནུས་མེད་ཀྱི་ཤལ་ཨིན�\n"
 
@@ -1136,9 +1153,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1152,6 +1166,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s འདི་ ནུས་ཅན་གྱི་སྡེ་ཚན་མིང་མེན་པས�\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: ཡིག་སྣོད་%s �་ཕྱེ་མི་ཚུགས�\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "ནུས་མེད་སྡེཚན་གྱི་མིང་ '%s'\n"
 
@@ -1194,14 +1212,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: སྡེ་ཚན་ %sམེད�\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: སྡེ་ཚན་ '%s' འདི་ ཨེན་ཨའི་ཨེསི་སྡེ་ཚན་ཨིན�\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %sའདི་ ཨེན་ཇི་ཨེསི་ ཨམ་ཨིན�\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: ལག་ལེན་པ་ %sའདི་ ཨེན་ཨའི་ཨེསི་ ལག་ལེན་པ་ཅིག་ཨིན�\n"
 
@@ -1277,10 +1287,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "ནུས་མེད་སྡེཚན་གྱི་མིང་ '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: སྡེ་ཚན་ %s འདི་ ཨེན་ཇི་ཨེསི་ སྡེ་ཚན་ཨིན�\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: མ་ཤེས་པའི་ལག་ལེན་པ་%s\n"
 
@@ -1394,7 +1400,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1488,10 +1494,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"utmp�ོ་བཀོད་མིན་འདུག �ྱོད་ཀྱིས་ གནས་རིམ་དམའ་ཤོས་\"sh\"གི་ནང་ལས་ \"login\"ལག་ལེན་འ�བ་དགོ"
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1526,14 +1528,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: གྲལ་�ིག་ %d:ལག་ལེན་པ་ %sའཚོལ་མི་ཚུགས�\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s ནང་བས�ྱོད་: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: �་སྤེལ་བ་འ�ུས་ཤོར་:%s"
 
@@ -1569,7 +1563,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1594,17 +1589,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: ས་སྒོ་ཚུ་རིང་དྲགས་པས�\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་�ོ་'%s'�\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1638,14 +1629,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1667,6 +1657,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: ནུས་མེད་ལག་ལེན་པའི་མིང་ '%s'�\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s:གྲལ་�ིག་%d: ནུས་མེད་གྲལ་�ིག་\n"
 
@@ -1686,6 +1680,10 @@ msgstr "%s: གྲལ་à½�ིག་ %d: ཇི་ཨའི་ཌི་ གསà½
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: ལག་ལེན་པ་  %sའདི་ མེད�\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: བས�ྱར་མིང་བ�གས་:%s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: གྲལ་�ིག་ %d: ཆོག་ཡིག་དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
@@ -1707,14 +1705,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: གྲལ་�ིག་ %d: �ོ་བཀོད་དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: �ེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འ�ུས་ཤོར་བྱུང་ཡོདཔ�\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: %sགསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: �ེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འ�ུས་ཤོར་བྱུང་ཡོདཔ�\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: སྡེ་ཚན་ཡིག་སྣོད་ དུས་མ�ུན་བཟོ་མི་ཚུགས�\n"
 
@@ -1772,6 +1770,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "ཆོག་ཡིག་རྙིངམ་:"
 
@@ -1787,6 +1788,11 @@ msgid ""
 "Please use a combination of upper and lower case letters and numbers.\n"
 msgstr "ཆོག་ཡིག་གསརཔ་བཙུགས་(%d གི་ཉུང་མ�འ་ %dཡིག་འབྲུའི་མང་མ�འ་)�\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: ས་སྒོ་ཚུ་རིང་དྲགས་པས�\n"
+
 msgid "New password: "
 msgstr "ཆོག་ཡིག་གསརཔ་:"
 
@@ -1829,6 +1835,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: མཛོད་གནས་ %sའདི་ རྒྱབ་ས�ྱོར་མ་འབད་བས�\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1971,11 +1981,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2048,6 +2056,11 @@ msgstr "à½�ྱོད་ ཟླ་%sལུ་ དབང་སྤྲོད་མà¼
 msgid "No passwd entry for user '%s'\n"
 msgstr "'རྩ་བ་'གི་དོན་ལུ་ ཆོག་ཡིག་�ོ་བཀོད་མེད�"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "ནུས་མེད་ལག་ལེན་པའི་མིང་ '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: ཊར་མི་ནཱལ་ལས་གཡོག་བཀོལ་དགོ\n"
@@ -2093,6 +2106,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2104,10 +2123,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: སྔོན་སྒྲིག་ཡིག་སྣོད་གསརཔ་ གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: སྔོན་སྒྲིག་ཡིག་སྣོད་གསརཔ་ གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: སྔོན་སྒྲིག་ཡིག་སྣོད་གསརཔ་ �་ཕྱེ་མི་ཚུགས�\n"
 
@@ -2124,10 +2139,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: བས�ྱར་མིང་བ�གས་:%s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: སྡེ་ཚན་ '%s' འདི་ ཨེན་ཨའི་ཨེསི་སྡེ་ཚན་ཨིན�\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: སྡེ་ཚན་མང་རབས་ཅིག་གསལ་བཀོད་འབད་ཡོདཔ་(མང་མ�འ་ %d)�\n"
 
@@ -2236,6 +2247,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་�ོ་'%s'�\n"
@@ -2366,6 +2382,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "ཡིག་སྒྲོམ་ཡིག་སྣོད་གྱི་གནང་བ་ གཞི་སྒྲིག་འབད་དོ�"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "ཡིག་སྒྲོམ་ཡིག་སྣོད་ གསར་བས�ྲུན་འབད་དོ�"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "ཡིག་སྒྲོམ་ཡིག་སྣོད་ གསར་བས�ྲུན་འབད་དོ�"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2486,10 +2512,6 @@ msgstr "%s: སྣོད་à½�ོ་ %s འདི་ %s ལུ་ བསà¾�ྱà½
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: སྣོད་�ོ་ %s འདི་ %s ལུ་ བས�ྱར་མིང་བ�གས་མི་ཚུགས�\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: ལག་ལེན་པ་ %sའདི་ ཨེན་ཨའི་ཨེསི་ ལག་ལེན་པ་ཅིག་ཨིན�\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: ནུས་མེད་�ྱིམ་གྱི་སྣོད་�ོ་  '%s'�\n"
@@ -2588,6 +2610,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2671,10 +2697,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: ཆོག་ཡིག་ཡིག་སྣོད་ དུས་མ�ུན་བཟོ་མ་ཚུགས�\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: སྣོད་�ོ་ %s གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: ཉེན་བརྡ་: %s འདི་ %s གིས་ བདག་དབང་བཟུངམ་མེན�\n"
@@ -2780,8 +2814,9 @@ msgid "failed to stat edited file"
 msgstr "ཡིག་སྒྲོམ་གྱི་བས�ྱར་མིང་བ�གས་ནི་ལུ་ འཛོལ་བ�"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "ཡིག་སྒྲོམ་བདག་པོ་སོར་ནི་ལུ་ འ�ུས་ཤོར་བྱུང་ཡོདཔ�"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: ཡིག་སྣོད་�་ཕྱེ་མི་ཚུགས�\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2795,6 +2830,56 @@ msgstr "%s: %sསོར་ཆུད་འབད་མ་ཚུགས་: %s (�
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་�ོ་'%s'�\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "མ�འ་འ�ོར་ལུད་སོང་བ�\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: ཨེན་ཨའི་ཨེསི་ ཞབས་�ོག་སྤྱོད་མི་གུ་ ལག་ལེན་པ་ '%s' བསྒྱུར་བཅོས་འབད་མི་ཚུགས�\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' འདི་ ཞབས་�ོག་སྤྱོད་མི་འདི་གི་དོན་ལུ་ ཨེན་ཨའི་ཨེསི་ ཨམ་ཨིན�\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: སྡེ་ཚན་ '%s' འདི་ ཨེན་ཨའི་ཨེསི་སྡེ་ཚན་ཨིན�\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %sའདི་ ཨེན་ཇི་ཨེསི་ ཨམ་ཨིན�\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: སྡེ་ཚན་ %s འདི་ ཨེན་ཇི་ཨེསི་ སྡེ་ཚན་ཨིན�\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: སྔོན་སྒྲིག་ཡིག་སྣོད་གསརཔ་ གསར་བས�ྲུན་འབད་མི་ཚུགས�\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: སྡེ་ཚན་ '%s' འདི་ ཨེན་ཨའི་ཨེསི་སྡེ་ཚན་ཨིན�\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: ལག་ལེན་པ་ %sའདི་ ཨེན་ཨའི་ཨེསི་ ལག་ལེན་པ་ཅིག་ཨིན�\n"
+
+#~ msgid "too simple"
+#~ msgstr "ཤིན་�ུ་འཇམ་སམ�"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "utmp�ོ་བཀོད་མིན་འདུག �ྱོད་ཀྱིས་ གནས་རིམ་དམའ་ཤོས་\"sh\"གི་ནང་ལས་ \"login\"ལག་ལེན་འ�བ་དགོ"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་�ོ་'%s'�\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "ཡིག་སྒྲོམ་བདག་པོ་སོར་ནི་ལུ་ འ�ུས་ཤོར་བྱུང་ཡོདཔ�"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "ལག་ལེན་པ་: id\n"
 
@@ -2810,10 +2895,6 @@ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་à½
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "ཆོག་ཡིག་དུས་ཡོལ་ཉེན་བརྡ�"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ནུས་མེད་ལག་ལེན་པའི་མིང་ '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "ལག་ལེན་པའི་མིང་         འདྲེན་ལམ་     ལས་             མཇུག་མ�འ�"
 
diff --git a/po/el.gmo b/po/el.gmo
index a80aa79..cd53fce 100644
--- a/po/el.gmo
+++ b/po/el.gmo
diff --git a/po/el.po b/po/el.po
index 9de273b..c1e8ee8 100644
--- a/po/el.po
+++ b/po/el.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow_po_el\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2012-01-21 00:22+0200\n"
 "Last-Translator: Thomas Vasileiou <thomas-v@wildmail.com>\n"
 "Language-Team: Greek <debian-l10n-greek@lists.debian.org>\n"
@@ -22,230 +22,6 @@ msgstr ""
 "X-Generator: KBabel 1.10.2\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "η μέθοδος κ�υπτογ�άφησης δεν υποστη�ίζεται από το libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "λάθος διαμό�φωση - δεν μπο�εί να αναλυθεί η τιμή %s : '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Αδυναμία δέσμευσης χώ�ου για πλη�οφο�ίες διαμό�φωσης.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"σφάλμα διαμό�φωσης - άγνωστο αντικείμενο '%s' (ειδοποιήστε το διαχει�ιστή)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: το nscd δεν τε�μάτισε κανονικά (σήμα %d)\n"
-
-#, fuzzy, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: το ncsd τε�μάτισε με κατάσταση εξόδου %d"
-
-msgid "Password: "
-msgstr "Συνθηματικό: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Του %s το Συνθηματικό: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Αδυναμία εγκαθίδ�υσης διεπαφής ελέγχου - ματαίωσης.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Δεν μπο�ώ να δημιου�γήσω διαχει�ιστή του SELinux\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "Η πολιτική του SELinux δεν διαχει�ίζεται\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Αδυναμία ανάγνωσης της αποθηκευμένης πολιτικής του SELinux\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "Αδυναμία δημιου�γίας σ�νδεση διαχεί�ισης του SELinux\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Αδυναμία εκκίνησης συναλλαγής SELinux\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Αδυναμία ανάκτησης του χ�ήστη SE για το %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Αδυναμία ��θμισης του πεδίου SE για το %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Αδυναμία ��θμισης του ονόματος SE για το χ�ήστη %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Αδυναμία τ�οποποίησης της χα�τογ�άφησης σ�νδεσης για το χ�ήστη %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Αδυναμία δημιου�γίας χα�τογ�άφησης σ�νδεσης SELinux για το χ�ήστη %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Αδυναμία ��θμισης του ονόματος χ�ήστη %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Αδυναμία ��θμισης του SELinux χ�ήστη %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Αδυναμία π�οσθήκης χα�τογ�άφηση σ�νδεσης για το χ�ήστη %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Αδυναμία εκκίνησης της διαχεί�ισης SELinux\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Αδυναμία δημιου�γίας κλειδιο� για το χ�ήστη SELinux\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Ο SELinux χ�ήστης δεν μπο�εί να επαληθευτεί\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Αδυναμία τ�οποποίησης της χα�τογ�άφησης χ�ήστη SELinux\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Αδυναμία π�οσθήκης της χα�τογ�άφησης χ�ήστη SELinux\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "Αδυναμία πα�άδοσης της συναλλαγής SELinux\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Δεν έχει ο�ιστεί χα�τογ�άφηση σ�νδεσης για τον χ�ήστη %s, είναι ΟΚ εάν "
-"χ�ησιμοποιηθεί η π�οκαθο�ισμένη χα�τογ�άφηση\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"Η χα�τογ�άφηση σ�νδεσης για το χ�ήστη %s καθο�ίζεται από το πλαίσιο της "
-"πολιτική και δεν μπο�εί να διαγ�αφεί\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Αδυναμία διαγ�αφής της χα�τογ�άφησης σ�νδεσης για το χ�ήστη %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: δεν υπά�χει ελε�θε�η μνήμη\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: Αδυναμία εκτέλεσης του stat %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: το %s δεν είναι ο�τε κατάλογος ο�τε συμβολικός σ�νδεσμος\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Αδυναμία ανάγνωσης του συμβολικο� συνδέσμου %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Ύποπτα μεγάλος συμβολικός σ�νδεσμος: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: Αδυναμία δημιου�γίας καταλόγου %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Αδυναμία αλλαγής ιδιοκτήτη του %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Αδυναμία αλλαγής τ�όπο λειτου�γίας του %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: αποσ�νδεση: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Αδυναμία διαγ�αφής του καταλόγου %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Αδυναμία μετονομασίας του %s σε %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Αδυναμία διαγ�αφής %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Αδυναμία δημιου�γίας συμβολικο� συνδέσμου %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Αδυναμία αλλαγή ιδιοκτητών του %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Αδυναμία εκτέλεσης του lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr ""
-"%s: Π�οειδοποίηση, δεν υπά�χει tcb α�χείο σκιωδών συνθηματικών για το χ�ήστη "
-"%s.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Επείγον: το tcb α�χείο σκιωδών συνθηματικών του %s δεν φέ�ει το σ�νηθες "
-"st_nlink=1.\n"
-"Ο λογα�ιασμός θα πα�αμείνει κλειδωμένος.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: Αδυναμία ανοίγματος α�χείου %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Π�οειδοποίηση: άγνωστη ομάδα %s\n"
 
@@ -292,14 +68,20 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: Αποτυχία ξεκλειδώματος %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Υπε�χείλιση πε�ιβάλλοντος\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "η μέθοδος κ�υπτογ�άφησης δεν υποστη�ίζεται από το libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -418,8 +200,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: αδυναμία λήψης μοναδικο� UID (δεν υπά�χουν διαθέσιμα UID)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "λάθος διαμό�φωση - δεν μπο�εί να αναλυθεί η τιμή %s : '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Αδυναμία δέσμευσης χώ�ου για πλη�οφο�ίες διαμό�φωσης.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"σφάλμα διαμό�φωσης - άγνωστο αντικείμενο '%s' (ειδοποιήστε το διαχει�ιστή)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -451,7 +241,7 @@ msgstr "Αδυναμία ��θμισης του ονόματος χ�ήστη %
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: αδυναμία ανοίγματος του α�χείου\n"
 
 #, fuzzy, c-format
@@ -464,9 +254,22 @@ msgstr "%s: γ�αμμή %d: αποτυχία αλλαγής ιδιοκτήτη
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: γ�αμμή %d: αποτυχία αλλαγής ιδιοκτήτη %s (chown): %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: γ�αμμή %d: αποτυχία αλλαγής ιδιοκτήτη %s (chown): %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Πολλές είσοδοι στο σ�στημα.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "Έχετε νέα γ�άμματα."
 
@@ -476,6 +279,14 @@ msgstr "Κανένα γ�άμμα."
 msgid "You have mail."
 msgstr "Έχετε γ�άμματα."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: το nscd δεν τε�μάτισε κανονικά (σήμα %d)\n"
+
+#, fuzzy, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: το ncsd τε�μάτισε με κατάσταση εξόδου %d"
+
 msgid "no change"
 msgstr "καμιά αλλαγή"
 
@@ -488,9 +299,6 @@ msgstr "αλλαγές κεφαλαίων/πεζών μόνο"
 msgid "too similar"
 msgstr "α�κετά πα�όμοιο"
 
-msgid "too simple"
-msgstr "πολ� απλό"
-
 msgid "rotated"
 msgstr "κυλιόμενο"
 
@@ -536,6 +344,13 @@ msgid ""
 "%s\n"
 msgstr "συνθηματικό: pam_start() απέτυχε, σφάλμα %d\n"
 
+msgid "Password: "
+msgstr "Συνθηματικό: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Του %s το Συνθηματικό: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Εσφαλμένο συνθηματικό για %s.\n"
@@ -561,18 +376,14 @@ msgstr "%s: διαδ�ομή chroot μη έγκυ�η '%s'\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: αδυναμία π�οσπέλαση του καταλόγου chroot %s: %s\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: αδυναμία π�οσπέλαση του καταλόγου chroot %s: %s\n"
-
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr ""
 "%s: αδυναμία αλλαγής του φαινομενικο� γονικο� καταλόγου (chroot)  %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: αδυναμία π�οσπέλαση του καταλόγου chroot %s: %s\n"
 
 #, c-format
 msgid ""
@@ -589,6 +400,112 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Αδυναμία εγκαθίδ�υσης διεπαφής ελέγχου - ματαίωσης.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Δεν μπο�ώ να δημιου�γήσω διαχει�ιστή του SELinux\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "Η πολιτική του SELinux δεν διαχει�ίζεται\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Αδυναμία ανάγνωσης της αποθηκευμένης πολιτικής του SELinux\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "Αδυναμία δημιου�γίας σ�νδεση διαχεί�ισης του SELinux\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Αδυναμία εκκίνησης συναλλαγής SELinux\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Αδυναμία ανάκτησης του χ�ήστη SE για το %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "Αδυναμία ��θμισης του πεδίου SE για το %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Αδυναμία ��θμισης του ονόματος SE για το χ�ήστη %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Αδυναμία τ�οποποίησης της χα�τογ�άφησης σ�νδεσης για το χ�ήστη %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Αδυναμία δημιου�γίας χα�τογ�άφησης σ�νδεσης SELinux για το χ�ήστη %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Αδυναμία ��θμισης του ονόματος χ�ήστη %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Αδυναμία ��θμισης του SELinux χ�ήστη %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Αδυναμία π�οσθήκης χα�τογ�άφηση σ�νδεσης για το χ�ήστη %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Αδυναμία εκκίνησης της διαχεί�ισης SELinux\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Αδυναμία δημιου�γίας κλειδιο� για το χ�ήστη SELinux\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Ο SELinux χ�ήστης δεν μπο�εί να επαληθευτεί\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Αδυναμία τ�οποποίησης της χα�τογ�άφησης χ�ήστη SELinux\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Αδυναμία π�οσθήκης της χα�τογ�άφησης χ�ήστη SELinux\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "Αδυναμία πα�άδοσης της συναλλαγής SELinux\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Δεν έχει ο�ιστεί χα�τογ�άφηση σ�νδεσης για τον χ�ήστη %s, είναι ΟΚ εάν "
+"χ�ησιμοποιηθεί η π�οκαθο�ισμένη χα�τογ�άφηση\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"Η χα�τογ�άφηση σ�νδεσης για το χ�ήστη %s καθο�ίζεται από το πλαίσιο της "
+"πολιτική και δεν μπο�εί να διαγ�αφεί\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Αδυναμία διαγ�αφής της χα�τογ�άφησης σ�νδεσης για το χ�ήστη %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Αδυναμία αλλαγής καταλόγου στον '%s'\n"
@@ -601,6 +518,10 @@ msgid "Cannot execute %s"
 msgstr "Αδυναμία εκτέλεσης %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Μη έγκυ�ος π�ωτα�χικός κατάλογος '%s'\n"
 
@@ -609,6 +530,89 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Αδυναμία αλλαγής του π�ωτα�χικο� καταλόγου σε '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: δεν υπά�χει ελε�θε�η μνήμη\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: Αδυναμία εκτέλεσης του stat %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: το %s δεν είναι ο�τε κατάλογος ο�τε συμβολικός σ�νδεσμος\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Αδυναμία ανάγνωσης του συμβολικο� συνδέσμου %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Ύποπτα μεγάλος συμβολικός σ�νδεσμος: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: Αδυναμία δημιου�γίας καταλόγου %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Αδυναμία αλλαγής ιδιοκτήτη του %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Αδυναμία αλλαγής τ�όπο λειτου�γίας του %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: αποσ�νδεση: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Αδυναμία διαγ�αφής του καταλόγου %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Αδυναμία μετονομασίας του %s σε %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Αδυναμία διαγ�αφής %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Αδυναμία δημιου�γίας συμβολικο� συνδέσμου %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Αδυναμία αλλαγή ιδιοκτητών του %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Αδυναμία εκτέλεσης του lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr ""
+"%s: Π�οειδοποίηση, δεν υπά�χει tcb α�χείο σκιωδών συνθηματικών για το χ�ήστη "
+"%s.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Επείγον: το tcb α�χείο σκιωδών συνθηματικών του %s δεν φέ�ει το σ�νηθες "
+"st_nlink=1.\n"
+"Ο λογα�ιασμός θα πα�αμείνει κλειδωμένος.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: Αδυναμία ανοίγματος α�χείου %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: Ο χ�ήστης %s β�ίσκεται στο σ�στημα\n"
 
@@ -689,6 +693,13 @@ msgstr ""
 "  -R, --root ΚΑΤΑΛΟΓΟΣ_CHROOT         κατάλογος στον οποίο να εφα�μοστεί "
 "chroot\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+"  -R, --root ΚΑΤΑΛΟΓΟΣ_CHROOT         κατάλογος στον οποίο να εφα�μοστεί "
+"chroot\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -716,12 +727,15 @@ msgstr "Ανενε�γό συνθηματικό"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Ημε�ομηνία Λήξης Λογα�ιασμο� (ΧΧΧΧ-ΜΜ-ΗΗ)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Τελευταία αλλαγή συνθηματικο� \t\t\t\t\t: "
-
 msgid "never"
 msgstr "Ποτέ"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Τελευταία αλλαγή συνθηματικο� \t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "το συνθηματικό π�έπει να αλλαχθεί"
 
@@ -901,14 +915,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: Ο χ�ήστης '%s' δεν υπά�χει\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: αδυναμία αλλαγής χ�ήστη '%s' στον εξυπη�ετητή NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' είναι ο κ��ιος διακομιστής NIS γι'αυτόν τον εξυπη�ετο�μενο.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Αλλαγή πλη�οφο�ιών χ�ήστη για τον %s\n"
 
@@ -949,6 +955,11 @@ msgstr ""
 "  -s, --sha-rounds              α�ιθμός κ�κλων SHA για τους \n"
 "                                 αλγό�ιθμους κ�υπτογ�άφησης SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: η μέθοδος κ�υπτογ�άφησης δεν υποστη�ίζεται: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: η σημαία %s επιτ�έπεται μόνο με τη σημαία %s\n"
@@ -1001,6 +1012,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Κέλυφος Εισόδου"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Αδυναμία ανάκτησης μεγέθους του %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: αδυναμία δημιου�γίας νέου α�χείου π�οκαθο�ισμένων �υθμίσεων\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Δεν μπο�είτε να αλλάξετε το φλοιό για το(ν) '%s'.\n"
@@ -1013,6 +1034,11 @@ msgstr "Αλλαγή του φλοιο� για τον %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Μη έγκυ�η καταχώ�ηση: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: ο %s δεν είναι έγκυ�ος φλοιός.\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: ο %s δεν είναι έγκυ�ος φλοιός.\n"
@@ -1263,13 +1289,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  δημιου�γία λογα�ιασμο� συστήματος\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-"  -R, --root ΚΑΤΑΛΟΓΟΣ_CHROOT         κατάλογος στον οποίο να εφα�μοστεί "
-"chroot\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    λίστα όλων των μελών της ομάδας\n"
@@ -1283,6 +1302,11 @@ msgstr "Μη έγκυ�ο όνομα χ�ήστη '%s'\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: Το '%s' δεν είναι έγκυ�ο όνομα ομάδας\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: Αδυναμία ανοίγματος α�χείου %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: Μη έγκυ�ο ID ομάδας '%s'\n"
@@ -1328,14 +1352,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: Η ομάδα '%s' δεν υπά�χει\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: Η ομάδα '%s' είναι NIS ομάδα.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: Ο %s είναι ο κ��ιος διακομιστής NIS\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: Ο χ�ήστης '%s' είναι ήδη μέλος του '%s'\n"
 
@@ -1435,10 +1451,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: μη έγκυ�ο όνομα ομάδας '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: Η ομάδα %s είναι NIS ομάδα\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: άγνωστος χ�ήστης %s\n"
 
@@ -1565,7 +1577,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     π�οβολή των εγγ�αφών του faillog για όλους "
@@ -1668,11 +1680,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Μάλλον δεν είναι δυνατή η λειτου�γία χω�ίς ενε�γό χ�ήστη root\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Δεν υπά�χει καταχώ�ιση utmp.  Π�έπει να εκτελέσετε \"login\" από το \"sh\" "
-"του πιο χαμηλο� επιπέδου"
-
 #, c-format
 msgid ""
 "\n"
@@ -1707,14 +1714,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Αδυναμία ε��εσης χ�ήστη (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: αποτυχία διχάλωσης: %s"
 
@@ -1750,7 +1749,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1778,19 +1778,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: Αποτυχία ξεκλειδώματος %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: αποτυχία ε��εσης καταλόγου tcb %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Αδυναμία δημιου�γίας tcb καταλόγου για το χ�ήστη %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1823,14 +1818,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Αδυναμία δημιου�γίας tcb καταλόγου για το χ�ήστη %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1855,6 +1850,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: μη έγκυ�ο όνομα χ�ήστη '%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: γ�αμμή %d: μη έγκυ�η γ�αμμή\n"
 
@@ -1876,6 +1875,11 @@ msgstr "%s: γÏ�αμμή %d: αδυναμία δημιουÏ�γίας ομάδαÏ
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: γ�αμμή %d: Ο χ�ήστης '%s' δεν υπά�χει στο %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: αποσ�νδεση: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: γ�αμμή %d: αδυναμία ανανέωση συνθηματικο�\n"
@@ -1898,14 +1902,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: γ�αμμή %d: αδυναμία ανανέωσης καταχώ�ησης\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: αποτυχία π�οετοιμασίας της νέας εγγ�αφής %s '%s'\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: αδυναμία δημιου�γίας του χ�ήστη\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: αποτυχία π�οετοιμασίας της νέας εγγ�αφής %s '%s'\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: αδυναμία ανανέωσης για το α�χείο ομάδων\n"
 
@@ -1990,6 +1994,12 @@ msgstr ""
 "π�ιν\n"
 "                                την αλλαγή του συνθηματικο� σε ΜΕΓ_ΗΜΕΡΕΣ\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    π�οβολή πλη�οφο�ιών ηλικίας λογα�ιασμών\n"
+
 msgid "Old password: "
 msgstr "Παλιό Συνθηματικό: "
 
@@ -2011,6 +2021,11 @@ msgstr ""
 "Πα�ακαλώ χ�ησιμοποιήστε ένα συνδυασμό από κεφαλαία και μικ�ά γ�άμματα\n"
 "καθώς και α�ιθμο�ς.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: Πολ� μακ�ιά πεδία\n"
+
 msgid "New password: "
 msgstr "�έο Συνθηματικό: "
 
@@ -2056,6 +2071,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: η αποθήκη %s δεν υποστη�ίζεται\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s:  μόνο ο root μπο�εί να χ�ησιμοποιήσει την επιλογή -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
@@ -2213,11 +2233,9 @@ msgstr "%s: δυσλειτου�γία σήματος\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Συνεδ�ία τε�ματίστηκε, τε�ματισμός φλοιο�..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...σκοτώθηκε.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2305,6 +2323,11 @@ msgstr "%s: Δεν έχετε άδεια για su τη δεδομένη στιÎ
 msgid "No passwd entry for user '%s'\n"
 msgstr "Δεν υπά�χει καταχώ�ηση συνθηματικο� για το χ�ήστη '%s'\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "Μη έγκυ�ο όνομα χ�ήστη '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: π�έπει να εκτελεστεί από τε�ματικό\n"
@@ -2351,6 +2374,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: η %s διαμό�φωση στο %s θα αγνοηθεί\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: η %s διαμό�φωση στο %s θα αγνοηθεί\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: αδυναμία δημιου�γίας νέου α�χείου π�οκαθο�ισμένων �υθμίσεων\n"
@@ -2361,10 +2391,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: αδυναμία δημιου�γίας νέου α�χείου π�οκαθο�ισμένων �υθμίσεων\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: αδυναμία δημιου�γίας νέου α�χείου π�οκαθο�ισμένων �υθμίσεων\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: αδυναμία ανοίγματος νέου α�χείου π�οκαθο�ισμένων �υθμίσεων\n"
 
@@ -2381,10 +2407,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: μετονομασία: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: Η ομάδα '%s' είναι NIS ομάδα.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: Π�οσδιο�ίστηκαν υπε�βολικές ομάδες (μεγ. %d).\n"
 
@@ -2530,6 +2552,17 @@ msgstr ""
 "  -Z, --selinux-user ΧΡΗΣΤΗΣ_SE     χ�ήση συγκεκ�ιμένου ΧΡΗΣΤΗΣ_SE για την "
 "χα�τογ�άφηση χ�ήστη SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user ΧΡΗΣΤΗΣ_SE     χ�ήση συγκεκ�ιμένου ΧΡΗΣΤΗΣ_SE για την "
+"χα�τογ�άφηση χ�ήστη SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: Μη έγκυ�ος κατάλογος βάσης '%s'\n"
@@ -2672,6 +2705,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Ρ�θμιση αδειών του α�χείου mailbox"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Δημιου�γία α�χείου mailbox"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Δημιου�γία α�χείου mailbox"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2810,10 +2853,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: Αδυναμία διαγ�αφής των α�χείων tcb για το χ�ήστη %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: Ο χ�ήστης %s είναι NIS χ�ήστης\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s ο α�χικός κατάλογος χ�ήστη (%s) δεν β�έθηκε\n"
 
@@ -2948,6 +2987,16 @@ msgstr ""
 "  -Z, --selinux-user ΧΡΗΣΤΗΣ_SE     νέα χα�τογ�άφηση χ�ήστη SELinux για το "
 "λογα�ιασμό του χ�ήστη\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user ΧΡΗΣΤΗΣ_SE     νέα χα�τογ�άφηση χ�ήστη SELinux για το "
+"λογα�ιασμό του χ�ήστη\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3047,12 +3096,26 @@ msgstr ""
 "%s: αποτυχία αντιγ�αφής της εγγ�αφής του lastlog από το χ�ήστη %lu στο "
 "χ�ήστη %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: αποτυχία αντιγ�αφής της εγγ�αφής του lastlog από το χ�ήστη %lu στο "
+"χ�ήστη %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: αποτυχία αντιγ�αφής της εγγ�αφής του faillog από το χ�ήστη %lu στο "
 "χ�ήστη %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: αποτυχία αντιγ�αφής της εγγ�αφής του faillog από το χ�ήστη %lu στο "
+"χ�ήστη %lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: π�οειδοποίηση: Το %s δεν ανήκει στον %s\n"
@@ -3155,8 +3218,10 @@ msgstr "αποτυχία αποσ�νδεσης του π�οσω�ινο� α�
 msgid "failed to stat edited file"
 msgstr "αποτυχία εκτέλεσης της εφα�μογής stat για το επεξε�γασμένο α�χείο"
 
-msgid "failed to allocate memory"
-msgstr "αποτυχία κατανομής μνήμης"
+#, fuzzy
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: αδυναμία ανοίγματος του α�χείου\n"
 
 msgid "failed to create backup file"
 msgstr "αποτυχία δημιου�γίας αντίγ�αφου ασφαλείας"
@@ -3169,6 +3234,58 @@ msgstr "%s: αδυναμία επαναφο�άς %s: %s (οι αλλαγές ε
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: αποτυχία ε��εσης καταλόγου tcb %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Υπε�χείλιση πε�ιβάλλοντος\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: αδυναμία αλλαγής χ�ήστη '%s' στον εξυπη�ετητή NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr ""
+#~ "%s: '%s' είναι ο κ��ιος διακομιστής NIS γι'αυτόν τον εξυπη�ετο�μενο.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: Η ομάδα '%s' είναι NIS ομάδα.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: Ο %s είναι ο κ��ιος διακομιστής NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: Η ομάδα %s είναι NIS ομάδα\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: αδυναμία δημιου�γίας νέου α�χείου π�οκαθο�ισμένων �υθμίσεων\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: Η ομάδα '%s' είναι NIS ομάδα.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: Ο χ�ήστης %s είναι NIS χ�ήστης\n"
+
+#~ msgid "too simple"
+#~ msgstr "πολ� απλό"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Δεν υπά�χει καταχώ�ιση utmp.  Π�έπει να εκτελέσετε \"login\" από το "
+#~ "\"sh\" του πιο χαμηλο� επιπέδου"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: αποτυχία ε��εσης καταλόγου tcb %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "αποτυχία κατανομής μνήμης"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Χ�ήση: id\n"
 
@@ -3184,10 +3301,6 @@ msgstr "%s: αποτυχία ε��εσης καταλόγου tcb %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: αλλαγή πλη�οφο�ιών λήξης συνθηματικο�.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "Μη έγκυ�ο όνομα χ�ήστη '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Όνομα_Χ�ήστη     Θ��α     Από              Τελευταία"
 
diff --git a/po/es.gmo b/po/es.gmo
index 4db21f5..802fd08 100644
--- a/po/es.gmo
+++ b/po/es.gmo
diff --git a/po/es.po b/po/es.po
index 58f8775..b03242f 100644
--- a/po/es.po
+++ b/po/es.po
@@ -32,7 +32,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.4.2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2011-11-23 23:56+0100\n"
 "Last-Translator: Francisco Javier Cuadrado <fcocuadrado@gmail.com>\n"
 "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
@@ -43,226 +43,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Hay varias entradas con el nombre «%s» en %s. Por favor, corríjalo "
-"utilizando pwck o grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "¿libcrypt no permite utilizar el método de cifrado? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "error de configuración, no se pudo procesar el valor %s: «%s»"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "No se pudo reservar espacio para la información de configuración.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"error de configuración, elemento «%s» desconocido (informe al "
-"administrador)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Contraseña: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Contraseña de %s: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "No se pudo abrir la interfaz de auditoría, abortando.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "No se pudo reservar espacio para la información de configuración.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Cambiando la información de la edad para %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: no se pudo determinar su nombre de usuario.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: línea %d: no se puede encontrar el usuario %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: sin memoria\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: no se pudo realizar «stat» a %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s no es ni un directorio ni un enlace simbólico.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: no se pudo leer el enlace simbólico %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: enlace simbólico sospechosamente largo: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: no se pudo crear el directorio %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: no se pudo cambiar el dueño de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: no se pudo cambiar el modo de %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: unlink: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: no se pudo eliminar el directorio %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: no se pudo renombrar %s a %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: no se pudo eliminar %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s no se pudo crear el enlace simbólico %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: no se pudieron cambiar los dueños de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: no se pudo realizar «lstat» a %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: aviso, el usuario %s no tiene un fichero «tcb shadow».\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: emergencia: el tcb oculto de %s no es un fichero normal con st_nlink=1.\n"
-"La cuenta se queda bloqueada.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: no se pudo abrir %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Aviso: grupo %s desconocido\n"
 
@@ -311,14 +91,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: se produjo un fallo al desbloquear %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Hay varias entradas con el nombre «%s» en %s. Por favor, corríjalo "
+"utilizando pwck o grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Desbordamiento de entorno\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "¿libcrypt no permite utilizar el método de cifrado? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -439,8 +227,17 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: no se pudo obtener un UID único (no hay más UID disponibles)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "error de configuración, no se pudo procesar el valor %s: «%s»"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "No se pudo reservar espacio para la información de configuración.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"error de configuración, elemento «%s» desconocido (informe al "
+"administrador)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -470,7 +267,7 @@ msgstr "No se pudo reservar espacio para la información de configuración.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: no se puede abrir el fichero\n"
 
 #, fuzzy, c-format
@@ -483,9 +280,22 @@ msgstr "%s: línea %d: chown %s falló: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: línea %d: chown %s falló: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: línea %d: chown %s falló: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Demasiados accesos.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s nombre: "
+
 msgid "You have new mail."
 msgstr "Tiene correo nuevo."
 
@@ -495,6 +305,14 @@ msgstr "Sin correo."
 msgid "You have mail."
 msgstr "Tiene correo."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "sin cambios"
 
@@ -507,9 +325,6 @@ msgstr "sólo cambios de mayúsculas/minúsculas"
 msgid "too similar"
 msgstr "demasiado similar"
 
-msgid "too simple"
-msgstr "demasiado simple"
-
 msgid "rotated"
 msgstr "rotada"
 
@@ -555,6 +370,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() falló, error %d\n"
 
+msgid "Password: "
+msgstr "Contraseña: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Contraseña de %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Contraseña incorrecta para %s.\n"
@@ -580,16 +402,12 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: no se pudo crear el directorio %s: %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: no se pudo crear el directorio %s: %s\n"
-
-#, fuzzy, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: se produjo un fallo al crear el directorio tcb para %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: no se pudo crear el directorio %s: %s\n"
 
 #, c-format
 msgid ""
@@ -606,6 +424,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "No se pudo abrir la interfaz de auditoría, abortando.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "No se pudo reservar espacio para la información de configuración.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "No se pudo reservar espacio para la información de configuración.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Cambiando la información de la edad para %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: no se pudo determinar su nombre de usuario.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: línea %d: no se puede encontrar el usuario %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Incapaz de cambiar el directorio a «%s»\n"
@@ -618,6 +537,10 @@ msgid "Cannot execute %s"
 msgstr "No se puede ejecutar %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Directorio raíz «%s» incorrecto\n"
 
@@ -626,6 +549,86 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "No se pudo cambiar el directorio raíz a «%s»\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: sin memoria\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: no se pudo realizar «stat» a %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s no es ni un directorio ni un enlace simbólico.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: no se pudo leer el enlace simbólico %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: enlace simbólico sospechosamente largo: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: no se pudo crear el directorio %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: no se pudo cambiar el dueño de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: no se pudo cambiar el modo de %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: no se pudo eliminar el directorio %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: no se pudo renombrar %s a %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: no se pudo eliminar %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s no se pudo crear el enlace simbólico %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: no se pudieron cambiar los dueños de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: no se pudo realizar «lstat» a %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: aviso, el usuario %s no tiene un fichero «tcb shadow».\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: emergencia: el tcb oculto de %s no es un fichero normal con st_nlink=1.\n"
+"La cuenta se queda bloqueada.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: no se pudo abrir %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: el usuario %s está actualmente identificado en el sistema\n"
 
@@ -706,6 +709,13 @@ msgstr ""
 "  -R, --root DIR_CHROOT         establece DIR_CHROOT como el directorio\n"
 "                                al cual hacer chroot\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+"  -R, --root DIR_CHROOT         establece DIR_CHROOT como el directorio\n"
+"                                al cual hacer chroot\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -734,12 +744,15 @@ msgstr "Contraseña inactiva"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Fecha de caducidad de la cuenta (AAAA-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Último cambio de contraseña\t\t\t\t\t:"
-
 msgid "never"
 msgstr "nunca"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Último cambio de contraseña\t\t\t\t\t:"
+
 msgid "password must be changed"
 msgstr "se debe cambiar la contraseña"
 
@@ -913,14 +926,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: el usuario «%s» no existe\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: no se pudo cambiar el usuario «%s» en el cliente NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: «%s» es el NIS maestro para este cliente.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Cambiando la información de usuario para %s\n"
 
@@ -960,6 +965,11 @@ msgstr ""
 "  -s, --sha-rounds              número de rondas SHA para los algoritmos\n"
 "                                de cifrado SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: método de cifrado no compatible: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: la opción %s sólo está permitida junto a la opción %s\n"
@@ -1013,6 +1023,17 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Consola de acceso"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: no se pudo conseguir el tamaño de %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr ""
+"%s: no se puede crear un nuevo fichero de preferencias predeterminadas\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "No debería cambiar la consola para «%s».\n"
@@ -1025,6 +1046,11 @@ msgstr "Cambiando la consola de acceso para %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: entrada incorrecta: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s es una consola incorrecta.\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s es una consola incorrecta.\n"
@@ -1270,9 +1296,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  crea una cuenta del sistema\n"
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 #, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
@@ -1287,6 +1310,11 @@ msgstr "nombre de usuario «%s» incorrecto\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: «%s» no es un nombre de grupo válido\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: no se pudo abrir %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: identificador de grupo «%s» incorrecto\n"
@@ -1332,14 +1360,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: el grupo «%s» no existe\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: el grupo «%s» es un grupo NIS\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s es el NIS maestro\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: el usuario «%s» ya es un miembro de «%s»\n"
 
@@ -1435,10 +1455,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: nombre del grupo «%s» incorrecto\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: el grupo %s es un grupo NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: usuario desconocido %s\n"
 
@@ -1564,7 +1580,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     muestra los registros de faillog para\n"
@@ -1667,9 +1683,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: posiblemente no se puede trabajar sin el administrador\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "Sin entrada utmp. Debe ejecutar «login» desde el nivel «sh» más bajo"
-
 #, c-format
 msgid ""
 "\n"
@@ -1704,14 +1717,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: línea %d: no se puede encontrar el usuario %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s nombre: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: se produjo un fallo en la llamada a fork: %s"
 
@@ -1746,7 +1751,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1774,19 +1780,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: se produjo un fallo al desbloquear %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: se produjo un fallo al crear el directorio tcb para %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1819,14 +1820,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: se produjo un fallo al crear el directorio tcb para %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1850,6 +1851,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: nombre de usuario «%s» incorrecto\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: línea %d: línea incorrecta\n"
 
@@ -1871,6 +1876,11 @@ msgstr "%s: línea %d: no se pudo crear el grupo\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: línea %d: el usuario «%s» no existe en %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: línea %d: no se puede actualizar la contraseña\n"
@@ -1893,14 +1903,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: línea %d: no se puede actualizar la entrada\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: se produjo un fallo al preparar la nueva %s entrada «%s»\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: no se pudo crear el usuario\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: se produjo un fallo al preparar la nueva %s entrada «%s»\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: no se puede actualizar el fichero de grupo\n"
 
@@ -1980,6 +1990,13 @@ msgstr ""
 "días\n"
 "                                antes de cambiar la contraseña\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    muestra la información de la edad de la "
+"cuenta\n"
+
 msgid "Old password: "
 msgstr "Contraseña antigua: "
 
@@ -2000,6 +2017,11 @@ msgstr ""
 "de %d)\n"
 "Por favor, use una combinación de letras mayúsculas, minúsculas y números.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: campos demasiado largos\n"
+
 msgid "New password: "
 msgstr "Nueva contraseña: "
 
@@ -2044,6 +2066,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: repositorio %s no soportado\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: sólo el administrador puede utilizar la opción -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s no está autorizado a cambiar la contraseña de %s\n"
@@ -2199,11 +2226,9 @@ msgstr "%s: funcionamiento incorrecto de la señal\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sesión finalizada, parando la consola ..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ... finalizado.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ... esperando a que el hijo finalice.\n"
 
@@ -2291,6 +2316,11 @@ msgstr "%s: no está autorizado a usar su en este momento\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Sin entrada de contraseña para el administrador («root»)"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "nombre de usuario «%s» incorrecto\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: debe ejecutarse desde un terminal\n"
@@ -2338,6 +2368,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: se ignorará la configuración %s en %s\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: se ignorará la configuración %s en %s\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr ""
@@ -2350,11 +2387,6 @@ msgstr ""
 "%s: no se puede crear un nuevo fichero de preferencias predeterminadas\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr ""
-"%s: no se puede crear un nuevo fichero de preferencias predeterminadas\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr ""
 "%s: no se puede abrir un nuevo fichero de preferencias predeterminadas\n"
@@ -2372,10 +2404,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: renombrar: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: el grupo «%s» es un grupo NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: demasiados grupos especificados (el máximo es %d).\n"
 
@@ -2524,6 +2552,18 @@ msgstr ""
 "usuario\n"
 "                                 de SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user USUARIO_SE  utiliza el usuario indicado para el "
+"usuario\n"
+"                                 de SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: directorio base «%s» incorrecto\n"
@@ -2673,6 +2713,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Estableciendo los permisos del fichero del buzón de correo"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Creando el fichero del buzón de correo"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Creando el fichero del buzón de correo"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2806,10 +2856,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: no se pudieron eliminar los ficheros tcb para %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: el usuario %s es un usuario NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s directorio personal (%s) no encontrado\n"
 
@@ -2935,6 +2981,13 @@ msgstr ""
 "  -Z, --selinux-user            nuevo usuario de SELinux para la cuenta del\n"
 "                                usuario\n"
 
+#, fuzzy
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user            nuevo usuario de SELinux para la cuenta del\n"
+"                                usuario\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3030,12 +3083,26 @@ msgstr ""
 "%s: se produjo un fallo al copiar la entrada de lastlog del usuario %lu al "
 "usuario %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: se produjo un fallo al copiar la entrada de lastlog del usuario %lu al "
+"usuario %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: se produjo un fallo al copiar la entrada de faillog del usuario %lu al "
 "usuario %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: se produjo un fallo al copiar la entrada de faillog del usuario %lu al "
+"usuario %lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: aviso: %s no pertenece a %s\n"
@@ -3138,8 +3205,10 @@ msgstr "se produjo un fallo al borrar el fichero temporal"
 msgid "failed to stat edited file"
 msgstr "se produjo un fallo al realizar el «stat» del fichero editado"
 
-msgid "failed to allocate memory"
-msgstr "se produjo un fallo al reservar memoria"
+#, fuzzy
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: no se puede abrir el fichero\n"
 
 msgid "failed to create backup file"
 msgstr "se produjo un fallo al crear la copia de seguridad del fichero"
@@ -3152,6 +3221,57 @@ msgstr "%s: no se puede restaurar %s: %s (sus cambios están en %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Desbordamiento de entorno\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: no se pudo cambiar el usuario «%s» en el cliente NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: «%s» es el NIS maestro para este cliente.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: el grupo «%s» es un grupo NIS\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s es el NIS maestro\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: el grupo %s es un grupo NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr ""
+#~ "%s: no se puede crear un nuevo fichero de preferencias predeterminadas\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: el grupo «%s» es un grupo NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: el usuario %s es un usuario NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "demasiado simple"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Sin entrada utmp. Debe ejecutar «login» desde el nivel «sh» más bajo"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "se produjo un fallo al reservar memoria"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Modo de uso: id\n"
 
@@ -3167,10 +3287,6 @@ msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: información de caducidad de la contraseña cambiada.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "nombre de usuario «%s» incorrecto\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Nombre           Puerto   De               Último"
 
diff --git a/po/eu.gmo b/po/eu.gmo
index feb2c34..5c35de3 100644
--- a/po/eu.gmo
+++ b/po/eu.gmo
diff --git a/po/eu.po b/po/eu.po
index 9c0558c..127e09b 100644
--- a/po/eu.po
+++ b/po/eu.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: eu\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2011-11-26 19:42+0100\n"
 "Last-Translator: Piarres Beobide <pi@beobide.net>\n"
 "Language-Team: Euskara <debian-l10n-eu@lists.debian.org>\n"
@@ -19,224 +19,6 @@ msgstr ""
 "X-Generator: Pootle 1.2.1\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"'%s' izeneko sarrera anitz %s-en. Mesedez konpondu pwck edo grpck "
-"erabiliaz.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "libcrypt-ek onartzen ez duen kriptografia metodoa? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "konfigurazio errorea - ezin da %s balioa analizatu: '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"konfigurazio errorea - %s item ezezaguna (eman honen berri "
-"administratzaileari)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Pasahitza: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s (r)en pasahitza: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Ezin da auditatzeko interfazea ireki - uzten.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s(r)en data informazioa aldatzen\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Ezin da Erabiltzaile izena zehaztu.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: Ezin da Erabiltzaile izena zehaztu.\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: memoriarik ez\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: ezin da %s ezabatu\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s etxe-direktorioa (%s) ez dago\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: ezin da '%s' sarrera %s-tik kendu\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: ezin da %s direktorioa sortu\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "lastlog: Ezinda %s-ren tamaina eskuratu: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: abisua: ezin da %s ezabatu: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: berrizendatu: %s: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: ezin da %s direktorioa %s gisa izenez aldatu\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: ezin da %s direktorioa %s gisa izenez aldatu\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: abisua: ezin da %s ezabatu: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: ezin da %s direktorioa sortu\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "lastlog: Ezinda %s-ren tamaina eskuratu: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: ezin da %s ezabatu\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: `(%d lerroa, %s erabiltzailea) pasahitza ez da aldatu\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: berrizendatu: %s: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: ezin da %s ireki\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Abisua: %s talde ezezaguna\n"
 
@@ -283,14 +65,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: huts %s desblokeatzean\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"'%s' izeneko sarrera anitz %s-en. Mesedez konpondu pwck edo grpck "
+"erabiliaz.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Inguruneak gainezka egin du\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "libcrypt-ek onartzen ez duen kriptografia metodoa? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -394,8 +184,17 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: ezin da UID bakarra lortu (ez dago UID erabilgarri gehiago)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "konfigurazio errorea - ezin da %s balioa analizatu: '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"konfigurazio errorea - %s item ezezaguna (eman honen berri "
+"administratzaileari)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -423,9 +222,10 @@ msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
 msgid "%s: Could not set caps\n"
 msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -437,9 +237,22 @@ msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Gehiegizko saio hasierak.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s izena: "
+
 msgid "You have new mail."
 msgstr "Mezu berria duzu."
 
@@ -449,6 +262,14 @@ msgstr "Mezurik ez."
 msgid "You have mail."
 msgstr "Mezua duzu."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "aldaketarik gabe"
 
@@ -461,9 +282,6 @@ msgstr "Maiuskulak/minuskula bakarrik aldatu da"
 msgid "too similar"
 msgstr "antzekoegia"
 
-msgid "too simple"
-msgstr "sinpleegia"
-
 msgid "rotated"
 msgstr "aldirokoa"
 
@@ -509,6 +327,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() huts egin du, errorea: %d\n"
 
+msgid "Password: "
+msgstr "Pasahitza: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s (r)en pasahitza: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "%s(r)en pasahitz okerra.\n"
@@ -534,18 +359,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: ezin da %s direktorioa sortu\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: ezin da %s direktorioa sortu\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: ezin da %s direktorioa sortu\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -560,6 +381,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Ezin da auditatzeko interfazea ireki - uzten.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s(r)en data informazioa aldatzen\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Ezin da Erabiltzaile izena zehaztu.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: Ezin da Erabiltzaile izena zehaztu.\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Ezin da '%s'-ra direktorioa aldatu\n"
@@ -572,6 +494,10 @@ msgid "Cannot execute %s"
 msgstr "Ezin izan da %s exekutatu"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Baliogabeko erro direktorioa '%s'\n"
 
@@ -580,6 +506,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Ezin da erro direktorioa '%s'-ra aldatu\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: memoriarik ez\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: ezin da %s ezabatu\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s etxe-direktorioa (%s) ez dago\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: ezin da '%s' sarrera %s-tik kendu\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: ezin da %s direktorioa sortu\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "lastlog: Ezinda %s-ren tamaina eskuratu: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: abisua: ezin da %s ezabatu: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: berrizendatu: %s: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: ezin da %s direktorioa %s gisa izenez aldatu\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: ezin da %s direktorioa %s gisa izenez aldatu\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: abisua: ezin da %s ezabatu: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: ezin da %s direktorioa sortu\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "lastlog: Ezinda %s-ren tamaina eskuratu: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: ezin da %s ezabatu\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: `(%d lerroa, %s erabiltzailea) pasahitza ez da aldatu\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: berrizendatu: %s: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: ezin da %s ireki\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: une honetan %s erabiltzaileak saioan sartuta dago\n"
 
@@ -653,6 +657,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "  -Q, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -r, --remove-password         TALDEaren pasahitaz kendu\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -679,12 +688,15 @@ msgstr "Pasahitza ezgaitua"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Kontuaren iraungitze data (UUUU-HH-EE)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Azken pasahitz aldaketa\t\t\t\t\t: "
-
 msgid "never"
 msgstr "Inoiz ere ez"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Azken pasahitz aldaketa\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "Pasahitza aldatu egin behar da"
 
@@ -857,14 +869,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: '%s' erabiltzailea ez da existitzen\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: ezin da NIS bezeroko '%s' erabiltzailea aldatu.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' da bezero honen NIS nagusia.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%s(r)en erabiltzaile informazioa aldatzen\n"
 
@@ -903,6 +907,11 @@ msgstr ""
 "  -s, --sha-rounds              SHA* kriptografia algoritmoentzako\n"
 "                                SHA erronda kopurua\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: onartzen ez den kriptografia metodoa: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: %s bandera bakarrik %s banderarekin onartzen da\n"
@@ -954,6 +963,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Saio-hasierako shell-a"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Ezinda %s-ren tamaina eskuratu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: ezin da lehenespen fitxategi berria sortu\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Ez zenuke '%s'-(r)en shell-a aldatu behar.\n"
@@ -966,6 +985,11 @@ msgstr "%s(r)en saio-hasierako shell-a aldatzen\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: baliogabeko sarrera: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s shell baliogabea da\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s shell baliogabea da\n"
@@ -1206,11 +1230,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  sistema kontu bat sortu\n"
 
 #, fuzzy
-#| msgid "  -Q, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -r, --remove-password         TALDEaren pasahitaz kendu\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    taldearen partaideak zerrendatu\n"
@@ -1224,6 +1243,10 @@ msgstr "%s erabiltzaile-izen baliogabea\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s' ez da baliozko talde-izena\n"
 
+#, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: ezin da %s ireki\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: '%s' talde ID baliogabea\n"
@@ -1270,14 +1293,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: '%s' taldea ez da existitzen\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: '%s' taldea NIS talde bat da\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s NIS nagusia da\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s:  '%s' erabiltzailea '%s' taldeko partaide da dagoeneko\n"
 
@@ -1374,10 +1389,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: '%s' talde izen baliogabea\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: %s taldea NIS talde bat da\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: %s erabiltzaile ezezaguna\n"
 
@@ -1502,7 +1513,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     erabiltzaile guztien faillog-en\n"
@@ -1605,11 +1616,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Ezingo du ziurrenik funtzionatu erro efektibo bat gabe\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Ez dago utmp sarrerarik. \"login\" \"sh\" maila baxuenetik exekutatu beharko "
-"zenuke"
-
 #, c-format
 msgid ""
 "\n"
@@ -1644,14 +1650,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: Ezin da Erabiltzaile izena zehaztu.\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s izena: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: huts zatitzerakoan: %s"
 
@@ -1687,7 +1685,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1714,17 +1713,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: huts %s desblokeatzean\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: ezin da %s direktorioa sortu\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1757,14 +1752,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: ezin da %s direktorioa sortu\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1788,6 +1782,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: '%s' erabiltzaile-izen baliogabea\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: %d lerroa: lerro baliogabea\n"
 
@@ -1809,6 +1807,10 @@ msgstr "%s: %d lerroa: ezin da taldea sortu\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: %d lerroa: `%s' erabiltzailea ez da existitzen %s-en\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: berrizendatu: %s: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: %d lerroa: ezin da pasahitza eguneratu\n"
@@ -1831,14 +1833,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: %d lerroa: ezin da sarrera eguneratu\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: huts %s sarrera  berria prestatzean '%s'\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: ezin da erabiltzailea sortu\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: huts %s sarrera  berria prestatzean '%s'\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: ezin da taldea sortu\n"
 
@@ -1913,6 +1915,11 @@ msgstr ""
 "  -x, --maxdays GEHI_EGUN       ezarri pasahitz aldatu aurretik gehienezko\n"
 "                                egun kopurua GEHI_EGUN-era\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    kontu denbora informazioa bistarazi\n"
+
 msgid "Old password: "
 msgstr "Pasahitz zaharra: "
 
@@ -1932,6 +1939,11 @@ msgstr ""
 "Sartu pasahitz berria (gutxienez %d eta gehienez %d karaktere)\n"
 "Erabili maiuskulen, minuskulen eta zenbakien arteko konbinazioa.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: eremu luzegiak\n"
+
 msgid "New password: "
 msgstr "Pasahitz berria: "
 
@@ -1976,6 +1988,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: %s biltegia ez da onartzen\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: root-ek bakarrik erabili dezake -g/--group aukera\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s ez dago %s-ren pasahitza aldatzeko baimendurik\n"
@@ -2128,11 +2145,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2219,6 +2234,11 @@ msgstr "%s: Ez duzu orain su erabiltzeko baimenik\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Ez dago 'root'-en pasahitzik"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "%s erabiltzaile-izen baliogabea\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: terminal batetik exekutatu behar da\n"
@@ -2265,6 +2285,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: %s konfigurazioa %s-n dagoena alde batetara utziko da\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: %s konfigurazioa %s-n dagoena alde batetara utziko da\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: ezin da lehenespen fitxategi berria sortu\n"
@@ -2275,10 +2302,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: ezin da lehenespen fitxategi berria sortu\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: ezin da lehenespen fitxategi berria sortu\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: ezin da lehenespen fitxategi berria ireki\n"
 
@@ -2295,10 +2318,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: berrizendatu: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: taldea '%s' NIS talde bat da.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: talde gehiegi zehaztu dira (geh. %d).\n"
 
@@ -2420,6 +2439,17 @@ msgstr ""
 "  -Z, --selinux-user SEERAB     erabili SEUSER zehatz bat SELinux "
 "erabiltzaile mapatzearentzat\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEERAB     erabili SEUSER zehatz bat SELinux "
+"erabiltzaile mapatzearentzat\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
@@ -2559,6 +2589,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Postakutxa fitxategi baimenak ezartzen"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Postakutxa fitxategia sortzen"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Postakutxa fitxategia sortzen"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2692,10 +2732,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: ezin da '%s' sarrera %s-tik kendu\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s:  %s erabiltzailea NIS erabiltzaile bat da\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s etxe-direktorioa (%s) ez dago\n"
 
@@ -2825,6 +2861,13 @@ msgstr ""
 "  -Z, --selinux-user            SELinux erabiltzaile mapatze berria "
 "erabiltzailearen kontuarentzat\n"
 
+#, fuzzy
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user            SELinux erabiltzaile mapatze berria "
+"erabiltzailearen kontuarentzat\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2913,12 +2956,26 @@ msgstr ""
 "%s: huts %lu erabiltzailearen lastlog sarrera %lu erabiltzailera kopiatzean: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: huts %lu erabiltzailearen lastlog sarrera %lu erabiltzailera kopiatzean: "
+"%s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: huts %lu erabiltzailearen faillog sarrera %lu erabiltzailera kopiatzean: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: huts %lu erabiltzailearen faillog sarrera %lu erabiltzailera kopiatzean: "
+"%s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: abisua: %s ez dago %s(r)en jabegoan\n"
@@ -3022,9 +3079,8 @@ msgstr "%s: huts %s desblokeatzean\n"
 msgid "failed to stat edited file"
 msgstr "huts egin du postontzia izenez aldatzean"
 
-#, fuzzy
-msgid "failed to allocate memory"
-msgstr "huts egin du postontzia jabez aldatzean"
+msgid "asprintf(3) failed"
+msgstr ""
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -3038,6 +3094,57 @@ msgstr "%s: ezin da %s leheneratu: %s (zure aldaketak %s(e)n daude)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Inguruneak gainezka egin du\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: ezin da NIS bezeroko '%s' erabiltzailea aldatu.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' da bezero honen NIS nagusia.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: '%s' taldea NIS talde bat da\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s NIS nagusia da\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: %s taldea NIS talde bat da\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: ezin da lehenespen fitxategi berria sortu\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: taldea '%s' NIS talde bat da.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s:  %s erabiltzailea NIS erabiltzaile bat da\n"
+
+#~ msgid "too simple"
+#~ msgstr "sinpleegia"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Ez dago utmp sarrerarik. \"login\" \"sh\" maila baxuenetik exekutatu "
+#~ "beharko zenuke"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "huts egin du postontzia jabez aldatzean"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Erabilera: id\n"
 
@@ -3053,10 +3160,6 @@ msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: pasahitz iraungitzea informazioa aldatua.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "%s erabiltzaile-izen baliogabea\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Erabiltzaile-izena        Ataka      Nondik           Azkena"
 
diff --git a/po/fi.gmo b/po/fi.gmo
index 1130e2b..69b441e 100644
--- a/po/fi.gmo
+++ b/po/fi.gmo
diff --git a/po/fi.po b/po/fi.po
index 9da8b18..2514406 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18.1\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2007-11-24 22:54+0100\n"
 "Last-Translator: Tommi Vainikainen <thv+debian@iki.fi>\n"
 "Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n"
@@ -17,222 +17,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Asetustiedoille ei voi varata tilaa.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "asetusvirhe - tuntematon kohta \"%s\" (kerro ylläpidolle)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Salasana: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Käyttäjän %s salasana: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Salasanatiedostoa ei voi avata.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Asetustiedoille ei voi varata tilaa.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Muutetaan käyttäjän %s vanhenemistietoja\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Käyttäjätunnusta ei voi selvittää.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: rivi %d: käyttäjää %s ei löydy\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: muisti loppui\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: tiedostoa %s ei voi päivittää\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: virheellinen kotihakemisto \"%s\"\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: hakemistoa %s ei voi luoda\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: varoitus: ei voi poistaa tiedostoa "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: varoitus: ei voi poistaa tiedostoa "
-
-# Kannattaako tuota kääntää, siinä viitataan rename()-funktioon...
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: rename: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: varoitus: ei voi poistaa tiedostoa "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: hakemistoa %s ei voi luoda\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: varoitus: ei voi poistaa tiedostoa "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: tiedostoa %s ei voi päivittää\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: varjotiedostoa ei voi päivittää\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-# Kannattaako tuota kääntää, siinä viitataan rename()-funktioon...
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: rename: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: tiedostoa %s ei voi lukita\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Varoitus: tuntematon ryhmä %s\n"
 
@@ -278,6 +62,11 @@ msgstr "Päätettä %s ei voi vaihtaa"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: kentät liian pitkiä\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -285,8 +74,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Ympäristön ylivuoto\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -385,9 +175,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: ei saa ainutkertaista UID:tä\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "Asetustiedoille ei voi varata tilaa.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "asetusvirhe - tuntematon kohta \"%s\" (kerro ylläpidolle)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: PAM-todennus epäonnistui\n"
@@ -415,7 +212,7 @@ msgstr "Asetustiedoille ei voi varata tilaa.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: tiedosta ei voi avata\n"
 
 #, fuzzy, c-format
@@ -426,9 +223,21 @@ msgstr "%s: rivi %d: chown epäonnistui\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: rivi %d: chown epäonnistui\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: rivi %d: chown epäonnistui\n"
+
 msgid "Too many logins.\n"
 msgstr "Liian monta sisäänkirjautumista.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s-tunnus: "
+
 msgid "You have new mail."
 msgstr "Sinulle on uutta postia."
 
@@ -438,6 +247,14 @@ msgstr "Ei postia."
 msgid "You have mail."
 msgstr "Sinulle on postia."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "ei muutoksia"
 
@@ -450,9 +267,6 @@ msgstr "vain kirjainkoon muutoksia"
 msgid "too similar"
 msgstr "liian samankaltainen"
 
-msgid "too simple"
-msgstr "liian yksinkertainen"
-
 msgid "rotated"
 msgstr "pyöräytetty"
 
@@ -499,6 +313,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() epäonnistui, virhe %d\n"
 
+msgid "Password: "
+msgstr "Salasana: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Käyttäjän %s salasana: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Väärä salasana käyttäjälle \"%s\".\n"
@@ -524,18 +345,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: hakemistoa %s ei voi luoda\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: hakemistoa %s ei voi luoda\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: hakemistoa %s ei voi luoda\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -548,6 +365,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Salasanatiedostoa ei voi avata.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Asetustiedoille ei voi varata tilaa.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Asetustiedoille ei voi varata tilaa.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Muutetaan käyttäjän %s vanhenemistietoja\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Käyttäjätunnusta ei voi selvittää.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: rivi %d: käyttäjää %s ei löydy\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Ei voi vaihtaa hakemistoon \"%s\"\n"
@@ -560,6 +478,10 @@ msgid "Cannot execute %s"
 msgstr "Ei voi suorittaa %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Virheellinen juurihakemisto \"%s\"\n"
 
@@ -568,6 +490,86 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Ei voi vaihtaa juurihakemistoksi \"%s\"\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: muisti loppui\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: tiedostoa %s ei voi päivittää\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: virheellinen kotihakemisto \"%s\"\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: hakemistoa %s ei voi luoda\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: varoitus: ei voi poistaa tiedostoa "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: varoitus: ei voi poistaa tiedostoa "
+
+# Kannattaako tuota kääntää, siinä viitataan rename()-funktioon...
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: rename: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: varoitus: ei voi poistaa tiedostoa "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: hakemistoa %s ei voi luoda\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: varoitus: ei voi poistaa tiedostoa "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: tiedostoa %s ei voi päivittää\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: varjotiedostoa ei voi päivittää\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+# Kannattaako tuota kääntää, siinä viitataan rename()-funktioon...
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: rename: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: tiedostoa %s ei voi lukita\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: käyttäjä %s on nyt sisäänkirjautuneena\n"
 
@@ -626,6 +628,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -651,12 +656,15 @@ msgstr "Salasana pois käytöstä"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Tunnuksen vanhenemispäiväys (VVVV-KK-PP)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Edellinen salasanan vaihto\t\t\t\t\t: "
-
 msgid "never"
 msgstr "ei koskaan"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Edellinen salasanan vaihto\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "salasana täytyy vaihtaa"
 
@@ -825,14 +833,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: käyttäjää %s ei ole olemassa\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: ei voi vaihtaa käyttäjää \"%s\" NIS-asiakkaalla.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: \"%s\" on NIS-palvelin tälle asiakkaalle.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Muutetaan käyttäjän %s tietoja\n"
 
@@ -860,6 +860,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: Valitsinta -a voi käyttää VAIN yhdessä valitsimen -G kanssa\n"
@@ -911,6 +915,15 @@ msgid "Login Shell"
 msgstr "Sisäänkirjautumiskuori"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: uutta defaults-tiedostoa ei voi luoda\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Et voi muuttaa käyttäjän %s kuorta.\n"
 
@@ -923,6 +936,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Virheellinen tietue: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s on virheellinen kuori.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s on virheellinen kuori.\n"
 
@@ -1132,9 +1149,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1148,6 +1162,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s ei ole kelpo ryhmänimi\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: tiedostoa %s ei voi lukita\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "virheellinen ryhmänimi \"%s\"\n"
 
@@ -1190,14 +1208,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: ryhmää %s ei ole olemassa\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: ryhmä \"%s\" on NIS-ryhmä.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: isäntä %s on NIS-palvelin\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: käyttäjä %s on NIS-käyttäjä\n"
 
@@ -1273,10 +1283,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "virheellinen ryhmänimi \"%s\"\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: ryhmä %s on NIS-ryhmä\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: Tuntematon käyttäjä %s\n"
 
@@ -1390,7 +1396,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1484,9 +1490,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "Ei utmp-tietuetta. Suorita \"login\" alimman tason kuoresta"
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1521,14 +1524,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: rivi %d: käyttäjää %s ei löydy\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s-tunnus: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: fork-kutsu epäonnistui: %s"
 
@@ -1565,7 +1560,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1590,17 +1586,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: kentät liian pitkiä\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: virheellinen perushakemisto \"%s\"\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: hakemistoa %s ei voi luoda\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1634,14 +1626,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: hakemistoa %s ei voi luoda\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1663,6 +1654,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: virheellinen käyttäjätunnus \"%s\"\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: rivi %d: virheellinen rivi\n"
 
@@ -1682,6 +1677,11 @@ msgstr "%s: rivi %d: GIDiä ei voi luoda\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: käyttäjää %s ei ole olemassa\n"
 
+# Kannattaako tuota kääntää, siinä viitataan rename()-funktioon...
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: rename: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: rivi %d: salasanaa ei voi päivittää\n"
@@ -1703,14 +1703,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: rivi %d: tietuetta ei voi päivittää\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: Oikeuksien pudottaminen epäonnistui (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: tiedostoa %s ei voi luoda\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: Oikeuksien pudottaminen epäonnistui (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: ryhmätiedostoa ei voi päivittää\n"
 
@@ -1768,6 +1768,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Vanha salasana: "
 
@@ -1787,6 +1790,11 @@ msgstr ""
 "Syötä uusi salasana (vähintään %d ja korkeintaan %d merkkiä)\n"
 "Käytäthän salasanassa numeroita sekä pien- ja suuraakkosia.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: kentät liian pitkiä\n"
+
 msgid "New password: "
 msgstr "Uusi salasana: "
 
@@ -1828,6 +1836,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: tietolähdettä %s ei tueta\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1970,11 +1982,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2061,6 +2071,11 @@ msgstr "Sinulla ei ole lupaa asettua käyttäjäksi %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Ei salasanatietuetta pääkäyttäjälle (\"root\")"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "virheellinen käyttäjätunnus \"%s\"\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: täytyy suorittaa päätteessä\n"
@@ -2106,6 +2121,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2117,10 +2138,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: uutta defaults-tiedostoa ei voi luoda\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: uutta defaults-tiedostoa ei voi luoda\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: uutta defaults-tiedostoa ei voi avata\n"
 
@@ -2138,10 +2155,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: rename: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: ryhmä \"%s\" on NIS-ryhmä.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: liian monta ryhmää määritelty (korkeintaan %d).\n"
 
@@ -2250,6 +2263,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: virheellinen perushakemisto \"%s\"\n"
@@ -2381,6 +2399,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Asetetaan postilaatikkotiedoston oikeudet"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Luodaan postilaatikkotiedosto"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Luodaan postilaatikkotiedosto"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2502,10 +2530,6 @@ msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: hakemistoa %s ei voi uudelleennimetä hakemistoksi %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: käyttäjä %s on NIS-käyttäjä\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: virheellinen kotihakemisto \"%s\"\n"
@@ -2605,6 +2629,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2688,10 +2716,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: salasanatiedostoa ei voi päivittää\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: hakemistoa %s ei voi luoda\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: varoitus: tiedoston %s omistaja ei ole %s\n"
@@ -2797,8 +2833,9 @@ msgid "failed to stat edited file"
 msgstr "postilaatikon uudelleennimeäminen epäonnistui"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "postilaatikon omistajan vaihtaminen epäonnistui"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: tiedosta ei voi avata\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2813,6 +2850,55 @@ msgstr ""
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: virheellinen perushakemisto \"%s\"\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Ympäristön ylivuoto\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: ei voi vaihtaa käyttäjää \"%s\" NIS-asiakkaalla.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: \"%s\" on NIS-palvelin tälle asiakkaalle.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: ryhmä \"%s\" on NIS-ryhmä.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: isäntä %s on NIS-palvelin\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: ryhmä %s on NIS-ryhmä\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: uutta defaults-tiedostoa ei voi luoda\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: ryhmä \"%s\" on NIS-ryhmä.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: käyttäjä %s on NIS-käyttäjä\n"
+
+#~ msgid "too simple"
+#~ msgstr "liian yksinkertainen"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr "Ei utmp-tietuetta. Suorita \"login\" alimman tason kuoresta"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: virheellinen perushakemisto \"%s\"\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "postilaatikon omistajan vaihtaminen epäonnistui"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Käyttö: id\n"
 
@@ -2828,10 +2914,6 @@ msgstr "%s: virheellinen perushakemisto \"%s\"\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Salasanan vanhenemisvaroitus"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "virheellinen käyttäjätunnus \"%s\"\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Käyttäjä         Portti   Mistä            Viimeksi"
 
diff --git a/po/fr.gmo b/po/fr.gmo
index 06252de..49f574e 100644
--- a/po/fr.gmo
+++ b/po/fr.gmo
diff --git a/po/fr.po b/po/fr.po
index 0df42e3..528d407 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -17,13 +17,13 @@
 #       useradd: Frédéric Delanoy, 2000.
 # Christian Perrier <bubulle@debian.org>, 2009, 2012.
 # Thomas Blein <tblein@tblein.eu>, 2011, 2012, 2013, 2015.
-# bubu <bubub@no-log.org>, 2022
+# bubu <bubub@no-log.org>, 2022, 2023
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow-man-pages 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
-"PO-Revision-Date: 2022-01-04 11:11+0100\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
+"PO-Revision-Date: 2023-04-26 20:04+0200\n"
 "Last-Translator: bubu <bubub@no-log.org>\n"
 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
 "Language: fr\n"
@@ -31,237 +31,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Poedit 3.0.1\n"
-
-#, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Plusieurs entrées nommées '%s' dans %s. Merci de réparer cela avec pwck ou "
-"grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-"la méthode de chiffrement n'est pas prise en charge par libcrypt ? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "erreur de paramétrage - imposible d'analyser la valeur de %s : '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Impossible d'allouer de l'espace pour l'information de paramétrage.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"erreur de paramétrage - objet inconnu '%s' (avertir l'administrateur)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s : nscd ne s'est pas terminé normalement (signal %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s : nscd a fini avec le statut %d\n"
-
-msgid "Password: "
-msgstr "Mot de passe :"
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Mot de passe de %s :"
-
-msgid "Cannot open audit interface.\n"
-msgstr "Impossible d'ouvrir l'interface d'inspection.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-"%s : ne peut pas récupérer le contexte du processus SELinux précédent : %s\n"
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage] : %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Impossible de créer la prise en charge de la gestion par SELinux\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "La politique SELinux n'est pas prise en charge\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Impossible de lire le dépot de politique de SELinux\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-"Impossible d'établir la connexion avec la gestion de SELinux\n"
-" \n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Impossible de commencer la transaction SELinux\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Impossible d'interroger seuser pour %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Impossible de définir serange pour %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Impossible de définir sename pour %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Impossible de modifier le mappage de connexion pour %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Impossible de créer de mappage de connexion SELinux pour %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Impossible de définir un nom pour %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Impossible de définir un utilisateur SELinux pour %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Impossible d'ajouter un mappage de connexion pour %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Impossible d'initialiser la gestion SELinux\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Impossible de créer la clé d'utilisateur SELinux\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Impossible de vérifier l'utilisateur SELinux\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Impossible de modifier le mappage d'utilisateur SELinux\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Impossible d'ajouter le mappage d'utilisateur SELinux\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-"Impossible de valider une transaction SELinux\n"
-"\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Le mappage de connexion n'est pas défini pour %s, OK si le mappage par "
-"défaut a été utilisé\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"Le mappage de connexion pour %s est défini dans la politique et ne peut pas "
-"être effacé\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Impossible d'effacer le mappage de connexion pour %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr ""
-"%s : plus de mémoire\n"
-"\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s : L'appel de stat sur %s a échoué : %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s : %s n'est ni un répertoire, ni un lien symbolique.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s : Impossible de lire le lien symbolique %s : %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s : Lien symbolique suspicieusement long : %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s : Impossible de créer le répertoire %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s : Impossible de changer le propriétaire de %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s : Impossible de changer le mode de %s : %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s : délier : %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s : Impossible de supprimer le répertoire %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s : Impossible de renommer %s en %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s : Impossible de supprimer %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s : Impossible de créer de lien symbolique %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s : Impossible de changer les propriétaires de %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s : lstat impossible %s : %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s : Attention, l'utilisateur %s n'a pas de fichier caché tcb.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s : Urgence : le fichier caché tcb de %s n'est pas un fichier régulier avec "
-"st_nlink=1\n"
-"Le compte est laissé vérouillé.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s : mkdir : %s : %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s : Impossible d'ouvrir %s : %s\n"
+"X-Generator: Poedit 2.4.2\n"
 
 #, c-format
 msgid "Warning: unknown group %s\n"
@@ -310,14 +80,23 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s : échec au déverrouillage de %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Plusieurs entrées nommées '%s' dans %s. Merci de réparer cela avec pwck ou "
+"grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s : "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Débordement de l'environnement\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
+"la méthode de chiffrement n'est pas prise en charge par libcrypt ? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -440,8 +219,16 @@ msgstr ""
 "Utilisateur disponibles)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr "%s : Pas assez d'arguments pour former %u mappages\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "erreur de paramétrage - imposible d'analyser la valeur de %s : '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Impossible d'allouer de l'espace pour l'information de paramétrage.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"erreur de paramétrage - objet inconnu '%s' (avertir l'administrateur)\n"
 
 #, c-format
 msgid "%s: Memory allocation failure\n"
@@ -469,8 +256,9 @@ msgstr ""
 msgid "%s: Could not set caps\n"
 msgstr "%s : Impossible de définir les plafonds\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
+#, fuzzy, c-format
+#| msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s : échec de snprintf !\n"
 
 #, c-format
@@ -481,9 +269,22 @@ msgstr "%s : échec de l'ouverture de %s : %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s : échec de l'écriture sur %s : %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: open of %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s : échec de l'ouverture de %s : %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Trop de connexions.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login : "
+
 msgid "You have new mail."
 msgstr "Vous avez un nouveau courriel."
 
@@ -493,6 +294,14 @@ msgstr "Aucun courriel."
 msgid "You have mail."
 msgstr "Vous avez un courriel."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s : nscd ne s'est pas terminé normalement (signal %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s : nscd a fini avec le statut %d\n"
+
 msgid "no change"
 msgstr "aucun changement"
 
@@ -505,9 +314,6 @@ msgstr "changements de casse seulement"
 msgid "too similar"
 msgstr "trop similaire"
 
-msgid "too simple"
-msgstr "trop simple"
-
 msgid "rotated"
 msgstr "pivoté"
 
@@ -553,6 +359,13 @@ msgstr ""
 "%s : (utilisateur %s) pam_chauthtok() échec, erreur :\n"
 "%s\n"
 
+msgid "Password: "
+msgstr "Mot de passe :"
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Mot de passe de %s :"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Mot de passe incorrect pour %s.\n"
@@ -569,26 +382,24 @@ msgstr "%s : l'option '%s' nécessite un argument\n"
 msgid "%s: failed to drop privileges (%s)\n"
 msgstr "%s : échec de la diminution de privilèges (%s)\n"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid chroot path '%s'\n"
+#, c-format
 msgid "%s: invalid chroot path '%s', only absolute paths are supported.\n"
-msgstr "%s : chemin de chroot non valable '%s'\n"
+msgstr ""
+"%s : chemin de chroot non valable '%s', seuls les chemins absolus sont pris "
+"en charge.\n"
 
 #, c-format
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s : Impossible d'accéder au répertoire chroot %s : %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s : chdir impossible sur répertoire chroot %s : %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s : chroot impossible sur répertoire %s : %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s : chdir impossible sur répertoire chroot %s : %s\n"
 
 #, c-format
 msgid ""
@@ -604,6 +415,118 @@ msgid ""
 "ENCRYPT_METHOD and the corresponding configuration for your selected hash "
 "method.\n"
 msgstr ""
+"Impossible de générer un « sel » à partir du réglage \"%s\", vérifiez vos "
+"réglages dans ENCRYPT_METHOD et la configuration correspondante à votre "
+"méthode de hachage choisie.\n"
+
+msgid "Cannot open audit interface.\n"
+msgstr "Impossible d'ouvrir l'interface d'inspection.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+"%s : ne peut pas récupérer le contexte du processus SELinux précédent : %s\n"
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage] : %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Impossible de créer la prise en charge de la gestion par SELinux\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "La politique SELinux n'est pas prise en charge\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Impossible de lire le dépot de politique de SELinux\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+"Impossible d'établir la connexion avec la gestion de SELinux\n"
+" \n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Impossible de commencer la transaction SELinux\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Impossible d'interroger seuser pour %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "Impossible de définir serange pour %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Impossible de définir sename pour %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Impossible de modifier le mappage de connexion pour %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Impossible de créer de mappage de connexion SELinux pour %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Impossible de définir un nom pour %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Impossible de définir un utilisateur SELinux pour %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Impossible d'ajouter un mappage de connexion pour %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Impossible d'initialiser la gestion SELinux\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Impossible de créer la clé d'utilisateur SELinux\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Impossible de vérifier l'utilisateur SELinux\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Impossible de modifier le mappage d'utilisateur SELinux\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Impossible d'ajouter le mappage d'utilisateur SELinux\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+"Impossible de valider une transaction SELinux\n"
+"\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Le mappage de connexion n'est pas défini pour %s, OK si le mappage par "
+"défaut a été utilisé\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"Le mappage de connexion pour %s est défini dans la politique et ne peut pas "
+"être effacé\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Impossible d'effacer le mappage de connexion pour %s"
 
 #, c-format
 msgid "Unable to cd to '%s'\n"
@@ -619,6 +542,10 @@ msgid "Cannot execute %s"
 msgstr "Impossible d'exécuter %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Répertoire root '%s' non valable\n"
 
@@ -627,6 +554,89 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Impossible de changer le répertoire root pour '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr ""
+"%s : plus de mémoire\n"
+"\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s : L'appel de stat sur %s a échoué : %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s : %s n'est ni un répertoire, ni un lien symbolique.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s : Impossible de lire le lien symbolique %s : %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s : Lien symbolique suspicieusement long : %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s : Impossible de créer le répertoire %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s : Impossible de changer le propriétaire de %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s : Impossible de changer le mode de %s : %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s : délier : %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s : Impossible de supprimer le répertoire %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s : Impossible de renommer %s en %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s : Impossible de supprimer %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s : Impossible de créer de lien symbolique %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s : Impossible de changer les propriétaires de %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s : lstat impossible %s : %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s : Attention, l'utilisateur %s n'a pas de fichier caché tcb.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s : Urgence : le fichier caché tcb de %s n'est pas un fichier régulier avec "
+"st_nlink=1\n"
+"Le compte est laissé vérouillé.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s : mkdir : %s : %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s : Impossible d'ouvrir %s : %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s : l'utilisateur %s est actuellement connecté\n"
 
@@ -704,6 +714,11 @@ msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 " -R, --root CHROOT_DIR          répertoire dans lequel faire un chroot\n"
 
+#, fuzzy
+#| msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -P, --prefix PREFIX_DI        préfixe de répertoire\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -732,12 +747,15 @@ msgstr "Mot de passe inactif"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Date de fin de validité du compte (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Dernière modification du mot de passe\t\t\t\t\t :"
-
 msgid "never"
 msgstr "jamais"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Dernière modification du mot de passe\t\t\t\t\t :"
+
 msgid "password must be changed"
 msgstr "le mot de passe doit être changé"
 
@@ -922,14 +940,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s : l'utilisateur '%s' n'existe pas\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s : impossible de changer l'utilisateur '%s' sur le client NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s : '%s' est le NIS maître pour ce client.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Modifier les informations associées à un utilisateur pour %s\n"
 
@@ -959,17 +969,18 @@ msgstr ""
 "  -m, --md5                      chiffrer le mot de passe en clair avec\n"
 "                                  l'algorithme MD5\n"
 
-#, fuzzy
-#| msgid ""
-#| "  -s, --sha-rounds              number of rounds for the SHA or BCRYPT\n"
-#| "                                crypt algorithms\n"
 msgid ""
 "  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 "  -s, --sha-rounds             nombre de tours pour les algorithmes de "
 "chiffrement\n"
-"                                   SHA ou BCRYPT\n"
+"                                   SHA ou BCRYPT ou YESCRYPT\n"
+
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s : la méthode de chiffrement n'est pas prise en charge : %s\n"
 
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
@@ -1024,6 +1035,17 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Interpréteur de commandes de connexion"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s : Impossible d'obtenir la taille de %s : %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file: %s\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr ""
+"%s : impossible de créer le nouveau fichier des valeurs par défaut : %s\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Vous ne devriez pas changer le shell pour '%s'.\n"
@@ -1036,6 +1058,13 @@ msgstr "Changer l'interpréteur de commandes de connexion pour %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s : Entrée non valable : %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr ""
+"%s : %s est un interpréteur de commandes non valable\n"
+"\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr ""
@@ -1291,25 +1320,23 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  créer un compte système\n"
 
-#, fuzzy
-#| msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -P, --prefix PREFIX_DIR        préfixe de répertoire\n"
-
-#, fuzzy
-#| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
-msgstr "  -l, --list                    lister les membres du groupe\n"
+msgstr ""
+"  -U, --users USERS             liste des utilisateurs membres de ce groupe\n"
 
-#, fuzzy, c-format
-#| msgid "invalid user name '%s'\n"
+#, c-format
 msgid "Invalid member username %s\n"
-msgstr "Nom d'utilisateur '%s' non valable\n"
+msgstr "Nom de membre utilisateur '%s' non valable\n"
 
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s : '%s' n'est pas un nom de groupe valable\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s : Impossible d'ouvrir %s : %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s : IDentifiant de groupe '%s' non valable\n"
@@ -1358,16 +1385,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s : le groupe '%s' n'existe pas\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s : le groupe '%s' est un groupe NIS\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr ""
-"%s : %s est le NIS maître\n"
-"\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s : l'utilisateur '%s' est déjà membre de '%s'\n"
 
@@ -1427,23 +1444,16 @@ msgstr "%s : votre nom de groupe ne correspond pas à votre nom utilisateur\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s : seul root peut utiliser l'option -g/--group\n"
 
-#, fuzzy
-#| msgid ""
-#| "  -a, --append                  append the user to the supplemental "
-#| "GROUPS\n"
-#| "                                mentioned by the -G option without "
-#| "removing\n"
-#| "                                the user from other groups\n"
 msgid ""
 "  -a, --append                  append the users mentioned by -U option to "
 "the group \n"
 "                                without removing existing user members\n"
 msgstr ""
-"  -a, --append                   ajouter l'utilisateur au GROUPS "
-"supplémentaire\n"
-"                                       mentionné par l'option -G sans "
-"supprimer\n"
-"                                       l'utilisateur des autres groupes\n"
+"  -a, --append                   ajouter les utilisateurs mentionnés par "
+"l'option -U dans le groupe \n"
+"                                     sans supprimer les membres utilisateurs "
+"existant\n"
+"\n"
 
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr " -g, --gid GID                changer l'IDentifiant de groupe en GID\n"
@@ -1469,10 +1479,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s : nom de groupe '%s' non valable\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s : le groupe %s est un groupe NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s : utilisateur inconnu %s\n"
 
@@ -1509,6 +1515,8 @@ msgstr " -s, --sort                    trier les entrées par UID\n"
 msgid ""
 "  -S, --silence-warnings        silence controversial/paranoid warnings\n"
 msgstr ""
+" -S, --silence-warnings        silence controversé/avertissements "
+"paranoïaques\n"
 
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
@@ -1597,8 +1605,12 @@ msgstr ""
 "  -b, --before DAYS           afficher uniquement les enregistrements de "
 "journaux plus vieux que DAYS\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   nettoyer l'enregistrement du dernier journal "
@@ -1624,10 +1636,9 @@ msgstr ""
 "  -u, --user LOGIN              afficher le dernier enregistrement de "
 "journal du LOGIN spécifié\n"
 
-#, fuzzy, c-format
-#| msgid "Username                Port     Latest"
+#, c-format
 msgid "Username         Port     From%*sLatest\n"
-msgstr "Nom d'utilisateur                Port     Dernier"
+msgstr "Nom d'utilisateur                Port     Provenance%*sDernier\n"
 
 msgid "Username                Port     Latest"
 msgstr "Nom d'utilisateur                Port     Dernier"
@@ -1707,11 +1718,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s : Ne pourra peut-être pas fonctionner sans racine effective\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Pas d'entrée utmp. Vous devez exécuter (exec) \"login\" depuis le plus bas "
-"niveau \"sh\""
-
 #, c-format
 msgid ""
 "\n"
@@ -1746,14 +1752,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Impossible de trouver l'utilisateur (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login : "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s : échec de la création d'un processus enfant : %s"
 
@@ -1786,9 +1784,13 @@ msgstr "Utilisation : logoutd\n"
 msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
 msgstr "%s : éventail de GID [%lu-%lu)-> [%lu-%lu) non autorisé\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> "
+#| "<count> ] ... \n"
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 "utilisation : %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> "
 "<count> ] ... \n"
@@ -1815,21 +1817,21 @@ msgstr ""
 "%s : Echec de la politique %s setgroups : %s\n"
 " \n"
 
-#, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s : Impossible d'ouvrir le répertoire proc de la cible %u\n"
-
-#, c-format
-msgid "%s: Could not stat directory for target %u\n"
+#, fuzzy, c-format
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s : Impossible de statuer sur le répertoire de la cible %u\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+#| "st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
-"%s : La cible %u appartient à un utilisateur différent : uid :%lu pw_uid :"
-"%lu st_uid :%lu, gid :%lu pw_gid :%lu st_gid :%lu\n"
+"%s : Le processus cible %u appartient à un utilisateur différent : uid :%lu "
+"pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Utilisation : newgrp [-] [group]\n"
@@ -1860,24 +1862,24 @@ msgstr "trop de groupes\n"
 msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
 msgstr "%s : gamme d'uid [%lu-%lu) -> [%lu-%lu) non autorisés\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> "
+#| "<count> ] ... \n"
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 "utilisation : %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> "
 "<count> ] ... \n"
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
-"%s : Le processus cible %u appartient à un utilisateur différent : uid :%lu "
-"pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+#, fuzzy, c-format
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s : Impossible de statuer sur le répertoire de la cible %u\n"
 
-#, fuzzy
 msgid "  -b, --badname                 allow bad names\n"
-msgstr "  -b, --badname                autoriser de mauvais noms\n"
+msgstr "  -b, --badname                autoriser les mauvais noms\n"
 
 msgid "  -r, --system                  create system accounts\n"
 msgstr " -r, --system                    créer des comptes système\n"
@@ -1891,10 +1893,14 @@ msgstr ""
 msgid "%s: invalid user ID '%s'\n"
 msgstr "%s : IDentification d'utilisateur '%s' non valable\n"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid user name '%s'\n"
+#, c-format
 msgid "%s: invalid user name '%s': use --badname to ignore\n"
-msgstr "%s : nom d'utilisateur '%s' non valable\n"
+msgstr ""
+"%s : nom d'utilisateur '%s' non valable ; utilisez --badname pour l'ignorer\n"
+
+#, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
 
 #, c-format
 msgid "%s: line %d: invalid line\n"
@@ -1918,16 +1924,20 @@ msgstr "%s : ligne %d : impossible de créer le groupe\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s : ligne %d : l'utilisateur '%s' n'existe pas dans %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s : délier : %s : %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr ""
 "%s : ligne %d : impossible de mettre à jour le fichier des mots de passe - "
 "password -\n"
 
-#, fuzzy, c-format
-#| msgid "%s: line %d: mkdir %s failed: %s\n"
+#, c-format
 msgid "%s: line %d: homedir must be an absolute path\n"
-msgstr "%s : ligne %d : échec mkdir %s : %s\n"
+msgstr "%s : ligne %d : homedir doit être un chemin absolu\n"
 
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
@@ -1942,14 +1952,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s : ligne %d : impossible de mettre à jour l'entrée\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s : la préparation de la nouvelle entrée %s a échoué\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s : impossible de trouver une gamme utilisateur subordonnée\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s : la préparation de la nouvelle entrée %s a échoué\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s : impossible de trouver la gamme de groupe subordonné\n"
 
@@ -2034,6 +2044,13 @@ msgstr ""
 "de changer le mot de passe\n"
 "                                      à MAX_DAYS\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    afficher les informations sur l'âge des "
+"comptes\n"
+
 msgid "Old password: "
 msgstr "Ancien mot de passe :"
 
@@ -2056,6 +2073,11 @@ msgstr ""
 "Utilisez une combinaison de lettres minuscules et majuscules et des "
 "chiffres.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s : champs trop longs\n"
+
 msgid "New password: "
 msgstr "Nouveau mot de passe :"
 
@@ -2081,10 +2103,10 @@ msgstr "Le mot de passe de %s ne peut pas être changé.\n"
 msgid "The password for %s cannot be changed yet.\n"
 msgstr "Le mot de passe de %s ne peut pas encore être changé.\n"
 
-#, fuzzy, c-format
-#| msgid "%s: shadow passwords required for -e\n"
+#, c-format
 msgid "%s: malformed password data obtained for user %s\n"
-msgstr "%s : mots de passe cachés « shadow passwords » nécessaires pour -e\n"
+msgstr ""
+"%s : données incorrectes de mot de passe obtenues pour l'utilisateur %s\n"
 
 #, c-format
 msgid ""
@@ -2102,6 +2124,11 @@ msgstr ""
 "%s : le dépot %s n'est pas pris en charge\n"
 " \n"
 
+#, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s : seul root peut utiliser l'option -g/--group\n"
+
 #, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
@@ -2161,10 +2188,10 @@ msgstr "entrée de fichier de mots de passe non valable "
 msgid "duplicate password entry"
 msgstr "entrée de mot de passe dupliqué"
 
-#, fuzzy, c-format
-#| msgid "invalid user name '%s'\n"
+#, c-format
 msgid "invalid user name '%s': use --badname to ignore\n"
-msgstr "Nom d'utilisateur '%s' non valable\n"
+msgstr ""
+"Nom d'utilisateur '%s' non valable ; utilisez --badname pour l'ignorer\n"
 
 #, c-format
 msgid "invalid user ID '%lu'\n"
@@ -2262,11 +2289,9 @@ msgstr "%s : dysfonctionnement du signal\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Session terminée, fin de l'interpréteur de commande ...."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ... tué.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ... attente de la fin du processus enfant.\n"
 
@@ -2317,10 +2342,13 @@ msgstr ""
 #, c-format
 msgid "Password field is empty, this is forbidden for all accounts.\n"
 msgstr ""
+"Le champ Mot de Passe est vide, cela est interdit pour tous les comptes.\n"
 
 #, c-format
 msgid "Password field is empty, this is forbidden for super-user.\n"
 msgstr ""
+"Le champ Mot de Passe est vide, cela est interdit pour le super-"
+"utilisateur.\n"
 
 #, c-format
 msgid "You are not authorized to su %s\n"
@@ -2343,6 +2371,11 @@ msgstr "%s : Vous n'avez pas les autorisations superutilisateur\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Pas d'entrée de mot de passe pour l'utilisateur '%s'\n"
 
+#, fuzzy, c-format
+#| msgid "Invalid member username %s\n"
+msgid "Overlong user name '%s'\n"
+msgstr "Nom de membre utilisateur '%s' non valable\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s : doit être lancé depuis un terminal\n"
@@ -2388,19 +2421,21 @@ msgstr "%s : %s a été créé, mais n'a pas pu être supprimé\n"
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s : le paramétrage %s dans %s sera ignoré \n"
 
+#, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s : le paramétrage %s dans %s sera ignoré \n"
+
 #, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr ""
 "%s : impossible de créer le nouveau fichier des valeurs par défaut : %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: cannot create new defaults file\n"
-msgid "%s: cannot create directory for defaults file\n"
-msgstr "%s : impossible de créer un nouveau fichier des valeurs par défaut\n"
-
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s : impossible de créer un nouveau fichier des valeurs par défaut\n"
+msgid "%s: cannot create directory for defaults file\n"
+msgstr "%s : impossible de créer répertoire pour les fichiers par défaut\n"
 
 #, c-format
 msgid "%s: cannot open new defaults file\n"
@@ -2419,17 +2454,12 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s : renommer : %s : %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s : le groupe '%s' est un groupe NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s : trop de groupes sont spécifiés (max %d).\n"
 
-#, fuzzy, c-format
-#| msgid "%s: Out of memory. Cannot update %s.\n"
+#, c-format
 msgid "%s: Out of memory. Cannot find group '%s'.\n"
-msgstr "%s : Plus de mémoire libre. Mise à niveau impossible %s.\n"
+msgstr "%s : Plus de mémoire libre. Impossible de trouver le groupe.'%s'.\n"
 
 #, c-format
 msgid ""
@@ -2445,7 +2475,6 @@ msgstr ""
 "\n"
 "Options :\n"
 
-#, fuzzy
 msgid "      --badname                 do not check for bad names\n"
 msgstr "      --badname                ne pas vérifier les mauvais noms\n"
 
@@ -2491,6 +2520,8 @@ msgid ""
 "  -F, --add-subids-for-system   add entries to sub[ud]id even when adding a "
 "system user\n"
 msgstr ""
+"  -F, --add-subids-for-system   ajouter des entrées comme sous-[ud]id même "
+"lors de l'ajout d'un utilisateur système\n"
 
 msgid ""
 "  -g, --gid GROUP               name or ID of the primary group of the new\n"
@@ -2573,6 +2604,17 @@ msgstr ""
 " -Z, --selinux-user SEUSER      utiliser un SEUSER spécifique pour le "
 "mappage de l'utilisateur SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+" -Z, --selinux-user SEUSER      utiliser un SEUSER spécifique pour le "
+"mappage de l'utilisateur SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s : répertoire de base '%s' non valable\n"
@@ -2615,39 +2657,31 @@ msgstr "%s : -Z ne peut pas être utilisé avec --prefix\n"
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s : -Z nécessite un noyau avec SELinux activé\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to open the faillog file for UID %lu: %s\n"
-msgstr ""
-"%s : échec de la réinitialisation de l'entrée de faillog de l'UID %lu : %s\n"
+msgstr "%s : échec d'ouverture du fichier faillog de l'UID %lu : %s\n"
 
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr ""
 "%s : échec de la réinitialisation de l'entrée de faillog de l'UID %lu : %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to close the faillog file for UID %lu: %s\n"
-msgstr ""
-"%s : échec de la réinitialisation de l'entrée de faillog de l'UID %lu : %s\n"
+msgstr "%s : échec de la fermeture du fichier faillog de l'UID %lu : %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
-msgstr ""
-"%s : échec de la réinitialisation de l'entrée de lastlog de l'UID %lu:%s\n"
+msgstr "%s : échec d'ouveture du fichier lastlog de l'UID %lu:%s\n"
 
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr ""
 "%s : échec de la réinitialisation de l'entrée de lastlog de l'UID %lu:%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
-msgstr ""
-"%s : échec de la réinitialisation de l'entrée de lastlog de l'UID %lu:%s\n"
+msgstr "%s : échec de fermeture du fichier lastlog de l'UID %lu:%s\n"
 
 #, c-format
 msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
@@ -2696,8 +2730,7 @@ msgstr "%s : attention  : échec de chown sur '%s' : %m\n"
 msgid "%s: warning: chmod on `%s' failed: %m\n"
 msgstr "%s : attention : échec de chmod sur '%s' : %m\n"
 
-#, fuzzy, c-format
-#| msgid "%s: warning: chown on `%s' failed: %m\n"
+#, c-format
 msgid "%s: warning: chown on '%s' failed: %m\n"
 msgstr "%s : attention  : échec de chown sur '%s' : %m\n"
 
@@ -2706,12 +2739,11 @@ msgid "%s: cannot reset SELinux file creation context\n"
 msgstr ""
 "%s : impossible de réinitialiser le contexte de création du fichier SELinux\n"
 
-#, fuzzy, c-format
-#| msgid "%s: cannot set SELinux context for home directory %s\n"
+#, c-format
 msgid "%s: cannot set SELinux context for mailbox file %s\n"
 msgstr ""
-"%s : impossible de définir le contexte SELinux pour le répertoire personnel "
-"%s\n"
+"%s : impossible de définir le contexte SELinux pour le fichier boîte à "
+"lettre %s\n"
 
 msgid "Creating mailbox file"
 msgstr "Création du fichier mailbox - boîte au lettres"
@@ -2725,14 +2757,28 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Indiquez les permissions du fichier mailbox"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Création du fichier mailbox - boîte au lettres"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Création du fichier mailbox - boîte au lettres"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
+"%s attention: l'uid de %s, %d, est plus grand que SYS_UID_MAX %d\n"
+"\n"
 
 #, c-format
 msgid ""
 "%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
 msgstr ""
+"%s attention: l'uid de %s, %d, est en dehors de la plage UID_MIN %d et "
+"UID_MAX %d .\n"
 
 #, c-format
 msgid "%s: user '%s' already exists\n"
@@ -2783,18 +2829,16 @@ msgstr ""
 "%s: attention : le répertoire personnel %s existe déjà.\n"
 "%s: Aucun fichier du répertoire skel n'y sera copié.\n"
 
-#, fuzzy
-#| msgid ""
-#| "  -f, --force                   force removal of files,\n"
-#| "                                even if not owned by user\n"
 msgid ""
 "  -f, --force                   force some actions that would fail "
 "otherwise\n"
 "                                e.g. removal of user still logged in\n"
 "                                or files, even if not owned by the user\n"
 msgstr ""
-" -f, --force                  forcer la suppression de fichiers,\n"
-"                                même ceux qui n'appartiennent pas à "
+" -f, --force                  forcer des actions qui échoueraient sinon\n"
+"                                par exemple, supprimer un utilisateur encore "
+"connecté\n"
+"                                ou des fichiers, même si n'appartenant pas à "
 "l'utilisateur\n"
 
 msgid "  -r, --remove                  remove home directory and mail spool\n"
@@ -2862,10 +2906,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s : Impossible de supprimer les fichiers tcb de %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s : l'utilisateur %s est un utilisateur NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s : %s le répertoire personnel (%s) n'a pas été trouvé\n"
 
@@ -2963,21 +3003,14 @@ msgstr ""
 "  -p, --password PASSWORD       utiliser un mot de passe chiffré pour le "
 "nouveau mot de passe\n"
 
-#, fuzzy
-#| msgid ""
-#| "  -a, --append                  append the user to the supplemental "
-#| "GROUPS\n"
-#| "                                mentioned by the -G option without "
-#| "removing\n"
-#| "                                the user from other groups\n"
 msgid ""
 "  -r, --remove                  remove the user from only the supplemental "
 "GROUPS\n"
 "                                mentioned by the -G option without removing\n"
 "                                the user from other groups\n"
 msgstr ""
-"  -a, --append                   ajouter l'utilisateur au GROUPS "
-"supplémentaire\n"
+"  -r, --remove                   supprimer l'utilisateur uniquement du "
+"GROUPS supplémentaire\n"
 "                                       mentionné par l'option -G sans "
 "supprimer\n"
 "                                       l'utilisateur des autres groupes\n"
@@ -3009,6 +3042,16 @@ msgstr ""
 " -Z, --selinux-user SEUSER   nouveau mappage d'utilisateur SELinux pour le "
 "compte utilisateur\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+" -Z, --selinux-user SEUSER   nouveau mappage d'utilisateur SELinux pour le "
+"compte utilisateur\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3023,10 +3066,9 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s : l'utilisateur '%s' existe déjà dans %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+#, c-format
 msgid "%s: homedir must be an absolute path\n"
-msgstr "%s : le répertoire home \"%s\" doit être monté en BTRFS\n"
+msgstr "%s : homedir doit être un chemin absolu\n"
 
 #, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
@@ -3042,7 +3084,7 @@ msgstr "%s : pas d'options\n"
 
 #, c-format
 msgid "%s: %s and %s are mutually exclusive flags\n"
-msgstr ""
+msgstr "%s: %s et %s sont des drapeaux mutuellement exclusifs\n"
 
 #, c-format
 msgid "%s: the -L, -p, and -U flags are exclusive\n"
@@ -3095,16 +3137,13 @@ msgstr ""
 msgid "%s: cannot rename directory %s to %s\n"
 msgstr "%s : impossible de renommer le répertoire %s en %s\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "%s: The previous home directory (%s) was not a directory. It is not "
-#| "removed and no home directories are created.\n"
+#, c-format
 msgid ""
 "%s: The previous home directory (%s) does not exist or is inaccessible. Move "
 "cannot be completed.\n"
 msgstr ""
-"%s : Le répertoire personnel (%s) précédent n'était pas un répertoire. Il "
-"n'est pas supprimé et aucun répertoire personnel ne sera créé. \n"
+"%s : Le répertoire personnel (%s) précédent n'existe pas ou est "
+"inaccessible. Aucun transfert ne peut aboutir. \n"
 
 #, c-format
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
@@ -3112,12 +3151,26 @@ msgstr ""
 "%s : la copie de l'entrée lastlog de l'utilisateur %lu à l'utilisateur %lu a "
 "échoué : %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s : la copie de l'entrée lastlog de l'utilisateur %lu à l'utilisateur %lu a "
+"échoué : %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s : échec à copier l'entrée de faillog de l'utilisateur %lu vers "
 "l'utilisateur %lu : %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s : échec à copier l'entrée de faillog de l'utilisateur %lu vers "
+"l'utilisateur %lu : %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s : avertissement : %s n'appartient pas à %s\n"
@@ -3223,8 +3276,10 @@ msgstr "impossible de délier le fichier scratch"
 msgid "failed to stat edited file"
 msgstr "impossible de statuer sur le fichier édité"
 
-msgid "failed to allocate memory"
-msgstr "impossible d'allouer de la mémoire"
+#, fuzzy
+#| msgid "%s: snprintf failed!\n"
+msgid "asprintf(3) failed"
+msgstr "%s : échec de snprintf !\n"
 
 msgid "failed to create backup file"
 msgstr "échec à la création d'un fichier de sauvegarde"
@@ -3239,6 +3294,75 @@ msgstr ""
 "%s : impossible de trouver le répertoire tcb pour %s\n"
 "\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Débordement de l'environnement\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s : impossible de changer l'utilisateur '%s' sur le client NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s : '%s' est le NIS maître pour ce client.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s : le groupe '%s' est un groupe NIS\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr ""
+#~ "%s : %s est le NIS maître\n"
+#~ "\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s : le groupe %s est un groupe NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr ""
+#~ "%s : impossible de créer un nouveau fichier des valeurs par défaut\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s : le groupe '%s' est un groupe NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s : l'utilisateur %s est un utilisateur NIS\n"
+
+#, c-format
+#~ msgid "%s: Not enough arguments to form %u mappings\n"
+#~ msgstr "%s : Pas assez d'arguments pour former %u mappages\n"
+
+#~ msgid "too simple"
+#~ msgstr "trop simple"
+
+#, c-format
+#~ msgid "Unable to obtain random bytes.\n"
+#~ msgstr "Impossible d'avoir des octets aléatoires.\n"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Pas d'entrée utmp. Vous devez exécuter (exec) \"login\" depuis le plus "
+#~ "bas niveau \"sh\""
+
+#, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s : Impossible d'ouvrir le répertoire proc de la cible %u\n"
+
+#, c-format
+#~ msgid ""
+#~ "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+#~ "%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+#~ msgstr ""
+#~ "%s : La cible %u appartient à un utilisateur différent : uid :%lu pw_uid :"
+#~ "%lu st_uid :%lu, gid :%lu pw_gid :%lu st_gid :%lu\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "impossible d'allouer de la mémoire"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Utilisation : id\n"
 
diff --git a/po/gl.gmo b/po/gl.gmo
index 3ac54b8..55b30c0 100644
--- a/po/gl.gmo
+++ b/po/gl.gmo
diff --git a/po/gl.po b/po/gl.po
index 598f69b..ae9d92e 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2006-07-18 23:27+0200\n"
 "Last-Translator: Jacobo Tarrio <jtarrio@debian.org>\n"
 "Language-Team: Galician <trasno@ceu.fi.udc.es>\n"
@@ -17,222 +17,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n!=1;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Non se puido reservar espacio para a información de configuración.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"erro de configuración - elemento \"%s\" descoñecido (avise ao "
-"administrador)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Contrasinal: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Contrasinal de %s: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Non se pode abrir o ficheiro de contrasinais.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Non se puido reservar espacio para a información de configuración.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "A cambiar a información de caducidade de %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Non se pode determinar o seu nome de usuario.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: liña %d: non se pode atopar o usuario %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: memoria esgotada\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: non se pode actualizar o ficheiro %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: directorio inicial \"%s\" non válido\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: non se pode crear o directorio %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: aviso: non se pode eliminar "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: aviso: non se pode eliminar "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: rename: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: aviso: non se pode eliminar "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: non se pode crear o directorio %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: aviso: non se pode eliminar "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: non se pode actualizar o ficheiro %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: non se pode actualizar o ficheiro shadow\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: rename: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: non se pode abrir o ficheiro %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Aviso: grupo %s descoñecido\n"
 
@@ -278,6 +62,11 @@ msgstr "Non se puido cambiar o tty %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: campos longos de máis\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -285,8 +74,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Desbordamento nas variables de ambiente\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -385,9 +175,18 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: non se pode obter un UID único\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "Non se puido reservar espacio para a información de configuración.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"erro de configuración - elemento \"%s\" descoñecido (avise ao "
+"administrador)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: a autenticación con PAM fallou\n"
@@ -415,7 +214,7 @@ msgstr "Non se puido reservar espacio para a información de configuración.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: non se pode abrir o ficheiro\n"
 
 #, fuzzy, c-format
@@ -426,9 +225,21 @@ msgstr "%s: liña %d: a chamada a chown fallou\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: liña %d: a chamada a chown fallou\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: liña %d: a chamada a chown fallou\n"
+
 msgid "Too many logins.\n"
 msgstr "Entrou demasiadas veces.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "Ten novo correo."
 
@@ -438,6 +249,14 @@ msgstr "Non hai correo."
 msgid "You have mail."
 msgstr "Ten correo."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "ningún cambio"
 
@@ -450,9 +269,6 @@ msgstr "só cambia maiúsculas/minúsculas"
 msgid "too similar"
 msgstr "semellantes de máis"
 
-msgid "too simple"
-msgstr "simple de máis"
-
 msgid "rotated"
 msgstr "rotado"
 
@@ -499,6 +315,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: a chamada a pam_start() fallou, erro %d\n"
 
+msgid "Password: "
+msgstr "Contrasinal: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Contrasinal de %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Contrasinal incorrecto para %s.\n"
@@ -524,18 +347,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: non se pode crear o directorio %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: non se pode crear o directorio %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: non se pode crear o directorio %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -548,6 +367,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Non se pode abrir o ficheiro de contrasinais.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Non se puido reservar espacio para a información de configuración.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Non se puido reservar espacio para a información de configuración.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "A cambiar a información de caducidade de %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Non se pode determinar o seu nome de usuario.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: liña %d: non se pode atopar o usuario %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Non se puido cambiar a \"%s\"\n"
@@ -560,6 +480,10 @@ msgid "Cannot execute %s"
 msgstr "Non se pode executar %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Directorio raíz \"%s\" non válido\n"
 
@@ -568,6 +492,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Non se pode cambiar o directorio raíz a \"%s\"\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: memoria esgotada\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: non se pode actualizar o ficheiro %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: directorio inicial \"%s\" non válido\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: non se pode crear o directorio %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: aviso: non se pode eliminar "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: aviso: non se pode eliminar "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: rename: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: aviso: non se pode eliminar "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: non se pode crear o directorio %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: aviso: non se pode eliminar "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: non se pode actualizar o ficheiro %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: non se pode actualizar o ficheiro shadow\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: rename: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: non se pode abrir o ficheiro %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: o usuario %s está conectado\n"
 
@@ -626,6 +628,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -651,12 +656,15 @@ msgstr "Contrasinal inactivo"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Data de caducidade da conta (AAAA-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Último cambio de contrasinal\t\t\t\t: "
-
 msgid "never"
 msgstr "nunca"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Último cambio de contrasinal\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "debe cambiarse o contrasinal"
 
@@ -825,14 +833,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: o usuario %s non existe\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: non se pode cambiar o usuario \"%s\" no cliente NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: \"%s\" é o mestre NIS deste cliente.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "A cambiar a información de usuario de %s\n"
 
@@ -860,6 +860,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: o modificador -a SÓ se admite co modificador -G\n"
@@ -911,6 +915,15 @@ msgid "Login Shell"
 msgstr "Intérprete de ordes"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: non se pode crear o novo ficheiro de valores por defecto\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Non pode cambiar o intérprete de ordes de %s.\n"
 
@@ -923,6 +936,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Entrada non válida: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s non é un intérprete de ordes válido.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s non é un intérprete de ordes válido.\n"
 
@@ -1132,9 +1149,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1148,6 +1162,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s non é un nome de grupo válido\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: non se pode abrir o ficheiro %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "nome de grupo \"%s\" non válido\n"
 
@@ -1190,14 +1208,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: o grupo %s non existe\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: o grupo \"%s\" é un grupo NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s é o mestre NIS\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: o usuario %s é un usuario NIS\n"
 
@@ -1273,10 +1283,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "nome de grupo \"%s\" non válido\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: o grupo %s é un grupo NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: usuario %s descoñecido\n"
 
@@ -1390,7 +1396,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1484,11 +1490,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Non hai unha entrada en utmp. Debe executar \"login\" dende o \"sh\" de "
-"nivel máis baixo"
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1523,14 +1524,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: liña %d: non se pode atopar o usuario %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: fallo ao lanzar o proceso: %s"
 
@@ -1566,7 +1559,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1591,17 +1585,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: campos longos de máis\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: directorio base \"%s\" non válido\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: non se pode crear o directorio %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1635,14 +1625,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: non se pode crear o directorio %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1664,6 +1653,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: nome de usuario \"%s\" non válido\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: liña %d: liña non válida\n"
 
@@ -1683,6 +1676,10 @@ msgstr "%s: liña %d: non se pode crear o GID\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: o usuario %s non existe\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: rename: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: liña %d: non se pode actualizar o contrasinal\n"
@@ -1704,14 +1701,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: liña %d: non se pode actualizar a entrada\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: non se puido deixar os privilexios (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: non se pode crear %s\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: non se puido deixar os privilexios (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: non se pode actualizar o ficheiro de grupos\n"
 
@@ -1769,6 +1766,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Contrasinal antigo: "
 
@@ -1788,6 +1788,11 @@ msgstr ""
 "Introduza o novo contrasinal (mínimo de %d, máximo de %d caracteres)\n"
 "Empregue unha combinación de maiúsculas, minúsculas e números.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: campos longos de máis\n"
+
 msgid "New password: "
 msgstr "Novo contrasinal: "
 
@@ -1829,6 +1834,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: non se soporta o repositorio %s\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1971,11 +1980,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2048,6 +2055,11 @@ msgstr "Non está autorizado para facer su %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Non hai unha entrada de contrasinal para \"root\""
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "nome de usuario \"%s\" non válido\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: débese executar dende un terminal\n"
@@ -2093,6 +2105,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2104,10 +2122,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: non se pode crear o novo ficheiro de valores por defecto\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: non se pode crear o novo ficheiro de valores por defecto\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: non se pode abrir o novo ficheiro de valores por defecto\n"
 
@@ -2124,10 +2138,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: rename: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: o grupo \"%s\" é un grupo NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: especificáronse grupos de máis (máximo %d).\n"
 
@@ -2236,6 +2246,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: directorio base \"%s\" non válido\n"
@@ -2367,6 +2382,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "A estabrecer os permisos do ficheiro da caixa do correo"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "A crear o ficheiro da caixa do correo"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "A crear o ficheiro da caixa do correo"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2488,10 +2513,6 @@ msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: non se pode cambiar o nome do directorio %s a %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: o usuario %s é un usuario NIS\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: directorio inicial \"%s\" non válido\n"
@@ -2592,6 +2613,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2675,10 +2700,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: non se pode actualizar o ficheiro de contrasinais\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: non se pode crear o directorio %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: aviso: %s non pertence a %s\n"
@@ -2784,8 +2817,9 @@ msgid "failed to stat edited file"
 msgstr "non se puido cambiar o nome da caixa do correo"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "non se puido cambiar o propietario da caixa do correo"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: non se pode abrir o ficheiro\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2799,6 +2833,57 @@ msgstr "%s: non se pode restaurar %s: %s (os seus cambios están en %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: directorio base \"%s\" non válido\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Desbordamento nas variables de ambiente\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: non se pode cambiar o usuario \"%s\" no cliente NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: \"%s\" é o mestre NIS deste cliente.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: o grupo \"%s\" é un grupo NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s é o mestre NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: o grupo %s é un grupo NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: non se pode crear o novo ficheiro de valores por defecto\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: o grupo \"%s\" é un grupo NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: o usuario %s é un usuario NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "simple de máis"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Non hai unha entrada en utmp. Debe executar \"login\" dende o \"sh\" de "
+#~ "nivel máis baixo"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: directorio base \"%s\" non válido\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "non se puido cambiar o propietario da caixa do correo"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Emprego: id\n"
 
@@ -2814,10 +2899,6 @@ msgstr "%s: directorio base \"%s\" non válido\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Aviso de caducidade de contrasinal"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "nome de usuario \"%s\" non válido\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Usuario          Porto    Desde            Última"
 
diff --git a/po/he.gmo b/po/he.gmo
index 75d74a4..61b8e66 100644
--- a/po/he.gmo
+++ b/po/he.gmo
diff --git a/po/he.po b/po/he.po
index 6c819f5..4e31a7c 100644
--- a/po/he.po
+++ b/po/he.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2004-07-21 23:59+0300\n"
 "Last-Translator: Lior Kaplan <webmaster@guides.co.il>\n"
 "Language-Team: Hebrew <en@li.org>\n"
@@ -19,220 +19,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "ל� יכול להקצות מקו� בשביל מידע על הקונפיגורציה.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "שגי�ת הגדרות - רכיב ל� ידוע '%s' (הודע למנהל)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "סיסמה: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "הסיסמה של %s: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "ל� יכול לפתוח �ת קובץ הסיסמ�ות.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "ל� יכול להקצות מקו� בשביל מידע על הקונפיגורציה.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "שנה מידע הזדקות בשביל %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: ל� יכול לקבוע �ת ש� המשתמש שלך.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: ל� יכול לקבוע �ת ש� המשתמש שלך.\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: ל� יכול לנעול קובץ צל\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "ספרית שורש ל� חוקית \"%s\"\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: ל� יכול לכתוב מחדש קובץ סיסמ�ות\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: ל� יכול לנעול קובץ צל\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: ל� יכול לנעול קובץ צל\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: ל� יכול לפתוח קובץ צל\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "�זהרה: קבוצה ל� מוכרת %s\n"
 
@@ -278,6 +64,11 @@ msgstr "ל� יכול לשנות tty %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: שדות �רוכי� מידי\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "passwd: %s\n"
@@ -285,8 +76,9 @@ msgstr "passwd: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "הצפת סביבה\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -381,9 +173,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "ל� יכול להקצות מקו� בשביל מידע על הקונפיגורציה.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "שגי�ת הגדרות - רכיב ל� ידוע '%s' (הודע למנהל)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: זיהוי PAM נכשל\n"
@@ -408,9 +207,9 @@ msgstr "ל×� יכול להקצות מקו×� בשביל מידע על הקונפ×
 msgid "%s: Could not set caps\n"
 msgstr "ל� יכול להקצות מקו� בשביל מידע על הקונפיגורציה.\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
 
 #, fuzzy, c-format
 msgid "%s: open of %s failed: %s\n"
@@ -420,9 +219,19 @@ msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
 msgid "Too many logins.\n"
 msgstr "יותר מידי כניסות למערכת.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+
 msgid "You have new mail."
 msgstr "יש לך דו�ר חדש."
 
@@ -432,6 +241,14 @@ msgstr "�ין דו�ר."
 msgid "You have mail."
 msgstr "יש לך דו�ר."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr ""
 
@@ -444,9 +261,6 @@ msgstr ""
 msgid "too similar"
 msgstr ""
 
-msgid "too simple"
-msgstr ""
-
 msgid "rotated"
 msgstr ""
 
@@ -490,6 +304,13 @@ msgid ""
 "%s\n"
 msgstr ""
 
+msgid "Password: "
+msgstr "סיסמה: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "הסיסמה של %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr ""
@@ -515,16 +336,12 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
-
-#, fuzzy, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "ספרית שורש ל� חוקית \"%s\"\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
 
 #, c-format
 msgid ""
@@ -539,6 +356,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "ל� יכול לפתוח �ת קובץ הסיסמ�ות.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "ל� יכול להקצות מקו� בשביל מידע על הקונפיגורציה.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "ל� יכול להקצות מקו� בשביל מידע על הקונפיגורציה.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "שנה מידע הזדקות בשביל %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: ל� יכול לקבוע �ת ש� המשתמש שלך.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: ל� יכול לקבוע �ת ש� המשתמש שלך.\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "ל� יכול לבצע cd ל-\"%s\"\n"
@@ -550,6 +468,10 @@ msgstr "�ין ספריה, נכנס למערכת ע� HOME=/"
 msgid "Cannot execute %s"
 msgstr "ל� יכול להריץ %s"
 
+#, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "ספרית שורש ל� חוקית \"%s\"\n"
@@ -558,6 +480,84 @@ msgstr "ספרית שורש ל� חוקית \"%s\"\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "ל� יכול לשנות ספרית שורש ל-\"%s\"\n"
 
+#, c-format
+msgid "%s: out of memory\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: ל� יכול לנעול קובץ צל\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "ספרית שורש ל� חוקית \"%s\"\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: ל� יכול לכתוב מחדש קובץ סיסמ�ות\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: ל� יכול לנעול קובץ צל\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: ל� יכול לנעול קובץ צל\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: ל� יכול לפתוח קובץ צל\n"
+
 #, fuzzy, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
@@ -616,6 +616,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -642,13 +645,16 @@ msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "ת�ריך תוקף חשבון (YYYY-MM-DD)"
 
 #, fuzzy
-msgid "Last password change\t\t\t\t\t: "
-msgstr "שינוי סיסמה �חרון (YYYY-MM-DD)"
-
-#, fuzzy
 msgid "never"
 msgstr "�ף פע�"
 
+msgid "future"
+msgstr ""
+
+#, fuzzy
+msgid "Last password change\t\t\t\t\t: "
+msgstr "שינוי סיסמה �חרון (YYYY-MM-DD)"
+
 msgid "password must be changed"
 msgstr ""
 
@@ -819,14 +825,6 @@ msgstr "%s: \"%s\" מכיל תווי� ל� חוקיי�\n"
 msgid "%s: user '%s' does not exist\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr ""
-
 #, c-format
 msgid "Changing the user information for %s\n"
 msgstr "משנה מידע בשביל המשתמש %s\n"
@@ -856,6 +854,10 @@ msgid ""
 msgstr ""
 
 #, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
+#, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr ""
 
@@ -906,6 +908,14 @@ msgid "Login Shell"
 msgstr "מעטפת כניסה למערכת"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
+
+#, fuzzy, c-format
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: ל� יכול לכתוב מחדש קובץ סיסמ�ות\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "�ינך רש�י לשנות �ת המעטפת בשביל %s.\n"
 
@@ -918,6 +928,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: רשומה ל� חוקית: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s הי� מעטפת ל� חוקית.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s הי� מעטפת ל� חוקית.\n"
 
@@ -1125,9 +1139,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1140,6 +1151,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: ל� יכול לפתוח קובץ צל\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
 
@@ -1181,14 +1196,6 @@ msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
 msgid "%s: group '%s' does not exist\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
 
-#, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: ש� ל� חוקי: \"%s\"\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr ""
-
 #, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr ""
@@ -1265,10 +1272,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr ""
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr ""
 
@@ -1386,7 +1389,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1475,9 +1478,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-
 #, c-format
 msgid ""
 "\n"
@@ -1510,12 +1510,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: ל� יכול לקבוע �ת ש� המשתמש שלך.\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr ""
 
@@ -1549,7 +1543,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1573,17 +1568,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: שדות �רוכי� מידי\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "ספרית שורש ל� חוקית \"%s\"\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "ספרית שורש ל� חוקית \"%s\"\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1617,14 +1608,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "ספרית שורש ל� חוקית \"%s\"\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1645,6 +1635,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: ש� ל� חוקי: \"%s\"\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr ""
 
@@ -1664,6 +1658,10 @@ msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: שורה %d: משתמש ל� מוכר %s\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr ""
@@ -1685,14 +1683,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr ""
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: ל� יכול לנעול קובץ צל\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: ל� יכול לנעול קובץ צל\n"
 
@@ -1750,6 +1748,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr ""
 
@@ -1765,6 +1766,11 @@ msgid ""
 "Please use a combination of upper and lower case letters and numbers.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: שדות �רוכי� מידי\n"
+
 msgid "New password: "
 msgstr ""
 
@@ -1803,6 +1809,10 @@ msgid "%s: repository %s not supported\n"
 msgstr ""
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1948,11 +1958,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2011,6 +2019,10 @@ msgstr ""
 msgid "No passwd entry for user '%s'\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "Overlong user name '%s'\n"
+msgstr "%s: ש� ל� חוקי: \"%s\"\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr ""
@@ -2054,6 +2066,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: ל� יכול לכתוב מחדש קובץ סיסמ�ות\n"
@@ -2063,10 +2081,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: ל� יכול לכתוב מחדש קובץ סיסמ�ות\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr ""
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr ""
 
@@ -2083,10 +2097,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: שורה %d: ל� יכול לעדכן רשומת סיסמה\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr ""
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr ""
 
@@ -2195,6 +2205,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "ספרית שורש ל� חוקית \"%s\"\n"
@@ -2322,6 +2337,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr ""
 
+msgid "Synchronize mailbox file"
+msgstr ""
+
+msgid "Closing mailbox file"
+msgstr ""
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2434,10 +2455,6 @@ msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr ""
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "ספרית שורש ל� חוקית \"%s\"\n"
@@ -2535,6 +2552,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2617,10 +2638,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: ל� יכול לעדכן קובץ סיסמ�ות\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "ספרית שורש ל� חוקית \"%s\"\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr ""
@@ -2718,7 +2747,7 @@ msgstr "%s: שדות �רוכי� מידי\n"
 msgid "failed to stat edited file"
 msgstr ""
 
-msgid "failed to allocate memory"
+msgid "asprintf(3) failed"
 msgstr ""
 
 msgid "failed to create backup file"
@@ -2732,6 +2761,21 @@ msgstr ""
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "ספרית שורש ל� חוקית \"%s\"\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "הצפת סביבה\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: ל� יכול לשנות משתמש `%s' על לקוח NIS.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: ש� ל� חוקי: \"%s\"\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "ספרית שורש ל� חוקית \"%s\"\n"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "שימוש: id\n"
 
diff --git a/po/hu.gmo b/po/hu.gmo
index f3ff5f4..251636d 100644
--- a/po/hu.gmo
+++ b/po/hu.gmo
diff --git a/po/hu.po b/po/hu.po
index 2f658bf..c2a2cda 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2007-11-25 20:56+0100\n"
 "Last-Translator: SZERV�C Attila <sas@321.hu>\n"
 "Language-Team: Hungarian <gnome@gnome.hu>\n"
@@ -17,220 +17,6 @@ msgstr ""
 "X-Generator: KBabel 1.11.2\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Sikertelen helyfoglalás a beállítási infónak.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "beállítási hiba - ismeretlen '%s' elem (értesítsd a rendszergazdát)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Jelszó: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s jelszava: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "A jelszófájl nem nyitható meg.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Sikertelen helyfoglalás a beállítási infónak.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s elévülési információinak módosítása\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: A felhasználóneved megállapítása sikertelen\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: %d. sor: nem találom e felhasználót: %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: a memória elfogyott\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: %s fájl nem frissíthető\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: érvénytelen saját könyvtár: \"%s\"\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: %s könyvtár nem hozható létre\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: figyelem: nem törölhető: "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: figyelem: nem törölhető: "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: átnevezés: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: figyelem: nem törölhető: "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: %s könyvtár nem hozható létre\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: figyelem: nem törölhető: "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: %s fájl nem frissíthető\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: nem tudom frissíteni a \"shadow\" fájlt\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: átnevezés: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: %s fájl nem nyitható meg\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Figyelem: ismeretlen %s csoport\n"
 
@@ -276,6 +62,11 @@ msgstr "Nem lehet a következő terminálra váltani: %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: túl hosszú mezők\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -283,8 +74,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Környezeti túlcsordulás\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -380,9 +172,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: nem kérhető le egyedi felhasználói azonosító\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "Sikertelen helyfoglalás a beállítási infónak.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "beállítási hiba - ismeretlen '%s' elem (értesítsd a rendszergazdát)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: PAM hitelesítési hiba\n"
@@ -410,7 +209,7 @@ msgstr "Sikertelen helyfoglalás a beállítási infónak.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: nem tudom megnyitni a fájlt\n"
 
 #, fuzzy, c-format
@@ -421,9 +220,21 @@ msgstr "%s: %d. sor: chown sikertelen\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: %d. sor: chown sikertelen\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: %d. sor: chown sikertelen\n"
+
 msgid "Too many logins.\n"
 msgstr "Túl sok bejelentkezés\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s bejelentkezés: "
+
 msgid "You have new mail."
 msgstr "Új leveled érkezett"
 
@@ -433,6 +244,14 @@ msgstr "Nincs leveled"
 msgid "You have mail."
 msgstr "Levelek kiolvasva"
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "nem változott"
 
@@ -445,9 +264,6 @@ msgstr "csak változások esetén"
 msgid "too similar"
 msgstr "túl hasonló"
 
-msgid "too simple"
-msgstr "túl egyszerű"
-
 msgid "rotated"
 msgstr "fordított"
 
@@ -494,6 +310,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() sikertelen, hibakód: %d\n"
 
+msgid "Password: "
+msgstr "Jelszó: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s jelszava: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Hibás jelszó ehhez: %s.\n"
@@ -519,18 +342,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: %s könyvtár nem hozható létre\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: %s könyvtár nem hozható létre\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: %s könyvtár nem hozható létre\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -543,6 +362,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "A jelszófájl nem nyitható meg.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Sikertelen helyfoglalás a beállítási infónak.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Sikertelen helyfoglalás a beállítási infónak.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s elévülési információinak módosítása\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: A felhasználóneved megállapítása sikertelen\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: %d. sor: nem találom e felhasználót: %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "nem lehet könyvtárat váltani ide: \"%s\"\n"
@@ -555,6 +475,10 @@ msgid "Cannot execute %s"
 msgstr "%s nem futtatható"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Érvénytelen gyökérkönyvtár: \"%s\"\n"
 
@@ -563,6 +487,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Nem lehet a gyökérkönyvtárba váltani: \"%s\"\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: a memória elfogyott\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: %s fájl nem frissíthető\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: érvénytelen saját könyvtár: \"%s\"\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: %s könyvtár nem hozható létre\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: figyelem: nem törölhető: "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: figyelem: nem törölhető: "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: átnevezés: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: figyelem: nem törölhető: "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: %s könyvtár nem hozható létre\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: figyelem: nem törölhető: "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: %s fájl nem frissíthető\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: nem tudom frissíteni a \"shadow\" fájlt\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: átnevezés: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: %s fájl nem nyitható meg\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: %s felhasználó most be van jelentkezve\n"
 
@@ -621,6 +623,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -646,12 +651,15 @@ msgstr "Inaktív jelszó"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Hozzáférés elévülési dátum (ÉÉÉÉ-HH-NN)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Utolsó jelszóváltás\t\t\t\t\t: "
-
 msgid "never"
 msgstr "soha"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Utolsó jelszóváltás\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "jelszóváltás kötelező"
 
@@ -820,14 +828,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: %s felhasználó nem létezik\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: `%s' felhasználó nem módosítható NIS kliensen.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: `%s' a NIS mester ehhez a klienshez.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%s felhasználói információinak cseréje\n"
 
@@ -855,6 +855,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: -a kapcsoló CSAK -G-vel megy\n"
@@ -906,6 +910,15 @@ msgid "Login Shell"
 msgstr "Bejelentkező héj"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: nem tudom létrehozni az új defaults fájlt\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Nem módosíthatod %s parancsértelmezőjét.\n"
 
@@ -918,6 +931,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Érvénytelen bejegyzés: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s érvénytelen héj.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s érvénytelen héj.\n"
 
@@ -1127,9 +1144,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1143,6 +1157,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s rossz csoport név\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: %s fájl nem nyitható meg\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "érvénytelen csoportnév: `%s'\n"
 
@@ -1185,14 +1203,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: %s csoport nem létezik\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: a(z) \"%s\" csoport egy NIS csoport.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s a NIS mester\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: %s egy NIS felhasználó\n"
 
@@ -1268,10 +1278,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "érvénytelen csoportnév: `%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: %s egy NIS csoport\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: ismeretlen %s felhasználó\n"
 
@@ -1385,7 +1391,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1479,11 +1485,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Nincs utmp bejegyzés.  Futtasd a \"login\"-t a legalacsonyabb szintű \"sh\"-"
-"ból."
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1518,14 +1519,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: %d. sor: nem találom e felhasználót: %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s bejelentkezés: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: hiba a következő indításakor: %s"
 
@@ -1561,7 +1554,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1586,17 +1580,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: túl hosszú mezők\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: érvénytelen alapkönyvtár: \"%s\"\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: %s könyvtár nem hozható létre\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1630,14 +1620,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: %s könyvtár nem hozható létre\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1659,6 +1648,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: érvénytelen '%s' felhasználónév\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: %d. sor: érvénytelen sor\n"
 
@@ -1678,6 +1671,10 @@ msgstr "%s: %d. sor: GID létrehozása sikertelen\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: %s felhasználó nem létezik\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: átnevezés: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: %d. sor: jelszó frissítése sikertelen\n"
@@ -1699,14 +1696,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: %d. sor: nem tudom frissíteni a bejegyzést\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: a jogosultságok eldobása meghiúsult (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: %s létrehozása sikertelen\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: a jogosultságok eldobása meghiúsult (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: nem tudom frissíteni a csoport fájlt\n"
 
@@ -1764,6 +1761,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Régi jelszó: "
 
@@ -1783,6 +1783,11 @@ msgstr ""
 "Add meg az új jelszót (minimum %d, maximum %d karakter)\n"
 "Biztonság: kérlek használj vegyesen Nagy és kisbetűket és számokat.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: túl hosszú mezők\n"
+
 msgid "New password: "
 msgstr "Új jelszó: "
 
@@ -1824,6 +1829,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: %s tár nem támogatott\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1966,11 +1975,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2058,6 +2065,11 @@ msgstr "Nem vagy jogosult ehhez: su %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Nincs 'root' jelszó bejegyzés"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "érvénytelen '%s' felhasználó név\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: terminálból kell futnia\n"
@@ -2103,6 +2115,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2114,10 +2132,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: nem tudom létrehozni az új defaults fájlt\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: nem tudom létrehozni az új defaults fájlt\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: nem tudom megnyitni az új defaults fájlt\n"
 
@@ -2134,10 +2148,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: átnevezés: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: a(z) \"%s\" csoport egy NIS csoport.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: túl sok csoport van megadva (max %d).\n"
 
@@ -2246,6 +2256,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: érvénytelen alapkönyvtár: \"%s\"\n"
@@ -2377,6 +2392,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "A postafiókfájl jogosultságainak beállítása"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Postafiókfájl létrehozása"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Postafiókfájl létrehozása"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2498,10 +2523,6 @@ msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: nem tudom átnevezni %s könyvtárat erre: %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: %s egy NIS felhasználó\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: érvénytelen saját könyvtár: \"%s\"\n"
@@ -2600,6 +2621,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2682,10 +2707,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: a jelszófájl frissítése sikertelen\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: %s könyvtár nem hozható létre\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: figyelem: %s tulajdonosa nem %s\n"
@@ -2791,8 +2824,9 @@ msgid "failed to stat edited file"
 msgstr "a postafiók átnevezése sikertelen"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "a postafiók tulajdonosának váltása sikertelen"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: nem tudom megnyitni a fájlt\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2806,6 +2840,57 @@ msgstr "%s: nem tudom visszaállítani %s-t: %s (módosításaid itt vannak: %s)
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: érvénytelen alapkönyvtár: \"%s\"\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Környezeti túlcsordulás\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: `%s' felhasználó nem módosítható NIS kliensen.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: `%s' a NIS mester ehhez a klienshez.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: a(z) \"%s\" csoport egy NIS csoport.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s a NIS mester\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: %s egy NIS csoport\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: nem tudom létrehozni az új defaults fájlt\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: a(z) \"%s\" csoport egy NIS csoport.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: %s egy NIS felhasználó\n"
+
+#~ msgid "too simple"
+#~ msgstr "túl egyszerű"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Nincs utmp bejegyzés.  Futtasd a \"login\"-t a legalacsonyabb szintű "
+#~ "\"sh\"-ból."
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: érvénytelen alapkönyvtár: \"%s\"\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "a postafiók tulajdonosának váltása sikertelen"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Használat: id\n"
 
@@ -2821,10 +2906,6 @@ msgstr "%s: érvénytelen alapkönyvtár: \"%s\"\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Jelszó elévülési figyelmeztetés"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "érvénytelen '%s' felhasználó név\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Felhasználónév   Port     Innen            Legutóbb"
 
diff --git a/po/id.gmo b/po/id.gmo
index e97d8d1..773b1d1 100644
--- a/po/id.gmo
+++ b/po/id.gmo
diff --git a/po/id.po b/po/id.po
index 3647e18..5cb0af8 100644
--- a/po/id.po
+++ b/po/id.po
@@ -5,7 +5,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.15\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2007-11-25 20:58+0100\n"
 "Last-Translator: Parlin Imanuel Toh <parlin_i@yahoo.com>\n"
 "Language-Team: Debian Indonesia <debid@yahoogroups.com>\n"
@@ -16,221 +16,6 @@ msgstr ""
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Tidak dapat mengalokasikan ruang untuk informasi konfigurasi.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"Kesalahan konfigurasi - item tidak dikenal '%s' (beritahu administrator)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Kata sandi:"
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Kata sandi dari %s:"
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Tidak dapat membuka berkas kata sandi.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Tidak dapat mengalokasikan ruang untuk informasi konfigurasi.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Mengubah informasi umur akun untuk %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Tidak dapat menentukan nama pengguna anda.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: baris %d: tak menemukan pengguna %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: kehabisan memori\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: tidak dapat memperbaharui berkas %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: direktori rumah `%s' tak sah\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: tak dapat membuat direktori %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: perhatian: tak dapat menghapus "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: perhatian: tak dapat menghapus "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: ubah nama: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: perhatian: tak dapat menghapus "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: tak dapat membuat direktori %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: perhatian: tak dapat menghapus "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: tidak dapat memperbaharui berkas %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: tak dapat memperbaharui berkas shadow\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: ubah nama: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: tidak dapat membuka berkas %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Peringatan: grup tidak dikenal %s\n"
 
@@ -276,6 +61,11 @@ msgstr "Tidak dapat mengubah tts %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: ruas terlalu panjang\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -283,8 +73,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Lingkungan overflow\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -380,8 +171,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: tidak bisa mendapatkan UID yang unik\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Tidak dapat mengalokasikan ruang untuk informasi konfigurasi.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"Kesalahan konfigurasi - item tidak dikenal '%s' (beritahu administrator)\n"
 
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
@@ -409,7 +208,7 @@ msgstr "Tidak dapat mengalokasikan ruang untuk informasi konfigurasi.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: tidak dapat membuka berkas\n"
 
 #, fuzzy, c-format
@@ -420,9 +219,21 @@ msgstr "%s: baris %d: chown gagal\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: baris %d: chown gagal\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: baris %d: chown gagal\n"
+
 msgid "Too many logins.\n"
 msgstr "Terlalu banyak login.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "Anda memiliki surat baru."
 
@@ -432,6 +243,14 @@ msgstr "Tidak ada surat."
 msgid "You have mail."
 msgstr "Anda memiliki surat."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "tak ada perubahan"
 
@@ -444,9 +263,6 @@ msgstr "hanya perubahan huruf besar/kecil"
 msgid "too similar"
 msgstr "terlalu mirip"
 
-msgid "too simple"
-msgstr "terlalu sederhana"
-
 msgid "rotated"
 msgstr "pernah dipakai"
 
@@ -493,6 +309,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() gagal, kesalahan nomor %d\n"
 
+msgid "Password: "
+msgstr "Kata sandi:"
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Kata sandi dari %s:"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Kata sandi tidak tepat untuk %s\n"
@@ -518,18 +341,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: tak dapat membuat direktori %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: tak dapat membuat direktori %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: tak dapat membuat direktori %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -542,6 +361,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Tidak dapat membuka berkas kata sandi.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Tidak dapat mengalokasikan ruang untuk informasi konfigurasi.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Tidak dapat mengalokasikan ruang untuk informasi konfigurasi.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Mengubah informasi umur akun untuk %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Tidak dapat menentukan nama pengguna anda.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: baris %d: tak menemukan pengguna %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Tidak dapat cd ke \"%s\"\n"
@@ -553,6 +473,10 @@ msgstr "Tidak terdapat direktori, masuk dengan HOME=/"
 msgid "Cannot execute %s"
 msgstr "Tidak dapat menjalankan %s"
 
+#, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Direktori root tidak sah \"%s\"\n"
@@ -562,6 +486,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Tidak dapat mengubah direktori root ke \"%s\"\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: kehabisan memori\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: tidak dapat memperbaharui berkas %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: direktori rumah `%s' tak sah\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: tak dapat membuat direktori %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: perhatian: tak dapat menghapus "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: perhatian: tak dapat menghapus "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: ubah nama: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: perhatian: tak dapat menghapus "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: tak dapat membuat direktori %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: perhatian: tak dapat menghapus "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: tidak dapat memperbaharui berkas %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: tak dapat memperbaharui berkas shadow\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: ubah nama: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: tidak dapat membuka berkas %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: pengguna %s saat ini sedang login\n"
 
@@ -620,6 +622,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -645,12 +650,15 @@ msgstr "Kata Sandi Tak-aktif"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Waktu Kadaluarsa Akun (TTTT-MM-HH)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Penggantian kata sandi terakhir\t\t\t\t\t: "
-
 msgid "never"
 msgstr "tak pernah"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Penggantian kata sandi terakhir\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "password mesti diubah"
 
@@ -818,14 +826,6 @@ msgstr "%s: \"%s\" berisi karakter-karakter ilegal\n"
 msgid "%s: user '%s' does not exist\n"
 msgstr "%s: pengguna %s tak ada\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: tidak dapat mengubah pengguna '%s' pada klien NIS.\n"
-
-#, fuzzy, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: `%s' merupakan master NIS untuk klien ini.\n"
-
 #, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Mengubah informasi pengguna dari %s\n"
@@ -854,6 +854,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: -a hanya diperbolehkan dengan -G\n"
@@ -905,6 +909,15 @@ msgid "Login Shell"
 msgstr "Login Shell"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: tak dapat membuat berkas-berkas bawaan yang baru\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Anda tidak boleh mengubah shell untuk %s.\n"
 
@@ -917,6 +930,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Entri tidak sah: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s merupakan shell yang tidak sah.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s merupakan shell yang tidak sah.\n"
 
@@ -1126,9 +1143,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1142,6 +1156,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: nama grup %s tidak sah\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: tidak dapat membuka berkas %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "nama grup `%s' tidak sah\n"
 
@@ -1184,14 +1202,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: grup %s tidak ada\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: grup `%s' merupakan grup NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s merupakan master NIS\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: pengguna %s merupakan pengguna NIS\n"
 
@@ -1267,10 +1277,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "nama grup `%s' tidak sah\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: grup %s merupakan sebuah grup NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: pengguna %s tak dikenal\n"
 
@@ -1384,7 +1390,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1478,10 +1484,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Tanpa entri utmp. Anda mesti menjalankan \"login\" dari level terendah \"sh\""
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1516,14 +1518,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: baris %d: tak menemukan pengguna %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: gagal membuat proses: %s"
 
@@ -1559,7 +1553,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1584,17 +1579,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: ruas terlalu panjang\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: direktori awal `%s' tak sah\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: tak dapat membuat direktori %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1628,14 +1619,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: tak dapat membuat direktori %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1657,6 +1647,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: nama pengguna `%s' tak sah\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: baris %d: baris tidak sah\n"
 
@@ -1676,6 +1670,10 @@ msgstr "%s: baris %d: tak dapat membuat GID\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: pengguna %s tak ada\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: ubah nama: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: baris %d: tak dapat memperbaharui kata sandi\n"
@@ -1697,14 +1695,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: baris %d: tak dapat memperbaharui entri\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: gagal membuang hak (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: tak dapat membuat %s\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: gagal membuang hak (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: tidak dapat memperbaharui berkas grup\n"
 
@@ -1762,6 +1760,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Kata sandi lama: "
 
@@ -1781,6 +1782,11 @@ msgstr ""
 "Masukkan password baru (minimim %d, maksimum %d karakter)\n"
 "Mohon gunakan kombinasi huruf besar, huruf kecil dan angka.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: ruas terlalu panjang\n"
+
 msgid "New password: "
 msgstr "kata sandi baru: "
 
@@ -1822,6 +1828,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: repositori %s tidak didukung\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1964,11 +1974,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2043,6 +2051,11 @@ msgstr "Anda tak diperbolehkan untuk su %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Tak ada entri kata sandi untuk 'root'"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "nama pengguna tak sah '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: mesti dijalankan dari sebuah terminal\n"
@@ -2088,6 +2101,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2099,10 +2118,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: tak dapat membuat berkas-berkas bawaan yang baru\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: tak dapat membuat berkas-berkas bawaan yang baru\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: tak dapat membuka berkas-berkas bawaan yang baru\n"
 
@@ -2118,10 +2133,6 @@ msgstr "%s: tak dapat membuat direktori %s\n"
 msgid "%s: rename: %s: %s\n"
 msgstr "%s: ubah nama: %s"
 
-#, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: grup `%s' merupakan grup NIS.\n"
-
 #, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: grup yang diberikan terlalu banyak (maks %d).\n"
@@ -2231,6 +2242,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: direktori awal `%s' tak sah\n"
@@ -2360,6 +2376,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr ""
 
+msgid "Synchronize mailbox file"
+msgstr ""
+
+msgid "Closing mailbox file"
+msgstr ""
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2480,10 +2502,6 @@ msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: tak dapat mengubah nama direktori %s menjadi %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: pengguna %s merupakan pengguna NIS\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: direktori rumah `%s' tak sah\n"
@@ -2582,6 +2600,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2664,10 +2686,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: tidak dapat memperbaharui berkas kata sandi\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: tak dapat membuat direktori %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: perhatian %s tak dimiliki oleh %s\n"
@@ -2773,8 +2803,9 @@ msgid "failed to stat edited file"
 msgstr "gagal mengubah nama kotak-surat"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "gagal mengganti pemilik kotak-surat"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: tidak dapat membuka berkas\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2788,6 +2819,57 @@ msgstr "%s: tidak dapat mengembalikan %s: %s (perubahan ada dalam %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: direktori awal `%s' tak sah\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Lingkungan overflow\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: tidak dapat mengubah pengguna '%s' pada klien NIS.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: `%s' merupakan master NIS untuk klien ini.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: grup `%s' merupakan grup NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s merupakan master NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: grup %s merupakan sebuah grup NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: tak dapat membuat berkas-berkas bawaan yang baru\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: grup `%s' merupakan grup NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: pengguna %s merupakan pengguna NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "terlalu sederhana"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Tanpa entri utmp. Anda mesti menjalankan \"login\" dari level terendah "
+#~ "\"sh\""
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: direktori awal `%s' tak sah\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "gagal mengganti pemilik kotak-surat"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Penggunaan: id\n"
 
@@ -2803,10 +2885,6 @@ msgstr "%s: direktori awal `%s' tak sah\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Peringatan Kadaluarsanya Kata Sandi"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "nama pengguna tak sah '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Nama pengguna    Port     Dari             Terakhir"
 
diff --git a/po/it.gmo b/po/it.gmo
index 7b883cd..eafc748 100644
--- a/po/it.gmo
+++ b/po/it.gmo
diff --git a/po/it.po b/po/it.po
index f54f087..28eaa85 100644
--- a/po/it.po
+++ b/po/it.po
@@ -25,7 +25,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.1\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2008-03-27 14:40+0100\n"
 "Last-Translator: Danilo Piazzalunga <danilopiazza@gmail.com>\n"
 "Language-Team: Italian <tp@lists.linux.it>\n"
@@ -36,224 +36,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Più di una voce chiamata «%s» in %s. Correggere il problema con pwck o "
-"grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "metodo di cifratura non supportato da libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Impossibile allocare spazio per le informazioni di configurazione.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"errore di configurazione: oggetto «%s» sconosciuto (avvisare "
-"l'amministratore)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Password: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Password di %s: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Impossibile aprire il file delle password.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Impossibile allocare spazio per le informazioni di configurazione.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Modifica delle informazioni sulla durata dell'account di %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: impossibile determinare il proprio nome utente.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: riga %d: impossibile trovare l'utente %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: memoria esaurita\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: impossibile aggiornare il file %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: directory home «%s» non valida\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: impossibile rinominare la directory %s in %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: impossibile creare la directory %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: attenzione: impossibile rimuovere "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: attenzione: impossibile rimuovere "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: rename: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: impossibile rinominare la directory %s in %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: impossibile rinominare la directory %s in %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: attenzione: impossibile rimuovere "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: impossibile creare la directory %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: attenzione: impossibile rimuovere "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: impossibile aggiornare il file %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: impossibile aggiornare il file shadow\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: rename: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: impossibile aprire il file %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Attenzione: gruppo «%s» sconosciuto\n"
 
@@ -299,6 +81,13 @@ msgstr "Impossibile cambiare i permessi al device %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: lunghezza dei campi eccessiva\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Più di una voce chiamata «%s» in %s. Correggere il problema con pwck o "
+"grpck.\n"
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -306,8 +95,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Dimensione dell'ambiente eccessiva\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "metodo di cifratura non supportato da libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -406,9 +196,18 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "Impossibile ottenere un UID univoco (nessun UID disponibile)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "Impossibile allocare spazio per le informazioni di configurazione.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"errore di configurazione: oggetto «%s» sconosciuto (avvisare "
+"l'amministratore)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: autenticazione PAM non riuscita\n"
@@ -436,7 +235,7 @@ msgstr "Impossibile allocare spazio per le informazioni di configurazione.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: impossibile aprire il file\n"
 
 #, fuzzy, c-format
@@ -447,10 +246,22 @@ msgstr "%s: riga %d: la chiamata chown ha restituito un errore\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: riga %d: la chiamata chown ha restituito un errore\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: riga %d: la chiamata chown ha restituito un errore\n"
+
 # NdT: Riferito al numero massimo di accessi concorrenti per un utente.
 msgid "Too many logins.\n"
 msgstr "Troppi accessi.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "C'è nuova posta."
 
@@ -460,6 +271,14 @@ msgstr "Nessun messaggio di posta."
 msgid "You have mail."
 msgstr "C'è la solita posta."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "nessuna modifica"
 
@@ -472,9 +291,6 @@ msgstr "cambiano solo maiuscole/minuscole"
 msgid "too similar"
 msgstr "simile alla precedente"
 
-msgid "too simple"
-msgstr "troppo semplice"
-
 msgid "rotated"
 msgstr "rotazione"
 
@@ -521,6 +337,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() ha restituito l'errore %d\n"
 
+msgid "Password: "
+msgstr "Password: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Password di %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Password sbagliata per %s\n"
@@ -546,18 +369,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: impossibile creare la directory %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: impossibile creare la directory %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: impossibile creare la directory %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -572,6 +391,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Impossibile aprire il file delle password.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Impossibile allocare spazio per le informazioni di configurazione.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Impossibile allocare spazio per le informazioni di configurazione.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Modifica delle informazioni sulla durata dell'account di %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: impossibile determinare il proprio nome utente.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: riga %d: impossibile trovare l'utente %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Impossibile spostarsi nella directory «%s»\n"
@@ -584,6 +504,10 @@ msgid "Cannot execute %s"
 msgstr "Impossibile eseguire %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Directory root «%s» non valida\n"
 
@@ -592,6 +516,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Impossibile cambiare la directory root in «%s»\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: memoria esaurita\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: impossibile aggiornare il file %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: directory home «%s» non valida\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: impossibile rinominare la directory %s in %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: impossibile creare la directory %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: attenzione: impossibile rimuovere "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: attenzione: impossibile rimuovere "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: rename: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: impossibile rinominare la directory %s in %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: impossibile rinominare la directory %s in %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: attenzione: impossibile rimuovere "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: impossibile creare la directory %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: attenzione: impossibile rimuovere "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: impossibile aggiornare il file %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: impossibile aggiornare il file shadow\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: rename: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: impossibile aprire il file %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: l'utente %s è attualmente collegato\n"
 
@@ -658,6 +660,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -683,12 +688,15 @@ msgstr "Inattività della password"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Data di scadenza dell'account (AAAA-MM-GG)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Ultimo cambio della password\t\t\t\t: "
-
 msgid "never"
 msgstr "mai"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Ultimo cambio della password\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "la password deve essere cambiata"
 
@@ -858,14 +866,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: l'utente «%s» non esiste\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: impossibile modificare l'utente «%s» sul client NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: «%s» è il NIS master per questo client.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Modifica delle informazioni relative all'utente %s\n"
 
@@ -903,6 +903,11 @@ msgstr ""
 "                                algoritmi di cifratura SHA*\n"
 
 #, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: metodo di cifratura «%s» non supportato\n"
+
+#, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: è permesso usare il flag %s solo con il flag %s\n"
 
@@ -953,6 +958,15 @@ msgid "Login Shell"
 msgstr "Shell di login"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: impossibile rinominare la directory %s in %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: impossibile creare il nuovo file dei valori predefiniti\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Non è permesso cambiare la shell di %s.\n"
 
@@ -965,6 +979,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: voce «%s» non valida\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s non è una shell valida.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s non è una shell valida.\n"
 
@@ -1187,9 +1205,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1203,6 +1218,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s non è un nome di gruppo valido\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: impossibile aprire il file %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: nome di gruppo «%s» non valido\n"
 
@@ -1247,14 +1266,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: gruppo «%s» inesistente\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: il gruppo «%s» è un gruppo NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s è il NIS master\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: l'utente %s è un utente NIS\n"
 
@@ -1336,10 +1347,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: nome di gruppo «%s» non valido\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: il gruppo «%s» è un gruppo NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: utente «%s» sconosciuto\n"
 
@@ -1456,7 +1463,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1551,9 +1558,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "Nessuna voce utmp. Eseguire «login» dalla shell di livello più basso"
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1588,14 +1592,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: riga %d: impossibile trovare l'utente %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: impossibile eseguire fork(): %s"
 
@@ -1632,7 +1628,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1657,17 +1654,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: lunghezza dei campi eccessiva\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: directory di base «%s» non valida\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: impossibile creare la directory %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1700,14 +1693,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: impossibile creare la directory %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1729,6 +1721,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: nome utente «%s» non valido\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: riga %d: riga non valida\n"
 
@@ -1750,6 +1746,10 @@ msgstr "%s: riga %d: impossibile creare il gruppo\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: l'utente «%s» non esiste\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: rename: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: riga %d: impossibile aggiornare la password\n"
@@ -1771,14 +1771,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: riga %d: impossibile aggiornare la voce\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: impossibile abbandonare i privilegi (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: impossibile creare l'utente\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: impossibile abbandonare i privilegi (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: impossibile aggiornare il file dei gruppi\n"
 
@@ -1845,6 +1845,9 @@ msgstr ""
 "  -s, --sha-rounds              il numero di passaggi SHA per gli\n"
 "                                algoritmi di cifratura SHA*\n"
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Vecchia password: "
 
@@ -1864,6 +1867,11 @@ msgstr ""
 "Inserire la nuova password (minimo %d caratteri, massimo %d)\n"
 "Utilizzare una combinazione di lettere maiuscole, minuscole e numeri.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: lunghezza dei campi eccessiva\n"
+
 msgid "New password: "
 msgstr "Nuova password: "
 
@@ -1908,6 +1916,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: repository %s non supportato\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -2051,11 +2063,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2142,6 +2152,11 @@ msgstr "Non si è autorizzati a diventare %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Manca una voce per «root» nel file delle password"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "nome utente «%s» non valido\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: si deve avviare da un terminale\n"
@@ -2187,6 +2202,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2198,10 +2219,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: impossibile creare il nuovo file dei valori predefiniti\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: impossibile creare il nuovo file dei valori predefiniti\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: impossibile aprire il nuovo file dei valori predefiniti\n"
 
@@ -2218,10 +2235,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: rename: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: il gruppo «%s» è un gruppo NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: troppi gruppi specificati (max %d).\n"
 
@@ -2348,6 +2361,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: directory di base «%s» non valida\n"
@@ -2479,6 +2497,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Impostazione dei permessi del file della casella di posta"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Creazione del file della casella di posta"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Creazione del file della casella di posta"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2605,10 +2633,6 @@ msgstr "%s: impossibile rinominare la directory %s in %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: impossibile rinominare la directory %s in %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: l'utente %s è un utente NIS\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: directory home «%s» non valida\n"
@@ -2724,6 +2748,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2811,10 +2839,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: impossibile aggiornare il file delle password\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: impossibile creare la directory %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: attenzione: %s non appartiene a %s\n"
@@ -2923,8 +2959,9 @@ msgid "failed to stat edited file"
 msgstr "impossibile rinominare la casella di posta"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "impossibile cambiare il proprietario della casella di posta"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: impossibile aprire il file\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2939,6 +2976,56 @@ msgstr ""
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: directory di base «%s» non valida\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Dimensione dell'ambiente eccessiva\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: impossibile modificare l'utente «%s» sul client NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: «%s» è il NIS master per questo client.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: il gruppo «%s» è un gruppo NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s è il NIS master\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: il gruppo «%s» è un gruppo NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: impossibile creare il nuovo file dei valori predefiniti\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: il gruppo «%s» è un gruppo NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: l'utente %s è un utente NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "troppo semplice"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Nessuna voce utmp. Eseguire «login» dalla shell di livello più basso"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: directory di base «%s» non valida\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "impossibile cambiare il proprietario della casella di posta"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Uso: id\n"
 
@@ -2954,10 +3041,6 @@ msgstr "%s: directory di base «%s» non valida\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Avviso di scadenza della password"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "nome utente «%s» non valido\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Nome utente      Porta    Da               Ultimo accesso"
 
diff --git a/po/ja.gmo b/po/ja.gmo
index ad97665..4726f5a 100644
--- a/po/ja.gmo
+++ b/po/ja.gmo
diff --git a/po/ja.po b/po/ja.po
index 0baf30b..a047a8a 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.5\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2012-05-21 02:52+0900\n"
 "Last-Translator: NAKANO Takeo <nakano@webmasters.gr.jp>\n"
 "Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
@@ -18,225 +18,6 @@ msgstr ""
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"'%s' ���エントリ� %s �複数�り��。pwck � grpck �修正������。\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "暗�化手法� libcrypt �よ��サ�ート�れ����？ (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "設定エラー - %s �値 '%s' を正��解釈����ん"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "設定情報用�空�容��確�����ん���。\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "設定エラー: �明�項目 '%s' (管�者�連絡������)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd �正常�終了���ん��� (シグナル %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd �ステータス %d �終了����\n"
-
-msgid "Password: "
-msgstr "パスワード: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s �パスワード: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "audit インターフェースを開���ん - 終了���。\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "SELinux �管��ンドルを作�����ん\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux �リシー�管��れ����ん\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "SELinux ��リシー�存領域を読���ん\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "SELinux �管�接続�確立����ん\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "SELinux �トランザクションを開始����ん\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "%s � seuser �����������ん\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "%s � serange を設定����ん\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "%s � sename を設定����ん\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "%s �ログインマッピングを修正����ん\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s � SELinux ログインマッピングを生�����ん\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "%s ���を設定����ん\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "%s � SELinux ユーザを設定����ん\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "%s �ログインマッピングを追加����ん\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "SELinux �管�を�期化����ん\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "SELinux �ユーザキーを生�����ん\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "�� SELinux ユーザを検証����ん\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "SELinux �ユーザマッピングを修正����ん\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "SELinux �ユーザマッピングを追加����ん\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "SELinux �トランザクションをコミット����ん\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"%s �ログインマッピング�定義�れ����ん。デフォルト�マッピングを\n"
-"用���ら� OK ��。\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "%s �ログインマッピング��リシー�定義�れ��り�削除����ん\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "%s �ログインマピングを削除����ん"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: メモリ�足り��ん\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: %s �状態を�得����ん: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s �ディレクトリ�もシンボリックリンク�も�り��ん\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: シンボリックリンク %s を読���ん: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: シンボリックリンク�長��るよ���: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: ディレクトリ %s を作�����ん: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: %s �所有者を変更����ん: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: : %s �モードを変更����ん: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: アンリンク: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: ディレクトリ %s を削除����ん: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: %s ���を %s �変更����ん: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: %s を削除����ん: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: シンボリックリンク %s を作�����ん: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: %s �所有者を変更����ん: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: %s を lstat ����ん: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: 警告: ユーザ %s �� tcb shadow ファイル��り��ん\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: 緊急事態: %s � tcb shadow � st_nlink=1 �通常ファイル���り��ん。\n"
-"アカウント�ロック�れ�����り��。\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: %s を開���ん: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "警告: �明�グループ %s\n"
 
@@ -283,14 +64,21 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: %s �アンロック����ん���\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"'%s' ���エントリ� %s �複数�り��。pwck � grpck �修正������。\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "環境変数領域�オー�ーフロー\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "暗�化手法� libcrypt �よ��サ�ート�れ����？ (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -406,8 +194,15 @@ msgstr ""
 "%s: 他���ら��ユーザ ID を�得����ん (利用��る UID ��り��ん)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "設定エラー - %s �値 '%s' を正��解釈����ん"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "設定情報用�空�容��確�����ん���。\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "設定エラー: �明�項目 '%s' (管�者�連絡������)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -437,9 +232,10 @@ msgstr "%s ���を設定����ん\n"
 msgid "%s: Could not set caps\n"
 msgstr "%s ���を設定����ん\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: %d 行: chown %s �失敗����: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -451,9 +247,22 @@ msgstr "%s: %d 行: chown %s �失敗����: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: %d 行: chown %s �失敗����: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: %d 行: chown %s �失敗����: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "ログイン試行数�制�を越����。\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "新��メール��り��。"
 
@@ -463,6 +272,14 @@ msgstr "メール��り��ん。"
 msgid "You have mail."
 msgstr "メール��り��。"
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd �正常�終了���ん��� (シグナル %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd �ステータス %d �終了����\n"
+
 msgid "no change"
 msgstr "変更�れ����ん"
 
@@ -475,9 +292,6 @@ msgstr "大文字�文字��変更�れ����ん"
 msgid "too similar"
 msgstr "似������"
 
-msgid "too simple"
-msgstr "�純����"
-
 msgid "rotated"
 msgstr "循環�������"
 
@@ -523,6 +337,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() �エラー %d �失敗����\n"
 
+msgid "Password: "
+msgstr "パスワード: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s �パスワード: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "%s �パスワード�正���り��ん。\n"
@@ -548,17 +369,13 @@ msgstr "%s: chroot �パス'%s' ��正��\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: chroot ディレクトリ%s �アクセス����ん: %s\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: chroot ディレクトリ%s �アクセス����ん: %s\n"
-
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: ディレクトリ %s � chroot ����ん���: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: chroot ディレクトリ%s �アクセス����ん: %s\n"
 
 #, c-format
 msgid ""
@@ -575,6 +392,110 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "audit インターフェースを開���ん - 終了���。\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "SELinux �管��ンドルを作�����ん\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux �リシー�管��れ����ん\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "SELinux ��リシー�存領域を読���ん\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "SELinux �管�接続�確立����ん\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "SELinux �トランザクションを開始����ん\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "%s � seuser �����������ん\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "%s � serange を設定����ん\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "%s � sename を設定����ん\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "%s �ログインマッピングを修正����ん\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s � SELinux ログインマッピングを生�����ん\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "%s ���を設定����ん\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "%s � SELinux ユーザを設定����ん\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "%s �ログインマッピングを追加����ん\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "SELinux �管�を�期化����ん\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "SELinux �ユーザキーを生�����ん\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "�� SELinux ユーザを検証����ん\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "SELinux �ユーザマッピングを修正����ん\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "SELinux �ユーザマッピングを追加����ん\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "SELinux �トランザクションをコミット����ん\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"%s �ログインマッピング�定義�れ����ん。デフォルト�マッピングを\n"
+"用���ら� OK ��。\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "%s �ログインマッピング��リシー�定義�れ��り�削除����ん\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s �ログインマピングを削除����ん"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "'%s' �ディレクトリを変更����ん\n"
@@ -587,6 +508,10 @@ msgid "Cannot execute %s"
 msgstr "%s を実行����ん"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "ルートディレクトリ '%s' ��正��\n"
 
@@ -595,6 +520,86 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "ルートディレクトリを '%s' �変更����ん\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: メモリ�足り��ん\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: %s �状態を�得����ん: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s �ディレクトリ�もシンボリックリンク�も�り��ん\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: シンボリックリンク %s を読���ん: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: シンボリックリンク�長��るよ���: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: ディレクトリ %s を作�����ん: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: %s �所有者を変更����ん: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: : %s �モードを変更����ん: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: アンリンク: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: ディレクトリ %s を削除����ん: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: %s ���を %s �変更����ん: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: %s を削除����ん: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: シンボリックリンク %s を作�����ん: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: %s �所有者を変更����ん: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: %s を lstat ����ん: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: 警告: ユーザ %s �� tcb shadow ファイル��り��ん\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: 緊急事態: %s � tcb shadow � st_nlink=1 �通常ファイル���り��ん。\n"
+"アカウント�ロック�れ�����り��。\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: %s を開���ん: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: ユーザ %s ��在ログイン中��\n"
 
@@ -666,6 +671,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_DIR         chroot �るディレクトリ\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_DIR         chroot �るディレクトリ\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -693,12 +703,15 @@ msgstr "パスワード無効日数"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "アカウント期�切れ日付 (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "最終パスワード変更日\t\t\t\t:"
-
 msgid "never"
 msgstr "��"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "最終パスワード変更日\t\t\t\t:"
+
 msgid "password must be changed"
 msgstr "パスワード�変更���れ��り��ん"
 
@@ -870,14 +883,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: ユーザ '%s' �存在���ん\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: NIS クライアント��ユーザ '%s' を変更����ん。\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' ���クライアント� NIS マスター��。\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%s �ユーザ情報を変更中\n"
 
@@ -915,6 +920,11 @@ msgid ""
 msgstr ""
 "  -s, --sha-rounds              SHA* 暗�化アルゴリズム� SHA ラウンド回数\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: サ�ート�れ����暗�化手法��: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: %s フラグ� %s フラグ�共�指定�る必���り��\n"
@@ -965,6 +975,16 @@ msgstr "  -s, --shell SHELL             ユーザ�シェルを新�� SHELL
 msgid "Login Shell"
 msgstr "ログインシェル"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: %s �サイズを�得����ん���: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: 新��デフォルトファイルを作れ��ん\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "���� '%s' �シェルを変更����ん。\n"
@@ -977,6 +997,11 @@ msgstr "%s �ログインシェルを変更中\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: �正�エントリ: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s �シェル�指定����ん\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s �シェル�指定����ん\n"
@@ -1217,11 +1242,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  システムアカウントを作����\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_DIR         chroot �るディレクトリ\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    グループ�メン�ーを表示���。\n"
@@ -1235,6 +1255,11 @@ msgstr "ユーザ� '%s' ��正��\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s' �グループ����正���り��ん\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: %s を開���ん: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: '%s' �グループ ID ���正���り��ん\n"
@@ -1279,14 +1304,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: グループ '%s' �存在���ん\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: グループ '%s' � NIS グループ��\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s � NIS マスター��\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: ユーザ '%s' ���� '%s' �メン�ー��\n"
 
@@ -1382,10 +1399,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s '%s' �グループ����正���り��ん\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: グループ %s � NIS �グループ��\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: ユーザ %s ��明��\n"
 
@@ -1512,7 +1525,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr "  -a, --all                     全ユーザ� faillog 記録を表示�る\n"
 
@@ -1609,11 +1622,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: ��ら�実効 root ����動作����ん\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"utmp �エントリ��り��ん。\"login\" を \"sh\" �最低レベル�ら行�必���"
-"り��"
-
 #, c-format
 msgid ""
 "\n"
@@ -1648,14 +1656,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "ユーザ�見��り��ん (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: fork �失敗����: %s"
 
@@ -1691,7 +1691,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1718,19 +1719,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: %s �アンロック����ん���\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: %s � tcb ディレクトリ�見付�り��ん���\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: %s � tcb ディレクトリ�作��失敗����\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1763,14 +1759,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: %s � tcb ディレクトリ�作��失敗����\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1795,6 +1791,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: '%s' �ユーザ��使���ん\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: %d 行: �正�行��\n"
 
@@ -1816,6 +1816,11 @@ msgstr "%s: %d 行: グループを作�����ん\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: %d 行: ユーザ '%s' � %s �存在���ん\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: アンリンク: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: %d 行: パスワードを更新����ん\n"
@@ -1838,14 +1843,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: %d 行: エントリを更新����ん\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: %s �新��エントリ '%s' を準備����ん���。\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: ユーザを作�����ん\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: %s �新��エントリ '%s' を準備����ん���。\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: グループを作�����ん\n"
 
@@ -1916,6 +1921,11 @@ msgstr ""
 "  -x, --maxdays MAX_DAYS        パスワード�変更��る期間�最長日数を\n"
 "                                MAX_DAYS �変更�る\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    アカウント�経時情報を表示�る\n"
+
 msgid "Old password: "
 msgstr "��パスワード: "
 
@@ -1935,6 +1945,11 @@ msgstr ""
 "新��パスワードを入れ����� (最低 %d 文字�最高 %d 文字)\n"
 "大文字・�文字・数字を混��使�よ��������。\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: 入力内容�長����\n"
+
 msgid "New password: "
 msgstr "新��パスワード: "
 
@@ -1979,6 +1994,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: レ�ジトリ %s �サ�ート�����ん\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: -g/--group オプション� root ���指定����\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s � %s �パスワードを変更�る権���り��ん\n"
@@ -2130,11 +2150,9 @@ msgstr "%s: シグナル�異常��\n"
 msgid "Session terminated, terminating shell..."
 msgstr "セッション�終了����。シェルを終了�����..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...kill �れ���。\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...�プロセス�終了を待���。\n"
 
@@ -2220,6 +2238,11 @@ msgstr "%s: �����時点�� su �る権���り��ん\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "ユーザ '%s' �パスワードエントリ��り��ん\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "ユーザ� '%s' ��正��\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: 端末�ら実行������\n"
@@ -2266,6 +2289,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%1$s: %3$s 中�設定 %2$s �無視�れ��\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%1$s: %3$s 中�設定 %2$s �無視�れ��\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: 新��デフォルトファイルを作れ��ん\n"
@@ -2276,10 +2306,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: 新��デフォルトファイルを作れ��ん\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: 新��デフォルトファイルを作れ��ん\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: 新��デフォルトファイルを開���ん\n"
 
@@ -2296,10 +2322,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: ファイル�変更: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: グループ '%s' � NIS グループ��。\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: 指定��グループ数�多���� (最大 %d 個)。\n"
 
@@ -2425,6 +2447,17 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     SELinux �ユーザマッピング�指定��\n"
 "                                SEUSER を使�\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     SELinux �ユーザマッピング�指定��\n"
+"                                SEUSER を使�\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: ベースディレクトリ '%s' ��正��\n"
@@ -2567,6 +2600,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "メールボックスファイル�許�属性を設定���"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "メールボックスファイルを作����"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "メールボックスファイルを作����"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2698,10 +2741,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: %s � tcb ファイルを削除����ん: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: ユーザ %s � NIS ユーザ��\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s �ホームディレクトリ (%s) ��り��ん\n"
 
@@ -2827,6 +2866,16 @@ msgstr ""
 "  -Z, --selinux-user            ��ユーザアカウント��新� SELinux\n"
 "                                ユーザマッピング\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user            ��ユーザアカウント��新� SELinux\n"
+"                                ユーザマッピング\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2921,11 +2970,23 @@ msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: ユーザ %lu � lastlog エントリをユーザ %lu �コピー����ん���: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: ユーザ %lu � lastlog エントリをユーザ %lu �コピー����ん���: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: ユーザ %lu � faillog エントリをユーザ %lu �コピー����ん���: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: ユーザ %lu � faillog エントリをユーザ %lu �コピー����ん���: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: 警告: %s � %s �所有���り��ん\n"
@@ -3024,8 +3085,8 @@ msgstr "スクラッ�ファイルを削除����ん���"
 msgid "failed to stat edited file"
 msgstr "編集��ファイル�状態を�得����ん���"
 
-msgid "failed to allocate memory"
-msgstr "メモリ割当�失敗����"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "�ックアップファイルを作�����ん���"
@@ -3038,6 +3099,57 @@ msgstr "%s: %s を復旧ã�§ã��ã�¾ã�›ã‚“ã�§ã�—ã�Ÿ: %s (ã�‚ã�ªã�Ÿã�®å¤‰æ›´ã�¯ %s ã
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: %s � tcb ディレクトリ�見付�り��ん���\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "環境変数領域�オー�ーフロー\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: NIS クライアント��ユーザ '%s' を変更����ん。\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' ���クライアント� NIS マスター��。\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: グループ '%s' � NIS グループ��\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s � NIS マスター��\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: グループ %s � NIS �グループ��\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: 新��デフォルトファイルを作れ��ん\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: グループ '%s' � NIS グループ��。\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: ユーザ %s � NIS ユーザ��\n"
+
+#~ msgid "too simple"
+#~ msgstr "�純����"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "utmp �エントリ��り��ん。\"login\" を \"sh\" �最低レベル�ら行�必�"
+#~ "��り��"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: %s � tcb ディレクトリ�見付�り��ん���\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "メモリ割当�失敗����"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "使�方: id\n"
 
@@ -3053,10 +3165,6 @@ msgstr "%s: %s � tcb ディレクトリ�見付�り��ん���\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: パスワード期�切れ情報を変更����\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ユーザ� '%s' ��正��\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "ユーザ�         �ート   場所             最近�ログイン"
 
diff --git a/po/ka.gmo b/po/ka.gmo
index 69e7f5e..98fc7b9 100644
--- a/po/ka.gmo
+++ b/po/ka.gmo
diff --git a/po/ka.po b/po/ka.po
index ab04107..3fb1915 100644
--- a/po/ka.po
+++ b/po/ka.po
@@ -1,14 +1,14 @@
 # Shadow-utils translation to Georgian.
-# Copyright (C) YEAR Free Software Foundation, Inc.
+# Copyright (C) 2024 Free Software Foundation, Inc.
 # This file is distributed under the same license as the shadow-utils package.
-# Temuri Doghonadze <temuri.doghonadze@gmail.com>, 2022.
+# Temuri Doghonadze <temuri.doghonadze@gmail.com>, 2022-2024.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow-utils\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
-"PO-Revision-Date: 2022-08-22 02:33+0200\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
+"PO-Revision-Date: 2024-02-08 06:13+0100\n"
 "Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n"
 "Language-Team: Georgian <(nothing)>\n"
 "Language: ka\n"
@@ -16,226 +16,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 3.1.1\n"
-
-#, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr "%s ბევრჯერ�� ნ�ხსენები %s-ში. ჩ��სწ�რეთ pwck-ით �ნ grpck-ით.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "crypt-ის მეთ�დი �რ�� მხ�რდ�ჭერილი libcrypt-ის მიერ? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-"კ�ნფიგურ�ციის შეცდ�მ� - %s-ის მნიშვნელ�ბის დ�მუშ�ვებ� შეუძლებელი�: '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "კ�ნფიგურ�ციის ინფ�რმ�ციისთვის სივრცის გ�მ�ყ�ფ� შეუძლებელი�.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"კ�ნფიგურ�ციის შეცდ�მ� - უცნ�ბი ჩ�ნ�წერი '%s' (შე�ტყ�ბინეთ �დმინისტრ�ტ�რს)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd ნ�რმ�ლურ�დ �რ დ�სრულებულ� (სიგნ�ლი %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd გ�მ�ვიდ� სტ�ტუსით %d\n"
-
-msgid "Password: "
-msgstr "პ�რ�ლი: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s-ის პ�რ�ლი: "
-
-msgid "Cannot open audit interface.\n"
-msgstr "�უდიტის ინტერფეისის გ�ხსნის შეცდ�მ�.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr "%s: SELinux-ის პრ�ცესის წინ� კ�ნტექსტის მიღების შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "SELinux-ის მ�რთვის დ�მმუშ�ვებლის შექმნ� შეუძლებელი�\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux-ის პ�ლიტიკ� მ�რთული �რ��\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "SELinux-ის პ�ლიტიკის ს�ც�ვის წ�კითხვ� შეუძლებელი�\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "SELinux-ის მ�რთვის შეერთების შექმნ� შეუძლებელი�\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "SELinux-ის ტრ�ნზ�ქციის დ�წყების შეცდ�მ�\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "%s-ის გ�მ�თხ�ვ� seuser-დ�ნ შეუძლებელი�\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "%s-სთვის serange-ის დ�ყენებ� შეუძლებელი�\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "%s-სთვის sename-ის დ�ყენებ� შეუძლებელი�\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "მ�მხმ�რებლის ს�ხელის ბმების ჩ�სწ�რებ� %s-სთვის შეუძლებელი�\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s-ზე SELinux-ის მ�მხმ�რებლის ს�ხელის ბმის შექმნ� შეუძლებელი�\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "%s-სთვის ს�ხელის დ�ყენების შეცდ�მ�\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "%s-სთვის SELinux-ის მ�მხმ�რებლის დ�ყენების შეცდ�მ�\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "%s-სთვის მ�მხმ�რებლის ს�ხელის ბმის შექმნის შეცდ�მ�\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "SELinux-ის მ�რთვის ინიცი�ლიზ�ციის შეცდ�მ�\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "SELinux-ის მ�მხმ�რებლის გ�ს�ღების შექმნის შეცდ�მ�\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "SELinux-ის მ�მხმ�რებლის შემ�წმების შეცდ�მ�\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "SELinux-ის მ�ხმ�რებლების ბმების შეცვლს შეცდ�მ�\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "SELinux-ის მ�მხმ�რებლის ბმის დ�მ�ტების შეცდ�მ�\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "SELinux-ის ტრ�ნზ�ქციის გ�დ�ცემის შეცდ�მ�\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"მ�მხმ�რებლის ს�ხელის ბმ� %s-თვის გ�ნს�ზღვრული �რ��. OK, თუ ნ�გულისხმები ბმ� "
-"იქნ� გ�მ�ყენებული\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "მ�მხმ�რებლის ს�ხელი %s პ�ლიტიკ�ში� გ�წერილი. მისი წ�შლ� შეუძლებელი�\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "მ�მხმ�რებლის ს�ხელის ბმის წ�შლ� %s-სთვის შეუძლებელი�"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: �რ�ს�კმ�რისი მეხსიერებ�\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: %s-ის �ღმ�ჩენის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s �რც ს�ქ�ღ�ლდე�, �რც სიმბმული.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: სიმბმულის წ�კითხვის შეცდ�მ� %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: ს�ეჭვ�დ გრძელი სიმბმული %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s ს�ქ�ღ�ლდის (%s) შექმნის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: %s-ის მფლ�ბელის შეცვლის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: %s-ის რეჟიმის შეცვლის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: წ�შლ�: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: ს�ქ�ღ�ლდის (%s) წ�შლის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: %s-ის ს�ხელის %s-მდე გ�დ�რქმევ� შეუძლებელი�: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: %s-ის წ�შლ� შეუძლებელი�: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: სიმბმულის (%s) შექმნის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: %s-ის მფლ�ბელების შეცვლის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: %s-ის lstat-ის შეცდ�მ�: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: გ�ფრთხილებ�: მ�მხმ�რებელს (%s) tcb shadow ფ�ილი �რ გ��ჩნი�.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: გ�დ�უდებელი შემთხვევ�: %s tcb ჩრდილი �რ �რის რეგულ�რული ფ�ილი st_nlink=1-"
-"ით.\n"
-"�ნგ�რიში ჩ�კეტილი�.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: %s-ის გ�ხსნის შეცდ�მ�: %s\n"
+"X-Generator: Poedit 3.3.2\n"
 
 #, c-format
 msgid "Warning: unknown group %s\n"
@@ -284,14 +65,20 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: %s-ის გ�ნბლ�კვის შეცდ�მ�\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr "%s ბევრჯერ�� ნ�ხსენები %s-ში. ჩ��სწ�რეთ pwck-ით �ნ grpck-ით.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "გ�რემ� გ�დ�ვსებული�\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "crypt-ის მეთ�დი �რ�� მხ�რდ�ჭერილი libcrypt-ის მიერ? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -406,8 +193,17 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: უნიკ�ლური UID-ის მიღების შეცდ�მ� (ხელმის�წვდ�მი UID-ების გ�რეშე)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr "%s: �რ�ს�კმ�რისი �რგუმენტები %u ბმის ჩ�მ�ს�ყ�ლიბებლ�დ\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+"კ�ნფიგურ�ციის შეცდ�მ� - %s-ის მნიშვნელ�ბის დ�მუშ�ვებ� შეუძლებელი�: '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "კ�ნფიგურ�ციის ინფ�რმ�ციისთვის სივრცის გ�მ�ყ�ფ� შეუძლებელი�.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"კ�ნფიგურ�ციის შეცდ�მ� - უცნ�ბი ჩ�ნ�წერი '%s' (შე�ტყ�ბინეთ �დმინისტრ�ტ�რს)\n"
 
 #, c-format
 msgid "%s: Memory allocation failure\n"
@@ -434,8 +230,8 @@ msgid "%s: Could not set caps\n"
 msgstr "%s: caps-ების დ�ყენების შედ�მ�\n"
 
 #, c-format
-msgid "%s: snprintf failed!\n"
-msgstr "%s: snprintf -ის შეცდ�მ�!\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: stpeprintf ჩ�ვ�რდ�!\n"
 
 #, c-format
 msgid "%s: open of %s failed: %s\n"
@@ -445,9 +241,21 @@ msgstr "%s: %s -ის გ�ხსნის შეცდ�მ�: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: %s-ში ჩ�წერის შეცდ�მ�: %s\n"
 
+#, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: %s-ის დ�ხურვ� ჩ�ვ�რდ�: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "მეტისმეტ�დ ბევრი შესვლ�.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s მ�მხმ�რებლის ს�ხელი: "
+
 msgid "You have new mail."
 msgstr "თქვენთვის წერილი�."
 
@@ -457,6 +265,14 @@ msgstr "�ხ�ლი ელფ�სტის გ�რეშე."
 msgid "You have mail."
 msgstr "თქვენ გ�ქვთ ფ�სტ�."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd ნ�რმ�ლურ�დ �რ დ�სრულებულ� (სიგნ�ლი %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd გ�მ�ვიდ� სტ�ტუსით %d\n"
+
 msgid "no change"
 msgstr "ცვლილებების გ�რეშე"
 
@@ -469,9 +285,6 @@ msgstr "მხ�ლ�დ სიმბ�ლ�ების ზ�მ�"
 msgid "too similar"
 msgstr "ძ�ლი�ნ ჰგ�ვს"
 
-msgid "too simple"
-msgstr "ძ�ლი�ნ მ�რტივი�"
-
 msgid "rotated"
 msgstr "შემ�ბრუნებული"
 
@@ -517,6 +330,13 @@ msgstr ""
 "%s: (მ�მხმ�რებელი %s) pam_chauthtok() -ის შეცდ�მ�:\n"
 "%s\n"
 
+msgid "Password: "
+msgstr "პ�რ�ლი: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s-ის პ�რ�ლი: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "�რ�სწ�რი პ�რ�ლი %s-სთვის.\n"
@@ -543,16 +363,12 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: chroot ს�ქ�ღ�ლდის (%s) წვდ�მის შეცდ�მ�: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: chroot ს�ქ�ღ�ლდეზე (%s) chdir-ის შეცდ�მ�: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: ს�ქ�ღ�ლდეზე (%s) chroot-ი შეუძლებელი�: %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr "შემთხვევითი ბ�იტების მიღების შეცდ�მ�.\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: chroot ს�ქ�ღ�ლდეში (%s) chdir-ის შეცდ�მ�: %s\n"
 
 #, c-format
 msgid ""
@@ -572,6 +388,107 @@ msgstr ""
 "პ�რ�მეტრები ENCRYPT_METHOD-ში დ� შეს�ბ�მის კ�ნფიგურ�ცი�ში თქვენს მიერ "
 "�რჩეული ჰეშის მეთ�დისთვის.\n"
 
+msgid "Cannot open audit interface.\n"
+msgstr "�უდიტის ინტერფეისის გ�ხსნის შეცდ�მ�.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr "%s: SELinux-ის პრ�ცესის წინ� კ�ნტექსტის მიღების შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "SELinux-ის მ�რთვის დ�მმუშ�ვებლის შექმნ� შეუძლებელი�\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux-ის პ�ლიტიკ� მ�რთული �რ��\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "SELinux-ის პ�ლიტიკის ს�ც�ვის წ�კითხვ� შეუძლებელი�\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "SELinux-ის მ�რთვის შეერთების შექმნ� შეუძლებელი�\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "SELinux-ის ტრ�ნზ�ქციის დ�წყების შეცდ�მ�\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "%s-ის გ�მ�თხ�ვ� seuser-დ�ნ შეუძლებელი�\n"
+
+#, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "%s-სთვის serange-ის %s-ზე დ�ყენებ� შეუძლებელი�\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "%s-სთვის sename-ის დ�ყენებ� შეუძლებელი�\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "მ�მხმ�რებლის ს�ხელის ბმების ჩ�სწ�რებ� %s-სთვის შეუძლებელი�\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s-ზე SELinux-ის მ�მხმ�რებლის ს�ხელის ბმის შექმნ� შეუძლებელი�\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "%s-სთვის ს�ხელის დ�ყენების შეცდ�მ�\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "%s-სთვის SELinux-ის მ�მხმ�რებლის დ�ყენების შეცდ�მ�\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "%s-სთვის მ�მხმ�რებლის ს�ხელის ბმის შექმნის შეცდ�მ�\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "SELinux-ის მ�რთვის ინიცი�ლიზ�ციის შეცდ�მ�\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "SELinux-ის მ�მხმ�რებლის გ�ს�ღების შექმნის შეცდ�მ�\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "SELinux-ის მ�მხმ�რებლის შემ�წმების შეცდ�მ�\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "SELinux-ის მ�ხმ�რებლების ბმების შეცვლს შეცდ�მ�\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "SELinux-ის მ�მხმ�რებლის ბმის დ�მ�ტების შეცდ�მ�\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "SELinux-ის ტრ�ნზ�ქციის გ�დ�ცემის შეცდ�მ�\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"მ�მხმ�რებლის ს�ხელის ბმ� %s-თვის გ�ნს�ზღვრული �რ��. OK, თუ ნ�გულისხმები ბმ� "
+"იქნ� გ�მ�ყენებული\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "მ�მხმ�რებლის ს�ხელი %s პ�ლიტიკ�ში� გ�წერილი. მისი წ�შლ� შეუძლებელი�\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "მ�მხმ�რებლის ს�ხელის ბმის წ�შლ� %s-სთვის შეუძლებელი�"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "ს�ქ�ღ�ლდის %s-ზე შეცვლ� შეუძლებელი�\n"
@@ -584,6 +501,10 @@ msgid "Cannot execute %s"
 msgstr "%s-ის შესრულების შეცდ�მ�"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr "მიღწეული� ქვესისტემის მ�ქსიმ�ლური სიღრმე\n"
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "%s �რ�სწ�რი root ს�ქ�ღ�ლდე�\n"
 
@@ -592,6 +513,87 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Root ს�ქ�ღ�ლდის %s-ზე შეცვლ� შეუძლებელი�\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: %s-ის �ღმ�ჩენის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s �რც ს�ქ�ღ�ლდე�, �რც სიმბმული.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: სიმბმულის წ�კითხვის შეცდ�მ� %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: ს�ეჭვ�დ გრძელი სიმბმული %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s ს�ქ�ღ�ლდის (%s) შექმნის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: %s-ის მფლ�ბელის შეცვლის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: %s-ის რეჟიმის შეცვლის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: წ�შლ�: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: ს�ქ�ღ�ლდის (%s) წ�შლის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: %s-ის ს�ხელის %s-მდე გ�დ�რქმევ� შეუძლებელი�: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: %s-ის წ�შლ� შეუძლებელი�: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: სიმბმულის (%s) შექმნის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: %s-ის მფლ�ბელების შეცვლის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: %s-ის lstat-ის შეცდ�მ�: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: გ�ფრთხილებ�: მ�მხმ�რებელს (%s) tcb shadow ფ�ილი �რ გ��ჩნი�.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: გ�დ�უდებელი შემთხვევ�: %s tcb ჩრდილი �რ �რის რეგულ�რული ფ�ილი st_nlink=1-"
+"ით.\n"
+"�ნგ�რიში ჩ�კეტილი�.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: %s-ის გ�ხსნის შეცდ�მ�: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: მ�მხმ�რებელი %s �მჟ�მ�დ შემ�სული�\n"
 
@@ -661,6 +663,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_DIR         ს�ქ�ღ�ლდე chroot-ისთვის\n"
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -P, --prefix PREFIX_DIR        პრეფიქსი ს�ქ�ღ�ლდე\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -689,12 +694,15 @@ msgstr "პ�რ�ლი �რ��ქტიური�"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "�ნგ�რიშის ვ�დის თ�რიღი (წწწწ-თთ-დდ)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "პ�რ�ლის ბ�ლ� ცვლილებ�\t\t\t\t\t: "
-
 msgid "never"
 msgstr "�რ�ს�დეს"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "პ�რ�ლის ბ�ლ� ცვლილებ�\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "ს�ჭირ�� პ�რ�ლის შეცვლ�"
 
@@ -871,14 +879,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: მ�მხმ�რებელი \"%s\" �რ �რსებ�ბს\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: მ�მხმ�რებლის '%s' შეცვლ� NIS კლიენტზე შეუძლებელი�.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' NIS-ის მთ�ვ�რი სერვერი� �მ კლიენტისთვის.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%s-ის მ�მხმ�რებლის ინფ�რმ�ციის ცვლილებ�\n"
 
@@ -914,6 +914,10 @@ msgstr ""
 "                                დ� YESCRYPT დ�შიფვრის �ლგ�რითმებისთვის\n"
 
 #, c-format
+msgid "%s: no crypt method defined\n"
+msgstr "%s: დ�შიფვრის მეთ�დი �ღწერილი �რ��\n"
+
+#, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: �ლ�მი %s მხ�ლ�დ �ლ�მ %s -სთ�ნ ერთ�დ�� ნებ�დ�რთული\n"
 
@@ -966,6 +970,14 @@ msgid "Login Shell"
 msgstr "შესვლს გ�რსი"
 
 #, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "ვერ დ�ვ�მუშ�ვე გ�რსის ფ�ილები: %s"
+
+#, c-format
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "გ�რსის ფ�ილების ჩ�ნ�წერების შეფ�სებ� შეუძლებელი�: %s"
+
+#, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "%s-ის გ�რსის შეცვლ� �რ შეგიძლი�თ.\n"
 
@@ -978,6 +990,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: �რ�სწ�რი ჩ�ნ�წერი: %s\n"
 
 #, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: გ�ფრთხილებ�: %s �რ�სწ�რი გ�რსი�\n"
+
+#, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s �რ�სწ�რი გ�რსი�\n"
 
@@ -1222,9 +1238,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  სისტემური �ნგ�რიშის შექმნ�\n"
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -P, --prefix PREFIX_DI        პრეფიქსი ს�ქ�ღ�ლდე\n"
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -U, --users USERS             �მ ჯგუფის წევრების სი�\n"
 
@@ -1237,6 +1250,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s ჯგუფის სწ�რ ს�ხელს �რ წ�რმ��დგენს\n"
 
 #, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: %s-ის გ�ხსნის შეცდ�მ�: %s\n"
+
+#, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: ჯგუფის �რ�სწ�რი ID '%s'\n"
 
@@ -1282,14 +1299,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: ჯგუფი '%s' �რ �რსებ�ბს\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: ჯგუფი '%s' NIS ჯგუფი�\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s NIS-ის მთ�ვ�რი�\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: მ�მხმ�რებელი '%s' უკვე წ�რმ��დგენს '%s'-ის წევრს\n"
 
@@ -1385,10 +1394,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: �რ�სწ�რი ჯგუფის ს�ხელი \"%s\"\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: ჯგუფი '%s' NIS ჯგუფი�\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: უცნ�ბი მ�მხმ�რებელი %s\n"
 
@@ -1516,7 +1521,7 @@ msgstr ""
 "ჩ�ნ�წერების ჩვენებ�\n"
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   მ�მხმ�რებლის lastlog ჩ�ნ�წერის გ�სუფთ�ვებ� "
@@ -1622,11 +1627,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: root-ის უფლებებით �ლბ�თ ვერ ვიმუშ�ვებ\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"\"utmp\"-ის ჩ�ნ�წერი �რ �რსებ�ბს.  \"login\"-ი \"sh\"-ის უმდ�ბლესი დ�ნიდ�ნ "
-"უნდ� გ�უშვ�თ"
-
 #, c-format
 msgid ""
 "\n"
@@ -1661,14 +1661,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "მ�მხმ�რებლის (%s) პ�ვნ� შეუძლებელი�\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s მ�მხმ�რებლის ს�ხელი: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: გ�ნტ�ტვის შეცდ�მ�: %s"
 
@@ -1704,10 +1696,11 @@ msgstr "%s: gid -ის დიáƒ�პáƒ�ზáƒ�ნი [%lu-%lu) -> [%lu-%lu) დáƒ
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
-"გ�მ�ყენებ�: %s <pid> <gid> <lowergid> <რ��დენ�ბ�> [ <gid> <lowergid> "
-"<რ��დენ�ბ�> ] ... \n"
+"გ�მ�ყენებ�: %s [<pid|fd:<pidfd>] <gid> <lowergid> <რ��დენ�ბ�> [ <gid> "
+"<lowergid> <რ��დენ�ბ�> ] ... \n"
 
 #, c-format
 msgid "%s: kernel doesn't support setgroups restrictions\n"
@@ -1730,20 +1723,16 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: setgroups-ის შეცდ�მ� %s პ�ლიტიკ�: %s\n"
 
 #, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: proc ს�ქ�ღ�ლდის გ�ხსნის შეცდ�მ� ს�მიზნისთვის %u\n"
-
-#, c-format
-msgid "%s: Could not stat directory for target %u\n"
-msgstr "%s: ს�ქ�ღ�ლდის �ღმ�ჩენის შეცდ�მ� ს�მიზნისთვის: %u\n"
+msgid "%s: Could not stat directory for process\n"
+msgstr "%s: ს�ქ�ღ�ლდის �ღმ�ჩენის შეცდ�მ� პრ�ცესისთვის\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
-"%s: ს�მიზნე %u სხვ� მ�მხმ�რებლის��: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu "
-"pw_gid:%lu st_gid:%lu\n"
+"%s: ს�მიზნე პრ�ცესის მფლ�ბელი სხვ� მ�მხმ�რებელი�: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "გ�მ�ყენებ�: newgrp [-] [ჯგუფი]\n"
@@ -1775,18 +1764,15 @@ msgstr "%s: uid -ის დიáƒ�პáƒ�ზáƒ�ნი [%lu-%lu) -> [%lu-%lu) დáƒ
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
-"გ�მ�ყენებ�: %s <pid> <uid> <loweruid> <რ��დენ�ბ�> [ <uid> <loweruid> "
-"<რ��დენ�ბ�> ] ... \n"
+"გ�მ�ყენებ�: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <რ��დენ�ბ�> [ <uid> "
+"<loweruid> <რ��დენ�ბ�> ] ... \n"
 
 #, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
-"%s: ს�მიზნე პრ�ცესი %u სხვ� მ�მხმ�რებლით�� გ�შვებული: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: ს�ქ�ღ�ლდის �ღმ�ჩენის შეცდ�მ� ს�მიზნე პრ�ცესისთვის\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr "      -b, --badname                 ს�ხელების სისწ�რე �რ შემ�წმდებ�\n"
@@ -1808,6 +1794,10 @@ msgstr ""
 "%s: მ�მხმ�რებლის �რ�სწ�რი ს�ხელი '%s': დ�ს�იგნ�რებლ�დ გ�მ�იყენეთ --badname\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr "%s: მი�წ�დეთ '--crypt-method', წრეების რ��დენ�ბ�მდე\n"
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: ხ�ზი %d: �რ�სწ�რი ხ�ზი\n"
 
@@ -1830,6 +1820,10 @@ msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: ხ�ზი %d: მ�მხმ�რებელი '%s' %s-ში �რ �რსებ�ბს\n"
 
 #, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: ხ�ზი %d: %s\n"
+
+#, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: ხ�ზი %d: პ�რ�ლის გ�ნ�ხლებ� შეუძლებელი�\n"
 
@@ -1850,14 +1844,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: ხ�ზი %d: ჩ�ნ�წერის გ�ნ�ხლების შეცდ�მ�\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: �ხ�ლი %s ჩ�ნ�წერის მ�მზ�დების შეცდ�მ�\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: დ�ქვემდებ�რებული მ�მხმ�რებლის დი�პ�ზ�ნის პ�ვნ� შეუძლებელი�\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: �ხ�ლი %s ჩ�ნ�წერის მ�მზ�დების შეცდ�მ�\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: დ�ქვემდებ�რებული ჯგუფის დი�პ�ზ�ნის პ�ვნ� შეუძლებელი�\n"
 
@@ -1934,6 +1928,9 @@ msgstr ""
 "რ��დენ�ბის \n"
 "                                MAX_DAYS-ზე დ�ყენებ�\n"
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -s, --stdin                    �ხ�ლი კ�დების stdin-დ�ნ წ�კითხვ�\n"
+
 msgid "Old password: "
 msgstr "ძველი პ�რ�ლი: "
 
@@ -1953,6 +1950,11 @@ msgstr ""
 "შეიყვ�ნეთ �ხ�ლი პ�რ�ლი (მინიმუმ %d, მ�ქსიმუმ %d სიმბ�ლ�)\n"
 "გ�მ�იყენეთ დიდი დ� პ�ტ�რ� �ს�ების� დ� რიცხვების კ�მბინ�ცი�.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: ველები ძ�ლი�ნ გრძელი�\n"
+
 msgid "New password: "
 msgstr "�ხ�ლი პ�რ�ლი: "
 
@@ -1996,6 +1998,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: მხ�რდ�უჭერელი რეპ�ზიტ�რი�: %s\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+"%s: --stdin/-s პ�რ�მეტრის გ�მ�ყენებ�, მხ�ლ�დ, root მ�მხმ�რებელს შეუძლი�\n"
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 "%s: root-ს %s-ისთვის პ�რ�ლის შეცვლისთვის SELinux-ის �ვტ�რიზ�ცი� �რ გ��ჩნი�\n"
@@ -2148,11 +2155,9 @@ msgstr "%s: სიგნ�ლის გ�უმ�რთ��ბ�\n"
 msgid "Session terminated, terminating shell..."
 msgstr "სესი� გ�წყდ�. გ�რსის დ�სრულებ�...."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr "  ...მ�კლული�.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ... ველ�დები შვილი პრ�ცესების დ�სრულებ�ს.\n"
 
@@ -2230,6 +2235,10 @@ msgid "No passwd entry for user '%s'\n"
 msgstr "Passwd ფ�ილში მ�მხმ�რებლისთვის \"%s\" ჩ�ნ�წერი �რ �რსებ�ბს\n"
 
 #, c-format
+msgid "Overlong user name '%s'\n"
+msgstr "მეტისმეტ�დ გრძელი მ�მხმ�რებლის ს�ხელი '%s'\n"
+
+#, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: ტერმინ�ლიდ�ნ გ�შვებ� �უცილებელი�\n"
 
@@ -2275,6 +2284,15 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: %s-ის კ�ნფიგურ�ცი� %s-ში იგნ�რირებული იქნებ�\n"
 
 #, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+"%s: '%s'-ის კ�ნფიგურ�ცი�ს %s-ში �რ�სწ�რი ჯგუფი �ქვს. �რ�სწ�რი ჯგუფების "
+"გ�მ�ტ�ვებ�\n"
+"\n"
+
+#, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: ნ�გულისხმები მნიშვნელ�ბების შემცველი ფ�ილის შექმნის შეცდ�მ�; %s\n"
 
@@ -2285,10 +2303,6 @@ msgstr ""
 "შეუძლებელი�\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: ნ�გულისხმები მნიშვნელ�ბების შემცველი ფ�ილის შექმნის შეცდ�მ�\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: ნ�გულისხმები მნიშვნელ�ბების შემცველი ფ�ილის გ�ხსნის შეცდ�მ�\n"
 
@@ -2305,10 +2319,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: გ�დ�რქმევ�: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: ჯგუფი '%s' NIS ჯგუფი�.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: მითითებული� მეტისმეტ�დ ბევრი ჯგუფი (მ�ქს %d).\n"
 
@@ -2374,6 +2384,8 @@ msgid ""
 "  -F, --add-subids-for-system   add entries to sub[ud]id even when adding a "
 "system user\n"
 msgstr ""
+"  -F, --add-subids-for-system   ჩ�ნ�წერების დ�მ�ტებ� sub[ud]id-ში სისტემური "
+"მ�მხმ�რებლის დ�მ�ტების დრ�ს�ც კი\n"
 
 msgid ""
 "  -g, --gid GROUP               name or ID of the primary group of the new\n"
@@ -2442,8 +2454,15 @@ msgid ""
 "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user "
 "mapping\n"
 msgstr ""
-"  -Z, --selinux-user SEUSER     SELinux -ის მ�მხმ�რებელთ�ნ ბმისთვის "
-"მითითებული SEUSER -ის გ�მ�ყენებ�\n"
+"  -Z, --selinux-user SEUSER     მითითებული SEUSER -ის გ�მ�ყენებ� SELinux-ის "
+"მ�მხმ�რებლის �ს�ხვისთვის\n"
+
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  --selinux-user SERANGE     მითითებული MLS შუ�ლედის გ�მ�ყენებ� SELinux-ის "
+"მ�მხმ�რებლის �ს�ხვისთვის\n"
 
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
@@ -2576,6 +2595,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "ს�ფ�სტ� ყუთის ფ�ილის წვდ�მების დ�ყენებ�"
 
+msgid "Synchronize mailbox file"
+msgstr "ს�ფ�სტ� ყუთის ფ�ილის სინქრ�ნიზ�ცი�"
+
+msgid "Closing mailbox file"
+msgstr "ს�ფ�სტ� ყუთის ფ�ილის დ�ხურვ�"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2707,10 +2732,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: %s-ის tcb ფ�ილების წ�შლის შეცდ�მ�: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: მ�მხმ�რებელი %s NIS მ�მხმ�რებელი�\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s -ის ს�წყისი ს�ქ�ღ�ლდე (%s) ვერ ვიპ�ვე\n"
 
@@ -2841,6 +2862,12 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     �ნგ�რიშის SELinux -ის მითითებულ "
 "მ�მხმ�რებელზე მიბმ�\n"
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  --selinux-range SERANGE     �ხ�ლი SELinux MLS შუ�ლედი მ�მხმ�რებლის "
+"�ნგ�რიშისთვის\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2919,16 +2946,13 @@ msgstr "%s: ძველი ს�წყისი ს�ქ�ღ�ლდის
 msgid "%s: cannot rename directory %s to %s\n"
 msgstr "%s: ს�ქ�ღ�ლდის ს�ხელის %s-დ�ნ %s-ზე გ�დ�რქმევის შეცდ�მ�\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "%s: The previous home directory (%s) was not a directory. It is not "
-#| "removed and no home directories are created.\n"
+#, c-format
 msgid ""
 "%s: The previous home directory (%s) does not exist or is inaccessible. Move "
 "cannot be completed.\n"
 msgstr ""
-"%s: წინ� ს�წყისი ს�ქ�ღ�ლდე (%s) ს�ქ�ღ�ლდეს �რ წ�რმ��დგენდ�, �მიტ�მ ის �რ "
-"წ�შლილ� დ� �რც ს�ქ�ღ�ლდე შექმნილ�.\n"
+"%s: წინ� ს�წყისი ს�ქ�ღ�ლდე (%s) �რ �რსებ�ბს �ნ ხელმის�წვდ�მი �რ��. გ�დ�ტ�ნის "
+"დ�სრულებ� შეუძლებელი�.\n"
 
 #, c-format
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
@@ -2937,12 +2961,24 @@ msgstr ""
 "შეცდ�მ�: %s\n"
 
 #, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: lastlog-ის ჩ�ნ�წერის ერთი მ�მხმ�რებლიდ�ნ (%ju) მე�რეზე (%ju) კ�პირების "
+"შეცდ�მ�: %s\n"
+
+#, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: faillog -ის ჩ�ნ�წერის ერთი მ�მხმ�რებლიდ�ნ (%lu) მე�რეზე (%lu) კ�პირების "
 "შეცდ�მ�: %s\n"
 
 #, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: faillog -ის ჩ�ნ�წერის ერთი მ�მხმ�რებლიდ�ნ (%ju) მე�რეზე (%ju) კ�პირების "
+"შეცდ�მ�: %s\n"
+
+#, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: გ�ფრთხილებ�: %s-ის მფლ�ბელი %s �რ��\n"
 
@@ -3042,8 +3078,8 @@ msgstr "მ�ნ�ხ�ზის ფ�ილის წ�შლის შე
 msgid "failed to stat edited file"
 msgstr "რედ�ქტირებული ფ�ილის �ღმ�ჩენ� შეუძლებელი�"
 
-msgid "failed to allocate memory"
-msgstr "მეხსიერების გ�მ�ყ�ფის შეცდ�მ�"
+msgid "asprintf(3) failed"
+msgstr "asprintf(3) ჩ�ვ�რდ�"
 
 msgid "failed to create backup file"
 msgstr "მ�რქ�ფის ფ�ილის შექმნის შეცდ�მ�"
@@ -3055,3 +3091,69 @@ msgstr "%s: %s-ის �ღდგენის შეცდ�მ�: %s (თქ
 #, c-format
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: %s-სთვის tcb ს�ქ�ღ�ლდის პ�ვნის შეცდ�მ�\n"
+
+#~ msgid "Environment overflow\n"
+#~ msgstr "გ�რემ� გ�დ�ვსებული�\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: მ�მხმ�რებლის '%s' შეცვლ� NIS კლიენტზე შეუძლებელი�.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' NIS-ის მთ�ვ�რი სერვერი� �მ კლიენტისთვის.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: ჯგუფი '%s' NIS ჯგუფი�\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s NIS-ის მთ�ვ�რი�\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: ჯგუფი '%s' NIS ჯგუფი�\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: ნ�გულისხმები მნიშვნელ�ბების შემცველი ფ�ილის შექმნის შეცდ�მ�\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: ჯგუფი '%s' NIS ჯგუფი�.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: მ�მხმ�რებელი %s NIS მ�მხმ�რებელი�\n"
+
+#, c-format
+#~ msgid "%s: Not enough arguments to form %u mappings\n"
+#~ msgstr "%s: �რ�ს�კმ�რისი �რგუმენტები %u ბმის ჩ�მ�ს�ყ�ლიბებლ�დ\n"
+
+#~ msgid "too simple"
+#~ msgstr "ძ�ლი�ნ მ�რტივი�"
+
+#, c-format
+#~ msgid "Unable to obtain random bytes.\n"
+#~ msgstr "შემთხვევითი ბ�იტების მიღების შეცდ�მ�.\n"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "\"utmp\"-ის ჩ�ნ�წერი �რ �რსებ�ბს.  \"login\"-ი \"sh\"-ის უმდ�ბლესი "
+#~ "დ�ნიდ�ნ უნდ� გ�უშვ�თ"
+
+#, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: proc ს�ქ�ღ�ლდის გ�ხსნის შეცდ�მ� ს�მიზნისთვის %u\n"
+
+#, c-format
+#~ msgid ""
+#~ "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+#~ "%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+#~ msgstr ""
+#~ "%s: ს�მიზნე %u სხვ� მ�მხმ�რებლის��: uid:%lu pw_uid:%lu st_uid:%lu, gid:"
+#~ "%lu pw_gid:%lu st_gid:%lu\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "მეხსიერების გ�მ�ყ�ფის შეცდ�მ�"
diff --git a/po/kk.gmo b/po/kk.gmo
index fd80ba3..ccf7c73 100644
--- a/po/kk.gmo
+++ b/po/kk.gmo
diff --git a/po/kk.po b/po/kk.po
index c7129d4..eb67d72 100644
--- a/po/kk.po
+++ b/po/kk.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadowutils\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2017-02-07 17:09+0500\n"
 "Last-Translator: Baurzhan Muftakhidinov <baurthefirst@gmail.com>\n"
 "Language-Team: Kazakh <kk_KZ@googlegroups.com>\n"
@@ -19,226 +19,6 @@ msgstr ""
 "X-Generator: Poedit 1.8.11\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"'%s' атындағы %s ішінде бірнеше жазба бар. Оны pwck не grpck көмегімен "
-"дұры�таңыз.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "шифрлеу тә�іліне libcrypt-тан қолдау жоқ па? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "баптаулар қате�і - %s мәнін талдау мүмкін еме�: '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Баптауларды жүктеу үшін орын жоқ.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "баптау қате�і - белгі�із �лемент '%s' (админи�траторға хабарла�ыңыз)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd өз жұмы�ын дұры� а�қтаған жоқ (%d �игналымен)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd %d қалып-күймен өз жұмы�ын а�қтады\n"
-
-msgid "Password: "
-msgstr "Пароль: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s пайдаланушының паролі: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "�удит интерфей�ін ашу мүмкін еме� - шығу.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "SELinux ба�қарушы ұ�тағышын жа�ау мүмкін еме�\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux �а��аты ба�қарылып жатқан жоқ\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "SELinux �а��аттарын �ақтау қорын оқу �әт�із\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "SELinux ба�қарушы байланы�ын орнату мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "SELinux әрекетін ба�тау мүмкін еме�\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "seuser %s үшін �ұрау �әт�із\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "%s үшін serange орнату мүмкін еме�\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "%s үшін sename орнату мүмкін еме�\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "%s үшін тіркелгі �әйке�тігін түзету мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s үшін SELinux тіркелгі �әйке�тігін жа�ау мүмкін еме�\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "%s үшін атын орнату мүмкін еме�\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "%s үшін SELinux пайдаланушы�ын орнату мүмкін еме�\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "%s үшін тіркелгі �әйке�тігін қо�у мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "SELinux ба�қаруын і�ке қо�у мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "SELinux пайд.-шы кілтін жа�ау мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "SELinux пайдаланушы�ын тек�еру мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "SELinux пайд. �әйке�тігін түзету мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "SELinux пайд. �әйке�тігін қо�у мүмкін еме�\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "SELinux әрекетін і�ке а�ыру мүмкін еме�\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"%s үшін тіркелгі �әйке�тігі анықталмаған, ба�тапқы �әйке�тк қолданылған "
-"бол�а ОК\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "%s үшін тіркелгі �әйке�тігі �а��атта анықталған, өшіруге мүмкін еме�\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "%s үшін тіркелгі �әйке�тігін өшіру мүмкін еме�"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: жады жеткілік�із\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: %s табылмады: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s бума да, �ілтеме де еме�.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: %s �имволдық �ілтеме�ін оқу мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Күдіктілі ұзын �имволдық �ілтеме: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: %s бума�ын жа�ау мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: %s үшін иені ауы�тыру мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: %s үшін режимді ауы�тыру мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: unlink: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: %s бума�ын өшіру мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: %s атын %s етіп орнату мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: %s өшіру мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: %s �имволдық �ілтеме�ін жа�ау мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: %s үшін иелерді өзгерту мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: lstat %s мүмкін еме�: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Е�керту, %s пайдаланушы�ында tcb shadow файлы жоқ.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Төтенше жағдай: %s үшін tcb shadow қалыпты, st_nlink=1, файл еме�.\n"
-"Тіркелгі блокталған күйінде қалдырылады.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: %s ашу мүмкін еме�: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Е�керту: белгі�із топ %s\n"
 
@@ -285,14 +65,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: %s бо�ату �әт�із\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"'%s' атындағы %s ішінде бірнеше жазба бар. Оны pwck не grpck көмегімен "
+"дұры�таңыз.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Орындалу орта айнымалыларының шектен көп �аны\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "шифрлеу тә�іліне libcrypt-тан қолдау жоқ па? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -404,8 +192,15 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s:  Ерекше жүйелік UID алу мүмкін еме� (бо� UID-тар қалмады)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "баптаулар қате�і - %s мәнін талдау мүмкін еме�: '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Баптауларды жүктеу үшін орын жоқ.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "баптау қате�і - белгі�із �лемент '%s' (админи�траторға хабарла�ыңыз)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -435,9 +230,10 @@ msgstr "%s үшін атын орнату мүмкін еме�\n"
 msgid "%s: Could not set caps\n"
 msgstr "%s үшін атын орнату мүмкін еме�\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: жол %d: chown %s �әт�із: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -449,9 +245,22 @@ msgstr "%s: жол %d: chown %s �әт�із: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: жол %d: chown %s �әт�із: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: жол %d: chown %s �әт�із: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Жүйеге кірудің шектен көп талап �аны.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s пайдаланушы аты: "
+
 msgid "You have new mail."
 msgstr "Сізде жаңа пошта бар."
 
@@ -461,6 +270,14 @@ msgstr "Пошта жоқ."
 msgid "You have mail."
 msgstr "Сізде пошта бар."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd өз жұмы�ын дұры� а�қтаған жоқ (%d �игналымен)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd %d қалып-күймен өз жұмы�ын а�қтады\n"
+
 msgid "no change"
 msgstr "өзгері�тер жоқ"
 
@@ -473,9 +290,6 @@ msgstr "өзгеріÑ�тер тек таңбалардың региÑ�тріндÐ
 msgid "too similar"
 msgstr "өте ұқ�а�"
 
-msgid "too simple"
-msgstr "өте оңай"
-
 msgid "rotated"
 msgstr "аударылған"
 
@@ -521,6 +335,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() ішіндегі %d қате�і\n"
 
+msgid "Password: "
+msgstr "Пароль: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s пайдаланушының паролі: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "%s үшін қате пароль.\n"
@@ -547,16 +368,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: %s chroot бума�ына қатынау мүмкін еме�: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: %s chroot бума�ына өту (chdir) мүмкін еме�: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: %s бума�ына chroot жа�ау мүмкін еме�: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: %s chroot бума�ына өту (chdir) мүмкін еме�: %s\n"
 
 #, c-format
 msgid ""
@@ -573,6 +391,110 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "�удит интерфей�ін ашу мүмкін еме� - шығу.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "SELinux ба�қарушы ұ�тағышын жа�ау мүмкін еме�\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux �а��аты ба�қарылып жатқан жоқ\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "SELinux �а��аттарын �ақтау қорын оқу �әт�із\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "SELinux ба�қарушы байланы�ын орнату мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "SELinux әрекетін ба�тау мүмкін еме�\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "seuser %s үшін �ұрау �әт�із\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "%s үшін serange орнату мүмкін еме�\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "%s үшін sename орнату мүмкін еме�\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "%s үшін тіркелгі �әйке�тігін түзету мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s үшін SELinux тіркелгі �әйке�тігін жа�ау мүмкін еме�\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "%s үшін атын орнату мүмкін еме�\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "%s үшін SELinux пайдаланушы�ын орнату мүмкін еме�\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "%s үшін тіркелгі �әйке�тігін қо�у мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "SELinux ба�қаруын і�ке қо�у мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "SELinux пайд.-шы кілтін жа�ау мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "SELinux пайдаланушы�ын тек�еру мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "SELinux пайд. �әйке�тігін түзету мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "SELinux пайд. �әйке�тігін қо�у мүмкін еме�\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "SELinux әрекетін і�ке а�ыру мүмкін еме�\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"%s үшін тіркелгі �әйке�тігі анықталмаған, ба�тапқы �әйке�тк қолданылған "
+"бол�а ОК\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "%s үшін тіркелгі �әйке�тігі �а��атта анықталған, өшіруге мүмкін еме�\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s үшін тіркелгі �әйке�тігін өшіру мүмкін еме�"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "'%s' бума�ына ауы�у мүмкін еме�\n"
@@ -585,6 +507,10 @@ msgid "Cannot execute %s"
 msgstr "%s орындау мүмкін еме�"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "'%s' түбірлік бума�ы қате\n"
 
@@ -593,6 +519,86 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Түбірлік бума�ын '%s' мәніне ауы�тыру мүмкін еме�\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: жады жеткілік�із\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: %s табылмады: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s бума да, �ілтеме де еме�.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: %s �имволдық �ілтеме�ін оқу мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Күдіктілі ұзын �имволдық �ілтеме: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: %s бума�ын жа�ау мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: %s үшін иені ауы�тыру мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: %s үшін режимді ауы�тыру мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: %s бума�ын өшіру мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: %s атын %s етіп орнату мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: %s өшіру мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: %s �имволдық �ілтеме�ін жа�ау мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: %s үшін иелерді өзгерту мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: lstat %s мүмкін еме�: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Е�керту, %s пайдаланушы�ында tcb shadow файлы жоқ.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Төтенше жағдай: %s үшін tcb shadow қалыпты, st_nlink=1, файл еме�.\n"
+"Тіркелгі блокталған күйінде қалдырылады.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: %s ашу мүмкін еме�: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: %s пайдаланушы�ы қазір жүйеге кіріп тұр\n"
 
@@ -670,6 +676,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_DIR         chroot үшін бума\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_DIR         chroot үшін бума\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -697,12 +708,15 @@ msgstr "Тіркелгіні күн өткенде �өндіру (күн �ан
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Тіркелгінің мерзімі а�қталатын күні (ЖЖЖЖ-��-КК)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Парольді �оңғы ауы�тыру\t\t\t\t\t: "
-
 msgid "never"
 msgstr "ешқашан"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Парольді �оңғы ауы�тыру\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "пароль өзгертілу керек"
 
@@ -877,14 +891,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: пайдаланушы '%s' жоқ болып тұр\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: NIS клиентінде '%s' пайдаланушыны ауы�тыруға мүмкін еме�.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' - бұл клиент үшін NIS �ервері.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%s үшін пайдаланушы ақпаратын өзгерту\n"
 
@@ -923,6 +929,11 @@ msgstr ""
 "  -s, --sha-rounds              SHA* текте� алгоритмдер үшін SHA\n"
 "                                раундтар �аны\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: қолдауы жоқ шифрлеу тә�ілі: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: %s жалауша�ын тек %s жалауша�ымен бірге қолдануға болады\n"
@@ -974,6 +985,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Қоршам"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: %s өлшемін алу мүмкін еме�: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: жаңа defaults файлын жа�ау мүмкін еме�\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Сіз '%s' үшін қоршамды өзгерте алмай�ыз.\n"
@@ -986,6 +1007,11 @@ msgstr "%s үшін қоршамды өзгерту\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Қате мән: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s дұры� қоршам еме�\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s дұры� қоршам еме�\n"
@@ -1230,11 +1256,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  жүйелік тіркелгіні жа�ау\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_DIR         chroot үшін бума\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    топ мүшелердің тізімін шығару\n"
@@ -1248,6 +1269,11 @@ msgstr "қате пайдаланушы аты '%s'\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s' дұры� топ аты еме�\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: %s ашу мүмкін еме�: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: қате топ ID-і '%s'\n"
@@ -1293,14 +1319,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: '%s' тобы жоқ болып тұр\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: '%s' тобы NIS тобы болып тұр\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s қазір NIS �ервері болып тұр\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: '%s' пайдаланушы�ы '%s' тобының мүше�і болып тұр\n"
 
@@ -1396,10 +1414,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: қате топ аты '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: %s тобы NIS тобы болып тұр\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: белгі�із пайдаланушы %s\n"
 
@@ -1524,8 +1538,12 @@ msgstr ""
 "  -b, --before КҮ�              мерзімі КҮ�нен үлкен ғана lastlog жазбаларын "
 "көр�ету\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   пайдаланушының lastlog жазба�ын тазарту (тек "
@@ -1629,11 +1647,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Эффективті root-�ыз жұмы� і�темеуі мүмкін\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Utmp жазба�ы жоқ. Сізге exec \"login\" команда�ын бірінші деңгейден \"sh\" "
-"қо�у керек"
-
 #, c-format
 msgid ""
 "\n"
@@ -1668,14 +1681,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Пайдаланушыны табу мүмкін еме� (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s пайдаланушы аты: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: үрді�ті ба�тау қате�і: %s"
 
@@ -1710,7 +1715,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1737,19 +1743,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: %s бо�ату �әт�із\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: %s үшін tcb бума�ын табу �әт�із\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: %s үшін tcb бума�ын жа�ау мүмкін еме�\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1782,14 +1783,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: %s үшін tcb бума�ын жа�ау мүмкін еме�\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1814,6 +1815,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: '%s' пайдаланушы аты қате\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: жол %d: жол қате\n"
 
@@ -1834,6 +1839,11 @@ msgstr "%s: жол %d: топты жа�ау мүмкін еме�\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: жол %d: '%s' пайдаланушы�ы %s ішінде жоқ\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: жол %d: парольді жаңарту мүмкін еме�\n"
@@ -1856,14 +1866,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: жол %d: жазбаны жаңарту мүмкін еме�\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: жаңа %s жазба�ын дайындау �әт�із а�қталды\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: бағынышты пайдаланушы ауқымын табу мүмкін еме�\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: жаңа %s жазба�ын дайындау �әт�із а�қталды\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: бағынышты топ ауқымын табу мүмкін еме�\n"
 
@@ -1942,6 +1952,12 @@ msgstr ""
 "етілген күн �анын\n"
 "                                MAX_DAYS мәніне орнату\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    тіркелгінің жұмы� уақыты ақпаратын көр�ету\n"
+
 msgid "Old password: "
 msgstr "�ғымдағы пароль:"
 
@@ -1961,6 +1977,11 @@ msgstr ""
 "Жаңа парольді енгізіңіз (минимум %d, мак�имум %d белгі бол�ын)\n"
 "Парольді ба�, кіші әріптер және �андарды арала�тыра қолданып құраңыз.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: жолдар өте ұзын\n"
+
 msgid "New password: "
 msgstr "Жаңа пароль:"
 
@@ -2004,6 +2025,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: %s репозиторийіне қолдау жоқ\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: тек root -g/--group опци��ын қолдана алады\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s пайдаланушының %s үшін паролді өзгертуге құқығы жоқ\n"
@@ -2156,11 +2182,9 @@ msgstr "%s: �игнал ақаулығы\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Се��и� тоқтатылды, қоршамды тоқтату..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...өлтірілді.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...ұрпақ үрді�тің тоқтатылуын күту.\n"
 
@@ -2248,6 +2272,11 @@ msgstr "%s: Сізде қазір su жа�ау үшін құқығыңыз жо
 msgid "No passwd entry for user '%s'\n"
 msgstr "'%s' пайд.-�ы үшін passwd жазба�ы жоқ\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "қате пайдаланушы аты '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: терминалда орындалуы керек\n"
@@ -2294,6 +2323,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: %s баптауы,  ол %s ішінде, е�епке алынбайды\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: %s баптауы,  ол %s ішінде, е�епке алынбайды\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: жаңа defaults файлын жа�ау мүмкін еме�\n"
@@ -2304,10 +2340,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: жаңа defaults файлын жа�ау мүмкін еме�\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: жаңа defaults файлын жа�ау мүмкін еме�\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: жаңа defaults файлын ашу мүмкін еме�\n"
 
@@ -2324,10 +2356,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: атын ауы�тыру: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: '%s' тобы NIS тобы болып тұр.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: шектен көп топ �аны көр�етілген (мак�имум %d).\n"
 
@@ -2459,6 +2487,17 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     SELinux пайдаланушы �әйке�тігі үшін "
 "көр�етілген SEUSER қолдану\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     SELinux пайдаланушы �әйке�тігі үшін "
+"көр�етілген SEUSER қолдану\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: '%s' негізгі бума�ы қате\n"
@@ -2601,6 +2640,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Пошта файлына рұқ�аттарды орнату"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Пошта файлын құру"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Пошта файлын құру"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2731,10 +2780,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: %s үшін tcb файлдарын өшіру мүмкін еме�: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: %s қазір NIS пайдаланушы�ы болып тұр\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s үшін үй бума�ы (%s) табылмады\n"
 
@@ -2868,6 +2913,16 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     пайдаланушы тіркелгі�і үшін жаңа SELinux "
 "�әйке�тігі\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     пайдаланушы тіркелгі�і үшін жаңа SELinux "
+"�әйке�тігі\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2960,11 +3015,23 @@ msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: %lu пайд.-нан %lu пайдаланушы�ына lastlog жазба�ын көшіру �әт�із: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: %lu пайд.-нан %lu пайдаланушы�ына lastlog жазба�ын көшіру �әт�із: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: %lu пайд.-нан %lu пайдаланушы�ына faillog жазба�ын көшіру �әт�із: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: %lu пайд.-нан %lu пайдаланушы�ына faillog жазба�ын көшіру �әт�із: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: е�керту: %s қазір %s иелігінде еме�\n"
@@ -3067,8 +3134,8 @@ msgstr "scratch файлын жою �әт�із"
 msgid "failed to stat edited file"
 msgstr "түзетілген файлды табу �әт�із"
 
-msgid "failed to allocate memory"
-msgstr "жадыны бөлу �әт�із"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "резервті көшірме файлын жа�ау �әт�із"
@@ -3081,6 +3148,57 @@ msgstr "%s: %s қайтару мүмкін еме�: %s (�іздің өзгер
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: %s үшін tcb бума�ын табу �әт�із\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Орындалу орта айнымалыларының шектен көп �аны\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: NIS клиентінде '%s' пайдаланушыны ауы�тыруға мүмкін еме�.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' - бұл клиент үшін NIS �ервері.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: '%s' тобы NIS тобы болып тұр\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s қазір NIS �ервері болып тұр\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: %s тобы NIS тобы болып тұр\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: жаңа defaults файлын жа�ау мүмкін еме�\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: '%s' тобы NIS тобы болып тұр.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: %s қазір NIS пайдаланушы�ы болып тұр\n"
+
+#~ msgid "too simple"
+#~ msgstr "өте оңай"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Utmp жазба�ы жоқ. Сізге exec \"login\" команда�ын бірінші деңгейден "
+#~ "\"sh\" қо�у керек"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: %s үшін tcb бума�ын табу �әт�із\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "жадыны бөлу �әт�із"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Қолданылуы: id\n"
 
@@ -3096,10 +3214,6 @@ msgstr "%s: %s үшін tcb бума�ын табу �әт�із\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: пароль мерзімі туралы ақпарат өзгертілді.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "қате пайдаланушы аты '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Пайдаланушы      Порт     Қайдан           Соңғы"
 
diff --git a/po/km.gmo b/po/km.gmo
index 3c97d7c..0b647b2 100644
--- a/po/km.gmo
+++ b/po/km.gmo
diff --git a/po/km.po b/po/km.po
index ff554c4..b62ee8f 100644
--- a/po/km.po
+++ b/po/km.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow_po_km\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2006-06-28 10:08+0700\n"
 "Last-Translator: Khoem Sokhem <khoemsokhem@khmeros.info>\n"
 "Language-Team: Khmer <support@khmeros.info>\n"
@@ -23,220 +23,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "មិន​អាច​បម្រុង​ទុក​ទំហំ​សម្រាប់​ព��៌មាន​​កំណ�់​រចនាសម្ព�ន្ធទ�​ ។\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "កំហុស​ការ​កំណ�់​រចនាសម្ព�ន្ធ​ - មិន​ស្គាល់​ធា�ុ '%s' (ជូន​ដំណឹង​អ្នក​គ្រប់គ្រង​)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "ពាក្យ​សម្ងា�់​ ៖ "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "ពាក្យសម្ងា�់​របស់ %sសម្ងា�់ ៖ "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "មិនអាច​បើក​ឯកសារ​ពាក្យសម្ងា�់​បានឡើយ ។\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "មិន​អាច​បម្រុង​ទុក​ទំហំ​សម្រាប់​ព��៌មាន​​កំណ�់​រចនាសម្ព�ន្ធទ�​ ។\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "ការផ្លាស់​ប្�ូរ​ព��៌មាន​ចាស់​សម្រាប់​ %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s ៖ មិន​អាចកំណ�់​ឈ្មោះ​អ្នកប្រើ​របស់​អ្នក​បាន​ទ� ។\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s ៖ បន្ទា�់​ %d ៖ មិន​អាច​រក​អ្នកប្រើ​ %s ឃើញឡើយ\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s ៖ អស់​ស�ិ​\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s ៖ មិនអាច​ធ្វើឲ្យឯកសារ %s ទាន់សម�យ​បានទ�\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s ៖ ��​ផ្ទះ​មិន​�្រឹម�្រូវ​ '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s ៖​ ប្�ូរ​ឈ្មោះ​ ៖ %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s ៖ មិនអាច​ធ្វើឲ្យឯកសារ %s ទាន់សម�យ​បានទ�\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s ៖ មិនអាច​ធ្វើឲ្យឯកសារស្រមោល​ទាន់សម�យបានឡើយ​\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s ៖​ ប្�ូរ​ឈ្មោះ​ ៖ %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s ៖ មិនអាច​បើក​ឯកសារ​ %s បានទ�\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "ការ​ព្រមាន ៖ មិន​ស្គាល់​ក្រុម %s\n"
 
@@ -286,6 +72,11 @@ msgstr "មិន​អាច​ប្�ូរ​ tty %s បានឡើយ"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s ៖ វាល គឺ​វែងវែងព�ក​\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s ៖ %s\n"
@@ -293,8 +84,9 @@ msgstr "%s ៖ %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "​លើស​ចំណុះ​បរិស្�ាន\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -393,9 +185,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s ៖ មិនអាចយក​ UID ដែលមាន�ែមួយ​បានទ�\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "មិន​អាច​បម្រុង​ទុក​ទំហំ​សម្រាប់​ព��៌មាន​​កំណ�់​រចនាសម្ព�ន្ធទ�​ ។\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "កំហុស​ការ​កំណ�់​រចនាសម្ព�ន្ធ​ - មិន​ស្គាល់​ធា�ុ '%s' (ជូន​ដំណឹង​អ្នក​គ្រប់គ្រង​)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s ៖ PAM ការ​ផ្ទៀងផ្ទា�់​ភាព​�្រឹម�្រូវបាន​បរាជ�យ​\n"
@@ -423,7 +222,7 @@ msgstr "មិន​អាច​បម្រុង​ទុក​ទំហំ​
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s ៖ មិន​អាច​បើក​​ឯកសារ​បានទ�\n"
 
 #, fuzzy, c-format
@@ -434,9 +233,21 @@ msgstr "%s ៖ បន្ទាáž�់​ %d ៖ chown បានបរាជáŸ�á
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s ៖ បន្ទា�់​ %d ៖ chown បានបរាជ�យ​\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s ៖ បន្ទា�់​ %d ៖ chown បានបរាជ�យ​\n"
+
 msgid "Too many logins.\n"
 msgstr "ចូល​ច្រើន​ព�ក​ ។\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s ចូល​ ៖ "
+
 msgid "You have new mail."
 msgstr "អ្នក​មានសំបុ�្រ​�្មី​ ។​"
 
@@ -446,6 +257,14 @@ msgstr "គ្មាន​សំបុ�្រ​​​ទ�​ ។"
 msgid "You have mail."
 msgstr "អ្នក​មាន​សំបុ�្រ ។"
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "គ្មាន​​ផ្លាស់ប្�ូរ​ "
 
@@ -458,9 +277,6 @@ msgstr "ករណី​បាន​�ែ​ប្�ូរ​"
 msgid "too similar"
 msgstr "ស្រដៀងគ្នា​ព�ក"
 
-msgid "too simple"
-msgstr "ធម្ម�ា​ព�ក"
-
 msgid "rotated"
 msgstr "បានបង្វិល​"
 
@@ -507,6 +323,13 @@ msgid ""
 "%s\n"
 msgstr "ពាក្យ​សម្ងា�់​ ៖ pam_start() បាន​បរាជ�យ​, កំហុស​ %d\n"
 
+msgid "Password: "
+msgstr "ពាក្យ​សម្ងា�់​ ៖ "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "ពាក្យសម្ងា�់​របស់ %sសម្ងា�់ ៖ "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "ពាក្យ​សម្ងា�់​មិន​�្រឹម�្រូវ​សម្រាប់​ %s ។\n"
@@ -532,18 +355,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -556,6 +375,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "មិនអាច​បើក​ឯកសារ​ពាក្យសម្ងា�់​បានឡើយ ។\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "មិន​អាច​បម្រុង​ទុក​ទំហំ​សម្រាប់​ព��៌មាន​​កំណ�់​រចនាសម្ព�ន្ធទ�​ ។\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "មិន​អាច​បម្រុង​ទុក​ទំហំ​សម្រាប់​ព��៌មាន​​កំណ�់​រចនាសម្ព�ន្ធទ�​ ។\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "ការផ្លាស់​ប្�ូរ​ព��៌មាន​ចាស់​សម្រាប់​ %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s ៖ មិន​អាចកំណ�់​ឈ្មោះ​អ្នកប្រើ​របស់​អ្នក​បាន​ទ� ។\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s ៖ បន្ទា�់​ %d ៖ មិន​អាច​រក​អ្នកប្រើ​ %s ឃើញឡើយ\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "មិន​អាច​​ cd ចូលទៅ​ '%s' បានទ�\n"
@@ -568,6 +488,10 @@ msgid "Cannot execute %s"
 msgstr "មិន​អាចប្រ�ិប�្�ិ​ %s បានទ�"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "��​ root មិន​�្រឹម�្រូវ​ '%s'\n"
 
@@ -576,6 +500,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "មិន​អាច​ប្�ូរ​�� root ទៅ​ '%s'បាន​ទ�​\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s ៖ អស់​ស�ិ​\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s ៖ មិនអាច​ធ្វើឲ្យឯកសារ %s ទាន់សម�យ​បានទ�\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s ៖ ��​ផ្ទះ​មិន​�្រឹម�្រូវ​ '%s'\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s ៖​ ប្�ូរ​ឈ្មោះ​ ៖ %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s  ៖ ការព្រមាន​ ៖ មិន​អាច​យកច�ញបានឡើយ "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s ៖ មិនអាច​ធ្វើឲ្យឯកសារ %s ទាន់សម�យ​បានទ�\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s ៖ មិនអាច​ធ្វើឲ្យឯកសារស្រមោល​ទាន់សម�យបានឡើយ​\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s ៖​ ប្�ូរ​ឈ្មោះ​ ៖ %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s ៖ មិនអាច​បើក​ឯកសារ​ %s បានទ�\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s ៖ បច្ចុប្បន្ន ​អ្នក​ប្រើ​ %s បាន​ចូលហើយ​\n"
 
@@ -634,6 +636,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -660,13 +665,16 @@ msgstr "ពាក្យ​សម្ងា�់​អសកម្ម​"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "កាលបរិច្ឆ�ទ​ការផុ�​កំណ�់របស់​​គណនី​ (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "ការប្�ូរ​ពាក្យ​សម្ងា�់​លើកចុង​ក្រោយ​\t\t\t\t\t ៖ "
-
 #, fuzzy
 msgid "never"
 msgstr "កុំ\n"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "ការប្�ូរ​ពាក្យ​សម្ងា�់​លើកចុង​ក្រោយ​\t\t\t\t\t ៖ "
+
 #, fuzzy
 msgid "password must be changed"
 msgstr "ពាក្យ​សម្ងា�់​�្រូវ​�ែ​ប្�ូរ​\n"
@@ -836,14 +844,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s ៖ មិនទាន់មានអ្នក​ប្រើ​ %s ទ�​\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s ៖ មិនអាចផ្លាស់​​ប្�ូរ​អ្នក​ប្រើបានទ�​ '%s' លើ​ម៉ាស៊ីន​ភ្ញៀវ NIS បានទ� ។\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s ៖ '%s' ជាម�​ NIS សម្រាប់​ម៉ាស៊ីន​ភ្ញៀវ​ន�ះ​ ។\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "កំពុងផ្លាស់​​ប្�ូរ​ព��៌មាន​អ្នកប្រើ​សម្រាប់​ %s\n"
 
@@ -871,6 +871,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: ទង់ -a គឺ�្រូវបានអនុញ្ញា�​បាន�ែជាមួយទង់ -G ប៉ុណ្ណោះ\n"
@@ -922,6 +926,15 @@ msgid "Login Shell"
 msgstr "សែលចូល"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s ៖ មិន​អាច​បង្កើ�​ឯកសារ​លំនាំ​ដើម​�្មី​បានឡើយ​\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "អ្នក​មិនអាច​​ប្�ូរ​សែល​សម្រាប់​ %s បានទ� ។\n"
 
@@ -934,6 +947,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s ៖ ធា�ុបញ្ចូល​​មិន​�្រឹម�្រូវ​ ៖ %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s គឺជា​សែល​មិន​�្រឹម�្រូវ​ ។\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s គឺជា​សែល​មិន​�្រឹម�្រូវ​ ។\n"
 
@@ -1143,9 +1160,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1159,6 +1173,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s  ៖ %s ជា​ឈ្មោះ​ក្រុម​មិន​�្រឹម�្រូវ​\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s ៖ មិនអាច​បើក​ឯកសារ​ %s បានទ�\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "ឈ្មោះ​ក្រុម​ '%s' មិន�្រឹម�្រូវ\n"
 
@@ -1201,14 +1219,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s ៖ មិនមានក្រុម​ %sឡើយ​\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s ៖ ក្រុម​ '%s' គឺជាក្រុម​ NIS ។\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s ៖ %s គឺជា​ម� NIS\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s ៖ អ្នកប្រើ​ %s គឺជា​អ្នក​​ប្រើ​ NIS\n"
 
@@ -1284,10 +1294,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "ឈ្មោះ​ក្រុម​ '%s' មិន�្រឹម�្រូវ\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s ៖ ក្រុម​ %s គឺជា​ក្រុម NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s ៖ មិន​ស្គាល់​អ្នកប្រើ​ %s\n"
 
@@ -1405,7 +1411,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1502,9 +1508,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "គ្មាន​ធា�ុ​ utmp ឡើយ ។ អ្នក​�្រូវ​ប្រ�ិប�្�ិ​ \"login\" ពី​កម្រិ�​ទាប​បំផុ�​ \"sh\""
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1539,14 +1542,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s ៖ បន្ទា�់​ %d ៖ មិន​អាច​រក​អ្នកប្រើ​ %s ឃើញឡើយ\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s ចូល​ ៖ "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s ៖ ការចែកជាពីរវិធី​​បានបរាជ�យ​ ៖ %s"
 
@@ -1583,7 +1578,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1608,17 +1604,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s ៖ វាល គឺ​វែងវែងព�ក​\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s  ៖ ��​មូលដ្ឋាន​មិន​�្រឹម�្រូវ​ '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1652,14 +1644,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1681,6 +1672,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s ៖ឈ្មោះ​អ្នក​ប្រើ​មិន​�្រឹម�្រូវ​ '%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s ៖ បន្ទា�់​ %d ៖ បន្ទា�់​មិន​�្រឹម�្រូវ​\n"
 
@@ -1700,6 +1695,10 @@ msgstr "%s ៖ បន្ទាáž�់​ %d ៖ មិន​អាច​បងá
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s ៖ មិនទាន់មានអ្នក​ប្រើ​ %s ទ�​\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s ៖​ ប្�ូរ​ឈ្មោះ​ ៖ %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s ៖ បន្ទា�់​ %d ៖ មិន​អាច​ធ្វើ​ឲ្យ​ពាក្យ​សម្ងា�់​ទាន់សម�យ​បានឡើយ​\n"
@@ -1721,14 +1720,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s ៖ បន្ទា�់​ %d ៖ មិនអាចធ្វើឲ្យ​ធា�ុបញ្ចូល​ទាន់សម�យបានឡើយ\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s ៖ បរាជ�យ​ក្នុងការ​ទម្លាក់​សិទ្ធ (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s ៖ មិន​អាច​បង្កើ�​ %s បានឡើយ\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s ៖ បរាជ�យ​ក្នុងការ​ទម្លាក់​សិទ្ធ (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s ៖ មិនអាច​ធ្វើឲ្យ​ឯកសារក្រុម​ទាន់សម�យបានទ�​\n"
 
@@ -1786,6 +1785,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "ពាក្យ​សម្ងា�់​ចាស់ ៖ "
 
@@ -1805,6 +1807,11 @@ msgstr ""
 "បញ្ចូល​ពាក្យ​សម្ងា�់​�្មី​ (�ួអក្សរ​​អប្បបរមានៃ​ %d អ�ិបរមានៃ %d)\n"
 "សូម​ប្រើ​អក្សរ​ធំ​ អក្សរ​�ូច​ ​និង ល��​ចូល​គ្នា​ ។\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s ៖ វាល គឺ​វែងវែងព�ក​\n"
+
 msgid "New password: "
 msgstr "ពាក្យ​សម្ងា�់​�្មី​ ៖ "
 
@@ -1848,6 +1855,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s ៖ ឃ្លាំង​ %s មិន​បាន​គាំទ្រឡើយ​\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1994,11 +2005,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2071,6 +2080,11 @@ msgstr "អ្នកគ្មាន​ការ​អនុញ្ញា�ឲ្
 msgid "No passwd entry for user '%s'\n"
 msgstr "គ្មាន​ធា�ុ​ពាក្យ​សម្ងា�់​សម្រាប់ 'root'​ ឡើយ\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "ឈ្មោះ​អ្នក​ប្រើ​មិន​�្រឹម�្រូវ​ '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s ៖ �្រូវ​�ែ​រ�់​ពី ស្�ានីយមួយ\n"
@@ -2119,6 +2133,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2130,10 +2150,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s ៖ មិន​អាច​បង្កើ�​ឯកសារ​លំនាំ​ដើម​�្មី​បានឡើយ​\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s ៖ មិន​អាច​បង្កើ�​ឯកសារ​លំនាំ​ដើម​�្មី​បានឡើយ​\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s ៖ មិន​អាច​បើក​ឯកសារ​លំនាំដើម​�្មី​​បានលឡើយ\n"
 
@@ -2150,10 +2166,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s ៖​ ប្�ូរ​ឈ្មោះ​ ៖ %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s ៖ ក្រុម​ '%s' គឺជាក្រុម​ NIS ។\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s ៖ ក្រុម​ដែលបានបញ្ជាក់​ច្រើនព�ក​ (អ�ិ​ %d) ។\n"
 
@@ -2262,6 +2274,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s  ៖ ��​មូលដ្ឋាន​មិន​�្រឹម�្រូវ​ '%s'\n"
@@ -2391,6 +2408,16 @@ msgstr "រក​ក្រុម​​ 'សំបុáž�្រ​' មិន​áž
 msgid "Setting mailbox file permissions"
 msgstr "ការកំណ�់​សិទ្ធ​លើ​ឯកសារ​ប្រអប់​សំបុ�្រ​"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "កំពុង​បង្កើ�​ឯកសារ​ប្រអប់​សំបុ�្រ​"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "កំពុង​បង្កើ�​ឯកសារ​ប្រអប់​សំបុ�្រ​"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2508,10 +2535,6 @@ msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s ៖ មិនអាចប្ដូរឈ្មោះ​��​ %s ទៅ​ជា​ %s បានឡើយ\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s ៖ អ្នកប្រើ​ %s គឺជា​អ្នក​​ប្រើ​ NIS\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s ៖ ��​ផ្ទះ​មិន​�្រឹម�្រូវ​ '%s'\n"
@@ -2610,6 +2633,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2692,10 +2719,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s ៖ មិនអាច​ធ្វើឲ្យ​ឯកសារ​ពាក្យ​សម្ងា�់​ទាន់សម�យ​បានទ�\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s ៖ មិន​​អាច​បង្កើ�​��​ %s បានឡើយ\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s ៖ ការព្រមាន ៖​ %s មិន�្រូវបានទទួល​យក​ដោយ %s ឡើយ\n"
@@ -2801,8 +2836,9 @@ msgid "failed to stat edited file"
 msgstr "​បរាជ�យ​ក្នុងការប្ដូរឈ្មោះប្រអប់"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "បរាជ�យ​ក្នុងការ​ផ្លាស់ប្ដូរ​ម្ចាស់​ប្រអប់សំបុ�្រ"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s ៖ មិន​អាច​បើក​​ឯកសារ​បានទ�\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2816,6 +2852,55 @@ msgstr "%s ៖ មិន​អាច​ស្�ារ %s ៖ %s (ការប
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s  ៖ ��​មូលដ្ឋាន​មិន​�្រឹម�្រូវ​ '%s'\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "​លើស​ចំណុះ​បរិស្�ាន\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s ៖ មិនអាចផ្លាស់​​ប្�ូរ​អ្នក​ប្រើបានទ�​ '%s' លើ​ម៉ាស៊ីន​ភ្ញៀវ NIS បានទ� ។\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s ៖ '%s' ជាម�​ NIS សម្រាប់​ម៉ាស៊ីន​ភ្ញៀវ​ន�ះ​ ។\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s ៖ ក្រុម​ '%s' គឺជាក្រុម​ NIS ។\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s ៖ %s គឺជា​ម� NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s ៖ ក្រុម​ %s គឺជា​ក្រុម NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s ៖ មិន​អាច​បង្កើ�​ឯកសារ​លំនាំ​ដើម​�្មី​បានឡើយ​\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s ៖ ក្រុម​ '%s' គឺជាក្រុម​ NIS ។\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s ៖ អ្នកប្រើ​ %s គឺជា​អ្នក​​ប្រើ​ NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "ធម្ម�ា​ព�ក"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr "គ្មាន​ធា�ុ​ utmp ឡើយ ។ អ្នក​�្រូវ​ប្រ�ិប�្�ិ​ \"login\" ពី​កម្រិ�​ទាប​បំផុ�​ \"sh\""
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s  ៖ ��​មូលដ្ឋាន​មិន​�្រឹម�្រូវ​ '%s'\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "បរាជ�យ​ក្នុងការ​ផ្លាស់ប្ដូរ​ម្ចាស់​ប្រអប់សំបុ�្រ"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "របៀបប្រើ​ ៖ ល��សម្គាល់\n"
 
@@ -2831,10 +2916,6 @@ msgstr "%s  ៖ áž�áž�​មូលដ្ឋាន​មិន​áž�្រឹáž
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "ការព្រមាន​ការផុ�​កំណ�់​នៃ​ពាក្យ​សម្ងា�់​"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ឈ្មោះ​អ្នក​ប្រើ​មិន​�្រឹម�្រូវ​ '%s'\n"
-
 #, fuzzy
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "ឈ្មោះ​អ្នក​ប្រើ         ច្រក     ពី             ចុង​ក្រោយ​បំផុ�\n"
diff --git a/po/ko.gmo b/po/ko.gmo
index 0257fe8..ea9ba3b 100644
--- a/po/ko.gmo
+++ b/po/ko.gmo
diff --git a/po/ko.po b/po/ko.po
index 9c0c3a8..1a9c67a 100644
--- a/po/ko.po
+++ b/po/ko.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.1\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2009-04-19 21:32+0900\n"
 "Last-Translator: Changwoo Ryu <cwryu@debian.org>\n"
 "Language-Team: Korean <debian-l10n-korean@lists.debian.org>\n"
@@ -19,222 +19,6 @@ msgstr ""
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"�름� '%s'� 항목� %s 안� 여러 개 있습니다. pwck 혹� grpck 명령으로 � 문"
-"제를 바로잡으십시오.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "libcrypt가 지�하지 않는 암호화 방법? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "설정 정보를 위한 공간� 확보할 수 없습니다.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "설정 오류 - 알 수 없는 항목 '%s'(관리��게 알리시기 바�니다)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "암호: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s� 암호: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "검� �터페�스를 열 수 없습니다. 중지합니다.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "설정 정보를 위한 공간� 확보할 수 없습니다.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s� 사용기한 정보를 바꿉니다\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: 사용� �름� ��할 수 없습니다.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: 사용� �름� ��할 수 없습니다.\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: 메모리 부족\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: '%s'�(를) 삭제할 수 없습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: 홈 디렉터리 '%s'�(는) 잘못�었습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: '%s' 항목� %s�서 제거할 수 없습니다\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "lastlog: %s� �기를 �� 수 없습니다: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: 경고: %s�(를) 제거할 수 없습니다: %s"
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: �름 다시 설정: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: 디렉터리 %s� �름� %s(으)로 바꿀 수 없습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: 디렉터리 %s� �름� %s(으)로 바꿀 수 없습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: 경고: %s�(를) 제거할 수 없습니다: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "lastlog: %s� �기를 �� 수 없습니다: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: '%s'�(를) 삭제할 수 없습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: %d번 줄: '%s' 사용�가 없습니다\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: �름 다시 설정: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: %s�(를) 열 수 없습니다\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "경고: 알 수 없는 그룹(%s)\n"
 
@@ -280,6 +64,13 @@ msgstr "TTY 표준 입력� 소유� 혹� 모드를 바꿀 수 없습니다:
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: %s� 잠금� 푸는� 실패했습니다\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"�름� '%s'� 항목� %s 안� 여러 개 있습니다. pwck 혹� grpck 명령으로 � 문"
+"제를 바로잡으십시오.\n"
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -287,8 +78,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "환경 변수 오버플로우\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "libcrypt가 지�하지 않는 암호화 방법? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -386,9 +178,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: 유�한 UID를 얻� 수 없습니다 (UID가 남아 있지 않습니다)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "설정 정보를 위한 공간� 확보할 수 없습니다.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "설정 오류 - 알 수 없는 항목 '%s'(관리��게 알리시기 바�니다)\n"
+
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
 msgid "%s: Memory allocation failure\n"
@@ -415,9 +214,9 @@ msgstr "설정 정보를 위한 공간� 확보할 수 없습니다.\n"
 msgid "%s: Could not set caps\n"
 msgstr "설정 정보를 위한 공간� 확보할 수 없습니다.\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: %d번 줄: chown 실패했습니다\n"
 
 #, fuzzy, c-format
 msgid "%s: open of %s failed: %s\n"
@@ -427,9 +226,21 @@ msgstr "%s: %d번 줄: chown 실패했습니다\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: %d번 줄: chown 실패했습니다\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: %d번 줄: chown 실패했습니다\n"
+
 msgid "Too many logins.\n"
 msgstr "로그� 횟수가 너무 많�.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s 로그�: "
+
 msgid "You have new mail."
 msgstr "새 메�� �착하였습니다."
 
@@ -439,6 +250,14 @@ msgstr "메� 없습니다."
 msgid "You have mail."
 msgstr "메�� 있습니다."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "바� �� 없습니다"
 
@@ -451,9 +270,6 @@ msgstr "대소문�만 바뀌었습니다"
 msgid "too similar"
 msgstr "너무 비슷합니다"
 
-msgid "too simple"
-msgstr "너무 간단합니다"
-
 msgid "rotated"
 msgstr "순서만 순환�었습니다"
 
@@ -499,6 +315,13 @@ msgid ""
 "%s\n"
 msgstr "암호: pam_start() 실패했습니다, 오류 %d\n"
 
+msgid "Password: "
+msgstr "암호: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s� 암호: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "'%s'� 암호가 맞지 않습니다.\n"
@@ -524,18 +347,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -550,6 +369,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "검� �터페�스를 열 수 없습니다. 중지합니다.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "설정 정보를 위한 공간� 확보할 수 없습니다.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "설정 정보를 위한 공간� 확보할 수 없습니다.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s� 사용기한 정보를 바꿉니다\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: 사용� �름� ��할 수 없습니다.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: 사용� �름� ��할 수 없습니다.\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "'%s' 디렉터리로 ��할 수 없습니다\n"
@@ -562,6 +482,10 @@ msgid "Cannot execute %s"
 msgstr "%s�(를) 실행할 수 없습니다"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "루트 디렉터리 '%s'�(가) 잘못�었습니다\n"
 
@@ -570,6 +494,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "루트 디렉터리를 '%s'(으)로 바꿀 수 없습니다\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: 메모리 부족\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: '%s'�(를) 삭제할 수 없습니다\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: 홈 디렉터리 '%s'�(는) 잘못�었습니다\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: '%s' 항목� %s�서 제거할 수 없습니다\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "lastlog: %s� �기를 �� 수 없습니다: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: 경고: %s�(를) 제거할 수 없습니다: %s"
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: �름 다시 설정: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: 디렉터리 %s� �름� %s(으)로 바꿀 수 없습니다\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: 디렉터리 %s� �름� %s(으)로 바꿀 수 없습니다\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: 경고: %s�(를) 제거할 수 없습니다: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "lastlog: %s� �기를 �� 수 없습니다: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: '%s'�(를) 삭제할 수 없습니다\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: %d번 줄: '%s' 사용�가 없습니다\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: �름 다시 설정: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: %s�(를) 열 수 없습니다\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: %s 사용�는 현재 로그�한 �태 입니다\n"
 
@@ -630,6 +632,9 @@ msgstr "  -s, --sha-rounds              SHA* 암호화 알고리즘ì�˜ SHA ë�¼ìš
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -655,12 +660,15 @@ msgstr "암호를 사용할 수 없�"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "계정 만료 날짜 (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "마지막으로 암호를 바꾼 날\t\t\t\t\t:"
-
 msgid "never"
 msgstr "안함"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "마지막으로 암호를 바꾼 날\t\t\t\t\t:"
+
 msgid "password must be changed"
 msgstr "암호를 바꿔야 합니다"
 
@@ -829,14 +837,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: '%s' 사용�가 없습니다\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: NIS ���언트�서 '%s' 사용�를 바꿀 수 없습니다.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s'�(가) 현재� ���언트� NIS 마스터입니다.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%s� 사용�� 정보를 바꿉니다\n"
 
@@ -869,6 +869,11 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr "  -s, --sha-rounds              SHA* 암호화 알고리즘� SHA �운드 수\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: 지�하지 않는 암호화 방법: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: %s 플래그는 %s 플래그와 함께 사용해야 합니다\n"
@@ -919,6 +924,15 @@ msgstr ""
 msgid "Login Shell"
 msgstr "로그� 쉘"
 
+#, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "lastlog: %s� �기를 �� 수 없습니다: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: 새로운 기본값 파�� 만들 수 없습니다\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "'%s'� 쉘� 바꿀 수 없습니다.\n"
@@ -932,6 +946,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: 부�절한 입력: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s�(는) 사용할 수 없는 쉘입니다.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s�(는) 사용할 수 없는 쉘입니다.\n"
 
@@ -1147,9 +1165,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1162,6 +1177,10 @@ msgstr "올바르지 않� 사용� �름 '%s'\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s'�(는) 사용할 수 없는 그룹 �름입니다\n"
 
+#, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: %s�(를) 열 수 없습니다\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "'%s' `%s' 그룹 ID는 쓸 수 없습니다\n"
@@ -1205,14 +1224,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: '%s' 그룹� 없습니다\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: '%s' 그룹� NIS 그룹입니다\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s�(는) NIS 마스터입니다\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: '%s' 사용�는 �미 '%s'� 멤버입니다\n"
 
@@ -1290,10 +1301,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: '%s' 그룹 �름� 쓸 수 없습니다\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: %s 그룹� NIS 그룹입니다\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: 알 수 없는 사용� %s\n"
 
@@ -1408,7 +1415,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1502,10 +1509,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"UTMP 항목� 없습니다. 가장 낮� \"sh\"�서 \"login\"� 실행해야 합니다."
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1540,14 +1543,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: 사용� �름� ��할 수 없습니다.\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s 로그�: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: fork 실패: %s"
 
@@ -1582,7 +1577,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1609,17 +1605,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: %s� 잠금� 푸는� 실패했습니다\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: 기본 디렉터리 '%s' 잘못�었습니다\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1652,14 +1644,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: 디렉터리 %s�(를) 만들 수 없습니다\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1681,6 +1672,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: 쓸 수 없는 사용� �름 '%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: %d번 줄: 올바른 줄� 아닙니다\n"
 
@@ -1702,6 +1697,10 @@ msgstr "%s: %d번 줄: 그룹� 만들 수 없습니다\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: %d번 줄: `%s' 사용�가 %s 안� 없습니다\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: �름 다시 설정: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: %d번 줄: 암호를 업��트 할 수 없습니다\n"
@@ -1723,14 +1722,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: %d번 줄: 입력값� 업��트 할 수 없습니다\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: 새 %s 항목 '%s'�(를) 준비하는� 실패했습니다\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: 사용�를 만들 수 없습니다\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: 새 %s 항목 '%s'�(를) 준비하는� 실패했습니다\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: 그룹� 만들 수 없습니다\n"
 
@@ -1791,6 +1790,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr "  -s, --sha-rounds              SHA* 암호화 알고리즘� SHA �운드 수\n"
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "예전 암호: "
 
@@ -1810,6 +1812,11 @@ msgstr ""
 "새 암호를 입력하십시오(최소 %d, 최대 %d 글�)\n"
 "�어 대소문�와 숫�를 조합하여 사용하십시오.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: 입력범위가 너무 �니다\n"
+
 msgid "New password: "
 msgstr "새 암호: "
 
@@ -1853,6 +1860,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: %s 저장소는 지�하지 않습니다\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: root만 -g/--group 옵션� 쓸 수 있습니다\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s 사용�는 %s� 암호를 바꿀 권한� 없습니다\n"
@@ -1996,11 +2008,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2086,6 +2096,11 @@ msgstr "%s: 현재 su 명령� 실행할 권한� 없습니다\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "'루트'� 대한 암호 파� 입력값� 없�"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "올바르지 않� 사용� �름 '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: 터미��서 받드시 실행�어야 합니다\n"
@@ -2131,6 +2146,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2142,10 +2163,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: 새로운 기본값 파�� 만들 수 없습니다\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: 새로운 기본값 파�� 만들 수 없습니다\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: 새로운 기본값 파�� 만들 수 없습니다\n"
 
@@ -2162,10 +2179,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: �름 다시 설정: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: '%s' 그룹� NIS 그룹입니다.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: 그룹� 너무 많� 명시�었습니다 (최대 %d).\n"
 
@@ -2281,6 +2294,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: 기본 디렉터리 '%s' 잘못�었습니다\n"
@@ -2418,6 +2436,16 @@ msgstr "'mail' 그룹� 없습니다. 사용�� 메�함 파�� 0600 모
 msgid "Setting mailbox file permissions"
 msgstr "메�함� 파� 권한� 설정 중"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "메�함 파�� 만드는 중"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "메�함 파�� 만드는 중"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2538,10 +2566,6 @@ msgstr "lastlog: %s� �기를 �� 수 없습니다: %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: '%s' 항목� %s�서 제거할 수 없습니다\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: %s 사용�는 NIS 사용� 입니다\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: 홈 디렉터리 '%s'�(는) 잘못�었습니다\n"
@@ -2647,6 +2671,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2732,12 +2760,25 @@ msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: 사용� %lu� 최근 기� 항목� 사용� %lu� 복사하는� 실패했습니다: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: 사용� %lu� 최근 기� 항목� 사용� %lu� 복사하는� 실패했습니다: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: 사용� %lu� 로그� 실패 기� 항목� 사용� %lu� 복사하는� 실패했습니"
 "다: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: 사용� %lu� 로그� 실패 기� 항목� 사용� %lu� 복사하는� 실패했습니"
+"다: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: 경고: %s�(는) %s�(가) 소유하고 있지 않습니다\n"
@@ -2843,9 +2884,8 @@ msgstr "%s: %s� 잠금� 푸는� 실패했습니다\n"
 msgid "failed to stat edited file"
 msgstr "메�함� �름� 바꾸는 � 실패했습니다"
 
-#, fuzzy
-msgid "failed to allocate memory"
-msgstr "메�함 소유�를 바꾸는 � 실패했습니다"
+msgid "asprintf(3) failed"
+msgstr ""
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2859,6 +2899,56 @@ msgstr "%s: %sì�„(를) 복구할 수 없습니다: %s (ë°”ë€� 사항ì�€ %sì—� ìž
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: 기본 디렉터리 '%s' 잘못�었습니다\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "환경 변수 오버플로우\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: NIS ���언트�서 '%s' 사용�를 바꿀 수 없습니다.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s'�(가) 현재� ���언트� NIS 마스터입니다.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: '%s' 그룹� NIS 그룹입니다\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s�(는) NIS 마스터입니다\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: %s 그룹� NIS 그룹입니다\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: 새로운 기본값 파�� 만들 수 없습니다\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: '%s' 그룹� NIS 그룹입니다.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: %s 사용�는 NIS 사용� 입니다\n"
+
+#~ msgid "too simple"
+#~ msgstr "너무 간단합니다"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "UTMP 항목� 없습니다. 가장 낮� \"sh\"�서 \"login\"� 실행해야 합니다."
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: 기본 디렉터리 '%s' 잘못�었습니다\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "메�함 소유�를 바꾸는 � 실패했습니다"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "사용법: id\n"
 
@@ -2874,10 +2964,6 @@ msgstr "%s: 기본 디렉터리 '%s' 잘못�었습니다\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "암호 사용만료 예고"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "올바르지 않� 사용� �름 '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "사용��름       �트     어디서           최근정보"
 
diff --git a/po/nb.gmo b/po/nb.gmo
index 47a73ae..59b4c0c 100644
--- a/po/nb.gmo
+++ b/po/nb.gmo
diff --git a/po/nb.po b/po/nb.po
index e77f45f..c7ef84a 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -13,7 +13,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.17\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2018-03-05 12:33+0100\n"
 "Last-Translator: Ã…ka Sikrom <a4@hush.com>\n"
 "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
@@ -25,231 +25,6 @@ msgstr ""
 "X-Generator: Poedit 1.7.5\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Det ligger flere oppføringer med navnet «%s» i %s. Korriger dette med pwck "
-"eller grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "har du et libcrypt som ikke støtter crypt-metoden? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "oppsettsfeil –  klarte ikke å tolke %s-verdi: «%s»"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Klarte ikke å tildele plass til oppsettsinformasjon.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "oppsettsfeil - element «%s» er ukjent (kontakt administrator)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd avsluttet ikke normallt (signal %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd avsluttet med status %d\n"
-
-msgid "Password: "
-msgstr "Passord: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s's Passord: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Klarte ikke å åpne kontrollgrensesnitt – avbryter.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Klarte ikke å lage SELinux-styringshåndtak\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux-regler blir ikke håndtert\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Klarte ikke å lese SELinux-regler\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "Klarte ikke å sette opp SELinux-styringstilkobling\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Klarte ikke å begynne SELinux-transaksjon\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Klarte ikke spørre seuser om %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Klarte ikke endre serange for %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Klarte ikke endre sename for %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Klarte ikke å endre brukerkobling for %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Klarte ikke å lage SELinux-brukerkobling for %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Klarte ikke å endre navn på %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Klarte ikke å endre SELinux-brukernavn for %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Klarte ikke legge til brukerkobling for %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Klarte ikke å starte opp SELinux-styringsverktøy\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Klarte ikke å lage SELinux-brukernøkkel\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Klarte ikke å bekrefte SELinux-bruker\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Klarte ikke å endre SELinux-brukerkobling\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Klarte ikke å legge til SELinux brukeravbildning\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "Klarte ikke å utføre SELinux-transaksjon\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Brukerkobling for %s er ikke definert, OK hvis forvalgt kobling ble brukt\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "Brukerkobling for %s er definert i regelsett, og kan ikke slettes\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Klarte ikke å slette brukerkobling for %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: minnet er fullt\n"
-
-# , c-format
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: Klarte ikke å utføre stat på %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s er hverken en mappe eller symbolsk lenke.\n"
-
-# , c-format
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Klarte ikke å lese symbolsk lenke %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Mistenkelig lang symlenke: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: Klarte ikke å opprette mappa %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Klarte ikke å gi %s ny eier: %s\n"
-
-# , c-format
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Klarte ikke å endre modus for %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: avlenk: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Klarte ikke å slette mappa %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Klarte ikke å endre navn på %s til %s: %s\n"
-
-# , c-format
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Klarte ikke å fjerne %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Klarte ikke å lage symbolsk lenke %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Klarte ikke å gi %s ny eier: %s\n"
-
-# , c-format
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Klarte ikke å kjøre lstat for %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Advarsel: bruker %s har ingen tcb-skyggefil.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Kritisk: %s' tcb-skygge er ikke en vanlig fil med st_nlink=1.\n"
-"Kontoen forblir låst.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-# , c-format
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: Klarte ikke å åpne %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Advarsel: ukjent gruppe %s\n"
 
@@ -298,14 +73,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: klarte ikke å låse opp %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Det ligger flere oppføringer med navnet «%s» i %s. Korriger dette med pwck "
+"eller grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Miljøet er fullt\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "har du et libcrypt som ikke støtter crypt-metoden? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -430,8 +213,15 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Fant ikke entydig UID (ingen flere UID-er tilgjengelig)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "oppsettsfeil –  klarte ikke å tolke %s-verdi: «%s»"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Klarte ikke å tildele plass til oppsettsinformasjon.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "oppsettsfeil - element «%s» er ukjent (kontakt administrator)\n"
 
 # , c-format
 #, fuzzy, c-format
@@ -464,7 +254,7 @@ msgstr "Klarte ikke å endre navn på %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: klarte ikke å åpne fil\n"
 
 #, fuzzy, c-format
@@ -477,9 +267,22 @@ msgstr "%s: linje %d: chown %s mislyktes: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: linje %d: chown %s mislyktes: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: linje %d: chown %s mislyktes: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "For mange innlogginger.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "Du har fått ny e-post."
 
@@ -489,6 +292,14 @@ msgstr "Ingen e-post."
 msgid "You have mail."
 msgstr "Du har ulest e-post."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd avsluttet ikke normallt (signal %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd avsluttet med status %d\n"
+
 msgid "no change"
 msgstr "ingen endring"
 
@@ -501,9 +312,6 @@ msgstr "bare endring i store/små bokstaver"
 msgid "too similar"
 msgstr "for likt"
 
-msgid "too simple"
-msgstr "for enkelt"
-
 msgid "rotated"
 msgstr "rotert"
 
@@ -549,6 +357,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() mislyktes, feil %d\n"
 
+msgid "Password: "
+msgstr "Passord: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s's Passord: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Feil passord for «%s».\n"
@@ -575,16 +390,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: fikk ikke tilgang til chroot-mappe %s: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: klarte ikke å bytte mappe til chroot-mappe %s: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: klarte ikke å utføre chroot med %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: klarte ikke å bytte mappe til chroot-mappe %s: %s\n"
 
 #, c-format
 msgid ""
@@ -601,6 +413,109 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Klarte ikke å åpne kontrollgrensesnitt – avbryter.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Klarte ikke å lage SELinux-styringshåndtak\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux-regler blir ikke håndtert\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Klarte ikke å lese SELinux-regler\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "Klarte ikke å sette opp SELinux-styringstilkobling\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Klarte ikke å begynne SELinux-transaksjon\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Klarte ikke spørre seuser om %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "Klarte ikke endre serange for %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Klarte ikke endre sename for %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Klarte ikke å endre brukerkobling for %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Klarte ikke å lage SELinux-brukerkobling for %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Klarte ikke å endre navn på %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Klarte ikke å endre SELinux-brukernavn for %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Klarte ikke legge til brukerkobling for %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Klarte ikke å starte opp SELinux-styringsverktøy\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Klarte ikke å lage SELinux-brukernøkkel\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Klarte ikke å bekrefte SELinux-bruker\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Klarte ikke å endre SELinux-brukerkobling\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Klarte ikke å legge til SELinux brukeravbildning\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "Klarte ikke å utføre SELinux-transaksjon\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Brukerkobling for %s er ikke definert, OK hvis forvalgt kobling ble brukt\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "Brukerkobling for %s er definert i regelsett, og kan ikke slettes\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Klarte ikke å slette brukerkobling for %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Klarte ikke å bytte mappe til «%s»\n"
@@ -613,6 +528,10 @@ msgid "Cannot execute %s"
 msgstr "Klarte ikke å kjøre %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Rotmappe «%s» er ugyldig\n"
 
@@ -621,6 +540,92 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Klarte ikke å endre rotmappe til «%s»\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: minnet er fullt\n"
+
+# , c-format
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: Klarte ikke å utføre stat på %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s er hverken en mappe eller symbolsk lenke.\n"
+
+# , c-format
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Klarte ikke å lese symbolsk lenke %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Mistenkelig lang symlenke: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: Klarte ikke å opprette mappa %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Klarte ikke å gi %s ny eier: %s\n"
+
+# , c-format
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Klarte ikke å endre modus for %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: avlenk: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Klarte ikke å slette mappa %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Klarte ikke å endre navn på %s til %s: %s\n"
+
+# , c-format
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Klarte ikke å fjerne %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Klarte ikke å lage symbolsk lenke %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Klarte ikke å gi %s ny eier: %s\n"
+
+# , c-format
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Klarte ikke å kjøre lstat for %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Advarsel: bruker %s har ingen tcb-skyggefil.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Kritisk: %s' tcb-skygge er ikke en vanlig fil med st_nlink=1.\n"
+"Kontoen forblir låst.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+# , c-format
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: Klarte ikke å åpne %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: brukeren %s er pålogget\n"
 
@@ -691,6 +696,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_MAPPE       mappe som skal brukes til chroot\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_MAPPE       mappe som skal brukes til chroot\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -718,12 +728,15 @@ msgstr "Inaktivt passord"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Utløpsdato for konto (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Forrige endring av passord\t\t\t\t\t: "
-
 msgid "never"
 msgstr "aldri"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Forrige endring av passord\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "passordet må endres"
 
@@ -903,14 +916,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: bruker «%s» finnes ikke\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: klarte ikke å endre bruker «%s» på NIS-klient.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: «%s» er NIS-sjef for denne klienten.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Endrer brukerinformasjon for %s\n"
 
@@ -950,6 +955,11 @@ msgid ""
 msgstr ""
 "  -s, --sha-rounds              antall SHA-runder for kryptering med SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: krypteringsmetoden %s støttes ikke på dette systemet\n"
+
 # , c-format
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
@@ -1007,6 +1017,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Innloggingsskall"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Fant ikke størrelse på %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: klarte ikke å opprette ny forvalg-fil\n"
+
 # , c-format
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
@@ -1021,6 +1041,12 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Ugyldig inntasting: %s\n"
 
 # , c-format
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s er et ugyldig skall\n"
+
+# , c-format
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s er et ugyldig skall\n"
@@ -1271,11 +1297,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  lag en systemkonto\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_MAPPE       mappe som skal brukes til chroot\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    vis gruppemedlemmer\n"
@@ -1291,6 +1312,12 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: «%s» er et ugyldig gruppenavn\n"
 
 # , c-format
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: Klarte ikke å åpne %s: %s\n"
+
+# , c-format
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: «%s» er en ugyldig gruppe-ID\n"
@@ -1341,15 +1368,6 @@ msgstr "%s: gruppa «%s» finnes ikke\n"
 
 # , c-format
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: gruppe «%s» er en NIS-gruppe\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s er NIS-sjef\n"
-
-# , c-format
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: bruker «%s» er allerede medlem av «%s»\n"
 
@@ -1450,10 +1468,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: ugyldig gruppenavn «%s»\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: gruppa %s er en NIS-gruppe\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: ukjent bruker %s\n"
 
@@ -1581,8 +1595,12 @@ msgstr ""
 "  -b, --before DAGER            skriv ut bare lastlog-poster eldre enn "
 "DAGER\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   tøm lastlog-oppføring for en bruker (krever "
@@ -1681,9 +1699,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Kan umulig virke uten effektiv root\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "Ingen oppføring i utmp. Du må kjøre «login» fra «sh» på laveste nivå"
-
 #, c-format
 msgid ""
 "\n"
@@ -1718,14 +1733,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Fant ikke bruker (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: mislykket utspalting: %s"
 
@@ -1760,7 +1767,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1791,19 +1799,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: klarte ikke å låse opp %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: fant ikke tcb-mappe for %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Klarte ikke opprette tcb-mappe for %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1839,14 +1842,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Klarte ikke opprette tcb-mappe for %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1872,6 +1875,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: ugyldig brukernavn «%s»\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: linje %d: ugyldig linje\n"
 
@@ -1897,6 +1904,11 @@ msgstr "%s: linje %d: klarte ikke å lage ny gruppe\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: linje %d: bruker «%s» finnes ikke i %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: avlenk: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: linje %d: klarte ikke å oppdatere passord\n"
@@ -1920,13 +1932,13 @@ msgstr "%s: linje %d: klarte ikke å oppdatere oppføring\n"
 
 # , c-format
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: klarte ikke å lage ny %s-oppføring\n"
+msgid "%s: can't find subordinate user range\n"
+msgstr "%s: fant ikke underordnet bruker-rekkevidde\n"
 
 # , c-format
 #, c-format
-msgid "%s: can't find subordinate user range\n"
-msgstr "%s: fant ikke underordnet bruker-rekkevidde\n"
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: klarte ikke å lage ny %s-oppføring\n"
 
 #, c-format
 msgid "%s: can't find subordinate group range\n"
@@ -1997,6 +2009,11 @@ msgstr ""
 "  -x, --maxdays DAGER           endre maksimalt antall dager før passord\n"
 "                                må endres til DAGER\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    vis aldringsinformasjon for konto\n"
+
 msgid "Old password: "
 msgstr "Gammelt passord: "
 
@@ -2017,6 +2034,11 @@ msgstr ""
 "Skriv inn det nye passordet (minst %d, høyst %d tegn)\n"
 "Bruk en kombinasjon av store og små bokstaver, og tall.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: feltene er for lange\n"
+
 msgid "New password: "
 msgstr "Nytt passord: "
 
@@ -2062,6 +2084,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: ikke støtte for lager %s\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: bare root kan bruke valget -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s har ikke rett til å endre passord for %s\n"
@@ -2219,11 +2246,9 @@ msgstr "%s: funksjonsfeil ved signal\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Økt avsluttet, avslutter skall ..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " … drept.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ... venter på at barneprosess avslutter.\n"
 
@@ -2312,6 +2337,11 @@ msgstr "%s: Du har ikke adgang til å su på den tiden\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Ingen oppføring for bruker «%s» i passordfil\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "ugyldig brukernavn «%s»\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: må kjøres fra en terminal\n"
@@ -2358,6 +2388,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: oppsettet for %s i %s blir ignorert\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: oppsettet for %s i %s blir ignorert\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: klarte ikke å opprette ny forvalg-fil\n"
@@ -2368,10 +2405,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: klarte ikke å opprette ny forvalg-fil\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: klarte ikke å opprette ny forvalg-fil\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: klarte ikke å åpne ny frovalg-fil\n"
 
@@ -2388,10 +2421,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: gi nytt navn: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: gruppe «%s» er en NIS-gruppe.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: for mange grupper (maks %d).\n"
 
@@ -2528,6 +2557,17 @@ msgstr ""
 "  -Z, --selinux-user SEBRUKER     bruk en bestemt bruker SEBRUKER for "
 "SELinux brukeravbildning\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEBRUKER     bruk en bestemt bruker SEBRUKER for "
+"SELinux brukeravbildning\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: ugyldig basismappe «%s»\n"
@@ -2670,6 +2710,16 @@ msgstr "Fant ikke gruppa «mail». Oppretter e-postkassefil med modus 0600.\n"
 msgid "Setting mailbox file permissions"
 msgstr "Endrer rettigheter for e-postkassefil"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Lager e-postkassefil"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Lager e-postkassefil"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2812,10 +2862,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: Klarte ikke å fjerne tcb-filer for %s:  %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: bruker %s er en NIS-bruker\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: fant ikke hjemmemappe for %s (%s)\n"
 
@@ -2944,6 +2990,16 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     ny SELinux brukeravbildning for "
 "brukerkontoen\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     ny SELinux brukeravbildning for "
+"brukerkontoen\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3039,12 +3095,26 @@ msgstr ""
 "%s: klarte ikke å kopiere lastlog-oppføring for bruker %lu til bruker %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: klarte ikke å kopiere lastlog-oppføring for bruker %lu til bruker %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: klarte ikke å kopiere faillog-oppføring for bruker %lu til bruker %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: klarte ikke å kopiere faillog-oppføring for bruker %lu til bruker %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: advarsel: %s er ikke eid av %s\n"
@@ -3152,8 +3222,10 @@ msgstr "klarte ikke å avlenke kladdfil"
 msgid "failed to stat edited file"
 msgstr "klarte ikke å kjøre «stat» på redigert fil"
 
-msgid "failed to allocate memory"
-msgstr "klarte ikke å tildele minne"
+#, fuzzy
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: klarte ikke å åpne fil\n"
 
 msgid "failed to create backup file"
 msgstr "klarte ikke å lage sikkerhetskopi-fil"
@@ -3166,6 +3238,57 @@ msgstr "%s: klarte ikke å gjenopprette %s: %s (endringer ligger i %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: fant ikke tcb-mappe for %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Miljøet er fullt\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: klarte ikke å endre bruker «%s» på NIS-klient.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: «%s» er NIS-sjef for denne klienten.\n"
+
+# , c-format
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: gruppe «%s» er en NIS-gruppe\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s er NIS-sjef\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: gruppa %s er en NIS-gruppe\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: klarte ikke å opprette ny forvalg-fil\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: gruppe «%s» er en NIS-gruppe.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: bruker %s er en NIS-bruker\n"
+
+#~ msgid "too simple"
+#~ msgstr "for enkelt"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Ingen oppføring i utmp. Du må kjøre «login» fra «sh» på laveste nivå"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: fant ikke tcb-mappe for %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "klarte ikke å tildele minne"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Bruk: id\n"
 
@@ -3181,10 +3304,6 @@ msgstr "%s: fant ikke tcb-mappe for %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: informasjon om utløp av passord er endret.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ugyldig brukernavn «%s»\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Brukernavn       Port     Fra             Sist"
 
diff --git a/po/ne.gmo b/po/ne.gmo
index 55de882..c72fe57 100644
--- a/po/ne.gmo
+++ b/po/ne.gmo
diff --git a/po/ne.po b/po/ne.po
index 5f69b5d..826ef6c 100644
--- a/po/ne.po
+++ b/po/ne.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.17\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2006-06-16 14:30+0545\n"
 "Last-Translator: Shiva Pokharel <pokharelshiva@hotmail.com>\n"
 "Language-Team: Nepali <info@mpp.org.np>\n"
@@ -20,220 +20,6 @@ msgstr ""
 "X-Generator: KBabel 1.10.2\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "कनफिगरेसन सूचनाको लागि खाली ठाऊ� बा�ड�न सकिदैन ।\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "कन�फिगरेसन त�र�टि - अज�ञात वस�त� '%s' (प�रशासकलाई सूचना गर�न�होस)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "पासवर�ड: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "'%s' को पासवर�ड: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "पासवर�ड फाइल खोल�न सकि�न ।\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "कनफिगरेसन सूचनाको लागि खाली ठाऊ� बा�ड�न सकिदैन ।\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s का लागि अवधि सूचना परिवर�तन गरिदैछ\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: तपाई�को प�रयोगकर�ता नाम निर�धारण गर�न सकि�न ।\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: रेखा %d: प�रयोगकर�ता फेला पार�न सकि�न %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: स�मृति भन�दा बाहिर\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: फाइल %s अद�यावधिक गर�न सकि�न\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: अवैध गृह डाइरेक�ट�री '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: चेतावनी: हट�न सक�दैन "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: चेतावनी: हट�न सक�दैन "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: प�न:नामकरण गर�न�होस�: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: चेतावनी: हट�न सक�दैन "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: चेतावनी: हट�न सक�दैन "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: फाइल %s अद�यावधिक गर�न सकि�न\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: स�याडो फाइल अद�यावधिक ह�न सकेन\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: प�न:नामकरण गर�न�होस�: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: फाइल %s खोल�न सकि�न\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "चेतावनी: अज�ञात समूह %s\n"
 
@@ -279,6 +65,11 @@ msgstr "tty %s लाई परिवरà¥�तन गरà¥�न असकà¥�षà¤
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: अति लामो फा�ट\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -286,8 +77,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "परिवेशको अतिप�रवाह\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -386,9 +178,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: अद�वितिय UID प�राप�त गर�न सकि�न\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "कनफिगरेसन सूचनाको लागि खाली ठाऊ� बा�ड�न सकिदैन ।\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "कन�फिगरेसन त�र�टि - अज�ञात वस�त� '%s' (प�रशासकलाई सूचना गर�न�होस)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: PAM आधिकरण असफल भयो\n"
@@ -416,7 +215,7 @@ msgstr "कनफिगरेसन सूचनाको लागि खाल
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: फाइल खोल�न सकि�न\n"
 
 #, fuzzy, c-format
@@ -427,9 +226,21 @@ msgstr "%s: रेखा %d: chown असफल भयो\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: रेखा %d: chown असफल भयो\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: रेखा %d: chown असफल भयो\n"
+
 msgid "Too many logins.\n"
 msgstr "अति धेरै लगइनहरू ।\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s लगइन: "
+
 msgid "You have new mail."
 msgstr "तपाई�स�ग नया� मेल छ।"
 
@@ -439,6 +250,14 @@ msgstr "मेल छैन।"
 msgid "You have mail."
 msgstr "तपाई�को मेल छ।"
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "परिवर�तन छैन"
 
@@ -451,9 +270,6 @@ msgstr "केस परिवर�तनहरू मात�र"
 msgid "too similar"
 msgstr "अति मिल�दो"
 
-msgid "too simple"
-msgstr "अति सजिलो"
-
 msgid "rotated"
 msgstr "घ�मिरहेको"
 
@@ -500,6 +316,13 @@ msgid ""
 "%s\n"
 msgstr "पासवर�ड: pam_start() असफल भयो, त�र�टि %d\n"
 
+msgid "Password: "
+msgstr "पासवर�ड: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "'%s' को पासवर�ड: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr " %s को लागि गलत पासवर�ड ।\n"
@@ -525,18 +348,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -549,6 +368,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "पासवर�ड फाइल खोल�न सकि�न ।\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "कनफिगरेसन सूचनाको लागि खाली ठाऊ� बा�ड�न सकिदैन ।\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "कनफिगरेसन सूचनाको लागि खाली ठाऊ� बा�ड�न सकिदैन ।\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s का लागि अवधि सूचना परिवर�तन गरिदैछ\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: तपाई�को प�रयोगकर�ता नाम निर�धारण गर�न सकि�न ।\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: रेखा %d: प�रयोगकर�ता फेला पार�न सकि�न %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "'%s' मा सि डि गर�न असफल\n"
@@ -561,6 +481,10 @@ msgid "Cannot execute %s"
 msgstr "%s कार�यान�वयन गर�न सकि�न"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "अवैध मूल डाइरेकट�री '%s'\n"
 
@@ -569,6 +493,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "'%s' मा मूल डाइरेकट�री परिवर�तन गर�न सकिदैन\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: स�मृति भन�दा बाहिर\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: फाइल %s अद�यावधिक गर�न सकि�न\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: अवैध गृह डाइरेक�ट�री '%s'\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: चेतावनी: हट�न सक�दैन "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: चेतावनी: हट�न सक�दैन "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: प�न:नामकरण गर�न�होस�: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: चेतावनी: हट�न सक�दैन "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: चेतावनी: हट�न सक�दैन "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: फाइल %s अद�यावधिक गर�न सकि�न\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: स�याडो फाइल अद�यावधिक ह�न सकेन\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: प�न:नामकरण गर�न�होस�: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: फाइल %s खोल�न सकि�न\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: प�रयोगकर�ता %s हालै लग गरियो\n"
 
@@ -627,6 +629,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -652,12 +657,15 @@ msgstr "पासवर�ड निष�क�रिय"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "लेखा समाप�ति मिति (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "अन�तिम पासवर�ड परिवर�तन भयो\t\t\t\t\t: "
-
 msgid "never"
 msgstr "कहिल�यै पनि"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "अन�तिम पासवर�ड परिवर�तन भयो\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "पासवर�ड परिवर�तन ह�न�पर�छ"
 
@@ -826,14 +834,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: प�रयोगकर�ता %s अवस�थित छैन\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: NIS ग�राहकमा प�रयोगकर�ता '%s' परिवर�तन गर�न सकिदैन ।\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' यो ग�राहकको लागि NIS मास�टर हो ।\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr " %s को लागि प�रयोगकर�ता सूचना परिवर�तन गरिदैछ\n"
 
@@ -861,6 +861,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: -a फ�ल�याग -G फ�ल�याग संग मात�र अन�मति छ\n"
@@ -912,6 +916,15 @@ msgid "Login Shell"
 msgstr "शेल लगइन"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: नया� पूर�वनिर�धारित फाइल सिर�जना गर�न सकि�न\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "तपाई� यस को लागि शेल परिवर�तन गर�न सक�न�ह�न�न %s ।\n"
 
@@ -924,6 +937,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: अवैध प�रविष�टि: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s अवैध शेल हो ।\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s अवैध शेल हो ।\n"
 
@@ -1133,9 +1150,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1149,6 +1163,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s वैध समूह नाम होइन\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: फाइल %s खोल�न सकि�न\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "अवैध समूह नाम '%s'\n"
 
@@ -1191,14 +1209,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: समूह %s अवस�थित छैन\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: समूह '%s' NIS समूह हो ।\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s NIS मास�टर हो\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: प�रयोगकर�ता %s NIS प�रयोगकर�ता हो\n"
 
@@ -1274,10 +1284,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "अवैध समूह नाम '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: समूह %s NIS समूह हो\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: अज�ञात प�रयोगकर�ता %s\n"
 
@@ -1391,7 +1397,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1485,11 +1491,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"utmp प�रविष�टि भ�न । तपाई�ले \"login\" गर�दा ज�यादै न�यून तह \"sh\" बाट कार�यन�वयन "
-"गर�न�पर�छ"
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1524,14 +1525,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: रेखा %d: प�रयोगकर�ता फेला पार�न सकि�न %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s लगइन: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: फोर�क गर�दा असफल: %s"
 
@@ -1567,7 +1560,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1592,17 +1586,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: अति लामो फा�ट\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: अवैध डाइरेक�ट�री '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1636,14 +1626,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1665,6 +1654,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: अवैध प�रयोगकर�ता नाम '%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: रेखा %d: अवैध रेखा\n"
 
@@ -1684,6 +1677,10 @@ msgstr "%s: रेखा %d: GID सिर�जना गर�न सकि�
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: प�रयोगकर�ता %s अवस�थित छैन\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: प�न:नामकरण गर�न�होस�: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: रेखा %d: पासवर�ड अद�यावधिक गर�न सकि�न\n"
@@ -1705,14 +1702,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: रेखा %d: प�रविष�टि अद�यावधिक गर�न सकि�न\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: विशेषधिकारहरू छोड�न असफल भयो (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: यो %s सिर�जना गर�न सकिदैन\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: विशेषधिकारहरू छोड�न असफल भयो (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: समूह फाइल अद�यावधिक गर�न सकि�न\n"
 
@@ -1770,6 +1767,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "प�रानो पासवर�ड: "
 
@@ -1789,6 +1789,11 @@ msgstr ""
 "नया� पासवर�ड प�रविष�ट गर�न�होस� (%d को न�य�नतम, %d को अधिक�तम क�यारेक�टरहरू)\n"
 "कृपया सानो र ठूलो अक�षरहरू र नम�बरहर�को मिलान प�रयोग गर�न�होस� ।\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: अति लामो फा�ट\n"
+
 msgid "New password: "
 msgstr "नया� पासवर�ड : "
 
@@ -1830,6 +1835,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: रेपोजिटरी %s समर�थित छैन\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1973,11 +1982,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2050,6 +2057,11 @@ msgstr "तपाई� su %s मा प�रमाणिकरण ह�न�
 msgid "No passwd entry for user '%s'\n"
 msgstr "मूलको लागि पासवर�ड प�रविष�टि छैन'"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "अवैध प�रयोगकर�ता नाम '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: टर�मिनलबाट चल�न�पर�छ\n"
@@ -2095,6 +2107,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2106,10 +2124,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: नया� पूर�वनिर�धारित फाइल सिर�जना गर�न सकि�न\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: नया� पूर�वनिर�धारित फाइल सिर�जना गर�न सकि�न\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: नया� पूर�वनिर�धारित फाइल खोल�न सकि�न\n"
 
@@ -2126,10 +2140,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: प�न:नामकरण गर�न�होस�: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: समूह '%s' NIS समूह हो ।\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: अति धेरै समूहरू निर�दिष�ट गरि�को छ (max %d) ।\n"
 
@@ -2238,6 +2248,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: अवैध डाइरेक�ट�री '%s'\n"
@@ -2367,6 +2382,16 @@ msgstr "समूह मेल फेला परेन । ०६०० मो
 msgid "Setting mailbox file permissions"
 msgstr "मेल बाकस फाइल अन�मतिहरू मिलाउदै"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "मेल बाकस फाइल सिर�जना गर�दै"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "मेल बाकस फाइल सिर�जना गर�दै"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2486,10 +2511,6 @@ msgstr "%s: डाइरेकà¥�टà¥�री %s लाई %s मा पà¥�न:à
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: डाइरेक�ट�री %s लाई %s मा प�न:नामकरण गर�न सकिदैन\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: प�रयोगकर�ता %s NIS प�रयोगकर�ता हो\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: अवैध गृह डाइरेक�ट�री '%s'\n"
@@ -2588,6 +2609,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2670,10 +2695,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: पासवर�ड फाइल अद�यावधिक गर�न सकि�न\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: डाइरेकट�री सिर�जना गर�न सकि�न %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: चेतावनी: %s चा�हि %s को स�वामित�वमा छैन\n"
@@ -2779,8 +2812,9 @@ msgid "failed to stat edited file"
 msgstr "मेल बक�सलाई प�न:नामकरण गर�न असफल भयो"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "मेलबक�स प�रापक परिवर�तन गर�न असफल भयो"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: फाइल खोल�न सकि�न\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2794,6 +2828,57 @@ msgstr "%s: प�न:भण�डारण गर�न सकिदैन %s:
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: अवैध डाइरेक�ट�री '%s'\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "परिवेशको अतिप�रवाह\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: NIS ग�राहकमा प�रयोगकर�ता '%s' परिवर�तन गर�न सकिदैन ।\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' यो ग�राहकको लागि NIS मास�टर हो ।\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: समूह '%s' NIS समूह हो ।\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s NIS मास�टर हो\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: समूह %s NIS समूह हो\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: नया� पूर�वनिर�धारित फाइल सिर�जना गर�न सकि�न\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: समूह '%s' NIS समूह हो ।\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: प�रयोगकर�ता %s NIS प�रयोगकर�ता हो\n"
+
+#~ msgid "too simple"
+#~ msgstr "अति सजिलो"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "utmp प�रविष�टि भ�न । तपाई�ले \"login\" गर�दा ज�यादै न�यून तह \"sh\" बाट कार�यन�वयन "
+#~ "गर�न�पर�छ"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: अवैध डाइरेक�ट�री '%s'\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "मेलबक�स प�रापक परिवर�तन गर�न असफल भयो"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "उपयोग: id\n"
 
@@ -2809,10 +2894,6 @@ msgstr "%s: अवैध डाइरेक�ट�री '%s'\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "पासवर�ड समाप�ति चेतावनी"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "अवैध प�रयोगकर�ता नाम '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "सबै भन�दा पछिल�लो        बाट                पोर�ट        प�रयोगकर�ता नाम"
 
diff --git a/po/nl.gmo b/po/nl.gmo
index a0500ba..b3c8d3c 100644
--- a/po/nl.gmo
+++ b/po/nl.gmo
diff --git a/po/nl.po b/po/nl.po
index f1cca10..1a48326 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -1,14 +1,14 @@
 # dutch po-file for shadow
 # Copyright (C) 2004 Free Software Foundation, Inc.
 # Bart Cornelis <cobaco@linux.be>, 2004, 2006.
-# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014-2022.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014-2024.
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: shadow 4.12.2\n"
+"Project-Id-Version: shadow 4.15.1\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
-"PO-Revision-Date: 2022-09-27 17:08+0200\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
+"PO-Revision-Date: 2024-05-09 12:30+0200\n"
 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
 "Language: nl\n"
@@ -19,230 +19,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"In %s staan meerdere regels met als naam '%s'. Gelieve dit met pwck of grpck "
-"te repareren.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "niet door libcrypt ondersteunde encryptiemethode? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "configuratiefout - kan waarde %s niet ontleden: '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Kon geen ruimte toewijzen voor de configuratie-info.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"configuratiefout - onbekend item '%s' (waarschuw een systeembeheerder)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd werd niet normaal beëindigd (signaal %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd sloot af met status %d\n"
-
-msgid "Password: "
-msgstr "Wachtwoord: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Wachtwoord van %s: "
-
-msgid "Cannot open audit interface.\n"
-msgstr "Kan auditinterface niet openen.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-"%s: kan context van vorige SELinux-proces niet verkrijgen: %s\n"
-"\n"
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Kan geen instrument voor SELinux-beheer creëren\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux-beleid wordt niet beheerd\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Kan het gebied met het SELinux-beleid niet lezen\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "Kan geen verbinding leggen om SELinux te beheren\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Kan de SELinux-transactie niet beginnen\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Kon de seuser van %s niet opvragen\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Kon de serange van %s niet instellen\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Kon de sename van %s niet instellen\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Kon de aanmeldkoppeling van %s niet veranderen\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Kan voor %s geen SELinux-aanmeldkoppeling maken\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Kon voor %s geen naam instellen\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Kon voor %s geen SELinuxgebruiker instellen\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Kon voor %s geen aanmeldkoppeling toevoegen\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Kan SELinuxbeheer niet initialiseren\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Kan de gebruikerssleutel voor SELinux niet aanmaken\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Kan de SELinuxgebruiker niet verifiëren\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Kon de gebruikerskoppeling in SELinux niet veranderen\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Kan in SELinux geen gebruikerskoppeling toevoegen\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "Kan de SELinux-transactie niet vastleggen\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Geen aanmeldkoppeling gedefinieerd voor %s. OK als de standaardkoppeling "
-"gebruikt werd\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"Aanmeldkoppeling van %s werd in het beleid gedefinieerd en kan niet gewist "
-"worden\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Kon de aanmeldkoppeling van %s niet wissen"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: onvoldoende geheugen\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: kan de status niet opvragen van %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s is geen map en ook geen symbolische koppeling.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: kan symbolische koppeling %s niet lezen: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: verdacht lange symbolische koppeling: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: kan map %s niet aanmaken: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: kan eigenaar van %s niet wijzigen: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: kan modus van %s niet wijzigen: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: ontkoppelen: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: kan map %s niet verwijderen: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: kan %s niet hernoemen naar %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: kan %s niet verwijderen: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: kan symbolische koppeling %s niet aanmaken: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: kan eigenaars van %s niet wijzigen: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: kan status van symbolische koppeling %s niet opvragen: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: waarschuwing: gebruiker %s heeft geen tcb-schaduwbestand.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: noodsituatie: het tcb-schaduwbestand van %s is geen gewoon bestand met "
-"st_nlink=1.\n"
-"Het account is vergrendeld gebleven.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: kan bestand %s niet openen: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Waarschuwing: onbekende groep %s\n"
 
@@ -289,14 +65,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: ontgrendelen van %s is mislukt\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"In %s staan meerdere regels met als naam '%s'. Gelieve dit met pwck of grpck "
+"te repareren.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Omgeving wordt te groot\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "niet door libcrypt ondersteunde encryptiemethode? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -415,8 +199,16 @@ msgstr ""
 "%s: kan geen uniek UID verkrijgen (er zijn geen UID's meer beschikbaar)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr "%s: Onvoldoende argumenten om %u-toewijzingen te vormen\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "configuratiefout - kan waarde %s niet ontleden: '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Kon geen ruimte toewijzen voor de configuratie-info.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"configuratiefout - onbekend item '%s' (waarschuw een systeembeheerder)\n"
 
 #, c-format
 msgid "%s: Memory allocation failure\n"
@@ -443,8 +235,8 @@ msgid "%s: Could not set caps\n"
 msgstr "%s: Kon hoofdletters niet instellen\n"
 
 #, c-format
-msgid "%s: snprintf failed!\n"
-msgstr "%s: snprintf is mislukt!\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: stpeprintf is mislukt!\n"
 
 #, c-format
 msgid "%s: open of %s failed: %s\n"
@@ -454,9 +246,21 @@ msgstr "%s: openen van %s mislukte: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: schrijven naar %s mislukte: %s\n"
 
+#, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: sluiten van %s mislukte: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Te veel aanmeldingen.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s gebruikersnaam: "
+
 msgid "You have new mail."
 msgstr "U heeft nieuwe e-mail ontvangen."
 
@@ -466,6 +270,14 @@ msgstr "Geen e-mail."
 msgid "You have mail."
 msgstr "U heeft e-mail."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd werd niet normaal beëindigd (signaal %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd sloot af met status %d\n"
+
 msgid "no change"
 msgstr "geen veranderingen"
 
@@ -478,9 +290,6 @@ msgstr "enkel veranderingen van grote naar kleine letters (of omgekeerd)"
 msgid "too similar"
 msgstr "te gelijkaardig"
 
-msgid "too simple"
-msgstr "te simpel"
-
 msgid "rotated"
 msgstr "geroteerd"
 
@@ -525,6 +334,13 @@ msgstr ""
 "%s: (gebruiker %s) pam_chauthtok() is mislukt, fout:\n"
 "%s\n"
 
+msgid "Password: "
+msgstr "Wachtwoord: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Wachtwoord van %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Onjuist wachtwoord voor %s.\n"
@@ -551,16 +367,12 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: krijg geen toegang tot chroot-map %s: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: kan chdir naar chroot-map %s niet uitvoeren: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: chroot naar map %s lukt niet: %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr "Kan geen willekeurige bytes verkrijgen.\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: kan chdir in chroot-map %s niet uitvoeren: %s\n"
 
 #, c-format
 msgid ""
@@ -580,6 +392,111 @@ msgstr ""
 "ENCRYPT_METHOD en de bijbehorende configuratie voor uw geselecteerde hash-"
 "methode.\n"
 
+msgid "Cannot open audit interface.\n"
+msgstr "Kan auditinterface niet openen.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+"%s: kan context van vorige SELinux-proces niet verkrijgen: %s\n"
+"\n"
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Kan geen instrument voor SELinux-beheer creëren\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux-beleid wordt niet beheerd\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Kan het gebied met het SELinux-beleid niet lezen\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "Kan geen verbinding leggen om SELinux te beheren\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Kan de SELinux-transactie niet beginnen\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Kon de seuser van %s niet opvragen\n"
+
+#, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Kon de serange voor %s niet instellen op %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Kon de sename van %s niet instellen\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Kon de aanmeldkoppeling van %s niet veranderen\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Kan voor %s geen SELinux-aanmeldkoppeling maken\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Kon voor %s geen naam instellen\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Kon voor %s geen SELinuxgebruiker instellen\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Kon voor %s geen aanmeldkoppeling toevoegen\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Kan SELinuxbeheer niet initialiseren\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Kan de gebruikerssleutel voor SELinux niet aanmaken\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Kan de SELinuxgebruiker niet verifiëren\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Kon de gebruikerskoppeling in SELinux niet veranderen\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Kan in SELinux geen gebruikerskoppeling toevoegen\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "Kan de SELinux-transactie niet vastleggen\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Geen aanmeldkoppeling gedefinieerd voor %s. OK als de standaardkoppeling "
+"gebruikt werd\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"Aanmeldkoppeling van %s werd in het beleid gedefinieerd en kan niet gewist "
+"worden\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Kon de aanmeldkoppeling van %s niet wissen"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Kan niet van map veranderen (cd) naar '%s'\n"
@@ -592,6 +509,10 @@ msgid "Cannot execute %s"
 msgstr "Kan %s niet uitvoeren"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr "Maximale diepte van het subsysteem bereikt\n"
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Ongeldige hoofdmap '%s'\n"
 
@@ -600,6 +521,87 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Kan de hoofdmap niet veranderen naar '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: onvoldoende geheugen\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: kan de status niet opvragen van %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s is geen map en ook geen symbolische koppeling.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: kan symbolische koppeling %s niet lezen: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: verdacht lange symbolische koppeling: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: kan map %s niet aanmaken: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: kan eigenaar van %s niet wijzigen: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: kan modus van %s niet wijzigen: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: ontkoppelen: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: kan map %s niet verwijderen: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: kan %s niet hernoemen naar %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: kan %s niet verwijderen: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: kan symbolische koppeling %s niet aanmaken: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: kan eigenaars van %s niet wijzigen: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: kan status van symbolische koppeling %s niet opvragen: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: waarschuwing: gebruiker %s heeft geen tcb-schaduwbestand.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: noodsituatie: het tcb-schaduwbestand van %s is geen gewoon bestand met "
+"st_nlink=1.\n"
+"Het account is vergrendeld gebleven.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: kan bestand %s niet openen: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: gebruiker %s is momenteel aangemeld\n"
 
@@ -671,6 +673,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_MAP         basismap voor chroot\n"
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -P, --prefix PREFIX_MAP       map-prefix\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -698,12 +703,15 @@ msgstr "Wachtwoord niet actief"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Vervaldatum van account (JJJJ-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Laatste wachtwoordverandering\t\t\t\t: "
-
 msgid "never"
 msgstr "nooit"
 
+msgid "future"
+msgstr "toekomst"
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Laatste wachtwoordverandering\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "wachtwoord moet veranderd worden"
 
@@ -883,14 +891,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: gebruiker '%s' bestaat niet\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: kan gebruiker '%s' niet veranderen op NIS-client.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' is de NIS-master voor deze client.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "De gebruikersinformatie over %s wordt veranderd\n"
 
@@ -927,6 +927,10 @@ msgstr ""
 "                                of YESCRYPT encryptie-algoritmes\n"
 
 #, c-format
+msgid "%s: no crypt method defined\n"
+msgstr "%s: geen encryptiemethode gedefinieerd\n"
+
+#, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: vlag %s is enkel toegelaten in combinatie met vlag %s\n"
 
@@ -980,6 +984,14 @@ msgid "Login Shell"
 msgstr "Login-shell"
 
 #, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "Kan shell-bestanden niet ontleden: %s"
+
+#, c-format
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "Kan items in shell-bestanden niet evalueren: %s"
+
+#, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "U mag de shell voor '%s' niet aanpassen.\n"
 
@@ -992,6 +1004,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: ongeldig element: %s\n"
 
 #, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: Waarschuwing: %s is geen geldige shell\n"
+
+#, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s is geen geldige shell\n"
 
@@ -1237,9 +1253,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  een systeem-account aanmaken\n"
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -P, --prefix PREFIX_MAP       map-prefix\n"
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 "  -U, --users GEBRUIKERS         lijst van leden-gebruikers van deze groep\n"
@@ -1253,6 +1266,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s' is geen geldige groepsnaam\n"
 
 #, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: kan %s niet openen: %s\n"
+
+#, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: ongeldige groeps-ID '%s'\n"
 
@@ -1298,14 +1315,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: groep '%s' bestaat niet\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: groep '%s' is een NIS-groep\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s is de NIS-master\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: gebruiker '%s' is reeds lid van '%s'\n"
 
@@ -1397,10 +1406,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: ongeldige groepsnaam '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: groep %s is een NIS-groep\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: onbekende gebruiker %s\n"
 
@@ -1528,7 +1533,7 @@ msgstr ""
 "  -b, --before DAGEN            enkel lastlog-items ouder dan DAGEN tonen\n"
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   lastlog-informatie over een gebruiker\n"
@@ -1632,11 +1637,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Kan mogelijk niet functioneren zonder effectieve root\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Er is geen utmp-item. U dient \"login\" uit te voeren vanaf het laagste "
-"niveau \"sh\""
-
 #, c-format
 msgid ""
 "\n"
@@ -1671,14 +1671,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Kan gebruiker (%s) niet vinden\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s gebruikersnaam: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: nieuw proces beginnen is mislukt: %s"
 
@@ -1714,9 +1706,10 @@ msgstr "%s: gid-bereik [%lu-%lu) -> [%lu-%lu) niet toegestaan\n"
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
-"gebruik: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> "
+"gebruik: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
 "<count> ] ... \n"
 
 #, c-format
@@ -1740,20 +1733,16 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: setgroups-beleid %s mislukte: %s\n"
 
 #, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: Kon proc-map voor doel %u niet openen\n"
-
-#, c-format
-msgid "%s: Could not stat directory for target %u\n"
-msgstr "%s: Kon status van map voor doel %u niet opvragen\n"
+msgid "%s: Could not stat directory for process\n"
+msgstr "%s: Kon status van map voor proces niet opvragen\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
-"%s: Doel %u is van een andere gebruiker: uid:%lu pw_uid:%lu st_uid:%lu, gid:"
-"%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Doelproces is van een andere gebruiker: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
 
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Gebruik: newgrp [-] [groep]\n"
@@ -1787,18 +1776,15 @@ msgstr "%s: uid-bereik [%lu-%lu) -> [%lu-%lu) niet toegestaan\n"
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
-"gebruik: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> "
+"gebruik: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
 "<count> ] ... \n"
 
 #, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
-"%s: Doelproces %u is van een andere gebruiker: uid:%lu pw_uid:%lu st_uid:"
-"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Kon status van map voor doelproces niet opvragen\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr "  -b, --badname                 slechte namen toestaan\n"
@@ -1819,6 +1805,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: ongeldige gebruikersnaam '%s': gebruik --badname om te negeren\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr "%s: Geef '--crypt-method' op vóór het aantal rondes\n"
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: regel %d: ongeldige regel\n"
 
@@ -1841,6 +1831,10 @@ msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: regel %d: gebruiker '%s' bestaat niet in %s\n"
 
 #, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: regel: %d: %s\n"
+
+#, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: regel %d: kan wachtwoord niet bijwerken\n"
 
@@ -1861,14 +1855,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: regel %d: kan element niet bijwerken\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: voorbereiden van het nieuwe %s-element is mislukt\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: kan ondergeschikt gebruikersbereik niet vinden\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: voorbereiden van het nieuwe %s-element is mislukt\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: kan ondergeschikt groepsbereik niet vinden\n"
 
@@ -1948,6 +1942,9 @@ msgstr ""
 "wachtwoordwijziging\n"
 "                                instellen op MAX_DAGEN\n"
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -s, --stdin                   nieuw token lezen van stdin\n"
+
 msgid "Old password: "
 msgstr "Oud wachtwoord: "
 
@@ -1967,6 +1964,9 @@ msgstr ""
 "Voer het nieuwe wachtwoord in (minimaal %d en maximaal %d tekens)\n"
 "Gebruik een combinatie van grote en kleine letters en cijfers.\n"
 
+msgid "Password is too long.\n"
+msgstr "Wachtwoord is te lang.\n"
+
 msgid "New password: "
 msgstr "Nieuw wachtwoord: "
 
@@ -2013,6 +2013,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: depot %s wordt niet ondersteund\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: enkel de systeembeheerder kan de optie --stdin/-s gebruiken\n"
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 "%s: root heeft volgens SELinux niet het recht om het wachtwoord van %s te "
@@ -2165,11 +2169,9 @@ msgstr "%s: signaal werkt slecht\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sessie beëindigd, shell wordt afgesloten..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...gedood.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...wachten op het beëindigen van kind-proces.\n"
 
@@ -2244,6 +2246,10 @@ msgid "No passwd entry for user '%s'\n"
 msgstr "Geen wachtwoordregel voor gebruiker '%s'\n"
 
 #, c-format
+msgid "Overlong user name '%s'\n"
+msgstr "Te lange gebruikersnaam '%s'\n"
+
+#, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: dient uitgevoerd te worden vanaf een terminal\n"
 
@@ -2289,6 +2295,14 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: de %s-instellingen in %s zullen genegeerd worden\n"
 
 #, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+"%s: de configuratie van '%s' in %s heeft een ongeldige groep, deze groep "
+"wordt genegeerd\n"
+
+#, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: kan geen nieuw bestand met standaardwaarden aanmaken: %s\n"
 
@@ -2297,10 +2311,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: kan geen map aanmaken voor bestand met standaardwaarden\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: kan geen nieuw bestand met standaardwaarden aanmaken\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: kan het nieuwe bestand met standaardwaarden niet openen\n"
 
@@ -2317,10 +2327,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: hernoemen: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: groep '%s' is een NIS-groep.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: te veel groepen gespecificeerd (max %d).\n"
 
@@ -2388,6 +2394,8 @@ msgid ""
 "  -F, --add-subids-for-system   add entries to sub[ud]id even when adding a "
 "system user\n"
 msgstr ""
+"  -F, --add-subids-for-system   items toevoegen aan sub[ud]id, zelfs bij het "
+"toevoegen van een systeemgebruiker\n"
 
 msgid ""
 "  -g, --gid GROUP               name or ID of the primary group of the new\n"
@@ -2467,6 +2475,13 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     een specifieke SEUSER gebruiken om de\n"
 "                                gebruikerskoppeling voor SELinux te maken\n"
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"      --selinux-range SERANGE   een specifiek MLS-bereik gebruiken om de\n"
+"                                gebruikerskoppeling voor SELinux te maken\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: ongeldige basismap '%s'\n"
@@ -2599,6 +2614,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Bestandsrechten van postvak-bestand worden ingesteld"
 
+msgid "Synchronize mailbox file"
+msgstr "Postvak-bestand synchroniseren"
+
+msgid "Closing mailbox file"
+msgstr "Postvak-bestand wordt gesloten"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr "%s waarschuwing: %s zijn/haar uid %d is groter dan SYS_UID_MAX %d.\n"
@@ -2730,10 +2751,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: kan de tcb-bestanden voor %s niet verwijderen: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: gebruiker %s is een NIS-gebruiker\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s persoonlijke map (%s) niet gevonden\n"
 
@@ -2863,6 +2880,12 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     nieuwe koppeling met SELinux-gebruiker voor\n"
 "                                het gebruikersaccount\n"
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"      --selinux-range SERANGE   nieuw SELinux MLS-bereik voor\n"
+"                                het gebruikersaccount\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2944,16 +2967,13 @@ msgstr ""
 msgid "%s: cannot rename directory %s to %s\n"
 msgstr "%s: kan map %s niet hernoemen naar %s\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "%s: The previous home directory (%s) was not a directory. It is not "
-#| "removed and no home directories are created.\n"
+#, c-format
 msgid ""
 "%s: The previous home directory (%s) does not exist or is inaccessible. Move "
 "cannot be completed.\n"
 msgstr ""
-"%s: De vroegere persoonlijke map (%s) was geen map. Ze werd niet verwijderd "
-"en er werden geen persoonlijke mappen aangemaakt.\n"
+"%s: De vroegere persoonlijke map (%s) bestaat niet of is ontoegankelijk. Het "
+"verplaatsen kan niet worden voltooid.\n"
 
 #, c-format
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
@@ -2962,12 +2982,24 @@ msgstr ""
 "mislukt: %s\n"
 
 #, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: kopiëren van het lastlog-item van gebruiker %ju naar gebruiker %ju is "
+"mislukt: %s\n"
+
+#, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: kopiëren van het faillog-item van gebruiker %lu naar gebruiker %lu is "
 "mislukt: %s\n"
 
 #, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: kopiëren van het faillog-item van gebruiker %ju naar gebruiker %ju is "
+"mislukt: %s\n"
+
+#, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: waarschuwing: %s is niet van %s\n"
 
@@ -3068,8 +3100,8 @@ msgstr "ontkoppelen van initieel bestand is mislukt"
 msgid "failed to stat edited file"
 msgstr "opvragen van status van bewerkt bestand is mislukt"
 
-msgid "failed to allocate memory"
-msgstr "geheugen toekennen is mislukt"
+msgid "asprintf(3) failed"
+msgstr "asprintf(3) is mislukt"
 
 msgid "failed to create backup file"
 msgstr "maken van reservekopie is mislukt"
@@ -3081,3 +3113,38 @@ msgstr "%s: kan %s niet herstellen: %s (uw aanpassingen staan in %s)\n"
 #, c-format
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: tcb-map van %s vinden is mislukt\n"
+
+#~ msgid "Environment overflow\n"
+#~ msgstr "Omgeving wordt te groot\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: kan gebruiker '%s' niet veranderen op NIS-client.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' is de NIS-master voor deze client.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: groep '%s' is een NIS-groep\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s is de NIS-master\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: groep %s is een NIS-groep\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: kan geen nieuw bestand met standaardwaarden aanmaken\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: groep '%s' is een NIS-groep.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: gebruiker %s is een NIS-gebruiker\n"
diff --git a/po/nn.gmo b/po/nn.gmo
index 6d78b83..5497764 100644
--- a/po/nn.gmo
+++ b/po/nn.gmo
diff --git a/po/nn.po b/po/nn.po
index 645b551..01f7734 100644
--- a/po/nn.po
+++ b/po/nn.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2004-06-03 21:41+0200\n"
 "Last-Translator: HÃ¥vard Korsvoll <korsvoll@skulelinux.no>\n"
 "Language-Team: Norwegian (Nynorsk) <i18n-nn@lister.ping.uio.no>\n"
@@ -18,220 +18,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Klarte ikkje finna plass for oppsettsinformasjon.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "oppsettsfeil - ukjent element «%s» (gje melding til administrator)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Passord: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s sitt passord: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Klarer ikkje opna passordfila.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Klarte ikkje finna plass for oppsettsinformasjon.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Endrar aldringsformasjonen for %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Klarer ikkje avgjere brukarnamnet ditt.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: linje %d: klarer ikkje finne brukar %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: tomt for minne\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: klarer ikkje oppdatere fila %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: ugyldig heimemappe «%s»\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: kan ikkje oppretta mappa %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: åtvaring: kan ikkje fjerna "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: åtvaring: kan ikkje fjerna "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: gje nytt namn: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: åtvaring: kan ikkje fjerna "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: kan ikkje oppretta mappa %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: åtvaring: kan ikkje fjerna "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: klarer ikkje oppdatere fila %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: klarer ikkje oppdatere skuggepassordfil\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: gje nytt namn: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: klarer ikkje opna fila %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Ã…tvaring: ukjent gruppe %s\n"
 
@@ -277,6 +63,11 @@ msgstr "Klarer ikkje skifta tty %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: felta er for lange\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "passwd: %s\n"
@@ -284,8 +75,9 @@ msgstr "passwd: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Miljø overflyt\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -380,9 +172,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: klarer ikkje få unikt gid\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "Klarte ikkje finna plass for oppsettsinformasjon.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "oppsettsfeil - ukjent element «%s» (gje melding til administrator)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: PAM-autentisering feila\n"
@@ -409,7 +208,7 @@ msgstr "Klarte ikkje finna plass for oppsettsinformasjon.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: klarer ikkje opna fil\n"
 
 #, fuzzy, c-format
@@ -420,9 +219,21 @@ msgstr "%s: linje %d: chown feila\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: linje %d: chown feila\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: linje %d: chown feila\n"
+
 msgid "Too many logins.\n"
 msgstr "For mange innloggingar.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s brukarnamn: "
+
 msgid "You have new mail."
 msgstr "Du har ny e-post."
 
@@ -432,6 +243,14 @@ msgstr "Ingen e-post."
 msgid "You have mail."
 msgstr "Du har e-post."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 #, fuzzy
 msgid "no change"
 msgstr "%s: ingen endringar\n"
@@ -445,9 +264,6 @@ msgstr ""
 msgid "too similar"
 msgstr ""
 
-msgid "too simple"
-msgstr ""
-
 msgid "rotated"
 msgstr ""
 
@@ -494,6 +310,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() feila, feil %d\n"
 
+msgid "Password: "
+msgstr "Passord: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s sitt passord: "
+
 #, fuzzy, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Feil passord for «%s»\n"
@@ -519,18 +342,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: kan ikkje oppretta mappa %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: kan ikkje oppretta mappa %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: kan ikkje oppretta mappa %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -543,6 +362,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Klarer ikkje opna passordfila.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Klarte ikkje finna plass for oppsettsinformasjon.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Klarte ikkje finna plass for oppsettsinformasjon.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Endrar aldringsformasjonen for %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Klarer ikkje avgjere brukarnamnet ditt.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: linje %d: klarer ikkje finne brukar %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Klarer ikkje cd til «%s»\n"
@@ -554,6 +474,10 @@ msgstr "Inga mappe, loggar inn med HOME=/"
 msgid "Cannot execute %s"
 msgstr "Klarer ikkje køyra %s"
 
+#, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Ugyldig rotmappe «%s»\n"
@@ -563,6 +487,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Klarer ikkje endra rotmappe til «%s»\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: tomt for minne\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: klarer ikkje oppdatere fila %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: ugyldig heimemappe «%s»\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: kan ikkje oppretta mappa %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: åtvaring: kan ikkje fjerna "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: åtvaring: kan ikkje fjerna "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: gje nytt namn: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: åtvaring: kan ikkje fjerna "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: kan ikkje oppretta mappa %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: åtvaring: kan ikkje fjerna "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: klarer ikkje oppdatere fila %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: klarer ikkje oppdatere skuggepassordfil\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: gje nytt namn: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: klarer ikkje opna fila %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: brukaren %s er pålogga\n"
 
@@ -622,6 +624,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -648,13 +653,16 @@ msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Dato for når kontoen utgår (ÅÅÅÅ-MM-DD)"
 
 #, fuzzy
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Førre passordendring (ÅÅÅÅ-MM-DD)"
-
-#, fuzzy
 msgid "never"
 msgstr "Aldri"
 
+msgid "future"
+msgstr ""
+
+#, fuzzy
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Førre passordendring (ÅÅÅÅ-MM-DD)"
+
 msgid "password must be changed"
 msgstr "Passord er endra"
 
@@ -825,14 +833,6 @@ msgstr "%s: «%s» inneheld ulovlege teikn\n"
 msgid "%s: user '%s' does not exist\n"
 msgstr "%s: brukar %s finst ikkje\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: klarer ikkje endra brukar «%s» på NIS-klient.\n"
-
-#, fuzzy, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: «%s» er NIS-hovud for denne klienten.\n"
-
 #, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Endrar brukarinformasjon for %s\n"
@@ -861,6 +861,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: ta ikkje med «l» med andre flagg\n"
@@ -912,6 +916,15 @@ msgid "Login Shell"
 msgstr "Innloggingskal"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: klarer ikkje opprette fil for standardverdiar\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Du treng ikkje endra skal for %s.\n"
 
@@ -924,6 +937,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Ugyldig inntasting: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s er eit ugyldig skal.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s er eit ugyldig skal.\n"
 
@@ -1133,9 +1150,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1149,6 +1163,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s er ikkje eit gyldig gruppenamn\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: klarer ikkje opna fila %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "ugyldig gruppenamn «%s»\n"
 
@@ -1191,14 +1209,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: gruppe %s eksisterer ikkje\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: gruppe «%s» er ei NIS-gruppe.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s er NIS-hovudet\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: brukar %s er ikkje ein NIS brukar\n"
 
@@ -1274,10 +1284,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "ugyldig gruppenamn «%s»\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: gruppe %s er ei NIS-gruppe\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: ukjend brukar %s\n"
 
@@ -1391,7 +1397,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1485,9 +1491,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1527,14 +1530,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: linje %d: klarer ikkje finne brukar %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s brukarnamn: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr ""
 
@@ -1568,7 +1563,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1593,17 +1589,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: felta er for lange\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: ugyldig startmappe «%s»\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: kan ikkje oppretta mappa %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1637,14 +1629,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: kan ikkje oppretta mappa %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1666,6 +1657,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: ugyldig brukarnamn «%s»\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: linje %d: ugyldig linje\n"
 
@@ -1685,6 +1680,10 @@ msgstr "%s: linje %d: klarer ikkje laga GID\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: brukar %s finst ikkje\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: gje nytt namn: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: linje %d: klarer ikkje oppdatere passord\n"
@@ -1706,14 +1705,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: linje %d: kan ikkje oppdatere oppføring\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: linje %d: kan ikkje oppdatere oppføring\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: kan ikkje oppretta %s\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: linje %d: kan ikkje oppdatere oppføring\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: klarer ikkje oppdatere gruppefil\n"
 
@@ -1771,6 +1770,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Gamalt passord:"
 
@@ -1790,6 +1792,11 @@ msgstr ""
 "Skriv inn det nye passordet (minimum %d, maksimum %d teikn)\n"
 "Bruk ein kombinasjon av store og små bokstavar og tal.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: felta er for lange\n"
+
 msgid "New password: "
 msgstr "Nytt passord: "
 
@@ -1831,6 +1838,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: arkiv %s er ikkje støtta\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1973,11 +1984,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2038,6 +2047,11 @@ msgstr "Du er ikkje autorisert til su %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Inga passordoppføring for «root»"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "ugyldig brukarnamn «%s»\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: må køyrast frå ein terminal\n"
@@ -2083,6 +2097,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2094,10 +2114,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: klarer ikkje opprette fil for standardverdiar\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: klarer ikkje opprette fil for standardverdiar\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: klarer ikkje opna fil for standardverdiar\n"
 
@@ -2113,10 +2129,6 @@ msgstr "%s: kan ikkje oppretta mappa %s\n"
 msgid "%s: rename: %s: %s\n"
 msgstr "%s: gje nytt namn: %s"
 
-#, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: gruppe «%s» er ei NIS-gruppe.\n"
-
 #, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: for mange grupper spesifisert (maks %d).\n"
@@ -2226,6 +2238,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: ugyldig startmappe «%s»\n"
@@ -2355,6 +2372,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr ""
 
+msgid "Synchronize mailbox file"
+msgstr ""
+
+msgid "Closing mailbox file"
+msgstr ""
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2469,10 +2492,6 @@ msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: klarte ikkje endra namn på mappa %s til %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: brukar %s er ikkje ein NIS brukar\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: ugyldig heimemappe «%s»\n"
@@ -2572,6 +2591,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2654,10 +2677,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: klarer ikkje oppdatere passordfil\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: kan ikkje oppretta mappa %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: åtvaring: %s er ikkje eigd av %s\n"
@@ -2762,8 +2793,9 @@ msgid "failed to stat edited file"
 msgstr "klarte ikkje endra namn på mailbox"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "klarte ikke å endra eigar av mailbox"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: klarer ikkje opna fil\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2777,6 +2809,49 @@ msgstr "%s: klarer ikkje gjenoppretta %s: %s (endringane dine er i %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: ugyldig startmappe «%s»\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Miljø overflyt\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: klarer ikkje endra brukar «%s» på NIS-klient.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: «%s» er NIS-hovud for denne klienten.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: gruppe «%s» er ei NIS-gruppe.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s er NIS-hovudet\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: gruppe %s er ei NIS-gruppe\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: klarer ikkje opprette fil for standardverdiar\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: gruppe «%s» er ei NIS-gruppe.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: brukar %s er ikkje ein NIS brukar\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: ugyldig startmappe «%s»\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "klarte ikke å endra eigar av mailbox"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Bruk: id\n"
 
@@ -2792,10 +2867,6 @@ msgstr "%s: ugyldig startmappe «%s»\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Åtvaring for utgått passord"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ugyldig brukarnamn «%s»\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Brukarnamn       Port     Frå              Siste"
 
diff --git a/po/pl.gmo b/po/pl.gmo
index 7f40c58..3736da7 100644
--- a/po/pl.gmo
+++ b/po/pl.gmo
diff --git a/po/pl.po b/po/pl.po
index 229ea86..35e562f 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2007-11-25 20:53+0100\n"
 "Last-Translator: Tomasz KÅ‚oczko <kloczek@pld.org.pl>\n"
 "Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
@@ -20,221 +20,6 @@ msgstr ""
 "|| n%100>=20) ? 1 : 2);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Nie można przydzielić miejsca dla informacji o konfiguracji.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"błąd w konfiguracji - nieznana pozycja '%s' (powiadom administratora)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Hasło: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Hasło użytkownika %s: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Nie można otworzyć pliku z hasłami.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Nie można przydzielić miejsca dla informacji o konfiguracji.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Zmieniam informację o użytkowniku %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Nie można ustalić twojej nazwy użytkownika.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: linia %d: nie można znaleźć użytkownika %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: brak pamięci\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: nie można zaktualizować pliku %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: nieprawidłowy katalog domowy '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: nie można utworzyć katalogu %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: ostrzeżenie: nie można usunąć "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: ostrzeżenie: nie można usunąć "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: zmiana nazwy: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: ostrzeżenie: nie można usunąć "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: nie można utworzyć katalogu %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: ostrzeżenie: nie można usunąć "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: nie można zaktualizować pliku %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: nie można zaktualizować pliku z ukrytymi hasłami\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: zmiana nazwy: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: nie można otworzyć pliku %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Ostrzeżenie: nieznana grupa %s\n"
 
@@ -280,6 +65,11 @@ msgstr "Nie można zmienić tty %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: pola zbyt długie\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -287,8 +77,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Przepełnienie środowiska\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -390,8 +181,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: nie można uzyskać niepowtarzalnego UID\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Nie można przydzielić miejsca dla informacji o konfiguracji.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"błąd w konfiguracji - nieznana pozycja '%s' (powiadom administratora)\n"
 
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
@@ -420,7 +219,7 @@ msgstr "Nie można przydzielić miejsca dla informacji o konfiguracji.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: nie można otworzyć pliku\n"
 
 #, fuzzy, c-format
@@ -431,9 +230,21 @@ msgstr "%s: linia %d: chown nie powiodło się\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: linia %d: chown nie powiodło się\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: linia %d: chown nie powiodło się\n"
+
 msgid "Too many logins.\n"
 msgstr "Zbyt wiele otwartych sesji.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "Masz nowÄ… pocztÄ™."
 
@@ -443,6 +254,14 @@ msgstr "Nie masz poczty."
 msgid "You have mail."
 msgstr "Masz pocztÄ™."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "bez zmian"
 
@@ -455,9 +274,6 @@ msgstr "zmieniona tylko wielkości liter"
 msgid "too similar"
 msgstr "zbyt podobne"
 
-msgid "too simple"
-msgstr "za proste"
-
 msgid "rotated"
 msgstr "rotacja"
 
@@ -504,6 +320,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() nie powiodło się, błąd %d\n"
 
+msgid "Password: "
+msgstr "Hasło: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Hasło użytkownika %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Nieprawidłowe hasło %s.\n"
@@ -529,18 +352,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: nie można utworzyć katalogu %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: nie można utworzyć katalogu %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: nie można utworzyć katalogu %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -553,6 +372,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Nie można otworzyć pliku z hasłami.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Nie można przydzielić miejsca dla informacji o konfiguracji.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Nie można przydzielić miejsca dla informacji o konfiguracji.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Zmieniam informację o użytkowniku %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Nie można ustalić twojej nazwy użytkownika.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: linia %d: nie można znaleźć użytkownika %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Nie można zmienić katalogu na '%s'\n"
@@ -565,6 +485,10 @@ msgid "Cannot execute %s"
 msgstr "Nie można uruchomić %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Nieprawidłowy katalog główny '%s'\n"
 
@@ -573,6 +497,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Nie można zmienić głównego katalogu na '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: brak pamięci\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: nie można zaktualizować pliku %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: nieprawidłowy katalog domowy '%s'\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: nie można utworzyć katalogu %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: ostrzeżenie: nie można usunąć "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: ostrzeżenie: nie można usunąć "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: zmiana nazwy: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: ostrzeżenie: nie można usunąć "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: nie można utworzyć katalogu %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: ostrzeżenie: nie można usunąć "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: nie można zaktualizować pliku %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: nie można zaktualizować pliku z ukrytymi hasłami\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: zmiana nazwy: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: nie można otworzyć pliku %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: użytkownik %s jest aktualnie zalogowany\n"
 
@@ -631,6 +633,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -656,12 +661,15 @@ msgstr "Hasło nieaktywne"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Data utraty ważności konta (RRRR-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Ostatnia zmiana hasła\t\t\t\t\t: "
-
 msgid "never"
 msgstr "nigdy"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Ostatnia zmiana hasła\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "Hasło musi zostać zmienione"
 
@@ -830,14 +838,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: użytkownik %s nie istnieje\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: nie można zmienić użytkownika '%s' na kliencie NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' jest nadrzędnym serwerem NIS dla tego klienta.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Zmieniam informację o użytkowniku %s\n"
 
@@ -865,6 +865,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: opcja -a można użyć TYLKO z pcją -G\n"
@@ -916,6 +920,15 @@ msgid "Login Shell"
 msgstr "Powłoka logowania"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: nie można utworzyć nowego pliku z ustawieniami domyślnymi\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Nie możesz zmieniać powłoki dla %s.\n"
 
@@ -928,6 +941,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Nieprawidłowy wpis: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s jest nieprawidłową powłoką.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s jest nieprawidłową powłoką.\n"
 
@@ -1137,9 +1154,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1153,6 +1167,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s: nie jest prawidłową nazwą grupy\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: nie można otworzyć pliku %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "nieprawidłowa nazwa grupy '%s'\n"
 
@@ -1195,14 +1213,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: grupa %s nie istnieje\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: grupa '%s' jest grupÄ… NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s jest głównym serwerem NIS\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: użytkownik %s jest użytkownikiem NIS\n"
 
@@ -1278,10 +1288,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "nieprawidłowa nazwa grupy '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: grupa %s jest grupÄ… NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: nieznany użytkownik %s\n"
 
@@ -1397,7 +1403,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1491,10 +1497,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Brak wpisu w utmp.  Musisz wykonać \"login\" z najniższego poziomu \"sh\""
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1529,14 +1531,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: linia %d: nie można znaleźć użytkownika %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: failure forking: %s"
 
@@ -1572,7 +1566,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1597,17 +1592,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: pola zbyt długie\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: nieprawidłowy katalog bazowy '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: nie można utworzyć katalogu %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1641,14 +1632,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: nie można utworzyć katalogu %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1670,6 +1660,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: nieprawidłowa nazwa użytkownika '%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: linia %d: nieprawidłowa linia\n"
 
@@ -1689,6 +1683,10 @@ msgstr "%s: linia %d: nie można utworzyć GID\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: użytkownik %s nie istnieje\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: zmiana nazwy: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: linia %d: nie można zaktualizować pliku z hasłami\n"
@@ -1710,14 +1708,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: linia %d: nie można zaktualizować wpisu\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: niepowiodło się porzucenie uprawnień (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: nie można utworzyć %s\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: niepowiodło się porzucenie uprawnień (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: nie można zaktualizować pliku z grupami\n"
 
@@ -1775,6 +1773,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Stare hasło: "
 
@@ -1794,6 +1795,11 @@ msgstr ""
 "Wpisz nowe hasło (minimum %d, maksimum %d znaków)\n"
 "Proszę użyj kombinacji wielkich i małych znaków oraz cyfr.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: pola zbyt długie\n"
+
 msgid "New password: "
 msgstr "Nowe hasło: "
 
@@ -1835,6 +1841,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: repozytorium %s nie jest obsługiwane\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1977,11 +1987,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2066,6 +2074,11 @@ msgstr "Nie masz autoryzacji by używać su %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Brak wpisu do bazy haseł dla 'root'"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "nieprawidłowa nazwa użytkownika '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: musisz uruchamiać z terminala\n"
@@ -2111,6 +2124,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2122,10 +2141,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: nie można utworzyć nowego pliku z ustawieniami domyślnymi\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: nie można utworzyć nowego pliku z ustawieniami domyślnymi\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: nie można otworzyć nowego pliku z ustawieniami domyślnymi\n"
 
@@ -2142,10 +2157,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: zmiana nazwy: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: grupa '%s' jest grupÄ… NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: podano zbyt wiele grup (maks %d).\n"
 
@@ -2254,6 +2265,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: nieprawidłowy katalog bazowy '%s'\n"
@@ -2385,6 +2401,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Ustawianie praw dostępu do pliku mailbox"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Tworzenie pliku mailbox"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Tworzenie pliku mailbox"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2505,10 +2531,6 @@ msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: nie można zmienić nazwy katalogu z %s na %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: użytkownik %s jest użytkownikiem NIS\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: nieprawidłowy katalog domowy '%s'\n"
@@ -2608,6 +2630,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2691,10 +2717,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: nie można zaktualizować pliku z hasłami\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: nie można utworzyć katalogu %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: ostrzeżenie: właścicielem %s nie jest %s\n"
@@ -2800,8 +2834,9 @@ msgid "failed to stat edited file"
 msgstr "zmiana nazwy skrzynki pocztowej nie powiodła się"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "zmiana właściciela skrzynki pocztowej nie powiodła się"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: nie można otworzyć pliku\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2815,6 +2850,56 @@ msgstr "%s: nie można odzyskać %s: %s (twoje zmiany są w %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: nieprawidłowy katalog bazowy '%s'\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Przepełnienie środowiska\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: nie można zmienić użytkownika '%s' na kliencie NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' jest nadrzędnym serwerem NIS dla tego klienta.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: grupa '%s' jest grupÄ… NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s jest głównym serwerem NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: grupa %s jest grupÄ… NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: nie można utworzyć nowego pliku z ustawieniami domyślnymi\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: grupa '%s' jest grupÄ… NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: użytkownik %s jest użytkownikiem NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "za proste"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Brak wpisu w utmp.  Musisz wykonać \"login\" z najniższego poziomu \"sh\""
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: nieprawidłowy katalog bazowy '%s'\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "zmiana właściciela skrzynki pocztowej nie powiodła się"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Użycie: id\n"
 
@@ -2830,10 +2915,6 @@ msgstr "%s: nieprawidłowy katalog bazowy '%s'\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Ostrzeżenie o utracie ważności hasła"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "nieprawidłowa nazwa użytkownika '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Użytkownik       Port     Z                Ostatnio"
 
diff --git a/po/pt.gmo b/po/pt.gmo
index e8be4c7..8e2f332 100644
--- a/po/pt.gmo
+++ b/po/pt.gmo
diff --git a/po/pt.po b/po/pt.po
index 0575d03..84a37df 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2012-01-14 12:41+0000\n"
 "Last-Translator: Miguel Figueiredo <elmig@debianpt.org>\n"
 "Language-Team: Portuguese <traduz@debianpt.org>\n"
@@ -18,230 +18,6 @@ msgstr ""
 "X-Generator: Lokalize 1.2\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Existem várias entradas chamadas '%s' em %s. Por favor corrija isto com pwck "
-"ou grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "método de encriptação não suportado por libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-"erro de configuração - não foi possível interpretar o valor de %s: '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Não foi possível alocar o espaço para a informação de configuração.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"erro de configuração - item '%s' desconhecido (notifique o administrador)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscp não terminou normalmente (sinal %d)\n"
-
-#, fuzzy, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd saiu com o estado %d"
-
-msgid "Password: "
-msgstr "Palavra-passe: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Palavra-passe de %s: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Não é possível abrir o interface de auditoria - a abortar.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Não foi possível criar handle de gestão SELinux\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "Política SELinux não gerida\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Não foi possível ler armazenamento de políticas SELinux\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "Não foi possível establecer ligação de gestão SELinux\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Não foi possível iniciar transacção SELinux\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Não foi possível consultar seuser para %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Não pode definir serange para %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Não foi possível definir sename para %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Não foi possível modificar o mapeamento do login para %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Não foi possível criar mapeamento de login SELinux para %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Não foi possível definir nome para %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Não foi possível definir utilizador SELinux para %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Não foi possível acrescentar mapeamento de login para %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Não foi possível inicia a gestão do SELinux\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Não pode criar a chave de utilizador SELinux\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Não foi possível verificar o utilizador SELinux\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Não foi possível alterar o mapeamento de utilizador SELinux\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Não foi possível acrescentar o mapeamento de utilizador SELinux\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "Não foi possível o 'commit' à transacção SELinux\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Não está definido o mapeamento de login para %s, OK se foi utilizado o "
-"mapeamento predefinido\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"O mapeamento de login para %s é definido na política, não pode ser apagado\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Não foi possível apagar o mapeamento do login para %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: memória esgotada\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: não é possível fazer stat a %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s não é nem um directório, nem um symlink.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: não é possível ler o link simbólico %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: link simbólico longo suspeito: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: não é possível criar o directório %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Não pode alterar o dono de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Não é possível alterar o modo de %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: unlink: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Não é possível remover o directório %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Não é possível renomear %s para %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Não é possível remover %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Não é possível criar link simbólico %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Não conseguiu alterar os donos de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Não é possível lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Aviso, o utilizador '%s' não tem ficheiro shadow tcb.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Emergência: o ficheiro shadow tcb de %s não é um ficheiro normal com "
-"st_nlink=1.\n"
-"A conta é mantida bloqueada.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: não é possível abrir %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Aviso: grupo desconhecido %s\n"
 
@@ -288,14 +64,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: falha ao desbloquear %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Existem várias entradas chamadas '%s' em %s. Por favor corrija isto com pwck "
+"ou grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Overflow do ambiente\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "método de encriptação não suportado por libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -420,8 +204,17 @@ msgstr ""
 "%s: Não foi possível obter um UID único (não existem mais UIDs disponíveis)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+"erro de configuração - não foi possível interpretar o valor de %s: '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Não foi possível alocar o espaço para a informação de configuração.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"erro de configuração - item '%s' desconhecido (notifique o administrador)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -451,9 +244,10 @@ msgstr "Não foi possível definir nome para %s\n"
 msgid "%s: Could not set caps\n"
 msgstr "Não foi possível definir nome para %s\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: linha %d: chown %s falhou: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -465,9 +259,22 @@ msgstr "%s: linha %d: chown %s falhou: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: linha %d: chown %s falhou: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: linha %d: chown %s falhou: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Demasiados logins.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "Tem novo correio."
 
@@ -477,6 +284,14 @@ msgstr "Não tem correio."
 msgid "You have mail."
 msgstr "Tem correio."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscp não terminou normalmente (sinal %d)\n"
+
+#, fuzzy, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd saiu com o estado %d"
+
 msgid "no change"
 msgstr "sem alterações"
 
@@ -489,9 +304,6 @@ msgstr "apenas alteração de maiúsculas/minúsculas"
 msgid "too similar"
 msgstr "demasiado parecido"
 
-msgid "too simple"
-msgstr "demasiado simples"
-
 msgid "rotated"
 msgstr "rodado"
 
@@ -537,6 +349,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() falhou, erro %d\n"
 
+msgid "Password: "
+msgstr "Palavra-passe: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Palavra-passe de %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Palavra-passe incorrecta para %s.\n"
@@ -562,17 +381,13 @@ msgstr "%s: caminho de chroot inválido: '%s'\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: não pode aceder ao directório chroot %s: %s\n"
 
-#, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: não pode aceder ao directório chroot %s: %s\n"
-
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: não foi possível fazer chroot para o directório %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: não pode aceder ao directório chroot %s: %s\n"
 
 #, c-format
 msgid ""
@@ -589,6 +404,111 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Não é possível abrir o interface de auditoria - a abortar.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Não foi possível criar handle de gestão SELinux\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "Política SELinux não gerida\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Não foi possível ler armazenamento de políticas SELinux\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "Não foi possível establecer ligação de gestão SELinux\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Não foi possível iniciar transacção SELinux\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Não foi possível consultar seuser para %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "Não pode definir serange para %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Não foi possível definir sename para %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Não foi possível modificar o mapeamento do login para %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Não foi possível criar mapeamento de login SELinux para %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Não foi possível definir nome para %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Não foi possível definir utilizador SELinux para %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Não foi possível acrescentar mapeamento de login para %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Não foi possível inicia a gestão do SELinux\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Não pode criar a chave de utilizador SELinux\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Não foi possível verificar o utilizador SELinux\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Não foi possível alterar o mapeamento de utilizador SELinux\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Não foi possível acrescentar o mapeamento de utilizador SELinux\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "Não foi possível o 'commit' à transacção SELinux\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Não está definido o mapeamento de login para %s, OK se foi utilizado o "
+"mapeamento predefinido\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"O mapeamento de login para %s é definido na política, não pode ser apagado\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Não foi possível apagar o mapeamento do login para %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Não foi possível mudar para o directório '%s'\n"
@@ -601,6 +521,10 @@ msgid "Cannot execute %s"
 msgstr "Não foi possível executar %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Directório raiz inválido '%s'\n"
 
@@ -609,6 +533,87 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Não é possível mudar o directório raiz para '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: memória esgotada\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: não é possível fazer stat a %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s não é nem um directório, nem um symlink.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: não é possível ler o link simbólico %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: link simbólico longo suspeito: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: não é possível criar o directório %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Não pode alterar o dono de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Não é possível alterar o modo de %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Não é possível remover o directório %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Não é possível renomear %s para %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Não é possível remover %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Não é possível criar link simbólico %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Não conseguiu alterar os donos de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Não é possível lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Aviso, o utilizador '%s' não tem ficheiro shadow tcb.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Emergência: o ficheiro shadow tcb de %s não é um ficheiro normal com "
+"st_nlink=1.\n"
+"A conta é mantida bloqueada.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: não é possível abrir %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: o utilizador %s está actualmente no sistema\n"
 
@@ -685,6 +690,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_DIR\t\tdirectório para onde fazer chroot\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_DIR\t\tdirectório para onde fazer chroot\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -712,12 +722,15 @@ msgstr "Palavra-passe Inactiva"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Data de Caducidade da Conta (AAAA-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Última alteração da palavra-passe\t\t\t\t\t: "
-
 msgid "never"
 msgstr "nunca"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Última alteração da palavra-passe\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "a palavra-passe tem de ser alterada"
 
@@ -895,14 +908,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: o utilizador '%s' não existe\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: não é possível alterar o utilizador '%s' no cliente NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' é o mestre NIS para este cliente.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "A alterar a informação de utilizador de %s\n"
 
@@ -943,6 +948,11 @@ msgstr ""
 "  -s, --sha-rounds              número de iterações SHA para algoritmos\n"
 "                                de encriptação SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: método de encriptação não suportado: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: a flag %s só é permitida com a flag %s\n"
@@ -995,6 +1005,17 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Shell de Login"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Não conseguiu obter o tamanho de %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr ""
+"%s: não é possível criar um novo ficheiro de configurações pré-definidas\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Não pode alterar a shell para '%s'.\n"
@@ -1007,6 +1028,11 @@ msgstr "A alterar a shell de entrada de %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Entrada inválida: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s é uma shell inválida\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s é uma shell inválida\n"
@@ -1249,11 +1275,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  criar uma conta de sistema\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_DIR\t\tdirectório para onde fazer chroot\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    listar os membros do grupo\n"
@@ -1267,6 +1288,11 @@ msgstr "o nome de utilizador '%s' é inválido\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s' não é um nome válido para o grupo\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: não é possível abrir %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: ID de grupo '%s' inválido\n"
@@ -1311,14 +1337,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: o grupo '%s' não existe.\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: o grupo '%s' é um grupo NIS\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s é o mestre NIS\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: o utilizador '%s' já é um membro de '%s'\n"
 
@@ -1418,10 +1436,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: nome de grupo '%s' inválido\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: o grupo %s é um grupo NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: utilizador desconhecido %s\n"
 
@@ -1548,7 +1562,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     mostrar registos do faillog para todos os "
@@ -1651,11 +1665,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Não é possível trabalhar sem root\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Sem entrada utmp.  Tem de executar \"login\" a partir do \"sh\" de nível "
-"mais baixo"
-
 #, c-format
 msgid ""
 "\n"
@@ -1690,14 +1699,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Não pode encontrar utilizador (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: falha ao bifurcar: %s"
 
@@ -1732,7 +1733,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1759,19 +1761,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: falha ao desbloquear %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: falhou encontrar o directório tcb para %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Falhou a criação do directório tcb para %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1804,14 +1801,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Falhou a criação do directório tcb para %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1835,6 +1832,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: o nome de utilizador '%s' é inválido\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: linha %d: linha inválida\n"
 
@@ -1856,6 +1857,11 @@ msgstr "%s: linha %d: não é possível criar o grupo\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: linha %d: o utilizador '%s' não existe em %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: linha %d: não é possível actualizar a palavra-passe\n"
@@ -1878,14 +1884,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: linha %d: não é possível actualizar o registo\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: falhou a preparação para a nova %s entrada '%s'\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: não é possível criar o utilizador\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: falhou a preparação para a nova %s entrada '%s'\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: não é possível criar grupo\n"
 
@@ -1966,6 +1972,13 @@ msgstr ""
 "  -x, --maxdays MAX_DIAS        definir para MAX_DIAS o número de dias\n"
 "                                máximo antes de alterar a palavra-passe\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    mostrar informação de envelhecimento da \n"
+"                                conta\n"
+
 msgid "Old password: "
 msgstr "Palavra-passe antiga: "
 
@@ -1987,6 +2000,11 @@ msgstr ""
 "Por favor utilize um combinação de letras maiúsculas e minúsculas e de "
 "números.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: valores demasiado grandes\n"
+
 msgid "New password: "
 msgstr "Nova palavra-passe: "
 
@@ -2031,6 +2049,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: o repositório %s não é suportado\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: apenas o root pode utilizar a opção -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s não está autorizado a alterar a palavra-passe de %s\n"
@@ -2184,11 +2207,9 @@ msgstr "%s: mau funcionamento de sinal\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sessão terminada, a terminar shell..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...morto.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...á espera que o processo-filho termine.\n"
 
@@ -2274,6 +2295,11 @@ msgstr "%s: Não está autorizado a fazer su nessa altura\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Nenhuma palavra-passe para o utilizador '%s'\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "o nome de utilizador '%s' é inválido\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: deve ser executado a partir de um terminal\n"
@@ -2320,6 +2346,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: a configuração %s em %s será ignorada\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: a configuração %s em %s será ignorada\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr ""
@@ -2332,11 +2365,6 @@ msgstr ""
 "%s: não é possível criar um novo ficheiro de configurações pré-definidas\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr ""
-"%s: não é possível criar um novo ficheiro de configurações pré-definidas\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr ""
 "%s: não é possível abrir um novo ficheiro de configurações pré-definidas\n"
@@ -2354,10 +2382,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: renomear: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: o grupo '%s' é um grupo NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: estão especificados demasiados grupos (max %d).\n"
 
@@ -2496,6 +2520,17 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     utilizar um SEUSER especifico para o\n"
 "                                mapeamento do utilizador de SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     utilizar um SEUSER especifico para o\n"
+"                                mapeamento do utilizador de SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: directório base inválido '%s'\n"
@@ -2638,6 +2673,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "A definir as permissões do ficheiro mailbox"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Criar ficheiro mailbox"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Criar ficheiro mailbox"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2773,10 +2818,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: não é possível remover os ficheiros tcb para '%s': %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: o utilizador %s é um utilizador NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: o directório home %s (%s) não foi encontrado\n"
 
@@ -2908,6 +2949,16 @@ msgstr ""
 "  -Z, --selinux-user SEUSER\tnovo mapeamento de utilizador SELinux para a "
 "conta do utilizador\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER\tnovo mapeamento de utilizador SELinux para a "
+"conta do utilizador\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3004,12 +3055,26 @@ msgstr ""
 "%s: falhou copiar o registo lastlog do utilizador %lu para o utilizador %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: falhou copiar o registo lastlog do utilizador %lu para o utilizador %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: falhou copiar o registo faillog do utilizador %lu para o utilizador %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: falhou copiar o registo faillog do utilizador %lu para o utilizador %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: aviso: o %s não pertence a %s\n"
@@ -3111,8 +3176,8 @@ msgstr "falhou o unlink a ficheiro 'scratch'"
 msgid "failed to stat edited file"
 msgstr "falhou fazer stat ao ficheiro editado"
 
-msgid "failed to allocate memory"
-msgstr "falhou alocar memória"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "falhou criar ficheiro de backup"
@@ -3125,6 +3190,58 @@ msgstr "%s: não é possível restaurar %s: %s (a suas alterações estão em %s
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: falhou encontrar o directório tcb para %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Overflow do ambiente\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: não é possível alterar o utilizador '%s' no cliente NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' é o mestre NIS para este cliente.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: o grupo '%s' é um grupo NIS\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s é o mestre NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: o grupo %s é um grupo NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr ""
+#~ "%s: não é possível criar um novo ficheiro de configurações pré-definidas\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: o grupo '%s' é um grupo NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: o utilizador %s é um utilizador NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "demasiado simples"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Sem entrada utmp.  Tem de executar \"login\" a partir do \"sh\" de nível "
+#~ "mais baixo"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: falhou encontrar o directório tcb para %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "falhou alocar memória"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Utilização: id\n"
 
@@ -3140,10 +3257,6 @@ msgstr "%s: falhou encontrar o directório tcb para %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: informação de caducidade da palavra-passe alterada.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "o nome de utilizador '%s' é inválido\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Utilizador       Porto    De               Último"
 
diff --git a/po/pt_BR.gmo b/po/pt_BR.gmo
index e3a7345..ec40de2 100644
--- a/po/pt_BR.gmo
+++ b/po/pt_BR.gmo
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 8299a33..6fcf852 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.15\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2011-11-25 20:20+0100\n"
 "Last-Translator: Fred Ulisses Maranhão <fred.maranhao@gmail.com>\n"
 "Language-Team: Debian-BR Project <debian-l10n-portuguese@lists.debian.org>\n"
@@ -17,225 +17,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Cadastro de nome multiplos '%s' in %s. Por Favor conserte-o com pwck ou "
-"grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "metodo de encriptacao não suportado por libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "erro de configuração - não consigo verificar o valor %s: '%s'"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Não foi possível alocar espaço para a informação de configuração.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"erro de configuração - item '%s' desconhecido (notifique o administrador)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Senha : "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Senha de %s : "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Não posso abrir interface de audit - abortando.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Não foi possível alocar espaço para a informação de configuração.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Mudando a informação de idade para %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s : Não foi possível determinar seu nome de usuário.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s : linha %d : não foi possível encontrar usuário %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s : sem memória\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: não foi possível fazer stat %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s não é diretório, nem link simbólico.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Não foi possível ler o link simbólico %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: link simbólico longo suspeito: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: não foi possível criar o diretório %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: não foi possível mudar o proprietário de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: não foi possível mudar o modo de %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: removendo link: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: não foi possível remover diretório %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Não foi possível renomear %s para %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Não foi possível remover %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: não foi possível criar link simbólico %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Não foi possível mudar proprietários de %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Não foi possível fazer lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Atenção, usuário %s não tem arquivo tcb shadow.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Emergência: shadow tcb de %s não é um arquivo regular com st_nlink=1.\n"
-"A conta permanece travada.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: Não foi possível abrir %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Aviso : grupo desconhecido %s\n"
 
@@ -282,14 +63,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: falha ao destravar %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Cadastro de nome multiplos '%s' in %s. Por Favor conserte-o com pwck ou "
+"grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Overflow de ambiente\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "metodo de encriptacao não suportado por libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -410,8 +199,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Não foi possível obter UID único (não há mais UIDs disponíveis)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "erro de configuração - não consigo verificar o valor %s: '%s'"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Não foi possível alocar espaço para a informação de configuração.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"erro de configuração - item '%s' desconhecido (notifique o administrador)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -441,7 +238,7 @@ msgstr "Não foi possível alocar espaço para a informação de configuração.
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s : não foi possível abrir arquivo\n"
 
 #, fuzzy, c-format
@@ -454,9 +251,22 @@ msgstr "%s: linha %d: chown %s falhou: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: linha %d: chown %s falhou: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: linha %d: chown %s falhou: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Muitos logins.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login : "
+
 msgid "You have new mail."
 msgstr "Você possui novas mensagens."
 
@@ -466,6 +276,14 @@ msgstr "Sem mensagens."
 msgid "You have mail."
 msgstr "Você possui mensagens."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "nenhuma mudança"
 
@@ -478,9 +296,6 @@ msgstr "mudanças de caixa somente"
 msgid "too similar"
 msgstr "muito similar"
 
-msgid "too simple"
-msgstr "muito simples"
-
 msgid "rotated"
 msgstr "rotacionado"
 
@@ -526,6 +341,13 @@ msgid ""
 "%s\n"
 msgstr "passwd : pam_start() falhou, erro %d\n"
 
+msgid "Password: "
+msgstr "Senha : "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Senha de %s : "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Senha incorreta para %s.\n"
@@ -551,16 +373,12 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: não foi possível criar o diretório %s: %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: não foi possível criar o diretório %s: %s\n"
-
-#, fuzzy, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: Falha ao criar diretório tcb para %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: não foi possível criar o diretório %s: %s\n"
 
 #, c-format
 msgid ""
@@ -577,6 +395,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Não posso abrir interface de audit - abortando.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Não foi possível alocar espaço para a informação de configuração.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Não foi possível alocar espaço para a informação de configuração.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Mudando a informação de idade para %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s : Não foi possível determinar seu nome de usuário.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s : linha %d : não foi possível encontrar usuário %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Não consegui ir para o diretório '%s'\n"
@@ -589,6 +508,10 @@ msgid "Cannot execute %s"
 msgstr "Não foi possível executar %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Diretório raíz inválido '%s'\n"
 
@@ -597,6 +520,86 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Não foi possível mudar o diretório raíz para '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s : sem memória\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: não foi possível fazer stat %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s não é diretório, nem link simbólico.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Não foi possível ler o link simbólico %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: link simbólico longo suspeito: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: não foi possível criar o diretório %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: não foi possível mudar o proprietário de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: não foi possível mudar o modo de %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: removendo link: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: não foi possível remover diretório %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Não foi possível renomear %s para %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Não foi possível remover %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: não foi possível criar link simbólico %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Não foi possível mudar proprietários de %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Não foi possível fazer lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Atenção, usuário %s não tem arquivo tcb shadow.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Emergência: shadow tcb de %s não é um arquivo regular com st_nlink=1.\n"
+"A conta permanece travada.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: Não foi possível abrir %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s : o usuário %s está logado no momento\n"
 
@@ -675,6 +678,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -700,12 +706,15 @@ msgstr "Senha Inativa"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Data de Expiração de Senha (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Última mudança de senha\t\t\t\t\t: "
-
 msgid "never"
 msgstr "nunca"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Última mudança de senha\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "Senha modificada"
 
@@ -878,14 +887,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: usuário '%s' não existe\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: não foi possível mudar o usuário '%s' no cliente NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' é o NIS mestre para este cliente.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Modificando as informações de usuário para %s\n"
 
@@ -924,6 +925,11 @@ msgstr ""
 "-s, --sha-rounds                Números de SHA rodadas para a SHA *\n"
 "                                algoritmos criptografados\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: metodo de encriptação não suportado : %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: flag %s é permitida somente com a flag %s\n"
@@ -975,6 +981,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Shell de Login"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Não foi possível obter o tamanho de %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: não foi possível criar novo arquivo de padrões\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Você não pode mudar o shell para '%s'.\n"
@@ -987,6 +1003,11 @@ msgstr "Mudando o shell de login para %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s : Entrada inválida : %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s é um shell inválido\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s é um shell inválido\n"
@@ -1225,9 +1246,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  cria uma conta de sistema\n"
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 #, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
@@ -1242,6 +1260,11 @@ msgstr "nome de usuário '%s' inválido\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s' não é um nome de grupo válido\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: Não foi possível abrir %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: ID de grupo '%s' inválido\n"
@@ -1287,14 +1310,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: grupo '%s' não existe\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: grupo '%s' é um grupo NIS\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s : %s é o mestre NIS\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: usuário '%s' já é um membro de '%s'\n"
 
@@ -1391,10 +1406,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: nome de grupo '%s' inválido\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s : grupo %s é um grupo NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s : usuário %s desconhecido\n"
 
@@ -1519,7 +1530,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     mostrar registros de faillog de todos os "
@@ -1622,11 +1633,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: talvez não seja possível trabalhar sem o root efetivamente\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Nenhuma entrada utmp. Voce deve executar \"login\" do \"sh\" de nível mais "
-"baixo"
-
 #, c-format
 msgid ""
 "\n"
@@ -1661,14 +1667,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s : linha %d : não foi possível encontrar usuário %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login : "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: falha iniciando: %s"
 
@@ -1703,7 +1701,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1731,19 +1730,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: falha ao destravar %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: falha ao procurar o diretório tcb para %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Falha ao criar diretório tcb para %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1776,14 +1770,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Falha ao criar diretório tcb para %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1807,6 +1801,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s : nome de usuário '%s' inválido\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s : linha %d : linha inválida\n"
 
@@ -1828,6 +1826,11 @@ msgstr "%s: linha %d: não foi possível criar grupo\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: linha %d: usuário '%s' não existe em %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: removendo link: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s : linha %d : não foi possível atualizar a senha\n"
@@ -1850,14 +1853,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s : linha %d : não foi possível atualizar entrada\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: falha ao preparar a nova entrada %s '%s'\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: não foi possível criar usuário\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: falha ao preparar a nova entrada %s '%s'\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s : não foi possível atualizar arquivo de grupo\n"
 
@@ -1930,6 +1933,12 @@ msgstr ""
 "  -x, --maxdays MAX_DIAS        define número máximo de dias antes da troca\n"
 "                                de senhas para MAX_DIAS\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    exibe informação sobre idade da conta\n"
+
 msgid "Old password: "
 msgstr "Senha antiga : "
 
@@ -1951,6 +1960,11 @@ msgstr ""
 "Por favor, use uma combinação de letras em maiúsculas e minúsculas\n"
 "e de números.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s : campos muito extensos\n"
+
 msgid "New password: "
 msgstr "Nova senha : "
 
@@ -1994,6 +2008,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s : repositório %s não suportado\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: apenas o root pode usar a opção -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s não está autorizado a trocar a senha de %s\n"
@@ -2149,11 +2168,9 @@ msgstr "%s: mal funcionamento do sinal\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sessão terminada, encerrando o shell..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...morto.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...esperando o filho terminar.\n"
 
@@ -2239,6 +2256,11 @@ msgstr "%s: Você não está autorizado a usar o su agora\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Nenhuma entrada de senha para 'root'"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "nome de usuário '%s' inválido\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s : deve ser executado a partir de um terminal\n"
@@ -2285,6 +2307,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: a configuração %s em %s será ignorada\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: a configuração %s em %s será ignorada\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: não foi possível criar novo arquivo de padrões\n"
@@ -2295,10 +2324,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: não foi possível criar novo arquivo de padrões\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: não foi possível criar novo arquivo de padrões\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: não foi possível abrir novo arquivo de padrões\n"
 
@@ -2315,10 +2340,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: renomear: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: grupo '%s' é um grupo NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: muitos grupos especificados (máximo %d).\n"
 
@@ -2460,6 +2481,18 @@ msgstr ""
 "mapeamento de\n"
 "                                 usuário SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user USU�RIO_SE  usa um USU�RIO_SE específico para o "
+"mapeamento de\n"
+"                                 usuário SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: diretório base '%s' inválido\n"
@@ -2602,6 +2635,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Configurando caixa-postal arquivos de permissao"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Criando caixa-postal"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Criando caixa-postal"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2737,10 +2780,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: Não é possível remover arquivos tcb para %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s : usuário %s é um usuário NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: diretório pessoal %s (%s) não encontrado\n"
 
@@ -2870,6 +2909,13 @@ msgstr ""
 "  -Z, --selinux-user            novo mapeamento de usuário SELinux para a "
 "conta de usuário\n"
 
+#, fuzzy
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user            novo mapeamento de usuário SELinux para a "
+"conta de usuário\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2963,10 +3009,21 @@ msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: falha ao copiar a entrada lastlog do usuário %lu para o usuário %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: falha ao copiar a entrada lastlog do usuário %lu para o usuário %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr "%s: falha ao copiar a entrada faillog do usuário %lu para o %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: falha ao copiar a entrada faillog do usuário %lu para o %lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s : aviso : %s não é propriedade de %s\n"
@@ -3067,8 +3124,10 @@ msgstr "falha ao desvincular arquivo de rascunho"
 msgid "failed to stat edited file"
 msgstr "falha ao fazer stat de arquivo editado"
 
-msgid "failed to allocate memory"
-msgstr "falha ao alocar memória"
+#, fuzzy
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s : não foi possível abrir arquivo\n"
 
 msgid "failed to create backup file"
 msgstr "falha ao criar arquivo de backup"
@@ -3081,6 +3140,57 @@ msgstr "%s : não foi possível restaurar %s : %s (suas mudanças estão em %s)\
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: falha ao procurar o diretório tcb para %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Overflow de ambiente\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: não foi possível mudar o usuário '%s' no cliente NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' é o NIS mestre para este cliente.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: grupo '%s' é um grupo NIS\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s : %s é o mestre NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s : grupo %s é um grupo NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: não foi possível criar novo arquivo de padrões\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: grupo '%s' é um grupo NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s : usuário %s é um usuário NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "muito simples"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Nenhuma entrada utmp. Voce deve executar \"login\" do \"sh\" de nível "
+#~ "mais baixo"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: falha ao procurar o diretório tcb para %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "falha ao alocar memória"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Uso : id\n"
 
@@ -3096,10 +3206,6 @@ msgstr "%s: falha ao procurar o diretório tcb para %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: informação de expiração de senha alterada.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "nome de usuário '%s' inválido\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Nome de Usuário         Porta     De             Último"
 
diff --git a/po/ro.gmo b/po/ro.gmo
index c89ab14..7aa55de 100644
--- a/po/ro.gmo
+++ b/po/ro.gmo
diff --git a/po/ro.po b/po/ro.po
index c1e341d..a700cbb 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.17\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2007-11-26 18:18+0100\n"
 "Last-Translator: Sorin Batariuc <sorin@bonbon.net>\n"
 "Language-Team: Romanian <debian-l10n-romanian@lists.debian.org>\n"
@@ -19,221 +19,6 @@ msgstr ""
 "X-Generator: KBabel 1.10.2\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Nu pot aloca spaţiu pentru informaţiile despre configurare.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"eroare de configurare - element necunoscut '%s' (anunţaţi administratorul)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Parola: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Parola pentru %s: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Nu pot deschide fiÅŸierul passwd.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Nu pot aloca spaţiu pentru informaţiile despre configurare.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Modific informaţia de temporalitate pentru %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Nu vă pot determina numele de utilizator.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: linia %d: nu pot găsi utilizatorul %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: nu mai este memorie\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: nu pot actualiza fiÅŸierul %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: director personal nevalid '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: nu pot redenumi directorul %s în %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: nu pot crea directorul %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: avertisment: nu pot ÅŸterge "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: avertisment: nu pot ÅŸterge "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: redenumire: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: nu pot redenumi directorul %s în %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: nu pot redenumi directorul %s în %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: avertisment: nu pot ÅŸterge "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: nu pot crea directorul %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: avertisment: nu pot ÅŸterge "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: nu pot actualiza fiÅŸierul %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: nu pot actualiza fiÅŸierul shadow\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: redenumire: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: nu pot deschide fiÅŸierul %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Avertisment: grup necunoscut %s\n"
 
@@ -279,6 +64,11 @@ msgstr "Nu pot schimba tty %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: câmpuri prea lungi\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -286,8 +76,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Inundaţie de mediu\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -386,8 +177,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: nu pot prelua UID\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Nu pot aloca spaţiu pentru informaţiile despre configurare.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"eroare de configurare - element necunoscut '%s' (anunţaţi administratorul)\n"
 
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
@@ -416,7 +215,7 @@ msgstr "Nu pot aloca spaţiu pentru informaţiile despre configurare.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: nu pot deschide fiÅŸierul\n"
 
 #, fuzzy, c-format
@@ -427,9 +226,21 @@ msgstr "%s: linia %d: eÅŸuare chown\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: linia %d: eÅŸuare chown\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: linia %d: eÅŸuare chown\n"
+
 msgid "Too many logins.\n"
 msgstr "Prea multe autentificări.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s autentificare: "
+
 msgid "You have new mail."
 msgstr "Aveţi mesaje noi."
 
@@ -439,6 +250,14 @@ msgstr "N-aveţi mesaje."
 msgid "You have mail."
 msgstr "Aveţi mesaje."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "nici o schimbare"
 
@@ -451,9 +270,6 @@ msgstr "doar schimbări de caz"
 msgid "too similar"
 msgstr "prea asemănător"
 
-msgid "too simple"
-msgstr "prea simplu"
-
 msgid "rotated"
 msgstr "rotit"
 
@@ -500,6 +316,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() a eÅŸuat, eroare %d\n"
 
+msgid "Password: "
+msgstr "Parola: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Parola pentru %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Parolă incorectă pentru %s.\n"
@@ -525,18 +348,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: nu pot crea directorul %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: nu pot crea directorul %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: nu pot crea directorul %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -549,6 +368,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Nu pot deschide fiÅŸierul passwd.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Nu pot aloca spaţiu pentru informaţiile despre configurare.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Nu pot aloca spaţiu pentru informaţiile despre configurare.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Modific informaţia de temporalitate pentru %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Nu vă pot determina numele de utilizator.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: linia %d: nu pot găsi utilizatorul %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Nu pot schimba directorul către'%s'\n"
@@ -561,6 +481,10 @@ msgid "Cannot execute %s"
 msgstr "Nu pot executa %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Director rădăcină invalid '%s'\n"
 
@@ -569,6 +493,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Nu pot schimba directorul rădăcină la '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: nu mai este memorie\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: nu pot actualiza fiÅŸierul %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: director personal nevalid '%s'\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: nu pot redenumi directorul %s în %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: nu pot crea directorul %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: avertisment: nu pot ÅŸterge "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: avertisment: nu pot ÅŸterge "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: redenumire: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: nu pot redenumi directorul %s în %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: nu pot redenumi directorul %s în %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: avertisment: nu pot ÅŸterge "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: nu pot crea directorul %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: avertisment: nu pot ÅŸterge "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: nu pot actualiza fiÅŸierul %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: nu pot actualiza fiÅŸierul shadow\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: redenumire: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: nu pot deschide fiÅŸierul %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: utilizatorul %s este autentificat în acest moment\n"
 
@@ -627,6 +629,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -652,12 +657,15 @@ msgstr "Parolă inactivă"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Data expirării contului (AAAA-LL-ZZ)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Ultima schimbare de parolă\t\t\t\t\t: "
-
 msgid "never"
 msgstr "Niciodată"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Ultima schimbare de parolă\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "parola trebuie schimbată"
 
@@ -826,14 +834,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: utilizatorul %s nu există\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: nu pot schimba utilizatorul '%s' pe un client NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' este stăpânul NIS pentru acest client.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Modificare informaţii utilizator pentru %s\n"
 
@@ -861,6 +861,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: semnalizatorul -a este permis DOAR împreună cu semnalizatorul -G\n"
@@ -912,6 +916,15 @@ msgid "Login Shell"
 msgstr "Autentificare consolă"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: nu pot redenumi directorul %s în %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: nu pot crea noile fiÅŸiere implicite\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Nu puteţi schimba consola pentru %s.\n"
 
@@ -924,6 +937,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Intrare nevalidă: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s este o consolă nevalidă.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s este o consolă nevalidă.\n"
 
@@ -1133,9 +1150,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1149,6 +1163,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s nu este un nume de grup valid\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: nu pot deschide fiÅŸierul %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "nume de grup nevalid '%s'\n"
 
@@ -1191,14 +1209,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: grupul %s nu există\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: grupul '%s' este un grup NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s este stăpân NIS\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: utilizatorul %s este un utilizator NIS\n"
 
@@ -1274,10 +1284,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "nume de grup nevalid '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: grupul %s este un grup NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: utilizator necunoscut %s\n"
 
@@ -1391,7 +1397,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1485,11 +1491,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Nici o intrare utmp. Trebuie să executaţi \"login\" de la nivelul cel mai de "
-"jos \"sh\""
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1524,14 +1525,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: linia %d: nu pot găsi utilizatorul %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s autentificare: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s : eşuare la bifurcare: %s"
 
@@ -1567,7 +1560,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1592,17 +1586,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: câmpuri prea lungi\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: director de bază nevalid '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: nu pot crea directorul %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1636,14 +1626,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: nu pot crea directorul %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1665,6 +1654,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: nume utilizator nevalid '%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: linia %d: linie nevalidă\n"
 
@@ -1684,6 +1677,10 @@ msgstr "%s: linia %d: nu pot crea GID\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: utilizatorul %s nu există\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: redenumire: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: linia %d: nu pot actualiza parola\n"
@@ -1705,14 +1702,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: linia %d: nu pot actualiza intrarea\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s : eşuare în abandonarea privilegiilor (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: nu pot crea %s\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s : eşuare în abandonarea privilegiilor (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: nu pot actualiza fiÅŸierul de grupuri\n"
 
@@ -1770,6 +1767,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Parola veche: "
 
@@ -1789,6 +1789,11 @@ msgstr ""
 "Introduceţi noua parolă (minimum %d, maximum %d caractere)\n"
 "Vă rog utilizaţi o combinaţie de litere mari şi mici şi numere.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: câmpuri prea lungi\n"
+
 msgid "New password: "
 msgstr "Parola nouă: "
 
@@ -1830,6 +1835,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: depozitul %s nu este suportat\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1973,11 +1982,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2051,6 +2058,11 @@ msgstr "Nu sunteţi autorizat pentru su %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Fără intrare în passwd pentru 'root'"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "nume de utilizator nevalid '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: trebuie pornit de la un terminal\n"
@@ -2096,6 +2108,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2107,10 +2125,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: nu pot crea noile fiÅŸiere implicite\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: nu pot crea noile fiÅŸiere implicite\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: nu pot deschide noile fiÅŸiere implicite\n"
 
@@ -2127,10 +2141,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: redenumire: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: grupul '%s' este un grup NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: prea multe grupuri specificate (maximum %d).\n"
 
@@ -2239,6 +2249,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: director de bază nevalid '%s'\n"
@@ -2370,6 +2385,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Se atribuie permisiunile fişierului căsuţă de mesaje"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Crearea fişierului căsuţă pentru mesaje"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Crearea fişierului căsuţă pentru mesaje"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2490,10 +2515,6 @@ msgstr "%s: nu pot redenumi directorul %s în %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: nu pot redenumi directorul %s în %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: utilizatorul %s este un utilizator NIS\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: director personal nevalid '%s'\n"
@@ -2594,6 +2615,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2677,10 +2702,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: nu pot actualiza fiÅŸierul passwd\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: nu pot crea directorul %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: avertisment: %s nu este deţinut de către %s\n"
@@ -2786,8 +2819,9 @@ msgid "failed to stat edited file"
 msgstr "eşuare în redenumirea căsuţei poştale"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "eşuare în schimbarea proprietarului căsuţei poştale"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: nu pot deschide fiÅŸierul\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2801,6 +2835,57 @@ msgstr "%s: nu pot reface %s: %s (schimbările dvs. sunt în %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: director de bază nevalid '%s'\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Inundaţie de mediu\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: nu pot schimba utilizatorul '%s' pe un client NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' este stăpânul NIS pentru acest client.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: grupul '%s' este un grup NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s este stăpân NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: grupul %s este un grup NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: nu pot crea noile fiÅŸiere implicite\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: grupul '%s' este un grup NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: utilizatorul %s este un utilizator NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "prea simplu"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Nici o intrare utmp. Trebuie să executaţi \"login\" de la nivelul cel mai "
+#~ "de jos \"sh\""
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: director de bază nevalid '%s'\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "eşuare în schimbarea proprietarului căsuţei poştale"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Utilizare: id\n"
 
@@ -2816,10 +2901,6 @@ msgstr "%s: director de bază nevalid '%s'\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Avertisment de expirare a parolei"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "nume de utilizator nevalid '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Nume utilizator       Port      De la          Cel mai recent"
 
diff --git a/po/ru.gmo b/po/ru.gmo
index 6d80752..55fecd6 100644
--- a/po/ru.gmo
+++ b/po/ru.gmo
diff --git a/po/ru.po b/po/ru.po
index db8d94c..f3f1d0d 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.5.1-1\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2017-03-05 11:14+0300\n"
 "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
 "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
@@ -23,230 +23,6 @@ msgstr ""
 "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Суще�твует �разу не�колько запи�ей � именем «%s» в %s. И�правьте �то � "
-"помощью pwck или grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "алгоритм шифровани� не поддерживает�� libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "ошибка на�тройки: не удало�ь разобрать значение %s: «%s»"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "�е удало�ь выделить пам�ть дл� загрузки на�троек.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "ошибка на�тройки: неизве�тный �лемент «%s» (�ообщите админи�тратору)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd завершил�� � ошибкой (по �игналу %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd завершил�� � кодом выхода %d\n"
-
-msgid "Password: "
-msgstr "Пароль: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Пароль пользовател� %s: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr ""
-"�е удало�ь открыть интерфей� протоколировани� (audit) — прекращение работы.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "�евозможно �оздать управл�ющий опи�атель SELinux\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "Политика SELinux не управл�ема\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "�евозможно прочитать хранилище политики SELinux\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "�евозможно у�тановить управл�ющее подключение SELinux\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "�евозможно начать транзакцию SELinux\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "�е удало�ь запро�ить seuser дл� %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "�е удало�ь назначить serange дл� %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "�е удало�ь назначить sename дл� %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "�е удало�ь изменить �опо�тавление входа дл� %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "�евозможно �оздать �опо�тавление входа SELinux дл� %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "�евозможно задать им� дл� %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "�евозможно задать пользовател� SELinux дл� %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "�евозможно добавить �опо�тавление входа дл� %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "�евозможно инициализировать управление SELinux\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "�евозможно �оздать ключ пользовател� SELinux\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "�евозможно проверить пользовател� SELinux\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "�евозможно изменить пользователь�кое �опо�тавление SELinux\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "�евозможно добавить пользователь�кое �опо�тавление SELinux\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "�евозможно зафик�ировать транзакцию SELinux\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Сопо�тавление входа дл� %s не определено; нормально, е�ли и�пользовало�ь "
-"�опо�тавление по умолчанию\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"Сопо�тавление входа дл� %s определено в политике и не может быть удалено\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "�евозможно удалить �опо�тавление входа дл� %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: нехватка пам�ти\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: не удало�ь выполнить функцию stat дл� %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s не �вл�ет�� каталогом или �имвольной ��ылкой\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: не удало�ь прочитать �имвольную ��ылку %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: веро�тно, �лишком длинна� �имвольна� ��ылка: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: не удало�ь �оздать каталог %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: не удало�ь изменить владельца %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: не удало�ь изменить права до�тупа %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: unlink: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: не удало�ь удалить каталог %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: не удало�ь переименовать каталог %s в %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: не удало�ь удалить %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: не удало�ь �оздать �имвольную ��ылку %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: не удало�ь изменить владельцев %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: не удало�ь выполнить функцию lstat дл� %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr ""
-"%s: предупреждение: у пользовател� %s от�ут�твует файл shadow в �труктуре "
-"tcb.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: чрезвычайна� �итуаци�: файл shadow у %s в �труктуре tcb не �вл�ет��\n"
-"обычным файлом � st_nlink=1. Учётна� запи�ь о�таёт�� заблокированной.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: не удало�ь открыть %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Предупреждение: неизве�тна� группа %s\n"
 
@@ -294,14 +70,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: не удало�ь разблокировать %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Суще�твует �разу не�колько запи�ей � именем «%s» в %s. И�правьте �то � "
+"помощью pwck или grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Слишком большое количе�тво переменных окружени�\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "алгоритм шифровани� не поддерживает�� libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -423,8 +207,15 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: не удало�ь получить уникальный UID (кончили�ь �вободные UID-ы)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "ошибка на�тройки: не удало�ь разобрать значение %s: «%s»"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "�е удало�ь выделить пам�ть дл� загрузки на�троек.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "ошибка на�тройки: неизве�тный �лемент «%s» (�ообщите админи�тратору)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -454,9 +245,10 @@ msgstr "�евозможно задать им� дл� %s\n"
 msgid "%s: Could not set caps\n"
 msgstr "�евозможно задать им� дл� %s\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: �трока %d: вызов chown %s завершил�� неудачно: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -468,9 +260,22 @@ msgstr "%s: �трока %d: вызов chown %s завершил�� неуда
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: �трока %d: вызов chown %s завершил�� неудачно: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: �трока %d: вызов chown %s завершил�� неудачно: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Слишком много попыток входа в �и�тему.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"Им� пользовател� %s: "
+
 msgid "You have new mail."
 msgstr "Дл� ва� е�ть новые почтовые �ообщени�."
 
@@ -480,6 +285,14 @@ msgstr "Дл� ва� нет почтовых �ообщений."
 msgid "You have mail."
 msgstr "Дл� ва� е�ть почтовые �ообщени�."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd завершил�� � ошибкой (по �игналу %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd завершил�� � кодом выхода %d\n"
+
 msgid "no change"
 msgstr "изменений не вне�ено"
 
@@ -492,9 +305,6 @@ msgstr "изменение только в реги�тре �имволов"
 msgid "too similar"
 msgstr "�лишком похожий"
 
-msgid "too simple"
-msgstr "�лишком про�той"
-
 msgid "rotated"
 msgstr "пере�тановка �имволов"
 
@@ -541,6 +351,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: не удало�ь выполнить pam_start(), ошибка %d\n"
 
+msgid "Password: "
+msgstr "Пароль: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Пароль пользовател� %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "�еверный пароль дл� %s.\n"
@@ -567,16 +384,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: нет до�тупа к каталогу chroot %s: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: не удало�ь выполнить chdir в chroot-каталог %s: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: не удало�ь выполнить chroot в каталог %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: не удало�ь выполнить chdir в chroot-каталог %s: %s\n"
 
 #, c-format
 msgid ""
@@ -593,6 +407,112 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr ""
+"�е удало�ь открыть интерфей� протоколировани� (audit) — прекращение работы.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "�евозможно �оздать управл�ющий опи�атель SELinux\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "Политика SELinux не управл�ема\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "�евозможно прочитать хранилище политики SELinux\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "�евозможно у�тановить управл�ющее подключение SELinux\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "�евозможно начать транзакцию SELinux\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "�е удало�ь запро�ить seuser дл� %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "�е удало�ь назначить serange дл� %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "�е удало�ь назначить sename дл� %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "�е удало�ь изменить �опо�тавление входа дл� %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "�евозможно �оздать �опо�тавление входа SELinux дл� %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "�евозможно задать им� дл� %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "�евозможно задать пользовател� SELinux дл� %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "�евозможно добавить �опо�тавление входа дл� %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "�евозможно инициализировать управление SELinux\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "�евозможно �оздать ключ пользовател� SELinux\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "�евозможно проверить пользовател� SELinux\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "�евозможно изменить пользователь�кое �опо�тавление SELinux\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "�евозможно добавить пользователь�кое �опо�тавление SELinux\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "�евозможно зафик�ировать транзакцию SELinux\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Сопо�тавление входа дл� %s не определено; нормально, е�ли и�пользовало�ь "
+"�опо�тавление по умолчанию\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"Сопо�тавление входа дл� %s определено в политике и не может быть удалено\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "�евозможно удалить �опо�тавление входа дл� %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "�евозможно перейти в каталог «%s»\n"
@@ -606,6 +526,10 @@ msgid "Cannot execute %s"
 msgstr "�е удало�ь выполнить %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "�еверный корневой каталог «%s»\n"
 
@@ -614,6 +538,88 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "�е удало�ь изменить корневой каталог на «%s»\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: нехватка пам�ти\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: не удало�ь выполнить функцию stat дл� %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s не �вл�ет�� каталогом или �имвольной ��ылкой\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: не удало�ь прочитать �имвольную ��ылку %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: веро�тно, �лишком длинна� �имвольна� ��ылка: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: не удало�ь �оздать каталог %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: не удало�ь изменить владельца %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: не удало�ь изменить права до�тупа %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: не удало�ь удалить каталог %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: не удало�ь переименовать каталог %s в %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: не удало�ь удалить %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: не удало�ь �оздать �имвольную ��ылку %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: не удало�ь изменить владельцев %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: не удало�ь выполнить функцию lstat дл� %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr ""
+"%s: предупреждение: у пользовател� %s от�ут�твует файл shadow в �труктуре "
+"tcb.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: чрезвычайна� �итуаци�: файл shadow у %s в �труктуре tcb не �вл�ет��\n"
+"обычным файлом � st_nlink=1. Учётна� запи�ь о�таёт�� заблокированной.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: не удало�ь открыть %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: пользователь %s �ейча� работает в �и�теме\n"
 
@@ -690,6 +696,12 @@ msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 "  -R, --root К�Т_CHROOT         каталог, в который выполн�ет�� chroot\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+"  -R, --root К�Т_CHROOT         каталог, в который выполн�ет�� chroot\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -718,12 +730,15 @@ msgstr "Деактивировать учётную запи�ь через"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Дата и�течени� �рока дей�тви� учётной запи�и (ГГГГ-ММ-ДД)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "По�ледний раз пароль был изменён\t\t\t\t: "
-
 msgid "never"
 msgstr "никогда"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "По�ледний раз пароль был изменён\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "пароль должен быть изменён"
 
@@ -899,14 +914,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: пользователь «%s» не �уще�твует\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: невозможно изменить пользовател� «%s» в клиенте NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: «%s» �вл�ет�� ма�тером NIS дл� �того клиента.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Изменение информации о пользователе %s\n"
 
@@ -945,6 +952,11 @@ msgstr ""
 "  -s, --sha-rounds      количе�тво раундов SHA дл� алгоритмов\n"
 "                        шифровани� SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: алгоритм шифровани� %s не поддерживает��\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: параметр %s разрешено и�пользовать только вме�те � параметром %s\n"
@@ -997,6 +1009,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Командна� оболочка"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: не удало�ь получить размер %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: не удало�ь �оздать новый файл значений по умолчанию\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Вы не можете измен�ть командную оболочку у «%s».\n"
@@ -1009,6 +1031,11 @@ msgstr "Изменение командной оболочки дл� %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: неверное значение %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s не �вл�ет�� допу�тимой оболочкой\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s не �вл�ет�� допу�тимой оболочкой\n"
@@ -1259,12 +1286,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  �оздавать �и�темную группу\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-"  -R, --root К�Т_CHROOT         каталог, в который выполн�ет�� chroot\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    перечи�лить в�ех членов группы\n"
@@ -1278,6 +1299,11 @@ msgstr "неверное им� пользовател� «%s»\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: «%s» не может быть именем группы\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: не удало�ь открыть %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: неверный ID группы «%s»\n"
@@ -1324,14 +1350,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: группа «%s» не �уще�твует\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: группа «%s» �вл�ет�� группой NIS\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s �вл�ет�� ма�тером NIS\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: пользователь «%s» �вл�ет�� членом «%s»\n"
 
@@ -1426,10 +1444,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: неверное им� группы «%s»\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: группа %s �вл�ет�� группой NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: неизве�тный пользователь %s\n"
 
@@ -1552,8 +1566,12 @@ msgstr ""
 "  -b, --before Д�ЕЙ             показать запи�и lastlog за по�ледние Д�ЕЙ "
 "дней\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   очи�тить запи�ь lastlog пользовател�\n"
@@ -1656,10 +1674,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: невозможно выполнить без прав �уперпользовател�\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"�ет запи�и в utmp. Вы должны запу�кать «login» из �амого первого уровн� «sh»"
-
 #, c-format
 msgid ""
 "\n"
@@ -1694,14 +1708,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "�евозможно найти пользовател� (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"Им� пользовател� %s: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: ошибка при вызове fork: %s"
 
@@ -1737,7 +1743,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1764,19 +1771,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: не удало�ь разблокировать %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: не удало�ь найти каталог tcb дл� %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: не удало�ь �оздать tcb-каталог дл� %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1809,14 +1811,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: не удало�ь �оздать tcb-каталог дл� %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1842,6 +1844,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: неверное им� пользовател� «%s»\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: �трока %d: некорректна� �трока\n"
 
@@ -1863,6 +1869,11 @@ msgstr "%s: �трока %d: не удало�ь �оздать группу\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: �трока %d: пользователь «%s» не �уще�твует в %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: �трока %d: не удало�ь обновить пароль\n"
@@ -1885,14 +1896,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: �трока %d: не удало�ь обновить запи�ь\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: не удало�ь подготовить новую %s запи�ь\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: не удало�ь найти подчинённый диапазон пользователей\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: не удало�ь подготовить новую %s запи�ь\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: не удало�ь найти подчинённый диапазон групп\n"
 
@@ -1969,6 +1980,11 @@ msgstr ""
 "  -x, --maxdays М�КС_Д�ЕЙ       у�тановить мак�имальное чи�ло дней перед\n"
 "                                �меной парол� в М�КС_Д�ЕЙ\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    показать «возра�т» учётной запи�и\n"
+
 msgid "Old password: "
 msgstr "Старый пароль: "
 
@@ -1988,6 +2004,11 @@ msgstr ""
 "Введите новый пароль (минимальна� длина %d, мак�имальна� длина %d �имволов)\n"
 "И�пользуйте комбинацию из �имволов в верхнем и нижнем реги�тре и цифры.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: пол� �лишком длинные\n"
+
 msgid "New password: "
 msgstr "�овый пароль: "
 
@@ -2033,6 +2054,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: хранилище %s не поддерживает��\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: только �уперпользователь может и�пользовать параметр -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: у %s нет прав измен�ть пароль %s\n"
@@ -2185,11 +2211,9 @@ msgstr "%s: неи�правно�ть в �игналах\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Сеан� завершён, выполн�ет�� завершение оболочки…"
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " … завершён.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " … ожидает завершени� потомка.\n"
 
@@ -2277,6 +2301,11 @@ msgstr "%s: у ва� нет прав выполн�ть su в данный мо
 msgid "No passwd entry for user '%s'\n"
 msgstr "От�ут�твует passwd-запи�ь дл� пользовател� «%s»\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "неверное им� пользовател� «%s»\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: должен запу�кать�� из терминала\n"
@@ -2323,6 +2352,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: на�тройка %s в %s будет проигнорирована\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: на�тройка %s в %s будет проигнорирована\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: не удало�ь �оздать новый файл значений по умолчанию\n"
@@ -2333,10 +2369,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: не удало�ь �оздать новый файл значений по умолчанию\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: не удало�ь �оздать новый файл значений по умолчанию\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: не удало�ь открыть новый файл значений по умолчанию\n"
 
@@ -2353,10 +2385,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: rename: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: группа «%s» �вл�ет�� группой NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: указано �лишком много групп (мак�имум %d).\n"
 
@@ -2507,6 +2535,17 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     и�пользовать указанного SEUSER дл�\n"
 "                                пользователь�кого �опо�тавлени� SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     и�пользовать указанного SEUSER дл�\n"
+"                                пользователь�кого �опо�тавлени� SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: неверный базовый каталог «%s»\n"
@@ -2650,6 +2689,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "У�тановка прав на файл почтового �щика"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Создание почтового �щика"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Создание почтового �щика"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2784,10 +2833,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: не удало�ь удалить файлы tcb дл� %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: пользователь %s �вл�ет�� пользователем NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: домашний каталог пользовател� %s (%s) не найден\n"
 
@@ -2917,6 +2962,16 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     новое пользователь�кое �опо�тавление\n"
 "                                SELinux дл� учётной запи�и\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     новое пользователь�кое �опо�тавление\n"
+"                                SELinux дл� учётной запи�и\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -3013,12 +3068,26 @@ msgstr ""
 "%s: не удало�ь �копировать запи�ь lastlog о пользователе %lu в пользовател� "
 "%lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: не удало�ь �копировать запи�ь lastlog о пользователе %lu в пользовател� "
+"%lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: не удало�ь �копировать запи�ь faillog о пользователе %lu в пользовател� "
 "%lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: не удало�ь �копировать запи�ь faillog о пользователе %lu в пользовател� "
+"%lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: предупреждение: %s не принадлежит %s\n"
@@ -3124,8 +3193,8 @@ msgstr "не удало�ь удалить черновой файл"
 msgid "failed to stat edited file"
 msgstr "не удало�ь получить атрибуты редактируемого файла"
 
-msgid "failed to allocate memory"
-msgstr "не удало�ь выделить пам�ть"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "не удало�ь �оздать резервную копию файла"
@@ -3138,6 +3207,57 @@ msgstr "%s: не удало�ь во��тановить %s: %s (ваши изм
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: не удало�ь найти каталог tcb дл� %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Слишком большое количе�тво переменных окружени�\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: невозможно изменить пользовател� «%s» в клиенте NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: «%s» �вл�ет�� ма�тером NIS дл� �того клиента.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: группа «%s» �вл�ет�� группой NIS\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s �вл�ет�� ма�тером NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: группа %s �вл�ет�� группой NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: не удало�ь �оздать новый файл значений по умолчанию\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: группа «%s» �вл�ет�� группой NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: пользователь %s �вл�ет�� пользователем NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "�лишком про�той"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "�ет запи�и в utmp. Вы должны запу�кать «login» из �амого первого уровн� "
+#~ "«sh»"
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: не удало�ь найти каталог tcb дл� %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "не удало�ь выделить пам�ть"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "И�пользование: id\n"
 
@@ -3153,10 +3273,6 @@ msgstr "%s: не удало�ь найти каталог tcb дл� %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: информаци� об и�течении �рока дей�тви� парол� изменена.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "неверное им� пользовател� «%s»\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Пользователь     Порт     С                По�ледний раз"
 
diff --git a/po/shadow.pot b/po/shadow.pot
index 9b74dde..bf30c54 100644
--- a/po/shadow.pot
+++ b/po/shadow.pot
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: shadow 4.13\n"
+"Project-Id-Version: shadow 4.15.2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -19,540 +19,540 @@ msgstr ""
 "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgid "Warning: unknown group %s\n"
 msgstr ""
 
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
+msgid "Warning: too many groups\n"
 msgstr ""
 
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
+msgid "Your password has expired."
 msgstr ""
 
-msgid "Could not allocate space for config info.\n"
+msgid "Your password is inactive."
 msgstr ""
 
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgid "Your login has expired."
 msgstr ""
 
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgid "  Contact the system administrator."
 msgstr ""
 
-#, c-format
-msgid "%s: nscd exited with status %d\n"
+msgid "  Choose a new password."
 msgstr ""
 
-msgid "Password: "
+msgid "You must change your password."
 msgstr ""
 
 #, c-format
-msgid "%s's Password: "
-msgstr ""
-
-msgid "Cannot open audit interface.\n"
+msgid "Your password will expire in %ld days.\n"
 msgstr ""
 
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
+msgid "Your password will expire tomorrow."
 msgstr ""
 
-#, c-format
-msgid "[libsemanage]: %s\n"
+msgid "Your password will expire today."
 msgstr ""
 
-#, c-format
-msgid "Cannot create SELinux management handle\n"
+msgid "Cannot open audit interface - aborting.\n"
 msgstr ""
 
 #, c-format
-msgid "SELinux policy not managed\n"
+msgid "Unable to change owner or mode of tty stdin: %s"
 msgstr ""
 
 #, c-format
-msgid "Cannot read SELinux policy store\n"
+msgid "%s: failed to unlock %s\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot establish SELinux management connection\n"
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot begin SELinux transaction\n"
+msgid "%s: "
 msgstr ""
 
-#, c-format
-msgid "Could not query seuser for %s\n"
+msgid ": "
 msgstr ""
 
 #, c-format
-msgid "Could not set serange for %s\n"
+msgid "crypt method not supported by libcrypt? (%s)\n"
 msgstr ""
 
 #, c-format
-msgid "Could not set sename for %s\n"
+msgid "You may not change $%s\n"
 msgstr ""
 
 #, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
+msgid ""
+"%d failure since last login.\n"
+"Last was %s on %s.\n"
+msgid_plural ""
+"%d failures since last login.\n"
+"Last was %s on %s.\n"
+msgstr[0] ""
+msgstr[1] ""
 
 #, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
+msgid ""
+"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
 msgstr ""
 
 #, c-format
-msgid "Could not set name for %s\n"
+msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
 msgstr ""
 
 #, c-format
-msgid "Could not set SELinux user for %s\n"
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
 msgstr ""
 
 #, c-format
-msgid "Could not add login mapping for %s\n"
+msgid "%s: failed to allocate memory: %s\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot init SELinux management\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot create SELinux user key\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot verify the SELinux user\n"
+msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot modify SELinux user mapping\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot add SELinux user mapping\n"
+msgid "%s: Can't get unique subordinate GID range\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot commit SELinux transaction\n"
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
 msgstr ""
 
 #, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgid "%s: Can't get unique subordinate UID range\n"
 msgstr ""
 
 #, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgid ""
+"%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+"(%lu)\n"
 msgstr ""
 
 #, c-format
-msgid "Could not delete login mapping for %s"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
 msgstr ""
 
 #, c-format
-msgid "%s: out of memory\n"
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot stat %s: %s\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr ""
 
 #, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
+msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
+msgid "Could not allocate space for config info.\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
+msgid "%s: Memory allocation failure\n"
 msgstr ""
 
 #, c-format
-msgid "%s: unlink: %s: %s\n"
+msgid "%s: subuid overflow detected.\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
+msgid "%s: Invalid map file %s specified\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot remove %s: %s\n"
+msgid "%s: Could not seteuid to %d\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
+msgid "%s: Could not set caps\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot lstat %s: %s\n"
+msgid "%s: open of %s failed: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgid "%s: write to %s failed: %s\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
+msgid "%s: closing %s failed: %s\n"
 msgstr ""
 
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
+msgid "Too many logins.\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Cannot open %s: %s\n"
+msgid ""
+"\n"
+"%s login: "
 msgstr ""
 
-#, c-format
-msgid "Warning: unknown group %s\n"
+msgid "You have new mail."
 msgstr ""
 
-msgid "Warning: too many groups\n"
+msgid "No mail."
 msgstr ""
 
-msgid "Your password has expired."
+msgid "You have mail."
 msgstr ""
 
-msgid "Your password is inactive."
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
 msgstr ""
 
-msgid "Your login has expired."
+#, c-format
+msgid "%s: nscd exited with status %d\n"
 msgstr ""
 
-msgid "  Contact the system administrator."
+msgid "no change"
 msgstr ""
 
-msgid "  Choose a new password."
+msgid "a palindrome"
 msgstr ""
 
-msgid "You must change your password."
+msgid "case changes only"
 msgstr ""
 
-#, c-format
-msgid "Your password will expire in %ld days.\n"
+msgid "too similar"
 msgstr ""
 
-msgid "Your password will expire tomorrow."
+msgid "rotated"
 msgstr ""
 
-msgid "Your password will expire today."
+msgid "too short"
 msgstr ""
 
-msgid "Cannot open audit interface - aborting.\n"
+#, c-format
+msgid "Bad password: %s.  "
 msgstr ""
 
 #, c-format
-msgid "Unable to change owner or mode of tty stdin: %s"
+msgid "passwd: pam_start() failed, error %d\n"
 msgstr ""
 
 #, c-format
-msgid "%s: failed to unlock %s\n"
+msgid "passwd: %s\n"
 msgstr ""
 
-#, c-format
-msgid "%s: "
+msgid "passwd: password unchanged\n"
 msgstr ""
 
-msgid ": "
+msgid "passwd: password updated successfully\n"
 msgstr ""
 
-msgid "Environment overflow\n"
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
 msgstr ""
 
 #, c-format
-msgid "You may not change $%s\n"
+msgid "%s: conversation type %d not supported.\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%d failure since last login.\n"
-"Last was %s on %s.\n"
-msgid_plural ""
-"%d failures since last login.\n"
-"Last was %s on %s.\n"
-msgstr[0] ""
-msgstr[1] ""
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr ""
 
 #, c-format
 msgid ""
-"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
-"(%lu)\n"
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
 msgstr ""
 
-#, c-format
-msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
+msgid "Password: "
 msgstr ""
 
 #, c-format
-msgid "%s: Encountered error attempting to use preferred GID: %s\n"
+msgid "%s's Password: "
 msgstr ""
 
 #, c-format
-msgid "%s: failed to allocate memory: %s\n"
+msgid "Incorrect password for %s.\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
+msgid "%s: multiple --root options\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgid "%s: option '%s' requires an argument\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: failed to drop privileges (%s)\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
-"SUB_GID_COUNT (%lu)\n"
+msgid "%s: invalid chroot path '%s', only absolute paths are supported.\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique subordinate GID range\n"
+msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
-"SUB_UID_COUNT (%lu)\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique subordinate UID range\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr ""
 
 #, c-format
 msgid ""
-"%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
-"(%lu)\n"
+"Invalid ENCRYPT_METHOD value: '%s'.\n"
+"Defaulting to DES.\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
 msgstr ""
 
-#, c-format
-msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgid "Cannot open audit interface.\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
+msgid "%s: can not get previous SELinux process context: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgid "[libsemanage]: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "Cannot create SELinux management handle\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "SELinux policy not managed\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Memory allocation failure\n"
+msgid "Cannot read SELinux policy store\n"
 msgstr ""
 
 #, c-format
-msgid "%s: subuid overflow detected.\n"
+msgid "Cannot establish SELinux management connection\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Invalid map file %s specified\n"
+msgid "Cannot begin SELinux transaction\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgid "Could not query seuser for %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Could not seteuid to %d\n"
+msgid "Could not set serange for %s to %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Could not set caps\n"
+msgid "Could not set sename for %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: snprintf failed!\n"
+msgid "Could not modify login mapping for %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: open of %s failed: %s\n"
+msgid "Cannot create SELinux login mapping for %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: write to %s failed: %s\n"
+msgid "Could not set name for %s\n"
 msgstr ""
 
-msgid "Too many logins.\n"
+#, c-format
+msgid "Could not set SELinux user for %s\n"
 msgstr ""
 
-msgid "You have new mail."
+#, c-format
+msgid "Could not add login mapping for %s\n"
 msgstr ""
 
-msgid "No mail."
+#, c-format
+msgid "Cannot init SELinux management\n"
 msgstr ""
 
-msgid "You have mail."
+#, c-format
+msgid "Cannot create SELinux user key\n"
 msgstr ""
 
-msgid "no change"
+#, c-format
+msgid "Cannot verify the SELinux user\n"
 msgstr ""
 
-msgid "a palindrome"
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
 msgstr ""
 
-msgid "case changes only"
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
 msgstr ""
 
-msgid "too similar"
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
 msgstr ""
 
-msgid "too simple"
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
 msgstr ""
 
-msgid "rotated"
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
 msgstr ""
 
-msgid "too short"
+#, c-format
+msgid "Could not delete login mapping for %s"
 msgstr ""
 
 #, c-format
-msgid "Bad password: %s.  "
+msgid "Unable to cd to '%s'\n"
 msgstr ""
 
-#, c-format
-msgid "passwd: pam_start() failed, error %d\n"
+msgid "No directory, logging in with HOME=/"
 msgstr ""
 
 #, c-format
-msgid "passwd: %s\n"
+msgid "Cannot execute %s"
 msgstr ""
 
-msgid "passwd: password unchanged\n"
+#, c-format
+msgid "Maximum subsystem depth reached\n"
 msgstr ""
 
-msgid "passwd: password updated successfully\n"
+#, c-format
+msgid "Invalid root directory '%s'\n"
 msgstr ""
 
 #, c-format
-msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgid "Can't change root directory to '%s'\n"
 msgstr ""
 
 #, c-format
-msgid "%s: conversation type %d not supported.\n"
+msgid "%s: out of memory\n"
 msgstr ""
 
 #, c-format
-msgid "%s: (user %s) pam_start failure %d\n"
+msgid "%s: Cannot stat %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: (user %s) pam_chauthtok() failed, error:\n"
-"%s\n"
+msgid "%s: %s is neither a directory, nor a symlink.\n"
 msgstr ""
 
 #, c-format
-msgid "Incorrect password for %s.\n"
+msgid "%s: Cannot read symbolic link %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: multiple --root options\n"
+msgid "%s: Suspiciously long symlink: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: option '%s' requires an argument\n"
+msgid "%s: Cannot create directory %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: failed to drop privileges (%s)\n"
+msgid "%s: Cannot change owner of %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: invalid chroot path '%s', only absolute paths are supported.\n"
+msgid "%s: Cannot change mode of %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: cannot access chroot directory %s: %s\n"
+msgid "%s: unlink: %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: Cannot remove directory %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: Cannot rename %s to %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
+msgid "%s: Cannot remove %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"Invalid ENCRYPT_METHOD value: '%s'.\n"
-"Defaulting to DES.\n"
+msgid "%s: Cannot create symbolic link %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"Unable to generate a salt from setting \"%s\", check your settings in "
-"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
-"method.\n"
+msgid "%s: Cannot change owners of %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "Unable to cd to '%s'\n"
+msgid "%s: Cannot lstat %s: %s\n"
 msgstr ""
 
-msgid "No directory, logging in with HOME=/"
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
 msgstr ""
 
 #, c-format
-msgid "Cannot execute %s"
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
 msgstr ""
 
 #, c-format
-msgid "Invalid root directory '%s'\n"
+msgid "%s: mkdir: %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "Can't change root directory to '%s'\n"
+msgid "%s: Cannot open %s: %s\n"
 msgstr ""
 
 #, c-format
@@ -612,6 +612,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -637,10 +640,13 @@ msgstr ""
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr ""
 
-msgid "Last password change\t\t\t\t\t: "
+msgid "never"
 msgstr ""
 
-msgid "never"
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
 msgstr ""
 
 msgid "password must be changed"
@@ -811,14 +817,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr ""
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr ""
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr ""
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr ""
 
@@ -847,6 +845,10 @@ msgid ""
 msgstr ""
 
 #, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
+#, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr ""
 
@@ -897,6 +899,14 @@ msgid "Login Shell"
 msgstr ""
 
 #, c-format
+msgid "Cannot parse shell files: %s"
+msgstr ""
+
+#, c-format
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr ""
+
+#, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr ""
 
@@ -909,6 +919,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr ""
 
 #, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr ""
+
+#, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr ""
 
@@ -1116,9 +1130,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1131,6 +1142,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr ""
 
 #, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr ""
+
+#, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr ""
 
@@ -1173,14 +1188,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr ""
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr ""
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr ""
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr ""
 
@@ -1256,10 +1263,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr ""
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr ""
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr ""
 
@@ -1373,7 +1376,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1462,9 +1465,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-
 #, c-format
 msgid ""
 "\n"
@@ -1497,12 +1497,6 @@ msgid "Cannot find user (%s)\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr ""
 
@@ -1535,7 +1529,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1559,17 +1554,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr ""
-
-#, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr ""
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1602,13 +1593,12 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgid "%s: Could not stat directory for target process\n"
 msgstr ""
 
 msgid "  -b, --badname                 allow bad names\n"
@@ -1630,6 +1620,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr ""
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr ""
 
@@ -1650,6 +1644,10 @@ msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr ""
 
 #, c-format
+msgid "%s: line %d: %s\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr ""
 
@@ -1670,11 +1668,11 @@ msgid "%s: line %d: can't update entry\n"
 msgstr ""
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
+msgid "%s: can't find subordinate user range\n"
 msgstr ""
 
 #, c-format
-msgid "%s: can't find subordinate user range\n"
+msgid "%s: failed to prepare new %s entry\n"
 msgstr ""
 
 #, c-format
@@ -1735,6 +1733,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr ""
 
@@ -1750,6 +1751,9 @@ msgid ""
 "Please use a combination of upper and lower case letters and numbers.\n"
 msgstr ""
 
+msgid "Password is too long.\n"
+msgstr ""
+
 msgid "New password: "
 msgstr ""
 
@@ -1788,6 +1792,10 @@ msgid "%s: repository %s not supported\n"
 msgstr ""
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1929,11 +1937,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -1993,6 +1999,10 @@ msgid "No passwd entry for user '%s'\n"
 msgstr ""
 
 #, c-format
+msgid "Overlong user name '%s'\n"
+msgstr ""
+
+#, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr ""
 
@@ -2035,15 +2045,17 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
 #, c-format
-msgid "%s: cannot create new defaults file: %s\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
 msgstr ""
 
 #, c-format
-msgid "%s: cannot create directory for defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create directory for defaults file\n"
 msgstr ""
 
 #, c-format
@@ -2063,10 +2075,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr ""
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr ""
 
@@ -2175,6 +2183,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr ""
@@ -2301,6 +2314,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr ""
 
+msgid "Synchronize mailbox file"
+msgstr ""
+
+msgid "Closing mailbox file"
+msgstr ""
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2414,10 +2433,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr ""
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr ""
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr ""
 
@@ -2514,6 +2529,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2597,10 +2616,18 @@ msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
 #, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+
+#, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
 #, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+
+#, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr ""
 
@@ -2695,7 +2722,7 @@ msgstr ""
 msgid "failed to stat edited file"
 msgstr ""
 
-msgid "failed to allocate memory"
+msgid "asprintf(3) failed"
 msgstr ""
 
 msgid "failed to create backup file"
diff --git a/po/sk.gmo b/po/sk.gmo
index df70d1b..6d36ce9 100644
--- a/po/sk.gmo
+++ b/po/sk.gmo
diff --git a/po/sk.po b/po/sk.po
index 83d7c6f..82e046e 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.17\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2011-11-26 22:06+0100\n"
 "Last-Translator: Ivan Masár <helix84@centrum.sk>\n"
 "Language-Team: Slovak <sk-i18n@lists.linux.sk>\n"
@@ -17,223 +17,6 @@ msgstr ""
 "Plural-Forms: nplurals=3; plural= (n==1) ? 1 : (n>=2 && n<=4) ? 2 : 0;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Existuje viac záznamov s názvom „%s“ v %s. Prosím, napravte to pomocou pwck "
-"alebo grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "libcrypt nepodporuje metódy šifrovania? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Na konfigura�né údaje sa nedá vyhradiť dostatok miesta.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"konfigura�ná chyba - neznámy predmet „%s“ (informujte správcu systému)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Heslo: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Heslo používateľa %s:"
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Nie je možné otvoriť rozhranie pre audit - prerušuje sa.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Na konfigura�né údaje sa nedá vyhradiť dostatok miesta.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Menia sa informácie vypršania platnosti pre používateľa %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: vaše používateľské meno sa nedá zistiť.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: riadok %d: nedá sa nájsť používateľ %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: nedostatok pamäti\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: nie je možné zmazať %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: chybný domovský adresár „%s“\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: nie je možné odstrániť položku „%s“ z %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: nedá sa vytvoriť adresár %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "lastlog: Nepodarilo sa zistiť veľkosť %s: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: upozornenie: nemôžem odstrániť %s: %s"
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: premenovať: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: adresár %s sa nedá premenovať na %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: adresár %s sa nedá premenovať na %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: upozornenie: nemôžem odstrániť %s: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: nedá sa vytvoriť adresár %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "lastlog: Nepodarilo sa zistiť veľkosť %s: %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: nie je možné zmazať %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: súbor s tieňovými heslami sa nedá aktualizovať\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: premenovať: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: súbor %s sa nedá otvoriť\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Upozornenie: skupina %s je neznáma\n"
 
@@ -280,14 +63,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: nepodarilo sa odmknúť %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Existuje viac záznamov s názvom „%s“ v %s. Prosím, napravte to pomocou pwck "
+"alebo grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Preplnenie prostredia\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "libcrypt nepodporuje metódy šifrovania? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -391,8 +182,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Nedá sa získať jedine�ný UID (už nie sú dostupné žiadne UID)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Na konfigura�né údaje sa nedá vyhradiť dostatok miesta.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
+"konfigura�ná chyba - neznámy predmet „%s“ (informujte správcu systému)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -422,7 +221,7 @@ msgstr "Na konfigura�né údaje sa nedá vyhradiť dostatok miesta.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: nedá sa otvoriť súbor\n"
 
 #, fuzzy, c-format
@@ -433,9 +232,21 @@ msgstr "%s: riadok %d: volanie chown zlyhalo\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: riadok %d: volanie chown zlyhalo\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: riadok %d: volanie chown zlyhalo\n"
+
 msgid "Too many logins.\n"
 msgstr "Príliš mnoho prihlásení.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"Prihlasovacie meno na %s: "
+
 msgid "You have new mail."
 msgstr "Máte novú poštu."
 
@@ -445,6 +256,14 @@ msgstr "Nemáte žiadnu poštu."
 msgid "You have mail."
 msgstr "Máte poštu."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "žiadna zmena"
 
@@ -457,9 +276,6 @@ msgstr "iba zmeny vo veľkosti písmen"
 msgid "too similar"
 msgstr "veľmi podobné"
 
-msgid "too simple"
-msgstr "veľmi jednoduché"
-
 msgid "rotated"
 msgstr "opakované"
 
@@ -505,6 +321,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: volanie pam_start() zlyhalo, chyba %d\n"
 
+msgid "Password: "
+msgstr "Heslo: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Heslo používateľa %s:"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Chybné heslo pre %s.\n"
@@ -530,18 +353,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: nedá sa vytvoriť adresár %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: nedá sa vytvoriť adresár %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: nedá sa vytvoriť adresár %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -556,6 +375,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Nie je možné otvoriť rozhranie pre audit - prerušuje sa.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Na konfigura�né údaje sa nedá vyhradiť dostatok miesta.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Na konfigura�né údaje sa nedá vyhradiť dostatok miesta.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Menia sa informácie vypršania platnosti pre používateľa %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: vaše používateľské meno sa nedá zistiť.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: riadok %d: nedá sa nájsť používateľ %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Aktuálny adresár sa nedá nastaviť na „%s“\n"
@@ -568,6 +488,10 @@ msgid "Cannot execute %s"
 msgstr "%s sa nedá spustiť."
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Chybný koreňový adresár „%s“\n"
 
@@ -576,6 +500,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Koreňový adresár sa nedá zmeniť na „%s“\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: nedostatok pamäti\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: nie je možné zmazať %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: chybný domovský adresár „%s“\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: nie je možné odstrániť položku „%s“ z %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: nedá sa vytvoriť adresár %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "lastlog: Nepodarilo sa zistiť veľkosť %s: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: upozornenie: nemôžem odstrániť %s: %s"
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: premenovať: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: adresár %s sa nedá premenovať na %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: adresár %s sa nedá premenovať na %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: upozornenie: nemôžem odstrániť %s: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: nedá sa vytvoriť adresár %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "lastlog: Nepodarilo sa zistiť veľkosť %s: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: nie je možné zmazať %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: súbor s tieňovými heslami sa nedá aktualizovať\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: premenovať: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: súbor %s sa nedá otvoriť\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: používateľ %s je práve prihlásený\n"
 
@@ -649,6 +651,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -677,12 +682,15 @@ msgstr "Ne�inné heslo"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Uplynutie platnosti ú�tu (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Posledná zmena hesla\t\t\t\t\t: "
-
 msgid "never"
 msgstr "nikdy"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Posledná zmena hesla\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "heslo je potrebné zmeniť"
 
@@ -854,14 +862,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: používateľ „%s“ neexistuje\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: na NIC klientovi sa nedá zmeniť používateľ „%s“.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: „%s“ je hlavným NIS serverom pre tohto klienta.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Mením informácie o používateľovi %s\n"
 
@@ -900,6 +900,11 @@ msgstr ""
 "  -s, --sha-rounds              po�et cyklov šifrovacích\n"
 "                                algoritmov SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: nepodporovaná metóda šifrovania: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: prepína� %s je povolený iba s prepína�om %s\n"
@@ -950,6 +955,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Predvolený shell"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Nepodarilo sa zistiť veľkosť %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: nedá sa vytvoriť nový súbor s predvolenými hodnotami\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Nemôžete zmeniť shell pre „%s“.\n"
@@ -962,6 +977,11 @@ msgstr "Mením predvolený shell pre %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Chybná položka: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s je neplatný shell\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s je neplatný shell\n"
@@ -1194,9 +1214,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  vytvorí systémový ú�et\n"
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 #, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
@@ -1211,6 +1228,10 @@ msgstr "chybné používateľské meno „%s“\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: „%s“ nie je platným názvom skupiny\n"
 
+#, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: súbor %s sa nedá otvoriť\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: chybný ID skupiny „%s“\n"
@@ -1256,14 +1277,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: skupina „%s“ neexistuje\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: skupina „%s“ je skupinou NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s je hlavným NIS serverom\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: používateľ „%s“ je �lenom „%s“\n"
 
@@ -1352,10 +1365,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: chybné pomenovanie skupiny „%s“\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: skupina %s je NIS skupinou\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: používateľ %s je neznámy\n"
 
@@ -1476,7 +1485,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     zobrazí faillog záznamy všetkých "
@@ -1575,9 +1584,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "Žiaden utmp záznam. Musíte spustiť „login“ z najnižšej inštancie „sh“"
-
 #, c-format
 msgid ""
 "\n"
@@ -1612,14 +1618,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: riadok %d: nedá sa nájsť používateľ %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"Prihlasovacie meno na %s: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: chybné vetvenie: %s"
 
@@ -1654,7 +1652,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1682,17 +1681,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: nepodarilo sa odmknúť %s\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: chybný základný adresár „%s“\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: nedá sa vytvoriť adresár %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1725,14 +1720,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: nedá sa vytvoriť adresár %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1756,6 +1750,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: chybné používateľské meno „%s“\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: riadok %d: chybný riadok\n"
 
@@ -1776,6 +1774,10 @@ msgstr "%s: riadok %d: nedá sa vytvoriť skupina\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: riadok %d: používateľ „%s“ neexistuje v %s\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: premenovať: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: riadok %d: heslo sa nedá aktualizovať\n"
@@ -1797,14 +1799,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: riadok %d: položka sa nedá aktualizovať\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: zlyhalo pripravenie novej položky %s „%s“\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: nie je možné vytvoriť používateľa\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: zlyhalo pripravenie novej položky %s „%s“\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: súbor s heslami sa nedá aktualizovať\n"
 
@@ -1873,6 +1875,11 @@ msgstr ""
 "  -x, --maxdays MAX_DN�         nastaví maximálny po�et dní pred zmenou\n"
 "                                hesla na MAX_DN� dní\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    zobrazí �asové údaje o ú�te\n"
+
 msgid "Old password: "
 msgstr "Staré heslo: "
 
@@ -1892,6 +1899,11 @@ msgstr ""
 "Zadajte nové heslo (po�et znakov v intervale %d až %d).\n"
 "Použijte kombináciu veľkých a malých písmen s �íslicami.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: položka je príliš dlhá\n"
+
 msgid "New password: "
 msgstr "Nové heslo: "
 
@@ -1935,6 +1947,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: úložisko %s nie je podporované\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: iba root môže používať voľbu -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s nemá oprávnenie zmeniť heslo %s\n"
@@ -2084,11 +2101,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2175,6 +2190,11 @@ msgstr "%s: Nie ste momentálne oprávnení používať su\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "V súbore passwd nie je položka pre používateľa „root“"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "chybné používateľské meno „%s“\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: musí byť spustené z terminálu\n"
@@ -2220,6 +2240,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2231,10 +2257,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: nedá sa vytvoriť nový súbor s predvolenými hodnotami\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: nedá sa vytvoriť nový súbor s predvolenými hodnotami\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: nedá sa otvoriť nový súbor s predvolenými hodnotami\n"
 
@@ -2251,10 +2273,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: premenovať: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: skupina „%s“ je skupinou NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: bolo zadaných príliš veľa skupín (max %d).\n"
 
@@ -2375,6 +2393,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: chybný základný adresár „%s“\n"
@@ -2511,6 +2534,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Nastavujú sa prístupové práva súboru mailbox"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Vytvára sa súbor mailbox"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Vytvára sa súbor mailbox"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2639,10 +2672,6 @@ msgstr "lastlog: Nepodarilo sa zistiť veľkosť %s: %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: nie je možné odstrániť položku „%s“ z %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: používateľ %s je NIS používateľom\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: chybný domovský adresár „%s“\n"
@@ -2767,6 +2796,14 @@ msgstr ""
 "používateľský\n"
 "                                ú�et\n"
 
+#, fuzzy
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -d, --home DOM_ADR            nový domovský adresár pre nový "
+"používateľský\n"
+"                                ú�et\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2854,12 +2891,26 @@ msgstr ""
 "%s: Nepodarilo sa skopírovať položku lastlog používateľa %lu používateľovi "
 "%lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: Nepodarilo sa skopírovať položku lastlog používateľa %lu používateľovi "
+"%lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: Nepodarilo sa skopírovať položku faillog používateľa %lu používateľovi "
 "%lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: Nepodarilo sa skopírovať položku faillog používateľa %lu používateľovi "
+"%lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: upozornenie: vlastníkom %s nie je %s\n"
@@ -2965,8 +3016,9 @@ msgid "failed to stat edited file"
 msgstr "chyba pri premenovaní schránky"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "chyba pri zmene vlastníka schránky"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: nedá sa otvoriť súbor\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2980,6 +3032,56 @@ msgstr "%s: %s sa nedá obnoviť: %s (zmeny sú v %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: chybný základný adresár „%s“\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Preplnenie prostredia\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: na NIC klientovi sa nedá zmeniť používateľ „%s“.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: „%s“ je hlavným NIS serverom pre tohto klienta.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: skupina „%s“ je skupinou NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s je hlavným NIS serverom\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: skupina %s je NIS skupinou\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: nedá sa vytvoriť nový súbor s predvolenými hodnotami\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: skupina „%s“ je skupinou NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: používateľ %s je NIS používateľom\n"
+
+#~ msgid "too simple"
+#~ msgstr "veľmi jednoduché"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Žiaden utmp záznam. Musíte spustiť „login“ z najnižšej inštancie „sh“"
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: chybný základný adresár „%s“\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "chyba pri zmene vlastníka schránky"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Použitie: id\n"
 
@@ -2995,10 +3097,6 @@ msgstr "%s: chybný základný adresár „%s“\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Upozornenie o uplynutí doby platnosti hesla"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "chybné používateľské meno „%s“\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Používateľ       Port     Z                Naposledy"
 
diff --git a/po/sq.po b/po/sq.po
index 2cb78d0..0a475b5 100644
--- a/po/sq.po
+++ b/po/sq.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.3\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2004-11-20 03:28+0100\n"
 "Last-Translator: Elian Myftiu <pinguini AT fastwebnet DOT it>\n"
 "Language-Team: Albanian <gnome-albanian-perkthyesit@lists.sourceforge.net>\n"
@@ -18,218 +18,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr ""
-
-#, c-format
-msgid "%s's Password: "
-msgstr ""
-
-msgid "Cannot open audit interface.\n"
-msgstr ""
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
@@ -278,13 +66,19 @@ msgid "%s: failed to unlock %s\n"
 msgstr ""
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
+#, c-format
 msgid "%s: "
 msgstr ""
 
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
 msgstr ""
 
 #, c-format
@@ -380,7 +174,14 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr ""
+
+msgid "Could not allocate space for config info.\n"
+msgstr ""
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
 msgstr ""
 
 #, c-format
@@ -407,9 +208,9 @@ msgstr ""
 msgid "%s: Could not set caps\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: stpeprintf failed!\n"
+msgstr "Kujdes: grup i panjohur %s\n"
 
 #, fuzzy, c-format
 msgid "%s: open of %s failed: %s\n"
@@ -419,9 +220,19 @@ msgstr "Kujdes: grup i panjohur %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
 msgid "Too many logins.\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+
 msgid "You have new mail."
 msgstr ""
 
@@ -431,6 +242,14 @@ msgstr ""
 msgid "You have mail."
 msgstr ""
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr ""
 
@@ -443,9 +262,6 @@ msgstr ""
 msgid "too similar"
 msgstr ""
 
-msgid "too simple"
-msgstr ""
-
 msgid "rotated"
 msgstr ""
 
@@ -489,6 +305,13 @@ msgid ""
 "%s\n"
 msgstr ""
 
+msgid "Password: "
+msgstr ""
+
+#, c-format
+msgid "%s's Password: "
+msgstr ""
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr ""
@@ -514,18 +337,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -538,6 +357,105 @@ msgid ""
 "method.\n"
 msgstr ""
 
+msgid "Cannot open audit interface.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr ""
@@ -550,6 +468,10 @@ msgid "Cannot execute %s"
 msgstr ""
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr ""
 
@@ -558,6 +480,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr ""
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr ""
 
@@ -614,6 +614,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -639,10 +642,13 @@ msgstr ""
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr ""
 
-msgid "Last password change\t\t\t\t\t: "
+msgid "never"
 msgstr ""
 
-msgid "never"
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
 msgstr ""
 
 msgid "password must be changed"
@@ -814,14 +820,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr ""
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr ""
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr ""
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr ""
 
@@ -850,6 +848,10 @@ msgid ""
 msgstr ""
 
 #, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
+#, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr ""
 
@@ -899,6 +901,14 @@ msgstr ""
 msgid "Login Shell"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "Kujdes: grup i panjohur %s\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr ""
@@ -911,6 +921,10 @@ msgstr ""
 msgid "%s: Invalid entry: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr ""
@@ -1119,9 +1133,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1134,6 +1145,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr ""
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
@@ -1176,14 +1191,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr ""
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr ""
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr ""
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr ""
 
@@ -1259,10 +1266,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr ""
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr ""
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr ""
 
@@ -1377,7 +1380,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1466,9 +1469,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-
 #, c-format
 msgid ""
 "\n"
@@ -1501,12 +1501,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr ""
 
@@ -1539,7 +1533,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1563,17 +1558,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1607,14 +1598,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "Kujdes: grup i panjohur %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1635,6 +1625,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr ""
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr ""
 
@@ -1654,6 +1648,10 @@ msgstr "Kujdes: grup i panjohur %s\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr ""
@@ -1674,15 +1672,15 @@ msgstr "Kujdes: grup i panjohur %s\n"
 msgid "%s: line %d: can't update entry\n"
 msgstr ""
 
-#, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "Kujdes: grup i panjohur %s\n"
-
 #, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr ""
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
@@ -1740,6 +1738,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr ""
 
@@ -1755,6 +1756,10 @@ msgid ""
 "Please use a combination of upper and lower case letters and numbers.\n"
 msgstr ""
 
+#, fuzzy
+msgid "Password is too long.\n"
+msgstr "Fjalëkalimi yt ka skaduar."
+
 msgid "New password: "
 msgstr ""
 
@@ -1793,6 +1798,10 @@ msgid "%s: repository %s not supported\n"
 msgstr ""
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1935,11 +1944,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -1999,6 +2006,10 @@ msgid "No passwd entry for user '%s'\n"
 msgstr ""
 
 #, c-format
+msgid "Overlong user name '%s'\n"
+msgstr ""
+
+#, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr ""
 
@@ -2041,6 +2052,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
@@ -2050,10 +2067,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr ""
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr ""
 
@@ -2070,10 +2083,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr ""
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr ""
 
@@ -2182,6 +2191,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr ""
@@ -2308,6 +2322,12 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr ""
 
+msgid "Synchronize mailbox file"
+msgstr ""
+
+msgid "Closing mailbox file"
+msgstr ""
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2421,10 +2441,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "Kujdes: grup i panjohur %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr ""
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr ""
 
@@ -2521,6 +2537,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2603,10 +2623,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "Kujdes: grup i panjohur %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr ""
@@ -2702,7 +2730,7 @@ msgstr ""
 msgid "failed to stat edited file"
 msgstr ""
 
-msgid "failed to allocate memory"
+msgid "asprintf(3) failed"
 msgstr ""
 
 msgid "failed to create backup file"
@@ -2717,11 +2745,11 @@ msgid "%s: failed to find tcb directory for %s\n"
 msgstr ""
 
 #, fuzzy, c-format
-#~ msgid "%s: password expiry information changed.\n"
-#~ msgstr "Fjalëkalimi yt ka skaduar."
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "Kujdes: grup i panjohur %s\n"
 
-#, fuzzy
-#~ msgid "Password set to expire."
+#, fuzzy, c-format
+#~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Fjalëkalimi yt ka skaduar."
 
 #, fuzzy
diff --git a/po/sv.gmo b/po/sv.gmo
index 136216a..8a5531a 100644
--- a/po/sv.gmo
+++ b/po/sv.gmo
diff --git a/po/sv.po b/po/sv.po
index f705f48..4443c44 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.1\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2011-11-25 22:08+0100\n"
 "Last-Translator: Daniel Nylander <yeager@ubuntu.com>\n"
 "Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
@@ -18,222 +18,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Flera poster med namnet \"%s\" finns i %s. Rätta till detta med pwck eller "
-"grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "krypteringsmetoden stöds inte av libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "konfigurationsfel - kan inte tolka %s-värde: \"%s\""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Kunde inte allokera plats för konfigurationsinformationen.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "konfigurationsfel - okänd post \"%s\" (informera administratören)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Lösenord: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s lösenord: "
-
-msgid "Cannot open audit interface.\n"
-msgstr ""
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Kunde inte allokera plats för konfigurationsinformationen.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Ändrar åldersinformationen för %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Kan inte fastställa ditt användarnamn.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: Kan inte grena användarskal\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: slut på minne\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: Kan inte ta status på %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s är varken en katalog eller symbolisk länk.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Kan inte läsa symboliska länken %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Misstänkt lång symbolisk länk: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: Kan inte skapa katalogen %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Kan inte byta ägare för %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Kan inte ändra rättigheter för %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr ""
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Kan inte ta bort katalogen %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Kan inte byta namn på %s till %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Kan inte ta bort %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Kan inte skapa symboliska länken %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Kan inte byta ägare för %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Kan inte lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Varning, användaren %s har ingen tcb shadow-fil.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Nödläge:  tcb shadow för %s är inte en vanlig fil med st_nlink=1.\n"
-"Kontot lämnas kvar som låst.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: Kan inte öppna %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Varning: okänd grupp %s\n"
 
@@ -280,14 +64,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: misslyckades med att låsa upp %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Flera poster med namnet \"%s\" finns i %s. Rätta till detta med pwck eller "
+"grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Överskott av miljövariabler\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "krypteringsmetoden stöds inte av libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -404,8 +196,15 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Kan inte få unikt UID (inga fler tillgängliga UID)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "konfigurationsfel - kan inte tolka %s-värde: \"%s\""
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Kunde inte allokera plats för konfigurationsinformationen.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "konfigurationsfel - okänd post \"%s\" (informera administratören)\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -433,9 +232,10 @@ msgstr "Kunde inte allokera plats för konfigurationsinformationen.\n"
 msgid "%s: Could not set caps\n"
 msgstr "Kunde inte allokera plats för konfigurationsinformationen.\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: rad %d: chown %s misslyckades: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -447,9 +247,22 @@ msgstr "%s: rad %d: chown %s misslyckades: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: rad %d: chown %s misslyckades: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: rad %d: chown %s misslyckades: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "För många inloggningsförsök.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s inloggning: "
+
 msgid "You have new mail."
 msgstr "Du har ny post."
 
@@ -459,6 +272,14 @@ msgstr "Ingen post."
 msgid "You have mail."
 msgstr "Du har post."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "ingen ändring"
 
@@ -471,9 +292,6 @@ msgstr "endast ändring av gemener/versaler"
 msgid "too similar"
 msgstr "för likt"
 
-msgid "too simple"
-msgstr "för enkelt"
-
 msgid "rotated"
 msgstr "roterat"
 
@@ -519,6 +337,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() misslyckades, fel %d\n"
 
+msgid "Password: "
+msgstr "Lösenord: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s lösenord: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Felaktigt lösenord för %s.\n"
@@ -544,16 +369,12 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: Kan inte skapa katalogen %s: %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: Kan inte skapa katalogen %s: %s\n"
-
-#, fuzzy, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: Misslyckades med att skapa tcb-katalog för %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: Kan inte skapa katalogen %s: %s\n"
 
 #, c-format
 msgid ""
@@ -570,6 +391,105 @@ msgid ""
 "method.\n"
 msgstr ""
 
+msgid "Cannot open audit interface.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Kunde inte allokera plats för konfigurationsinformationen.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Kunde inte allokera plats för konfigurationsinformationen.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Ändrar åldersinformationen för %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Kan inte fastställa ditt användarnamn.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: Kan inte grena användarskal\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Kunde inte byta katalog till \"%s\"\n"
@@ -582,6 +502,10 @@ msgid "Cannot execute %s"
 msgstr "Kunde inte starta %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Felaktig rotkatalog \"%s\"\n"
 
@@ -590,6 +514,86 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Kan inte ändra rotkatalog till \"%s\"\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: slut på minne\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: Kan inte ta status på %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s är varken en katalog eller symbolisk länk.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Kan inte läsa symboliska länken %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Misstänkt lång symbolisk länk: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: Kan inte skapa katalogen %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Kan inte byta ägare för %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Kan inte ändra rättigheter för %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Kan inte ta bort katalogen %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Kan inte byta namn på %s till %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Kan inte ta bort %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Kan inte skapa symboliska länken %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Kan inte byta ägare för %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Kan inte lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Varning, användaren %s har ingen tcb shadow-fil.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Nödläge:  tcb shadow för %s är inte en vanlig fil med st_nlink=1.\n"
+"Kontot lämnas kvar som låst.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: Kan inte öppna %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: användaren %s är för närvarande inloggad\n"
 
@@ -667,6 +671,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -694,12 +701,15 @@ msgstr "Lösenordet inaktivt"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Utlöpsdatum för kontot (ÅÅÅÅ-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Senaste lösenordsändringen\t\t\t\t: "
-
 msgid "never"
 msgstr "aldrig"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Senaste lösenordsändringen\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "lösenordet måste ändras"
 
@@ -872,14 +882,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: användaren \"%s\" finns inte\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: kan inte ändra användare \"%s\" på en NIS-klient.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: \"%s\" är NIS-master för denna klient.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Ändrar användarinformationen för %s\n"
 
@@ -918,6 +920,11 @@ msgstr ""
 "  -s, --sha-rounds              antal SHA-rundor för SHA*-\n"
 "                                krypteringsalgoritmerna\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: krypteringsmetoden stöds inte: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: flaggan %s tillåts endast med flaggan %s\n"
@@ -969,6 +976,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Inloggningsskal"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Kan inte få storleken för %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: kan inte skapa ny standardfil\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Du får inte ändra skalet för \"%s\".\n"
@@ -981,6 +998,11 @@ msgstr "Ändrar inloggningsskal för %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Ogiltig post: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s är ett ogiltigt skal\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s är ett ogiltigt skal\n"
@@ -1214,9 +1236,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  skapa ett systemkonto\n"
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 #, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
@@ -1231,6 +1250,11 @@ msgstr "ogiltigt användarnamn \"%s\"\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: \"%s\" är inte ett giltigt gruppnamn\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: Kan inte öppna %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: ogiltigt grupp-id \"%s\"\n"
@@ -1276,14 +1300,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: gruppen \"%s\" finns inte\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: gruppen \"%s\" är en NIS-grupp\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s är NIS master\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: användaren \"%s\" är redan medlem av \"%s\"\n"
 
@@ -1384,10 +1400,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: ogiltigt gruppnamn \"%s\"\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: gruppen %s är en NIS-grupp\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: okänd användare %s\n"
 
@@ -1513,7 +1525,7 @@ msgstr ""
 
 #, fuzzy
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -a, --all                     visa faillog-poster för alla användare\n"
@@ -1615,9 +1627,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Kan inte fungera utan en användbar root\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "Ingen utmp post.  Du måste köra \"login\" från den lägsta nivån \"sh\""
-
 #, c-format
 msgid ""
 "\n"
@@ -1652,14 +1661,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: Kan inte grena användarskal\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s inloggning: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: fel vid processdelning: %s"
 
@@ -1694,7 +1695,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1721,19 +1723,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: misslyckades med att låsa upp %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: misslyckades med att hitta tcb-katalog för %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Misslyckades med att skapa tcb-katalog för %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1766,14 +1763,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Misslyckades med att skapa tcb-katalog för %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1797,6 +1794,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: ogiltigt användarnamn \"%s\"\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: rad %d: ogiltig rad\n"
 
@@ -1818,6 +1819,11 @@ msgstr "%s: rad %d: kan inte skapa grupp\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: rad %d: användaren \"%s\" finns inte i %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: rename: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: byt namn: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: rad %d: kan inte uppdatera lösenord\n"
@@ -1840,14 +1846,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: rad %d: kan inte uppdatera post\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: misslyckades med att förbereda den nya %s-posten \"%s\"\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: kan inte skapa användare\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: misslyckades med att förbereda den nya %s-posten \"%s\"\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: kan inte skapa grupp\n"
 
@@ -1923,6 +1929,11 @@ msgstr ""
 "lösenords-\n"
 "                                ändring till MAX_DAGAR\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    visa åldringsinformation om kontot\n"
+
 msgid "Old password: "
 msgstr "Gammalt lösenord: "
 
@@ -1942,6 +1953,11 @@ msgstr ""
 "Ange det nya lösenordet (minimum %d, maximum %d tecken)\n"
 "Använd en kombination av gemener, versaler och siffror.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: fälten för långa\n"
+
 msgid "New password: "
 msgstr "Nytt lösenord: "
 
@@ -1987,6 +2003,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: repository %s stöds inte\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: endast root kan använda flaggan -g/--group\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s är inte behörig att ändra lösenordet för %s\n"
@@ -2139,11 +2160,9 @@ msgstr "%s: signalfel\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sessionen terminerad, terminerar skal..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...dödad.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...väntar på att barn ska termineras.\n"
 
@@ -2230,6 +2249,11 @@ msgstr "%s: Du är inte behörig att använda su för tillfället\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Ingen lösenordspost för \"root\""
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "ogiltigt användarnamn \"%s\"\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: måste köras från en terminal\n"
@@ -2276,6 +2300,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: %s-konfigurationen i %s kommer att ignoreras\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: %s-konfigurationen i %s kommer att ignoreras\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: kan inte skapa ny standardfil\n"
@@ -2286,10 +2317,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: kan inte skapa ny standardfil\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: kan inte skapa ny standardfil\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: kan inte öppna ny fil med standardvärden\n"
 
@@ -2306,10 +2333,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: byt namn: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: gruppen \"%s\" är en NIS-grupp.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: för många grupper angivna (max %d).\n"
 
@@ -2447,6 +2470,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: ogiltig baskatalog \"%s\"\n"
@@ -2594,6 +2622,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Ställer in rättigheter för postlådefil"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Skapar postlådefil"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Skapar postlådefil"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2724,10 +2762,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: Kan inte ta bort tcb-filer för %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: användaren %s är en NIS-användare\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s hemkatalogen (%s) hittades inte\n"
 
@@ -2854,6 +2888,12 @@ msgid ""
 msgstr ""
 "  -s, --shell SHELL             nytt inloggningsskal för användarkontot\n"
 
+#, fuzzy
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -s, --shell SHELL             nytt inloggningsskal för användarkontot\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2950,12 +2990,26 @@ msgstr ""
 "%s: misslyckades med att kopiera lastlog-posten för användaren %lu till "
 "användaren %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: misslyckades med att kopiera lastlog-posten för användaren %lu till "
+"användaren %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: misslyckades med att kopiera faillog-posten för användaren %lu till "
 "användaren %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: misslyckades med att kopiera faillog-posten för användaren %lu till "
+"användaren %lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: varning: %s ägs inte av %s\n"
@@ -3057,8 +3111,8 @@ msgstr ""
 msgid "failed to stat edited file"
 msgstr "misslyckades med att ta status på redigerade filen"
 
-msgid "failed to allocate memory"
-msgstr "misslyckades att allokera minne"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "misslyckades med att skapa säkerhetskopia"
@@ -3071,6 +3125,56 @@ msgstr "%s: kan inte återställa %s: %s (dina ändringar finns i %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: misslyckades med att hitta tcb-katalog för %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Överskott av miljövariabler\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: kan inte ändra användare \"%s\" på en NIS-klient.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: \"%s\" är NIS-master för denna klient.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: gruppen \"%s\" är en NIS-grupp\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s är NIS master\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: gruppen %s är en NIS-grupp\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: kan inte skapa ny standardfil\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: gruppen \"%s\" är en NIS-grupp.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: användaren %s är en NIS-användare\n"
+
+#~ msgid "too simple"
+#~ msgstr "för enkelt"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Ingen utmp post.  Du måste köra \"login\" från den lägsta nivån \"sh\""
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: misslyckades med att hitta tcb-katalog för %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "misslyckades att allokera minne"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Användning: id\n"
 
@@ -3086,10 +3190,6 @@ msgstr "%s: misslyckades med att hitta tcb-katalog för %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: information om lösenordets utgång har ändrats.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ogiltigt användarnamn \"%s\"\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Användarnamn      Port     Från             Senast"
 
diff --git a/po/tl.gmo b/po/tl.gmo
index a75b187..7750180 100644
--- a/po/tl.gmo
+++ b/po/tl.gmo
diff --git a/po/tl.po b/po/tl.po
index 16287fe..9a04b6c 100644
--- a/po/tl.po
+++ b/po/tl.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2007-11-26 21:34+0100\n"
 "Last-Translator: Eric Pareja <xenos@upm.edu.ph>\n"
 "Language-Team: Tagalog <debian-tl@banwa.upm.edu.ph>\n"
@@ -21,222 +21,6 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=n>1;\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr ""
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Hindi makapaglaan ng lugar para sa impormasyong pagsasaayos.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"may mali sa pagsasaayos - hindi kilalang item '%s' (ipaalam sa "
-"tagapangasiwa)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Kontrasenyas: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Kontrasenyas ni %s: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Hindi mabuksan ang talaksang password\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Hindi makapaglaan ng lugar para sa impormasyong pagsasaayos.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Pinapalitan ang impormasyong pagtanda para kay %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Hindi makilala ang inyong pangalan.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: linya %d: hindi mahanap ang gumagamit %s\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: nagkulang ng memory\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: hindi ma-apdeyt ang talaksang %s\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: hindi tanggap na directory na tahanan '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: hindi malikha ang directory %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: babala: hindi matanggal "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: babala: hindi matanggal "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: baguhin ang pangalan: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: babala: hindi matanggal "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: hindi malikha ang directory %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: babala: hindi matanggal "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: hindi ma-apdeyt ang talaksang %s\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: hindi maapdeyt ang talaksang shadow\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: baguhin ang pangalan: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: hindi mabuksan ang talaksang %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Babala: hindi kilalang grupo %s\n"
 
@@ -282,6 +66,11 @@ msgstr "Hindi mabago ang tty %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: mahaba masyado ang mga field\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -289,8 +78,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Umapaw ang kapaligiran\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr ""
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -393,9 +183,18 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: hindi makakuha ng kakaibang UID\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "Hindi makapaglaan ng lugar para sa impormasyong pagsasaayos.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"may mali sa pagsasaayos - hindi kilalang item '%s' (ipaalam sa "
+"tagapangasiwa)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: bigo ang pagpapakilalang PAM\n"
@@ -423,7 +222,7 @@ msgstr "Hindi makapaglaan ng lugar para sa impormasyong pagsasaayos.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: hindi mabuksan ang talaksan\n"
 
 #, fuzzy, c-format
@@ -434,9 +233,21 @@ msgstr "%s: linya %d: bigo ang chown\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: linya %d: bigo ang chown\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: linya %d: bigo ang chown\n"
+
 msgid "Too many logins.\n"
 msgstr "Labis ang mga login.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s login: "
+
 msgid "You have new mail."
 msgstr "May bago kang email."
 
@@ -446,6 +257,14 @@ msgstr "Walang email."
 msgid "You have mail."
 msgstr "Mayroon kang email."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "walang pagbabago"
 
@@ -458,9 +277,6 @@ msgstr "nagpalit lamang ng laki ng titik"
 msgid "too similar"
 msgstr "labis na magkatulad"
 
-msgid "too simple"
-msgstr "labis na simple"
-
 msgid "rotated"
 msgstr "inikot"
 
@@ -507,6 +323,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: bigo ang pam_start(), error %d\n"
 
+msgid "Password: "
+msgstr "Kontrasenyas: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Kontrasenyas ni %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Maling kontrasenyas para kay %s.\n"
@@ -532,18 +355,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: hindi malikha ang directory %s\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: hindi malikha ang directory %s\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: hindi malikha ang directory %s\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -556,6 +375,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Hindi mabuksan ang talaksang password\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Hindi makapaglaan ng lugar para sa impormasyong pagsasaayos.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Hindi makapaglaan ng lugar para sa impormasyong pagsasaayos.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Pinapalitan ang impormasyong pagtanda para kay %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Hindi makilala ang inyong pangalan.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: linya %d: hindi mahanap ang gumagamit %s\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Hindi makalipat sa '%s'\n"
@@ -568,6 +488,10 @@ msgid "Cannot execute %s"
 msgstr "Hindi mapatakbo ang %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Hindi tanggap na root directory '%s'\n"
 
@@ -576,6 +500,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Hindi mapalitan ang root directory sa '%s'\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: nagkulang ng memory\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: hindi ma-apdeyt ang talaksang %s\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: hindi tanggap na directory na tahanan '%s'\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: hindi malikha ang directory %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: babala: hindi matanggal "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: babala: hindi matanggal "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: baguhin ang pangalan: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: babala: hindi matanggal "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: hindi malikha ang directory %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: babala: hindi matanggal "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: hindi ma-apdeyt ang talaksang %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: hindi maapdeyt ang talaksang shadow\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: baguhin ang pangalan: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: hindi mabuksan ang talaksang %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: gumagamit na si %s ay kasalukuyang nakapasok\n"
 
@@ -634,6 +636,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -659,12 +664,15 @@ msgstr "Inaktibo ang Password"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Hangganan ng Account (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Huling Pagpalit ng Password : "
-
 msgid "never"
 msgstr "Hindi kailanman"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Huling Pagpalit ng Password : "
+
 msgid "password must be changed"
 msgstr "kailangan palitan ang password"
 
@@ -833,14 +841,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: walang gumagamit na nagngangalang %s\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: hindi mapalitan ang gumagamit '%s' sa NIS client.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: '%s' ay ang NIS master ng klienteng ito.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Pinapalitan ang impormasyon tungkol sa gumagamit na si %s\n"
 
@@ -868,6 +868,10 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
+#, c-format
+msgid "%s: no crypt method defined\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: ang flag na -a ay pinapayagan LAMANG kung kasama ang flag na -G\n"
@@ -919,6 +923,15 @@ msgid "Login Shell"
 msgstr "Login Shell"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: hindi malikha ang bagong talaksan ng mga default\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Hindi niyo mapapalitan ang shell para kay %s.\n"
 
@@ -931,6 +944,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Hindi tanggap na entry: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "Ang %s ay hindi tanggap na shell.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "Ang %s ay hindi tanggap na shell.\n"
 
@@ -1140,9 +1157,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1156,6 +1170,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: hindi tanggap na pangalan ng grupo ang %s\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: hindi mabuksan ang talaksang %s\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "hindi tanggap na pangalan ng grupo '%s'\n"
 
@@ -1198,14 +1216,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: walang grupong %s\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: ang grupong '%s' ay grupong NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s ay ang NIS master\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: ang gumagamit na %s ay nasa NIS\n"
 
@@ -1281,10 +1291,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "hindi tanggap na pangalan ng grupo '%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: ang grupong %s ay grupong NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: di kilalang gumagamit %s\n"
 
@@ -1398,7 +1404,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1492,11 +1498,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Walang nakapasok sa utmp. Kailangan niyong mag-exec \"login\" mula sa "
-"pinakamababang antas ng \"sh\""
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1531,14 +1532,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: linya %d: hindi mahanap ang gumagamit %s\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s login: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: bigo sa pag-fork: %s"
 
@@ -1574,7 +1567,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1599,17 +1593,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: mahaba masyado ang mga field\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: hindi tanggap na batayang directory '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: hindi malikha ang directory %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1643,14 +1633,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: hindi malikha ang directory %s\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1672,6 +1661,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: hindi tanggap na pangalan `%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: linya %d: hindi tanggap na linya\n"
 
@@ -1691,6 +1684,10 @@ msgstr "%s: linya %d: hindi makalikha ng GID\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: walang gumagamit na nagngangalang %s\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: baguhin ang pangalan: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: linya %d: hindi ma-apdeyt ang kontrasenyas\n"
@@ -1712,14 +1709,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: linya %d: hindi ma-apdeyt ang ipinasok\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: bigo sa pagtanggal ng mga pribilehiyo (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: hindi malikha ang %s\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: bigo sa pagtanggal ng mga pribilehiyo (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: hindi ma-apdeyt ang talaksang grupo\n"
 
@@ -1777,6 +1774,9 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Lumang kontrasenyas:"
 
@@ -1796,6 +1796,11 @@ msgstr ""
 "Ibigay ang bagong kontrasenyas (minimum na %d, maximum na %d karakter)\n"
 "Gumamit ng kombinasyon ng malaki at maliit na titik at mga numero.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: mahaba masyado ang mga field\n"
+
 msgid "New password: "
 msgstr "Bagong password: "
 
@@ -1837,6 +1842,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: hindi suportado ang repositoryong %s\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -1980,11 +1989,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2072,6 +2079,11 @@ msgstr "Hindi kayo awtorisadong gumamit ng su %s\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "Walang ipinasok sa password para sa 'root'"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "hindi tanggap na pangalan '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: kinakailangang patakbuhin mula sa isang terminal\n"
@@ -2117,6 +2129,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2128,10 +2146,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: hindi malikha ang bagong talaksan ng mga default\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: hindi malikha ang bagong talaksan ng mga default\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: hindi mabuksan ang bagong talaksan ng mga default\n"
 
@@ -2148,10 +2162,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: baguhin ang pangalan: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: ang grupong '%s' ay grupong NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: sobrang dami ng grupo ang nakatakda (max %d).\n"
 
@@ -2260,6 +2270,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: hindi tanggap na batayang directory '%s'\n"
@@ -2391,6 +2406,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Itinatakda ang pahintulot sa talaksang mailbox"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Inililikha ang talaksang mailbox"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Inililikha ang talaksang mailbox"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2512,10 +2537,6 @@ msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: hindi mapalitan ng pangalan ang directory %s sa %s\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: ang gumagamit na %s ay nasa NIS\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: hindi tanggap na directory na tahanan '%s'\n"
@@ -2614,6 +2635,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2697,10 +2722,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: hindi maapdeyt ang talaksang password\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: hindi malikha ang directory %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: babala: %s ay hindi pag-aari ni %s\n"
@@ -2806,8 +2839,9 @@ msgid "failed to stat edited file"
 msgstr "bigo sa pagpalit ng pangalan ng mailbox"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "bigo sa pagpalit ng may-ari ng mailbox"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: hindi mabuksan ang talaksan\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2821,6 +2855,57 @@ msgstr "%s: hindi maibalik ang %s: %s (ang mga pagbabago ay nasa %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: hindi tanggap na batayang directory '%s'\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Umapaw ang kapaligiran\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: hindi mapalitan ang gumagamit '%s' sa NIS client.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: '%s' ay ang NIS master ng klienteng ito.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: ang grupong '%s' ay grupong NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s ay ang NIS master\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: ang grupong %s ay grupong NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: hindi malikha ang bagong talaksan ng mga default\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: ang grupong '%s' ay grupong NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: ang gumagamit na %s ay nasa NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "labis na simple"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Walang nakapasok sa utmp. Kailangan niyong mag-exec \"login\" mula sa "
+#~ "pinakamababang antas ng \"sh\""
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: hindi tanggap na batayang directory '%s'\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "bigo sa pagpalit ng may-ari ng mailbox"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Pag-gamit: id\n"
 
@@ -2836,10 +2921,6 @@ msgstr "%s: hindi tanggap na batayang directory '%s'\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Babala ng Paglipas ng Taning ng Password"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "hindi tanggap na pangalan '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Pangalan         Puerta   Mula            Hulihan"
 
diff --git a/po/tr.gmo b/po/tr.gmo
index 6197b64..5ec46dd 100644
--- a/po/tr.gmo
+++ b/po/tr.gmo
diff --git a/po/tr.po b/po/tr.po
index 2caeb90..80c5dc4 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2008-03-29 20:31+0200\n"
 "Last-Translator: Mehmet Türker <mturker@innova.com.tr>\n"
 "Language-Team: Türkçe <tr@li.org>\n"
@@ -20,223 +20,6 @@ msgstr ""
 "X-Generator: KBabel 1.11.1\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"'%s' içinde '%s' isminde birden fazla giriş mevcut. Lütfen bunu pwck yada "
-"grpck kullanarak düzeltin.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "kripto medotu libcrypt tarafından desteklenmiyor? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr ""
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Yapılandırma bilgileri için yer ayrılamadı.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"yapılandırma hatası - bilinmeyen öğe '%s' (sistem yöneticisine bildirin)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr ""
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr ""
-
-msgid "Password: "
-msgstr "Parola: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s kullanıcı parolası: "
-
-#, fuzzy
-#| msgid "Cannot open the password file.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Parola dosyası açılamıyor.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr ""
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Yapılandırma bilgileri için yer ayrılamadı.\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "%s için ömür bilgisi değiştiriliyor\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "%s: Kullanıcı isminiz belirlenemedi.\n"
-
-#, fuzzy, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "%s: satır %d: kullanıcı %s bulunamadı\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr ""
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr ""
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: yetersiz bellek\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: %s dosyası güncellenemiyor\n"
-
-#, fuzzy, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: geçersiz ev dizini '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: %s dizini yaratılamıyor\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: uyarı: silinemiyor "
-
-#, fuzzy, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: uyarı: silinemiyor "
-
-#, fuzzy, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: yeniden adlandırma: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: uyarı: silinemiyor "
-
-#, fuzzy, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: %s dizini yaratılamıyor\n"
-
-#, fuzzy, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: uyarı: silinemiyor "
-
-#, fuzzy, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: %s dosyası güncellenemiyor\n"
-
-#, fuzzy, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: gölge dosyası güncellenemedi\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: yeniden adlandırma: %s"
-
-#, fuzzy, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: %s dosyası açılamıyor\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Uyarı: bilinmeyen grup %s\n"
 
@@ -282,6 +65,13 @@ msgstr "Geçilemeyen tty: %s"
 msgid "%s: failed to unlock %s\n"
 msgstr "%s: alanlar çok uzun\n"
 
+#, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"'%s' içinde '%s' isminde birden fazla giriş mevcut. Lütfen bunu pwck yada "
+"grpck kullanarak düzeltin.\n"
+
 #, fuzzy, c-format
 msgid "%s: "
 msgstr "%s: %s\n"
@@ -289,8 +79,9 @@ msgstr "%s: %s\n"
 msgid ": "
 msgstr ""
 
-msgid "Environment overflow\n"
-msgstr "Ortam taşması\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "kripto medotu libcrypt tarafından desteklenmiyor? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -385,9 +176,17 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "Benzersiz bir UID alınamıyor (mevcut UID yok)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
+msgid "configuration error - cannot parse %s value: '%s'"
 msgstr ""
 
+msgid "Could not allocate space for config info.\n"
+msgstr "Yapılandırma bilgileri için yer ayrılamadı.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"yapılandırma hatası - bilinmeyen öğe '%s' (sistem yöneticisine bildirin)\n"
+
 #, fuzzy, c-format
 msgid "%s: Memory allocation failure\n"
 msgstr "%s: PAM yetkilendirmesi başarısız oldu\n"
@@ -415,7 +214,7 @@ msgstr "Yapılandırma bilgileri için yer ayrılamadı.\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: dosya açılamıyor\n"
 
 #, fuzzy, c-format
@@ -426,9 +225,21 @@ msgstr "%s: satır %d: chown başarısız oldu\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: satır %d: chown başarısız oldu\n"
 
+#, fuzzy, c-format
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: satır %d: chown başarısız oldu\n"
+
 msgid "Too many logins.\n"
 msgstr "Çok fazla oturum.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s giriÅŸ: "
+
 msgid "You have new mail."
 msgstr "Yeni e-postanız var."
 
@@ -438,6 +249,14 @@ msgstr "E-Posta yok."
 msgid "You have mail."
 msgstr "E-Postanız var."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr ""
+
 msgid "no change"
 msgstr "deÄŸiÅŸiklik yok"
 
@@ -450,9 +269,6 @@ msgstr "sadece durum deÄŸiÅŸiklikleri"
 msgid "too similar"
 msgstr "çok benzer"
 
-msgid "too simple"
-msgstr "çok basit"
-
 msgid "rotated"
 msgstr "döndürülmüş"
 
@@ -499,6 +315,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() başarısız, hata %d\n"
 
+msgid "Password: "
+msgstr "Parola: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s kullanıcı parolası: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "`%s' için yanlış parola\n"
@@ -524,18 +347,14 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: %s dizini yaratılamıyor\n"
 
 #, fuzzy, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: %s dizini yaratılamıyor\n"
 
 #, fuzzy, c-format
-msgid "%s: unable to chroot to directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
 msgstr "%s: %s dizini yaratılamıyor\n"
 
 #, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
-
-#, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
@@ -550,6 +369,107 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Parola dosyası açılamıyor.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr ""
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Could not set serange for %s to %s\n"
+msgstr "Yapılandırma bilgileri için yer ayrılamadı.\n"
+
+#, fuzzy, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Yapılandırma bilgileri için yer ayrılamadı.\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "%s için ömür bilgisi değiştiriliyor\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "%s: Kullanıcı isminiz belirlenemedi.\n"
+
+#, fuzzy, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "%s: satır %d: kullanıcı %s bulunamadı\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr ""
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "\"%s\" dizinine geçilemiyor\n"
@@ -562,6 +482,10 @@ msgid "Cannot execute %s"
 msgstr "%s çalıştırılamıyor"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Geçersiz kök dizin '%s'\n"
 
@@ -570,6 +494,84 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "Kök dizin '%s' olarak değiştirilemiyor\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: yetersiz bellek\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: %s dosyası güncellenemiyor\n"
+
+#, fuzzy, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: geçersiz ev dizini '%s'\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: %s dizini yaratılamıyor\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: uyarı: silinemiyor "
+
+#, fuzzy, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: uyarı: silinemiyor "
+
+#, fuzzy, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: yeniden adlandırma: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: uyarı: silinemiyor "
+
+#, fuzzy, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: %s dizini yaratılamıyor\n"
+
+#, fuzzy, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: uyarı: silinemiyor "
+
+#, fuzzy, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: %s dosyası güncellenemiyor\n"
+
+#, fuzzy, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: gölge dosyası güncellenemedi\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: yeniden adlandırma: %s"
+
+#, fuzzy, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: %s dosyası açılamıyor\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: kullanıcı %s şu an oturumda\n"
 
@@ -637,6 +639,9 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr ""
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -662,12 +667,15 @@ msgstr "Parola Pasif"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Hesap Bitimi Tarihi (YYYY-AA-GG)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Son Parola DeÄŸiÅŸimi\t\t\t\t\t: "
-
 msgid "never"
 msgstr "Hiçbir zaman"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Son Parola DeÄŸiÅŸimi\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "Parola deÄŸiÅŸtirilmeli"
 
@@ -836,14 +844,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: kullanıcı `%s' mevcut değil\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: kullanıcı `%s' NIS istemcisinde değiştirilemedi.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: `%s' bu istemci için NIS efendisidir.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "%s için kullanıcı bilgileri değiştiriliyor\n"
 
@@ -881,6 +881,11 @@ msgstr ""
 "                                SHA yuvarlamaları sayısı\n"
 
 #, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: desteklenmeyen kripto metodu: %s\n"
+
+#, fuzzy, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: %s bayrağına SADECE %s bayrağı ile kullanıldığında izin verilir\n"
 
@@ -931,6 +936,15 @@ msgid "Login Shell"
 msgstr "Oturum KabuÄŸu"
 
 #, fuzzy, c-format
+msgid "Cannot parse shell files: %s"
+msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: yeni varsayılanlar dosyası oluşturulamadı\n"
+
+#, fuzzy, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "%s için kabuğu değiştiremezsiniz.\n"
 
@@ -943,6 +957,10 @@ msgid "%s: Invalid entry: %s\n"
 msgstr "%s: Geçersiz kayıt: %s\n"
 
 #, fuzzy, c-format
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s geçersiz bir kabuk.\n"
+
+#, fuzzy, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s geçersiz bir kabuk.\n"
 
@@ -1161,9 +1179,6 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr ""
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 
@@ -1177,6 +1192,10 @@ msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s geçerli bir grup adı değil\n"
 
 #, fuzzy, c-format
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: %s dosyası açılamıyor\n"
+
+#, fuzzy, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: geçersiz grup adı `%s'\n"
 
@@ -1221,14 +1240,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: grup %s mevcut deÄŸil\n"
 
 #, fuzzy, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: grup '%s' bir NIS grubu.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s NIS efendisidir\n"
-
-#, fuzzy, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: kullanıcı %s bir NIS kullanıcısı\n"
 
@@ -1310,10 +1321,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: geçersiz grup adı `%s'\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: grup %s bir NIS grubudur\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: bilinmeyen kullanıcı %s\n"
 
@@ -1430,7 +1437,7 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 
@@ -1524,11 +1531,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr ""
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Bu bir utmp girişi değil.  En düşük \"sh\" düzeyinde \"login\" i "
-"çalıştırmalısınız. "
-
 #, fuzzy, c-format
 msgid ""
 "\n"
@@ -1563,14 +1565,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "%s: satır %d: kullanıcı %s bulunamadı\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s giriÅŸ: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: çatallama hatası: %s"
 
@@ -1606,7 +1600,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1631,17 +1626,13 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: alanlar çok uzun\n"
 
 #, fuzzy, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: geçersiz ana dizin '%s'\n"
-
-#, fuzzy, c-format
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: %s dizini yaratılamıyor\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1674,14 +1665,13 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: %s dizini yaratılamıyor\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr ""
@@ -1703,6 +1693,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: geçersiz kullanıcı adı '%s'\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: satır %d: geçersiz satır\n"
 
@@ -1724,6 +1718,10 @@ msgstr "%s: satır %d: grup yaratılamıyor\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: kullanıcı `%s' mevcut değil\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: %s\n"
+msgstr "%s: yeniden adlandırma: %s"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: satır %d: parola güncellenemiyor\n"
@@ -1745,14 +1743,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: satır %d: kayıt güncellenemiyor\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: ayrıcalıklar iptal edilemedi (%s)\n"
-
-#, fuzzy, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: kullanıcı yaratılamıyor\n"
 
 #, fuzzy, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: ayrıcalıklar iptal edilemedi (%s)\n"
+
+#, fuzzy, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: grup dosyası güncellenemiyor\n"
 
@@ -1819,6 +1817,9 @@ msgstr ""
 "  -s, --sha-rounds              SHA* kripto algoritmaları için kullanılacak\n"
 "                                SHA yuvarlamaları sayısı\n"
 
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+
 msgid "Old password: "
 msgstr "Eski parola: "
 
@@ -1838,6 +1839,11 @@ msgstr ""
 "Yeni parolayı girin (asgari %d, azami %d karakter)\n"
 "Lütfen büyük, küçük harf ve rakamların bir kombinasyonunu kullanın.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: alanlar çok uzun\n"
+
 msgid "New password: "
 msgstr "Yeni parola: "
 
@@ -1883,6 +1889,10 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: depo %s desteklenmiyor\n"
 
 #, c-format
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr ""
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
@@ -2025,11 +2035,9 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
-#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -2116,6 +2124,11 @@ msgstr "su %s için yetkili değilsiniz\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "'root' için parola kaydı yok"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "geçersiz kullanıcı adı '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: bir terminalden çalıştırılmalı\n"
@@ -2161,6 +2174,12 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
@@ -2172,10 +2191,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: yeni varsayılanlar dosyası oluşturulamadı\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: yeni varsayılanlar dosyası oluşturulamadı\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: yeni varsayılanlar dosyası açılamadı\n"
 
@@ -2192,10 +2207,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: yeniden adlandırma: %s"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: grup '%s' bir NIS grubu.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: çok fazla grup verildi (azami %d).\n"
 
@@ -2322,6 +2333,11 @@ msgid ""
 "mapping\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: geçersiz ana dizin '%s'\n"
@@ -2453,6 +2469,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Mail kutusu dosyası için yetkiler ayarlanıyor"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Mesaj kutusu dosyası yaratılıyor"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Mesaj kutusu dosyası yaratılıyor"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2578,10 +2604,6 @@ msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
 msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: %s dizini %s olarak yeniden adlandırılamıyor\n"
 
-#, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: kullanıcı %s bir NIS kullanıcısı\n"
-
 #, fuzzy, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: geçersiz ev dizini '%s'\n"
@@ -2695,6 +2717,10 @@ msgid ""
 "account\n"
 msgstr ""
 
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2781,10 +2807,18 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: parola dosyası güncellenemedi\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: %s dizini yaratılamıyor\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: uyarı: %s %s kullanıcısına ait değil\n"
@@ -2893,8 +2927,9 @@ msgid "failed to stat edited file"
 msgstr "postakutusu isim değişikliği başarısız"
 
 #, fuzzy
-msgid "failed to allocate memory"
-msgstr "postakutusu sahibi deÄŸiÅŸtirilmedi"
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s: dosya açılamıyor\n"
 
 #, fuzzy
 msgid "failed to create backup file"
@@ -2908,6 +2943,57 @@ msgstr "%s: %s geri yüklenemiyor: %s (değişiklikleriniz %s içinde)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: geçersiz ana dizin '%s'\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Ortam taşması\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: kullanıcı `%s' NIS istemcisinde değiştirilemedi.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: `%s' bu istemci için NIS efendisidir.\n"
+
+#, fuzzy, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: grup '%s' bir NIS grubu.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s NIS efendisidir\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: grup %s bir NIS grubudur\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: yeni varsayılanlar dosyası oluşturulamadı\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: grup '%s' bir NIS grubu.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: kullanıcı %s bir NIS kullanıcısı\n"
+
+#~ msgid "too simple"
+#~ msgstr "çok basit"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Bu bir utmp girişi değil.  En düşük \"sh\" düzeyinde \"login\" i "
+#~ "çalıştırmalısınız. "
+
+#, fuzzy, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: geçersiz ana dizin '%s'\n"
+
+#, fuzzy
+#~ msgid "failed to allocate memory"
+#~ msgstr "postakutusu sahibi deÄŸiÅŸtirilmedi"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Kullanım: id\n"
 
@@ -2923,10 +3009,6 @@ msgstr "%s: geçersiz ana dizin '%s'\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "Parola Kullanım Süresi Bitti Uyarısı"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "geçersiz kullanıcı adı '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Kullanıcı adı         Port     Kimden             Sonuncu"
 
diff --git a/po/uk.gmo b/po/uk.gmo
index 4fff73a..9528c68 100644
--- a/po/uk.gmo
+++ b/po/uk.gmo
diff --git a/po/uk.po b/po/uk.po
index c6099f3..eb2407e 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2022-05-16 19:32+0300\n"
 "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 "Language-Team: Ukrainian <kde-i18n-uk@kde.org>\n"
@@ -20,225 +20,6 @@ msgstr ""
 "X-Generator: Lokalize 20.12.0\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Ви�влено декілька запи�ів із назвою «%s» у %s. Будь ла�ка, виправте це за "
-"допомогою pwck або grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "Підтримку методу шифруванн� не передбачено у libcrypt? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "помилка налаштувань - не вдало�� обробити значенн� %s: «%s»"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "�е вдало�� отримати пам'�ть дл� даних налаштувань.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr ""
-"помилка у налаштуванн�х - невідомий запи� «%s» (повідомте адміні�тратора)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: роботу nscd не завершено штатно (�игнал %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: роботу nscd завершено зі �таном %d\n"
-
-msgid "Password: "
-msgstr "Пароль: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Пароль кори�тувача %s: "
-
-msgid "Cannot open audit interface.\n"
-msgstr "�е вдало�� відкрити інтерфей� рецензуванн�.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr "%s: не вдало�� отримати попередній контек�т проце�у SELinux: %s\n"
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "�е вдало�� �творити де�криптор керуванн� SELinux\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "Правила SELinux не є керованими\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "�е вдало�� виконати читанн� правил SELinux зі �ховища\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "�е вдало�� в�тановити з'єднанн� керуванн� SELinux\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "�е вдало�� розпочати операцію SELinux\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "�е вдало�� опитати seuser дл� %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "�е вдало�� в�тановити serange дл� %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "�е вдало�� в�тановити sename дл� %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "�е вдало�� змінити прив'�зку облікового запи�у дл� %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "�е вдало�� �творити прив'�зку облікового запи�у SELinux дл� %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "�е вдало�� вказати назву %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "�е вдало�� в�тановити кори�тувача SELinux дл� %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "�е вдало�� додати прив'�зку входу дл� %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "�е вдало�� ініціалізувати керуванн� SELinux\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "�е вдало�� �творити ключ кори�тувача SELinux\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "�е вдало�� пройти перевірку кори�тувача SELinux\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "�е вдало�� змінити прив'�зку кори�тувача SELinux\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "�е вдало�� додати прив'�зку кори�тувача SELinux\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "�е вдало�� вне�ти операцію SELinux\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"Прив'�зку облікового запи�у дл� %s не визначено. Це нормально, �кщо "
-"викори�тано типову прив'�зку\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "Прив'�зку входу дл� %s визначено у правилах, не вдало�� вилучити\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "�е вдало�� вилучити mapping входу дл� %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: брак пам'�ті\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: не вдало�� виконати stat %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s не є ні каталогом, ні �имволічним по�иланн�м.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: не вдало�� прочитати �имволічне по�иланн� %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: підозріливо довге �имволічне по�иланн�: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: не вдало�� �творити каталог %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: не вдало�� змінити вла�ника %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: не вдало�� змінити режим до�тупу до %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: �ка�уванн� по�иланн�: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: не вдало�� вилучити каталог %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: не вдало�� перейменувати %s на %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: не вдало�� вилучити %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: не вдало�� �творити �имволічне по�иланн� %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: не вдало�� змінити вла�ників %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: не вдало�� виконати lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: попередженн�, у кори�тувача %s немає файла shadow tcb.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: критична �итуаці�: shadow tcb %s не є звичайним файлом з st_nlink=1.\n"
-"Обліковий запи� залишив�� заблокованим.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: не вдало�� відкрити %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Попередженн�: невідома група %s\n"
 
@@ -287,14 +68,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: не вдало�� розблокувати %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Ви�влено декілька запи�ів із назвою «%s» у %s. Будь ла�ка, виправте це за "
+"допомогою pwck або grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Переповненн� �ередовища\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "Підтримку методу шифруванн� не передбачено у libcrypt? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -412,8 +201,16 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: не вдало�� отримати унікальний UID (більше немає до�тупних UID)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr "%s: недо�татньо аргументів дл� формуванн� %u прив'�зок\n"
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "помилка налаштувань - не вдало�� обробити значенн� %s: «%s»"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "�е вдало�� отримати пам'�ть дл� даних налаштувань.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr ""
+"помилка у налаштуванн�х - невідомий запи� «%s» (повідомте адміні�тратора)\n"
 
 #, c-format
 msgid "%s: Memory allocation failure\n"
@@ -439,8 +236,9 @@ msgstr "%s: не вдало�� в�тановити дл� seteuid %d\n"
 msgid "%s: Could not set caps\n"
 msgstr "%s: не вдало�� в�тановити можливо�ті\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
+#, fuzzy, c-format
+#| msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s: помилка snprintf!\n"
 
 #, c-format
@@ -451,9 +249,22 @@ msgstr "%s: помилка під ча� �проби відкрити %s: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: помилка під ча� �проби запи�ати %s: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: open of %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: помилка під ча� �проби відкрити %s: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Забагато входів.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"Запи� %s: "
+
 msgid "You have new mail."
 msgstr "Ви отримали нову пошту."
 
@@ -463,6 +274,14 @@ msgstr "Пошти немає."
 msgid "You have mail."
 msgstr "Дл� ва� є пошта."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: роботу nscd не завершено штатно (�игнал %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: роботу nscd завершено зі �таном %d\n"
+
 msgid "no change"
 msgstr "без змін"
 
@@ -475,9 +294,6 @@ msgstr "тільки зміна регі�тру"
 msgid "too similar"
 msgstr "занадто подібні"
 
-msgid "too simple"
-msgstr "занадто про�тий"
-
 msgid "rotated"
 msgstr "пере�тавлені літери"
 
@@ -522,6 +338,13 @@ msgstr ""
 "%s: (кори�тувач %s) помилка pam_chauthtok(), повідомленн�:\n"
 "%s\n"
 
+msgid "Password: "
+msgstr "Пароль: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Пароль кори�тувача %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Помилковий пароль дл� %s.\n"
@@ -548,16 +371,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: не вдало�� отримати до�туп до каталогу chroot %s: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: не вдало�� змінити каталог на каталог chroot %s: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: не вдало�� виконати chroot до каталогу %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr "�е вдало�� отримати випадкові байти.\n"
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: не вдало�� змінити каталог на каталог chroot %s: %s\n"
 
 #, c-format
 msgid ""
@@ -577,6 +397,108 @@ msgstr ""
 "у ENCRYPT_METHOD і відповідні налаштуванн� дл� вибраного вами методу "
 "хешуванн�.\n"
 
+msgid "Cannot open audit interface.\n"
+msgstr "�е вдало�� відкрити інтерфей� рецензуванн�.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr "%s: не вдало�� отримати попередній контек�т проце�у SELinux: %s\n"
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "�е вдало�� �творити де�криптор керуванн� SELinux\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "Правила SELinux не є керованими\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "�е вдало�� виконати читанн� правил SELinux зі �ховища\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "�е вдало�� в�тановити з'єднанн� керуванн� SELinux\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "�е вдало�� розпочати операцію SELinux\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "�е вдало�� опитати seuser дл� %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "�е вдало�� в�тановити serange дл� %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "�е вдало�� в�тановити sename дл� %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "�е вдало�� змінити прив'�зку облікового запи�у дл� %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "�е вдало�� �творити прив'�зку облікового запи�у SELinux дл� %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "�е вдало�� вказати назву %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "�е вдало�� в�тановити кори�тувача SELinux дл� %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "�е вдало�� додати прив'�зку входу дл� %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "�е вдало�� ініціалізувати керуванн� SELinux\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "�е вдало�� �творити ключ кори�тувача SELinux\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "�е вдало�� пройти перевірку кори�тувача SELinux\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "�е вдало�� змінити прив'�зку кори�тувача SELinux\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "�е вдало�� додати прив'�зку кори�тувача SELinux\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "�е вдало�� вне�ти операцію SELinux\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"Прив'�зку облікового запи�у дл� %s не визначено. Це нормально, �кщо "
+"викори�тано типову прив'�зку\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "Прив'�зку входу дл� %s визначено у правилах, не вдало�� вилучити\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "�е вдало�� вилучити mapping входу дл� %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "�е вдало�� перейти до теки «%s»\n"
@@ -589,6 +511,10 @@ msgid "Cannot execute %s"
 msgstr "�е вдало�� виконати %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "�екоректний кореневий каталог «%s»\n"
 
@@ -597,6 +523,86 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "�е вдало�� змінити кореневий каталог на «%s»\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: брак пам'�ті\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: не вдало�� виконати stat %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s не є ні каталогом, ні �имволічним по�иланн�м.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: не вдало�� прочитати �имволічне по�иланн� %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: підозріливо довге �имволічне по�иланн�: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: не вдало�� �творити каталог %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: не вдало�� змінити вла�ника %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: не вдало�� змінити режим до�тупу до %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: �ка�уванн� по�иланн�: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: не вдало�� вилучити каталог %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: не вдало�� перейменувати %s на %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: не вдало�� вилучити %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: не вдало�� �творити �имволічне по�иланн� %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: не вдало�� змінити вла�ників %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: не вдало�� виконати lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: попередженн�, у кори�тувача %s немає файла shadow tcb.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: критична �итуаці�: shadow tcb %s не є звичайним файлом з st_nlink=1.\n"
+"Обліковий запи� залишив�� заблокованим.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: не вдало�� відкрити %s: %s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s: кори�тувач %s зараз працює у �и�темі\n"
 
@@ -671,6 +677,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root К�Т_CHROOT         каталог дл� зміни кореневого\n"
 
+#, fuzzy
+#| msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -P, --prefix ПРЕФІКС_К�Т      префік� каталогів\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -698,12 +709,15 @@ msgstr "Пароль неактивний"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Дата про�троченн� облікового запи�у (РРРР-ММ-ДД)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "О�танн� зміна парол�\t\t\t\t\t: "
-
 msgid "never"
 msgstr "ніколи"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "О�танн� зміна парол�\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "Пароль змінено"
 
@@ -880,14 +894,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: запи�у кори�тувача «%s» не і�нує\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: не вдало�� змінити кори�тувача «%s» у клієнті NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: «%s» є NIS-�ервером дл� цього клієнта.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "Зміна інформації про кори�тувача %s\n"
 
@@ -923,6 +929,11 @@ msgstr ""
 "  -s, --sha-rounds              кількі�ть проходів дл� алгоритмів\n"
 "                                шифруванн� SHA, BCRYPT та YESCRYPT\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: непідтримуваний метод шифруванн�: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: прапорець %s можна викори�товувати лише з прапорцем %s\n"
@@ -975,6 +986,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Оболонка входу"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: не вдало�� отримати розмір %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file: %s\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: не вдало�� �творити файл із типовими значенн�ми: %s\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Ви не можете змінити оболонку дл� «%s».\n"
@@ -987,6 +1008,11 @@ msgstr "Змінюємо оболонку входу дл� %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: некоректний запи�: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s є некоректною оболонкою\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s є некоректною оболонкою\n"
@@ -1230,9 +1256,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr ""
 "  -r, --system                  �творити загально�и�темний обліковий запи�\n"
 
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -P, --prefix ПРЕФІКС_К�Т      префік� каталогів\n"
-
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr ""
 "  -U, --users КОРИСТУВ�ЧІ       �пи�ок кори�тувачів-уча�ників цієї групи\n"
@@ -1245,6 +1268,11 @@ msgstr "�екоректне ім'� кори�тувача уча�ника, %s
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: «%s» є некоректною назвою групи\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: не вдало�� відкрити %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: некоректний ідентифікатор групи «%s»\n"
@@ -1292,14 +1320,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: групи «%s» не і�нує\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: група «%s» є групою NIS.\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s є �ервером NIS\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: кори�тувач «%s» вже є уча�ником «%s»\n"
 
@@ -1391,10 +1411,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: некоректна назва групи «%s»\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: група %s є групою NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: невідомий кори�тувач %s\n"
 
@@ -1521,8 +1537,12 @@ msgstr ""
 "  -b, --before Д�І              виве�ти лише ті запи�и lastlog, вік �ких "
 "перевищує Д�І\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   вилучити запи� lastlog кори�тувача (можна "
@@ -1628,10 +1648,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: робота неможлива без отриманн� ефективних прав root\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"�емає запи�у utmp. Вам �лід виконати \"login\" з \"sh\" найнижчого рівн�"
-
 #, c-format
 msgid ""
 "\n"
@@ -1666,14 +1682,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "�е вдало�� знайти кори�тувача (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"Запи� %s: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: помилка відгалуженн�: %s"
 
@@ -1706,9 +1714,13 @@ msgstr "Кори�туванн�: logoutd\n"
 msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
 msgstr "%s: діапазон gid [%lu-%lu) -> [%lu-%lu) заборонено\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> "
+#| "<count> ] ... \n"
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 "кори�туванн�: %s <pid> <gid> <нижній_gid> <кількі�ть> [ <gid> <нижній_gid> "
 "<кількі�ть> ] ... \n"
@@ -1733,21 +1745,21 @@ msgstr "%s: не вдало�� виконати позиціюванн� у set
 msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: не вдало�� в�тановити правила setgroups %s: %s\n"
 
-#, c-format
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: не вдало�� відкрити каталог proc дл� цілі %u\n"
-
-#, c-format
-msgid "%s: Could not stat directory for target %u\n"
+#, fuzzy, c-format
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: не вдало�� отримати �тати�тичні дані каталогу дл� цілі %u\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+#| "st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
-"%s: вла�ником цілі %u є інший кори�тувач: uid:%lu pw_uid:%lu st_uid:%lu, gid:"
-"%lu pw_gid:%lu st_gid:%lu\n"
+"%s: вла�ником проце�у призначенн� %u є інший кори�тувач: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Кори�туванн�: newgrp [-] [група]\n"
@@ -1779,20 +1791,21 @@ msgstr "занадто багато груп\n"
 msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
 msgstr "%s: діапазон uid [%lu-%lu) -> [%lu-%lu) заборонено\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> "
+#| "<count> ] ... \n"
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 "кори�туванн�: %s <pid> <uid> <нижній_uid> <кількі�ть> [ <uid> <нижній_uid> "
 "<кількі�ть> ] ... \n"
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
-"%s: вла�ником проце�у призначенн� %u є інший кори�тувач: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+#, fuzzy, c-format
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: не вдало�� отримати �тати�тичні дані каталогу дл� цілі %u\n"
 
 msgid "  -b, --badname                 allow bad names\n"
 msgstr "  -b, --badname                 дозволити «погані» назви\n"
@@ -1816,6 +1829,10 @@ msgstr ""
 "проігнорувати\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: р�док %d: некоректний р�док\n"
 
@@ -1836,6 +1853,11 @@ msgstr "%s: р�док %d: не вдало�� �творити групу\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: р�док %d: кори�тувача «%s» не і�нує у %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: �ка�уванн� по�иланн�: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: р�док %d: не вдало�� оновити пароль\n"
@@ -1857,14 +1879,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: р�док %d: не вдало�� оновити запи�\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: не вдало�� приготувати новий запи� %s\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: не вдало�� знайти підлеглий діапазон кори�тувачів\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: не вдало�� приготувати новий запи� %s\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: не вдало�� знайти підлеглий діапазон груп\n"
 
@@ -1945,6 +1967,13 @@ msgstr ""
 "  -x, --maxdays Д�І             в�тановити мак�имальну кількі�ть днів до\n"
 "                                зміни парол� у Д�І\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    показати дані щодо за�таріванн� облікового "
+"запи�у\n"
+
 msgid "Old password: "
 msgstr "Старий пароль: "
 
@@ -1964,6 +1993,11 @@ msgstr ""
 "Введіть новий пароль (від %d до %d �имволів)\n"
 "Будь ла�ка, �кори�тайте�� комбінацією великих і малих літер та цифр.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: пол� занадто довгі\n"
+
 msgid "New password: "
 msgstr "�овий пароль: "
 
@@ -2009,6 +2043,11 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: підтримки �ховища %s не передбачено\n"
 
+#, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: лише root може викори�товувати параметр -g/--group\n"
+
 #, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: root не уповноважено SELinux не зміну парол� %s\n"
@@ -2162,11 +2201,9 @@ msgstr "%s: помилкова роботу �игналів\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Сеан� перервано, перериваємо роботу оболонки..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...завершено.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...очікуємо на завершенн� дочірнього проце�у.\n"
 
@@ -2239,6 +2276,11 @@ msgstr "%s: ваÑ� не уповноважено на доÑ�туп до su цьÐ
 msgid "No passwd entry for user '%s'\n"
 msgstr "�емає запи�у passwd дл� кори�тувача «%s»\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "невірне ім'� кори�тувача '%s'\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: має бути запущено з термінала\n"
@@ -2284,6 +2326,13 @@ msgstr "%s: було �творено %s, але його не вдало�� в
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: налаштуванн� %s у %s буде проігноровано\n"
 
+#, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: налаштуванн� %s у %s буде проігноровано\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: не вдало�� �творити файл із типовими значенн�ми: %s\n"
@@ -2293,10 +2342,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: не вдало�� �творити каталог дл� файла з типовими значенн�ми\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: не вдало�� �творити файл з типовими значенн�ми\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: не вдало�� відкрити новий файл із типовими значенн�ми\n"
 
@@ -2313,10 +2358,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: перейменуванн�: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: група «%s» є групою NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: вказано забагато груп (мак� %d).\n"
 
@@ -2468,6 +2509,17 @@ msgstr ""
 "  -Z, --selinux-user SEКОР      викори�тати вказаного SEКОР дл� прив'�зки "
 "кори�тувача SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEКОР      викори�тати вказаного SEКОР дл� прив'�зки "
+"кори�тувача SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: некоректна базовий каталог «%s»\n"
@@ -2600,6 +2652,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "В�тановлюємо права до�тупу на файл поштової �криньки"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "Створюємо файл поштової �криньки"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "Створюємо файл поштової �криньки"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr "%s попередженн�: UID %s %d перевищує SYS_UID_MAX %d\n"
@@ -2736,10 +2798,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: не вдало�� вилучити файли tcb дл� %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: кори�тувач %s є кори�тувачем NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: не знайдено домашнього каталогу %s (%s)\n"
 
@@ -2867,6 +2925,16 @@ msgstr ""
 "  -Z, --selinux-user SEКОР      нова прив'�зка кори�тувача SELinux дл� "
 "облікового запи�у кори�тувача\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEКОР      нова прив'�зка кори�тувача SELinux дл� "
+"облікового запи�у кори�тувача\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2964,12 +3032,26 @@ msgstr ""
 "%s: не вдало�� �копіювати запи� lastlog кори�тувача %lu до кори�тувача %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: не вдало�� �копіювати запи� lastlog кори�тувача %lu до кори�тувача %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: не вдало�� �копіювати запи� faillog кори�тувача %lu до кори�тувача %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: не вдало�� �копіювати запи� faillog кори�тувача %lu до кори�тувача %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: попередженн�: %s не належить %s\n"
@@ -3071,8 +3153,10 @@ msgstr "не вдало�� �ка�увати �имволічне по�ила
 msgid "failed to stat edited file"
 msgstr "не вдало�� отримати �тати�тичні дані редагованого файла"
 
-msgid "failed to allocate memory"
-msgstr "не вдало�� отримати пам'�ть"
+#, fuzzy
+#| msgid "%s: snprintf failed!\n"
+msgid "asprintf(3) failed"
+msgstr "%s: помилка snprintf!\n"
 
 msgid "failed to create backup file"
 msgstr "не вдало�� �творити файл резервної копії"
@@ -3085,6 +3169,71 @@ msgstr "%s: не вдалоÑ�Ñ� відновити %s: %s (ваші зміни Ñ
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: не вдало�� знайти каталог tcb дл� %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Переповненн� �ередовища\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: не вдало�� змінити кори�тувача «%s» у клієнті NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: «%s» є NIS-�ервером дл� цього клієнта.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: група «%s» є групою NIS.\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s є �ервером NIS\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: група %s є групою NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: не вдало�� �творити файл з типовими значенн�ми\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: група «%s» є групою NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: кори�тувач %s є кори�тувачем NIS\n"
+
+#, c-format
+#~ msgid "%s: Not enough arguments to form %u mappings\n"
+#~ msgstr "%s: недо�татньо аргументів дл� формуванн� %u прив'�зок\n"
+
+#~ msgid "too simple"
+#~ msgstr "занадто про�тий"
+
+#, c-format
+#~ msgid "Unable to obtain random bytes.\n"
+#~ msgstr "�е вдало�� отримати випадкові байти.\n"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "�емає запи�у utmp. Вам �лід виконати \"login\" з \"sh\" найнижчого рівн�"
+
+#, c-format
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: не вдало�� відкрити каталог proc дл� цілі %u\n"
+
+#, c-format
+#~ msgid ""
+#~ "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+#~ "%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+#~ msgstr ""
+#~ "%s: вла�ником цілі %u є інший кори�тувач: uid:%lu pw_uid:%lu st_uid:%lu, "
+#~ "gid:%lu pw_gid:%lu st_gid:%lu\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "не вдало�� отримати пам'�ть"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Викори�танн�: id\n"
 
@@ -3100,10 +3249,6 @@ msgstr "%s: не вдало�� знайти каталог tcb дл� %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "За�тереженн� про про�троченн� парол�"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "невірне ім'� кори�тувача '%s'\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Кори�тувач       Порт  Звідки           О�танній вхід"
 
diff --git a/po/vi.gmo b/po/vi.gmo
index 4ad1f41..a7d1742 100644
--- a/po/vi.gmo
+++ b/po/vi.gmo
diff --git a/po/vi.po b/po/vi.po
index 72afc5d..b3f51f7 100644
--- a/po/vi.po
+++ b/po/vi.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow master\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2016-10-04 07:07+0700\n"
 "Last-Translator: Trần Ng�c Quân <vnwildman@gmail.com>\n"
 "Language-Team: Vietnamese <debian-l10n-vietnamese@lists.debian.org>\n"
@@ -20,228 +20,6 @@ msgstr ""
 "X-Generator: Gtranslator 2.91.7\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr ""
-"Có nhi�u mục tin mang tên “%s� trong %s. Hãy sửa chữa trư�ng hợp này, dùng "
-"pwck hoặc grpck.\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "Phương pháp mã hóa không được thư viện libcrypt hỗ trợ? (%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "lỗi cấu hình — không thể phân tích cú pháp của giá trị %s: “%s�"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "Không thể cấp phát sức chứa cho thông tin cấu hình.\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "lỗi cấu hình - không hiểu mục tin “%s� (báo cho ngư�i quản trị).\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s: nscd đã kết thúc bất thư�ng (tín hiệu %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd đã thoát với mã là %d\n"
-
-msgid "Password: "
-msgstr "Mật khẩu: "
-
-#, c-format
-msgid "%s's Password: "
-msgstr "Mật khẩu của %s: "
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "Không thể mở giao diện thử, kiểm nghiệm nên hủy b�.\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]: %s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "Không thể tạo bộ tiếp hợp quản lý SELinux\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "Chính sách cho SELinux chưa được quản lý\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "Không thể đ�c kho lưu chính sách SELinux\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "Không thể thiết lập kết nối quản lý SELinux\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "Không thể bắt đầu phiên giao dịch SELinux\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "Không thể truy vấn seuser cho %s\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "Không thể đặt serange cho %s\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "Không thể đặt sename cho %s\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "Không thể sửa đổi ánh xạ đăng nhập cho %s\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "Không thể tạo ánh xạ đăng nhập SELinux cho %s\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "Không thể đặt tên %s\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "Không thể đặt ngư�i dùng SELinux cho %s\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "Không thể thêm ánh xạ đăng nhập cho %s\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "Không thể khởi tạo bộ quản lý SELinux\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "Không thể tạo khóa ngư�i dùng SELinux\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "Không thể thẩm định ngư�i dùng SELinux\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "Không thể sửa đổi ánh xạ ngư�i dùng SELinux\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "Không thể thêm ánh xạ ngư�i dùng SELinux\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "Không thể chuyển giao giao dịch SELinux\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr ""
-"�nh xạ đăng nhập cho %s chưa được định nghĩa, OK nếu ánh xạ mặc định được "
-"dùng\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr ""
-"�nh xạ đăng nhập cho %s được định nghĩa trong chính sách, không thể xóa đi\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "Không thể xóa ánh xạ đăng nhập cho %s"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s: hết bộ nhớ\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s: Không thể lấy thống kê v� %s: %s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s: %s không phải là thư mục mà cũng không phải là liên kết m�m.\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s: Không thể đ�c liên kết m�m %s: %s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s: Liên kết m�m dài một cách điên rồ: %s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s: Không thể tạo thư mục %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s: Không thể thay đổi ngư�i sở hữu của %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s: Không thể thay đổi chế độ của %s: %s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s: unlink: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s: Không thể gỡ b� thư mục %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s: Không thể đổi tên %s thành %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s: Không thể gỡ b� %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s: Không thể tạo liên kết m�m %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s: Không thể thay đổi chủ sở hữu của %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s: Không thể lstat %s: %s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s: Cảnh báo, ngư�i dùng  %s không có tập tin shadow tcb.\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s: Khẩn cấp: shadow tcb của %s không phải là tập tin thư�ng với "
-"st_nlink=1.\n"
-"Tài khoản vẫn bị khóa.\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s: mkdir: %s: %s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s: Không thể mở %s: %s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "Cảnh báo: không biết nhóm %s.\n"
 
@@ -289,14 +67,22 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s: gặp lỗi khi mở khóa %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr ""
+"Có nhi�u mục tin mang tên “%s� trong %s. Hãy sửa chữa trư�ng hợp này, dùng "
+"pwck hoặc grpck.\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s: "
 
 msgid ": "
 msgstr ": "
 
-msgid "Environment overflow\n"
-msgstr "Tràn môi trư�ng\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "Phương pháp mã hóa không được thư viện libcrypt hỗ trợ? (%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -414,8 +200,15 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Không thể lấy UID duy nhất (không còn có sẵn UID thêm nữa)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "lỗi cấu hình — không thể phân tích cú pháp của giá trị %s: “%s�"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "Không thể cấp phát sức chứa cho thông tin cấu hình.\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "lỗi cấu hình - không hiểu mục tin “%s� (báo cho ngư�i quản trị).\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -445,9 +238,10 @@ msgstr "Không thể đặt tên %s\n"
 msgid "%s: Could not set caps\n"
 msgstr "Không thể đặt tên %s\n"
 
-#, c-format
-msgid "%s: snprintf failed!\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s: dòng %d: lỗi chown (thay đổi quy�n sở hữu) %s: %s\n"
 
 #, fuzzy, c-format
 #| msgid "%s: line %d: chown %s failed: %s\n"
@@ -459,9 +253,22 @@ msgstr "%s: dòng %d: lỗi chown (thay đổi quy�n sở hữu) %s: %s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s: dòng %d: lỗi chown (thay đổi quy�n sở hữu) %s: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s: dòng %d: lỗi chown (thay đổi quy�n sở hữu) %s: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Quá nhi�u lần đăng nhập.\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s đăng nhập: "
+
 msgid "You have new mail."
 msgstr "Bạn có thư mới."
 
@@ -471,6 +278,14 @@ msgstr "Không có thư."
 msgid "You have mail."
 msgstr "Bạn có thư."
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s: nscd đã kết thúc bất thư�ng (tín hiệu %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s: nscd đã thoát với mã là %d\n"
+
 msgid "no change"
 msgstr "chưa thay đổi gì"
 
@@ -483,9 +298,6 @@ msgstr "chỉ thay đổi HOA/thư�ng"
 msgid "too similar"
 msgstr "quá tương tự"
 
-msgid "too simple"
-msgstr "quá đơn giản"
-
 msgid "rotated"
 msgstr "đã xoay"
 
@@ -531,6 +343,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() (mật khẩu: bắt đầu pam) đã thất bại với lỗi %d\n"
 
+msgid "Password: "
+msgstr "Mật khẩu: "
+
+#, c-format
+msgid "%s's Password: "
+msgstr "Mật khẩu của %s: "
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Mật khẩu không đúng cho %s .\n"
@@ -557,16 +376,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: không thể truy cập thư mục chroot %s: %s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: không thể chuyển sang thư mục chroot %s: %s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: không thể thay đổi thư mục gốc thành %s: %s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s: không thể chuyển sang thư mục chroot %s: %s\n"
 
 #, c-format
 msgid ""
@@ -583,6 +399,111 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Không thể mở giao diện thử, kiểm nghiệm nên hủy b�.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]: %s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "Không thể tạo bộ tiếp hợp quản lý SELinux\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "Chính sách cho SELinux chưa được quản lý\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "Không thể đ�c kho lưu chính sách SELinux\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "Không thể thiết lập kết nối quản lý SELinux\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "Không thể bắt đầu phiên giao dịch SELinux\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "Không thể truy vấn seuser cho %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "Không thể đặt serange cho %s\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "Không thể đặt sename cho %s\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "Không thể sửa đổi ánh xạ đăng nhập cho %s\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "Không thể tạo ánh xạ đăng nhập SELinux cho %s\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "Không thể đặt tên %s\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "Không thể đặt ngư�i dùng SELinux cho %s\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "Không thể thêm ánh xạ đăng nhập cho %s\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "Không thể khởi tạo bộ quản lý SELinux\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "Không thể tạo khóa ngư�i dùng SELinux\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "Không thể thẩm định ngư�i dùng SELinux\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "Không thể sửa đổi ánh xạ ngư�i dùng SELinux\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "Không thể thêm ánh xạ ngư�i dùng SELinux\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "Không thể chuyển giao giao dịch SELinux\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr ""
+"�nh xạ đăng nhập cho %s chưa được định nghĩa, OK nếu ánh xạ mặc định được "
+"dùng\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr ""
+"�nh xạ đăng nhập cho %s được định nghĩa trong chính sách, không thể xóa đi\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "Không thể xóa ánh xạ đăng nhập cho %s"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Không thể cd (chuyển đổi thư mục) sang “%s�.\n"
@@ -595,6 +516,10 @@ msgid "Cannot execute %s"
 msgstr "Không thể thực hiện %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "Thư mục gốc không hợp lệ “%s�\n"
 
@@ -602,6 +527,87 @@ msgstr "Thư mục gốc không hợp lệ “%s�\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "Không thể thay đổi thư mục gốc thành “%s�\n"
 
+#, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: hết bộ nhớ\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s: Không thể lấy thống kê v� %s: %s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s: %s không phải là thư mục mà cũng không phải là liên kết m�m.\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s: Không thể đ�c liên kết m�m %s: %s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s: Liên kết m�m dài một cách điên rồ: %s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s: Không thể tạo thư mục %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s: Không thể thay đổi ngư�i sở hữu của %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s: Không thể thay đổi chế độ của %s: %s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s: Không thể gỡ b� thư mục %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s: Không thể đổi tên %s thành %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s: Không thể gỡ b� %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s: Không thể tạo liên kết m�m %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s: Không thể thay đổi chủ sở hữu của %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s: Không thể lstat %s: %s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s: Cảnh báo, ngư�i dùng  %s không có tập tin shadow tcb.\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s: Khẩn cấp: shadow tcb của %s không phải là tập tin thư�ng với "
+"st_nlink=1.\n"
+"Tài khoản vẫn bị khóa.\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s: mkdir: %s: %s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s: Không thể mở %s: %s\n"
+
 #, fuzzy, c-format
 #| msgid "%s: user '%s' does not exist in %s\n"
 msgid "%s: user %s is currently logged in\n"
@@ -681,6 +687,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root THƯ_MỤC_�ỔI        thư mục để chuyển gốc đến\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root THƯ_MỤC_�ỔI        thư mục để chuyển gốc đến\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr ""
@@ -708,12 +719,15 @@ msgstr "Mật khẩu không hoạt động"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "Ngày hết hạn dùng tài khoản (NNNN-TT-Ng)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "Thay đổi mặt khẩu cuối cùng\t\t\t\t\t: "
-
 msgid "never"
 msgstr "chưa bao gi�"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "Thay đổi mặt khẩu cuối cùng\t\t\t\t\t: "
+
 msgid "password must be changed"
 msgstr "mật khẩu phải thay đổi"
 
@@ -887,14 +901,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s: ngư�i dùng “%s� không tồn tại\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s: không thể thay đổi ngư�i dùng “%s� trên ứng dụng khách NIS.\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s: “%s� là NIS cái cho ứng dụng khách này.\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "�ang thay đổi thông tin v� ngư�i dùng đối với %s\n"
 
@@ -933,6 +939,11 @@ msgid ""
 msgstr ""
 "  -s, --sha-rounds              số vòng SHA cho thuật toán mã hóa SHA*\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s: phương pháp mã hóa không được hỗ trợ: %s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s: cho phép c� %s chỉ cùng với c� %s\n"
@@ -985,6 +996,16 @@ msgstr ""
 msgid "Login Shell"
 msgstr "Hệ v� �ăng nhập"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s: Không thể lấy kích cỡ của %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s: không thể tạo tập tin mặc định mới\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "Không cho phép bạn thay đổi hệ v� đối với “%s�.\n"
@@ -997,6 +1018,11 @@ msgstr "�ang thay đổi hệ v� đăng nhập đối với %s\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s: mục tin không hợp lệ: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s: %s không phải là hệ v� hợp lệ\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s: %s không phải là hệ v� hợp lệ\n"
@@ -1243,11 +1269,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  tạo một tài khoản hệ thống\n"
 
 #, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root THƯ_MỤC_�ỔI        thư mục để chuyển gốc đến\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    liệt kê những ngư�i trong nhóm\n"
@@ -1261,6 +1282,11 @@ msgstr "tên ngư�i dùng không hợp lệ “%s�\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: “%s� không phải là tên nhóm hợp lệ\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s: Không thể mở %s: %s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s: mã số nhóm (GID) không hợp lệ “%s�\n"
@@ -1306,14 +1332,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s: nhóm “%s� không tồn tại\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s: nhóm “%s� là một nhóm kiểu NIS\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s: %s là NIS chủ\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s: ngư�i dùng “%s� đã thuộc v� “%s�\n"
 
@@ -1408,10 +1426,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s: tên nhóm không hợp lệ “%s�\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s: nhóm %s là một nhóm kiểu NIS\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s: không rõ ngư�i dùng %s\n"
 
@@ -1537,8 +1551,12 @@ msgstr ""
 "ngày\n"
 "                                cũ hơn số ngày này (_trước_)\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   xóa bản ghi lastlog của ngư�i dùng (chỉ dùng "
@@ -1640,11 +1658,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: Không thể làm việc mà không có gốc có hiệu lực\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr ""
-"Không có mục tin utmp. Vì thế bạn cần phải thực hiện “login� (đăng nhập) từ "
-"“sh� (hệ v�) cấp dưới cùng."
-
 #, c-format
 msgid ""
 "\n"
@@ -1679,14 +1692,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "Không thể tìm thấy ngư�i dùng (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s đăng nhập: "
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: lỗi tạo tiến trình con: %s"
 
@@ -1721,7 +1726,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1748,19 +1754,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s: gặp lỗi khi mở khóa %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s: gặp lỗi khi tìm thư mục tcb cho %s\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s: Gặp lỗi khi tạo thư mục tcb cho %s\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1797,14 +1798,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s: Gặp lỗi khi tạo thư mục tcb cho %s\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1829,6 +1830,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s: tên dùng không hợp lệ “%s�\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s: dòng %d: dòng không hợp lệ\n"
 
@@ -1850,6 +1855,11 @@ msgstr "%s: dòng %d: không thể tạo nhóm\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s: dòng %d: ngư�i dùng “%s� không tồn tại trong %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s: unlink: %s: %s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: dòng %d: không thể cập nhật mật khẩu\n"
@@ -1872,14 +1882,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s: dòng %d: không thể cập nhật mục tin\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: gặp lỗi khi chuẩn bị mục tin mới “%s�\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s: không thể tìm thấy vùng ngư�i dùng lệ thuộc\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s: gặp lỗi khi chuẩn bị mục tin mới “%s�\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s: không thể tìm thấy vùng nhóm phụ thuộc\n"
 
@@ -1955,6 +1965,13 @@ msgstr ""
 "khi\n"
 "                                        thay đổi được mật khẩu\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr ""
+"  -l, --list                    hiển thị thông tin v� khoảng th�i gian sử "
+"dụng tài khoản\n"
+
 msgid "Old password: "
 msgstr "Mật khẩu cũ: "
 
@@ -1974,6 +1991,11 @@ msgstr ""
 "Nhập mật khẩu mới (số ký tự tối thiểu %d, tối đa %d).\n"
 "Hãy tổ hợp các chữ hoa, chữ thư�ng và chữ số để tạo một mật khẩu mạnh.\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s: trư�ng quá dài\n"
+
 msgid "New password: "
 msgstr "Mật khẩu mới: "
 
@@ -2018,6 +2040,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: kho lưu %s không được hỗ trợ\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s: chỉ siêu quản trị có quy�n sử dụng tùy ch�n “-g/--group�\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s không có quy�n thay đổi mật khẩu của %s\n"
@@ -2171,11 +2198,9 @@ msgstr "%s: tín hiệu trục trặc\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Phiên làm việc đã kết thúc, nên kết thúc hệ v�…"
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " …đã chết.\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " …đang đợi tiến con chấm dứt.\n"
 
@@ -2266,6 +2291,11 @@ msgstr ""
 msgid "No passwd entry for user '%s'\n"
 msgstr "Không có mục tin mật khẩu cho tài khoản “%s�\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "tên ngư�i dùng không hợp lệ “%s�\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s: phải chạy từ thiết bị cuối\n"
@@ -2312,6 +2342,13 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: cấu hình %s trong %s sẽ bị b� qua\n"
 
 #, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s: cấu hình %s trong %s sẽ bị b� qua\n"
+
+#, fuzzy, c-format
 #| msgid "%s: cannot create new defaults file\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: không thể tạo tập tin mặc định mới\n"
@@ -2322,10 +2359,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s: không thể tạo tập tin mặc định mới\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s: không thể tạo tập tin mặc định mới\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s: không thể mở tập tin mặc định mới\n"
 
@@ -2342,10 +2375,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s: thay tên: %s: %s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s: nhóm “%s� là nhóm kiểu NIS.\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: ghi rõ quá nhi�u nhóm (tối đa %d).\n"
 
@@ -2480,6 +2509,17 @@ msgstr ""
 "  -Z, --selinux-user SEUSER     dùng một ngư�i dùng SE (SEUSER) riêng cho sự "
 "ánh xạ ngư�i dùng SELinux\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     dùng một ngư�i dùng SE (SEUSER) riêng cho sự "
+"ánh xạ ngư�i dùng SELinux\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s: thư mục cơ sở không hợp lệ “%s�\n"
@@ -2623,6 +2663,16 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "�ang đặt quy�n truy cập tập tin hộp thư"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "�ang tạo tập tin hộp thư"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "�ang tạo tập tin hộp thư"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2754,10 +2804,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s: Không thể gỡ b� tập tin tcb cho %s: %s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s: ngư�i dùng %s là ngư�i dùng kiểu NIS\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s: %s không tìm thấy thư mục riêng (%s)\n"
 
@@ -2882,6 +2928,15 @@ msgid ""
 msgstr ""
 "  -Z, --selinux-user SEUSER     ánh xạ SELinux mới cho tài khoản ngư�i dùng\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     ánh xạ SELinux mới cho tài khoản ngư�i dùng\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2977,12 +3032,26 @@ msgstr ""
 "%s: gặp lỗi khi sao chép mục tin lastlog của ngư�i dùng %lu sang ngư�i dùng "
 "%lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: gặp lỗi khi sao chép mục tin lastlog của ngư�i dùng %lu sang ngư�i dùng "
+"%lu: %s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr ""
 "%s: không sao chép được mục tin faillog của ngư�i dùng %lu sang ngư�i dùng "
 "%lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr ""
+"%s: không sao chép được mục tin faillog của ngư�i dùng %lu sang ngư�i dùng "
+"%lu: %s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s: cảnh báo: %s không do %s sở hữu\n"
@@ -3084,8 +3153,8 @@ msgstr "gặp lỗi khi b� liên kết tập tin hỗn tạp"
 msgid "failed to stat edited file"
 msgstr "gặp lỗi khi lấy thống kê tập tin đã sửa"
 
-msgid "failed to allocate memory"
-msgstr "gặp lỗi khi phân bổ bộ nhớ"
+msgid "asprintf(3) failed"
+msgstr ""
 
 msgid "failed to create backup file"
 msgstr "không thể tạo tập tin sao lưu dự phòng"
@@ -3098,6 +3167,57 @@ msgstr "%s: không thể phục hồi %s: %s (các thay đổi của bạn nằm
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: gặp lỗi khi tìm thư mục tcb cho %s\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "Tràn môi trư�ng\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s: không thể thay đổi ngư�i dùng “%s� trên ứng dụng khách NIS.\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s: “%s� là NIS cái cho ứng dụng khách này.\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s: nhóm “%s� là một nhóm kiểu NIS\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s: %s là NIS chủ\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s: nhóm %s là một nhóm kiểu NIS\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s: không thể tạo tập tin mặc định mới\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s: nhóm “%s� là nhóm kiểu NIS.\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s: ngư�i dùng %s là ngư�i dùng kiểu NIS\n"
+
+#~ msgid "too simple"
+#~ msgstr "quá đơn giản"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr ""
+#~ "Không có mục tin utmp. Vì thế bạn cần phải thực hiện “login� (đăng nhập) "
+#~ "từ “sh� (hệ v�) cấp dưới cùng."
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s: gặp lỗi khi tìm thư mục tcb cho %s\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "gặp lỗi khi phân bổ bộ nhớ"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "Cách dùng: id\n"
 
@@ -3113,10 +3233,6 @@ msgstr "%s: gặp lỗi khi tìm thư mục tcb cho %s\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s: thông tin đã thay đổi v� sự hết hạn sử dụng mật khẩu.\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "tên ngư�i dùng không hợp lệ “%s�\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "Tài_khoản        Cổng     Từ               Mới nhất"
 
diff --git a/po/zh_CN.gmo b/po/zh_CN.gmo
index 8e20748..813401c 100644
--- a/po/zh_CN.gmo
+++ b/po/zh_CN.gmo
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 46067be..d429d78 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.15\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2022-07-27 23:04+0800\n"
 "Last-Translator: Celeste Liu <coelacanthus@outlook.com>\n"
 "Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
@@ -23,222 +23,6 @@ msgstr ""
 "X-Generator: Poedit 2.0.8\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr "多个�为“%s�的�目�时存在于 %s 中，请使用 pwck 或 grpck �修�。\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "libcrypt �支�此加密方法？(%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "�置错误 - 无法解� %s 值：“%s�"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "无法为�置信�分�空间。\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "�置错误 - 未知项目“%s�(请通知管�员)\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s：nscd 异常结� (信� %d)\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s：nscd 以状� %d 退出\n"
-
-msgid "Password: "
-msgstr "密�："
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s 的密�："
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "无法打开审计接� - 退出。\n"
-
-#, c-format
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr ""
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]：%s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "无法创建 SELinux 管��柄\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux 策略未被托管\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "无法读� SELinux 策略存储\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "无法建立 SELinux 管�连接\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "无法开始 SELinux 事务\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "无法为 %s 查询 seuser\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "无法为 %s 设置 serange\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "无法为 %s 设置 sename\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "无法为 %s 修改登录映射\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "无法为 %s 创建登录映射\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "无法为 %s 设置�称\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "无法为 %s 设置 SELinux 用户\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "无法为 %s 添加登录映射\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "无法�始化 SELinux 管�\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "无法创建 SELinux 用户密钥\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "无法验� SELinux 用户\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "无法修改 SELinux 用户映射\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "无法添加 SELinux 用户映射\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "无法�交 SELinux 事务\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr "未定义 %s 的登录映射，使用默认映射时这是正常的\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "在策略中定义了 %s 的登录映射，无法被删除\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "无法删除 %s 的登录映射"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s：内存溢出\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s：无法获�文件 %s 的信�：%s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s：%s 既�是目录也�是符�链接。\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s：无法读�符�链接 %s：%s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s：�疑的长符�链接：%s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s：无法创建目录 %s：%s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s：无法更改 %s 的属主：%s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s：无法更改 %s 的模�：%s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s：删除(unlink)：%s：%s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s：无法删除目录 %s：%s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s：无法将目录 %s 改�为 %s：%s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s：无法删除 %s：%s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s：无法创建符�链接 %s：%s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s：无法更改 %s 的属主：%s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s：无法获�符�链接 %s 的信�(lstat)：%s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s：警告，用户 %s 没有 tcb 影�文件。\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s：紧急：%s 的 tcb 影��是一个 st_nlink=1 的普通文件。\n"
-"已�定该��。\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s：创建目录：%s：%s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s：无法打开 %s：%s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "警告：未知组 %s\n"
 
@@ -285,14 +69,20 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s：解� %s 失败\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr "多个�为“%s�的�目�时存在于 %s 中，请使用 pwck 或 grpck �修�。\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s："
 
 msgid ": "
 msgstr "："
 
-msgid "Environment overflow\n"
-msgstr "环境溢出\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "libcrypt �支�此加密方法？(%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -327,48 +117,40 @@ msgstr ""
 msgid "%s: failed to allocate memory: %s\n"
 msgstr "%s：申请内存失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+#, c-format
 msgid ""
 "%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
-msgstr "%s：无法获�唯一的系统 GID (没有更多�用的 GID 了)\n"
+msgstr "%s：无法获�唯一的系统 GID (%s)。抑制�外的消�。\n"
 
-#, fuzzy, c-format
-#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+#, c-format
 msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
-msgstr "%s：无法获�唯一的 GID (没有更多�用的 GID 了)\n"
+msgstr "%s：无法获�唯一的 GID (%s)。抑制�外的消�。\n"
 
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s：无法获�唯一的 GID (没有更多�用的 GID 了)\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
-#| "(%lu)\n"
+#, c-format
 msgid ""
 "%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
 "SUB_GID_COUNT (%lu)\n"
-msgstr "%s：无效的�置：SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX (%lu)\n"
+msgstr ""
+"%s：无效的�置：SYS_GID_MIN (%lu), iSUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"
 
-#, fuzzy, c-format
-#| msgid "%s: can't find subordinate user range\n"
+#, c-format
 msgid "%s: Can't get unique subordinate GID range\n"
-msgstr "%s：找�到�用户范围\n"
+msgstr "%s：�能获得唯一的从属GID范围\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
-#| "(%lu)\n"
+#, c-format
 msgid ""
 "%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
 "SUB_UID_COUNT (%lu)\n"
-msgstr "%s：无效的�置：SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX (%lu)\n"
+msgstr ""
+"%s：无效的�置：SYS_UID_MIN (%lu), SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"
 
-#, fuzzy, c-format
-#| msgid "%s: can't find subordinate user range\n"
+#, c-format
 msgid "%s: Can't get unique subordinate UID range\n"
-msgstr "%s：找�到�用户范围\n"
+msgstr "%s：�能获得唯一的从属GID范围\n"
 
 #, c-format
 msgid ""
@@ -384,71 +166,83 @@ msgstr "%s：无效的�置：UID_MIN (%lu), UID_MAX (%lu)\n"
 msgid "%s: Encountered error attempting to use preferred UID: %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+#, c-format
 msgid ""
 "%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
-msgstr "%s：无法获�唯一的系统 UID (没有更多�用的 UID 了)\n"
+msgstr "%s：无法获�唯一的系统 UID (%s)。抑制�外的消�。\n"
 
-#, fuzzy, c-format
-#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+#, c-format
 msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
-msgstr "%s：无法获�唯一的 UID (没有更多�用的 UID 了)\n"
+msgstr "%s：无法获�唯一的UID (%s)。抑制�外的消�。\n"
 
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s：无法获�唯一的 UID (没有更多�用的 UID 了)\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "�置错误 - 无法解� %s 值：“%s�"
 
-#, fuzzy, c-format
-#| msgid "%s: Authentication failure\n"
+msgid "Could not allocate space for config info.\n"
+msgstr "无法为�置信�分�空间。\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "�置错误 - 未知项目“%s�(请通知管�员)\n"
+
+#, c-format
 msgid "%s: Memory allocation failure\n"
-msgstr "%s：验�失败\n"
+msgstr "%s：内存分�失败\n"
 
 #, c-format
 msgid "%s: subuid overflow detected.\n"
-msgstr ""
+msgstr "%s：检测到subuid溢出。\n"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid field '%s'\n"
+#, c-format
 msgid "%s: Invalid map file %s specified\n"
-msgstr "%s：无效的字段“%s�\n"
+msgstr "%s：指定的映射文件“%s无效�\n"
 
 #, c-format
 msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
-msgstr ""
+msgstr "%s：无法执行prctl(PR_SET_KEEPCAPS)\n"
 
-#, fuzzy, c-format
-#| msgid "Could not set name for %s\n"
+#, c-format
 msgid "%s: Could not seteuid to %d\n"
-msgstr "无法为 %s 设置�称\n"
+msgstr "%s：�能seteuid为%d\n"
 
-#, fuzzy, c-format
-#| msgid "Could not set name for %s\n"
+#, c-format
 msgid "%s: Could not set caps\n"
-msgstr "无法为 %s 设置�称\n"
+msgstr "%s：无法设置上�\n"
 
 #, fuzzy, c-format
-#| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
-msgstr "%s：无法打开文件\n"
+#| msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
+msgstr "%s：snprintf 失败\n"
 
-#, fuzzy, c-format
-#| msgid "%s: line %d: chown %s failed: %s\n"
+#, c-format
 msgid "%s: open of %s failed: %s\n"
-msgstr "%s：第 %d 行：改� %s 的属主失败：%s\n"
+msgstr "%s：打开%s失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: line %d: chown %s failed: %s\n"
+#, c-format
 msgid "%s: write to %s failed: %s\n"
-msgstr "%s：第 %d 行：改� %s 的属主失败：%s\n"
+msgstr "%s：写入%s失败：%s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: open of %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s：打开%s失败：%s\n"
 
 msgid "Too many logins.\n"
 msgstr "当�登录数�过多。\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+"%s 用户�："
+
 msgid "You have new mail."
 msgstr "您有新信件。"
 
@@ -458,6 +252,14 @@ msgstr "无信件。"
 msgid "You have mail."
 msgstr "您有信件。"
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s：nscd 异常结� (信� %d)\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s：nscd 以状� %d 退出\n"
+
 msgid "no change"
 msgstr "没有改�"
 
@@ -470,9 +272,6 @@ msgstr "仅有大�写改动"
 msgid "too similar"
 msgstr "太相似"
 
-msgid "too simple"
-msgstr "太简�"
-
 msgid "rotated"
 msgstr "已轮转"
 
@@ -501,22 +300,28 @@ msgstr "passwd：已�功更新密�\n"
 msgid "%s: PAM modules requesting echoing are not supported.\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: repository %s not supported\n"
+#, c-format
 msgid "%s: conversation type %d not supported.\n"
-msgstr "%s：�支� %s 存储。\n"
+msgstr "%s：�支�会�类型%d。\n"
 
-#, fuzzy, c-format
-#| msgid "%s: pam_start: error %d\n"
+#, c-format
 msgid "%s: (user %s) pam_start failure %d\n"
-msgstr "%s：pam_start：错误 %d\n"
+msgstr "%s：(user %s) pam_start 失败 %d\n"
 
-#, fuzzy, c-format
-#| msgid "passwd: pam_start() failed, error %d\n"
+#, c-format
 msgid ""
 "%s: (user %s) pam_chauthtok() failed, error:\n"
 "%s\n"
-msgstr "passwd：pam_start() 失败，错误 %d\n"
+msgstr ""
+"%s：(user %s) pam_chauthtok() 失败, 错误:\n"
+"%s\n"
+
+msgid "Password: "
+msgstr "密�："
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s 的密�："
 
 #, c-format
 msgid "Incorrect password for %s.\n"
@@ -543,16 +348,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s：无法访问 chroot 目录 %s：%s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s：无法进入 chroot 目录 %s：%s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s：无法 chroot 到目录 %s：%s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s：无法进入 chroot 目录 %s：%s\n"
 
 #, c-format
 msgid ""
@@ -569,6 +371,106 @@ msgid ""
 "method.\n"
 msgstr ""
 
+msgid "Cannot open audit interface.\n"
+msgstr "无法打开审计接�。\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr "%s：无法获�以�的SELinux进程上下文：%s\n"
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]：%s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "无法创建 SELinux 管��柄\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux 策略未被托管\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "无法读� SELinux 策略存储\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "无法建立 SELinux 管�连接\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "无法开始 SELinux 事务\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "无法为 %s 查询 seuser\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "无法为 %s 设置 serange\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "无法为 %s 设置 sename\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "无法为 %s 修改登录映射\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "无法为 %s 创建登录映射\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "无法为 %s 设置�称\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "无法为 %s 设置 SELinux 用户\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "无法为 %s 添加登录映射\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "无法�始化 SELinux 管�\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "无法创建 SELinux 用户密钥\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "无法验� SELinux 用户\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "无法修改 SELinux 用户映射\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "无法添加 SELinux 用户映射\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "无法�交 SELinux 事务\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr "未定义 %s 的登录映射，使用默认映射时这是正常的\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "在策略中定义了 %s 的登录映射，无法被删除\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "无法删除 %s 的登录映射"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "无法 cd 进入“%s�\n"
@@ -581,6 +483,10 @@ msgid "Cannot execute %s"
 msgstr "无法执行 %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "无效的根目录“%s�\n"
 
@@ -589,13 +495,92 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "无法将根目录改�为“%s�\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s：内存溢出\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s：无法获�文件 %s 的信�：%s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s：%s 既�是目录也�是符�链接。\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s：无法读�符�链接 %s：%s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s：�疑的长符�链接：%s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s：无法创建目录 %s：%s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s：无法更改 %s 的属主：%s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s：无法更改 %s 的模�：%s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s：删除(unlink)：%s：%s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s：无法删除目录 %s：%s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s：无法将目录 %s 改�为 %s：%s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s：无法删除 %s：%s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s：无法创建符�链接 %s：%s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s：无法更改 %s 的属主：%s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s：无法获�符�链接 %s 的信�(lstat)：%s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s：警告，用户 %s 没有 tcb 影�文件。\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s：紧急：%s 的 tcb 影��是一个 st_nlink=1 的普通文件。\n"
+"已�定该��。\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s：创建目录：%s：%s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s：无法打开 %s：%s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s：用户 %s 目�已登录\n"
 
-#, fuzzy, c-format
-#| msgid "%s: user %s is currently logged in\n"
+#, c-format
 msgid "%s: user %s is currently used by process %d\n"
-msgstr "%s：用户 %s 目�已登录\n"
+msgstr "%s：用户 %s 当�被进程使用 %d\n"
 
 msgid "Unable to determine your tty name."
 msgstr "无法确定您的 tty 终端�。"
@@ -625,10 +610,8 @@ msgstr "  -E, --expiredate 过期日期     将�户过期时间设为“过期
 msgid "  -h, --help                    display this help message and exit\n"
 msgstr "  -h, --help                    显示此帮助信�并退出\n"
 
-#, fuzzy
-#| msgid "  -g, --group                   edit group database\n"
 msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
-msgstr "  -g, --group                   编辑 group 数�库\n"
+msgstr "  -i, --iso8601                   打�日期时使用YYYY-MM-DD\n"
 
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
@@ -657,6 +640,11 @@ msgstr ""
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_DIR         chroot 到的目录\n"
 
+#, fuzzy
+#| msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -R, --root CHROOT_DIR         目录�缀\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr "  -W, --warndays 警告天数       将过期警告天数设为“警告天数�\n"
@@ -682,12 +670,15 @@ msgstr "密�失效"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "�户过期时间 (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "最近一次密�修改时间\t\t\t\t\t："
-
 msgid "never"
 msgstr "从�"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "最近一次密�修改时间\t\t\t\t\t："
+
 msgid "password must be changed"
 msgstr "密�必须更改"
 
@@ -859,14 +850,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s：用户“%s��存在\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s：�能在 NIS 客户端上修改用户“%s�。\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s：“%s�是此客户端的 NIS 管�员。\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "正在改� %s 的用户信�\n"
 
@@ -901,6 +884,11 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr "  -s, --sha-rounds              使用 SHA* 加密算法的轮数\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s：�支�的加密方法：%s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s：%s 标记�能和 %s 标记一起使用\n"
@@ -951,6 +939,16 @@ msgstr "  -s, --shell SHELL             该用户��的新登录 shell\n"
 msgid "Login Shell"
 msgstr "登录 Shell"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s：无法获得 %s 的大�：%s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file: %s\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s：无法创建新的默认文件：%s\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "您�能为“%s�更改 shell。\n"
@@ -963,6 +961,11 @@ msgstr "正在更改 %s 的 shell\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s：无效的�目：%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s：%s 是无效的 shell\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s：%s 是无效的 shell\n"
@@ -1183,25 +1186,22 @@ msgstr "  -p, --password PASSWORD       为新组使用此加密过的密�\n"
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  创建一个系统账户\n"
 
-#, fuzzy
-#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -R, --root CHROOT_DIR         chroot 到的目录\n"
-
-#, fuzzy
-#| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
-msgstr "  -l, --list                    列出组中的所有�员\n"
+msgstr "  -l, --list                    该组的用户�员列表\n"
 
-#, fuzzy, c-format
-#| msgid "invalid user name '%s'\n"
+#, c-format
 msgid "Invalid member username %s\n"
-msgstr "无效的用户�“%s�\n"
+msgstr "无效的�员用户�“%s�\n"
 
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s：“%s��是有效的组�\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s：无法打开 %s：%s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s：无效的组 ID “%s�\n"
@@ -1245,14 +1245,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s：“%s�组�存在\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s：“%s�组是一个 NIS 组。\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s：%s 是 NIS 管�员\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s：用户“%s�已�是“%s�的�员\n"
 
@@ -1306,20 +1298,13 @@ msgstr "%s：您的组�和用户��匹�\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s：�有 root ��以使用 -g/--group 选项\n"
 
-#, fuzzy
-#| msgid ""
-#| "  -a, --append                  append the user to the supplemental "
-#| "GROUPS\n"
-#| "                                mentioned by the -G option without "
-#| "removing\n"
-#| "                                the user from other groups\n"
 msgid ""
 "  -a, --append                  append the users mentioned by -U option to "
 "the group \n"
 "                                without removing existing user members\n"
 msgstr ""
-"  -a, --append GROUP            将用户追加至上边 -G 中�到的附加组中，\n"
-"                                并�从其它组中删除此用户\n"
+"  -a, --append                  将-U选项�到的用户添加到组中\n"
+"                                无需删除现有用户�员\n"
 
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr "  -g, --gid GID                 将组 ID 改为 GID\n"
@@ -1341,10 +1326,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s：无效的组�“%s�\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s：%s 组是一个 NIS 组\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s：未知用户 %s\n"
 
@@ -1463,8 +1444,12 @@ msgid ""
 "  -b, --before DAYS             print only lastlog records older than DAYS\n"
 msgstr "  -b, --before DAYS             仅打�早于 DAYS 的最近登录记录\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   清除一个用户的最近登录记录(须�� -u 使用)\n"
@@ -1484,10 +1469,9 @@ msgid ""
 "  -u, --user LOGIN              print lastlog record of the specified LOGIN\n"
 msgstr "  -u, --user LOGIN              打� LOGIN 用户的最近登录记录\n"
 
-#, fuzzy, c-format
-#| msgid "Username                Port     Latest"
+#, c-format
 msgid "Username         Port     From%*sLatest\n"
-msgstr "用户�                  端�     最�登录时间"
+msgstr "用户�                  端�     从最近的%*s\n"
 
 msgid "Username                Port     Latest"
 msgstr "用户�                  端�     最�登录时间"
@@ -1560,9 +1544,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s：必须�有效 root 身份�能工作\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "没有 utmp �目。您必须在最底层的“sh�里执行“login�"
-
 #, c-format
 msgid ""
 "\n"
@@ -1597,14 +1578,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "无法找到用户 (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-"%s 用户�："
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s：fork 失败：%s"
 
@@ -1639,47 +1612,39 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
 msgid "%s: kernel doesn't support setgroups restrictions\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: can't open group file\n"
+#, c-format
 msgid "%s: couldn't open process setgroups: %s\n"
-msgstr "%s：无法打开组文件\n"
+msgstr "%s：无法打开进程setgroups：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to remove %s\n"
+#, c-format
 msgid "%s: failed to read setgroups: %s\n"
-msgstr "%s：移除 %s 失败\n"
+msgstr "%s：读�setgroups失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to remove %s\n"
+#, c-format
 msgid "%s: failed to seek setgroups: %s\n"
-msgstr "%s：移除 %s 失败\n"
+msgstr "%s：查询setgroups失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to unlock %s\n"
+#, c-format
 msgid "%s: failed to setgroups %s policy: %s\n"
-msgstr "%s：解� %s 失败\n"
+msgstr "%s：setgroups%s策略失败：%s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s：无法为“%s�找到 tcb 目录\n"
-
-#, fuzzy, c-format
-#| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
-msgstr "%s：为 %s 创建 tcb 目录失败\n"
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
+msgstr "%s：无法统计目标目录%u\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1712,19 +1677,17 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s：无法统计目标目录%u\n"
 
-#, fuzzy
-#| msgid "  -q, --quiet                   quiet mode\n"
 msgid "  -b, --badname                 allow bad names\n"
-msgstr "  -q, --quiet                   安�模�\n"
+msgstr "  -q, --badname                 �许 bad name\n"
 
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  创建系统��\n"
@@ -1737,10 +1700,13 @@ msgstr "%s：“%s�组是影�组，但是�存在于 /etc/group\n"
 msgid "%s: invalid user ID '%s'\n"
 msgstr "%s：无效的用户 ID“%s�\n"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid user name '%s'\n"
+#, c-format
 msgid "%s: invalid user name '%s': use --badname to ignore\n"
-msgstr "%s：无效的用户�“%s�\n"
+msgstr "%s：无效的用户�“%s�: 使用 --badname 忽略\n"
+
+#, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
 
 #, c-format
 msgid "%s: line %d: invalid line\n"
@@ -1762,14 +1728,18 @@ msgstr "%s：第 %d 行：无法创建组\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s：第 %d 行：用户“%s��存在于 %s 中\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s：删除(unlink)：%s：%s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s：第 %d 行：无法更新密�\n"
 
-#, fuzzy, c-format
-#| msgid "%s: line %d: mkdir %s failed: %s\n"
+#, c-format
 msgid "%s: line %d: homedir must be an absolute path\n"
-msgstr "%s：第 %d 行：创建目录 %s 失败：%s\n"
+msgstr "%s：第 %d 行：Homedir必须是�对路径\n"
 
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
@@ -1784,14 +1754,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s：第 %d 行：无法更新�目\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s：准备新 %s �目失败\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s：找�到�用户范围\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s：准备新 %s �目失败\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s：找�到�用户组范围\n"
 
@@ -1853,6 +1823,11 @@ msgstr ""
 "  -x, --maxdays MAX_DAYS        设置到下次修改密�所须等待的最多天数\n"
 "                                为 MAX_DAYS\n"
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    显示�户年龄信�\n"
+
 msgid "Old password: "
 msgstr "旧密�："
 
@@ -1872,6 +1847,11 @@ msgstr ""
 "请输入新密�(最少 %d 最多 %d 个字符)\n"
 "请混�使用大�写字�和数字。\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s：字段太长\n"
+
 msgid "New password: "
 msgstr "新密�："
 
@@ -1896,10 +1876,9 @@ msgstr "无法更改 %s 的密�。\n"
 msgid "The password for %s cannot be changed yet.\n"
 msgstr "尚无法更改 %s 的密�。\n"
 
-#, fuzzy, c-format
-#| msgid "%s: shadow passwords required for -e\n"
+#, c-format
 msgid "%s: malformed password data obtained for user %s\n"
-msgstr "%s：-e �数需�有影�密�\n"
+msgstr "%s：获�的用户密�数��正确%s\n"
 
 #, c-format
 msgid ""
@@ -1915,9 +1894,13 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s：�支� %s 存储。\n"
 
 #, fuzzy, c-format
-#| msgid "%s: %s is not authorized to change the password of %s\n"
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s：�有 root ��以使用 -g/--group 选项\n"
+
+#, c-format
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
-msgstr "%s：%s 没有被授�更改 %s 的密�\n"
+msgstr "%s：root没有被SELinux授�修改密�%s\n"
 
 #, c-format
 msgid "%s: You may not view or modify password information for %s.\n"
@@ -1968,10 +1951,9 @@ msgstr "无效的密�文件项"
 msgid "duplicate password entry"
 msgstr "��的用户�目"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid user name '%s'\n"
+#, c-format
 msgid "invalid user name '%s': use --badname to ignore\n"
-msgstr "%s：无效的用户�“%s�\n"
+msgstr "无效的用户�'%s'：使用 --badname 忽略\n"
 
 #, c-format
 msgid "invalid user ID '%lu'\n"
@@ -2064,11 +2046,9 @@ msgstr "%s：信�故障\n"
 msgid "Session terminated, terminating shell..."
 msgstr "会�结�，结� shell ..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...已被�死。\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...等待�进程结�。\n"
 
@@ -2079,20 +2059,6 @@ msgstr " ...已结�。\n"
 msgid "%s: %s\n"
 msgstr "%s：%s\n"
 
-#, fuzzy
-#| msgid ""
-#| "Usage: su [options] [LOGIN]\n"
-#| "\n"
-#| "Options:\n"
-#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
-#| "  -h, --help                    display this help message and exit\n"
-#| "  -, -l, --login                make the shell a login shell\n"
-#| "  -m, -p,\n"
-#| "  --preserve-environment        do not reset environment variables, and\n"
-#| "                                keep the same shell\n"
-#| "  -s, --shell SHELL             use SHELL instead of the default in "
-#| "passwd\n"
-#| "\n"
 msgid ""
 "Usage: su [options] [-] [username [args]]\n"
 "\n"
@@ -2107,7 +2073,7 @@ msgid ""
 "\n"
 "If no username is given, assume root.\n"
 msgstr ""
-"用法：su [选项] [登录�]\n"
+"用法：su [选项] [-] [username [args]]\n"
 "\n"
 "选项：\n"
 "  -c, --command COMMAND         将 COMMAND 传递至�动的 shell\n"
@@ -2117,6 +2083,7 @@ msgstr ""
 "  --preserve-environment        ��置环境��并���一 shell\n"
 "  -s, --shell SHELL             使用 SHELL 而� passwd 中的默认值\n"
 "\n"
+"                                如果没有给出用户�，�设为root\n"
 
 #, c-format
 msgid ""
@@ -2153,6 +2120,11 @@ msgstr "%s：那时，您没有被授� su\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "没有用户“%s�的密�项\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "无效的用户�“%s�\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s：必须从终端中执行\n"
@@ -2199,18 +2171,19 @@ msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s：%s �置(�于 %s) 将被忽略\n"
 
 #, fuzzy, c-format
-#| msgid "%s: cannot create new defaults file\n"
-msgid "%s: cannot create new defaults file: %s\n"
-msgstr "%s：无法创建新的默认文件\n"
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%s：%s �置(�于 %s) 将被忽略\n"
 
-#, fuzzy, c-format
-#| msgid "%s: cannot create new defaults file\n"
-msgid "%s: cannot create directory for defaults file\n"
-msgstr "%s：无法创建新的默认文件\n"
+#, c-format
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s：无法创建新的默认文件：%s\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s：无法创建新的默认文件\n"
+msgid "%s: cannot create directory for defaults file\n"
+msgstr "%s：无法为默认文件创建目录\n"
 
 #, c-format
 msgid "%s: cannot open new defaults file\n"
@@ -2229,17 +2202,12 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s：改�：%s：%s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s：“%s�组是一个 NIS 组。\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s：指定了过多组(最多 %d)。\n"
 
-#, fuzzy, c-format
-#| msgid "%s: Out of memory. Cannot update %s.\n"
+#, c-format
 msgid "%s: Out of memory. Cannot find group '%s'.\n"
-msgstr "%s：超出内存。�能更新 %s。\n"
+msgstr "%s：超出内存。找�到组 '%s'。\n"
 
 #, c-format
 msgid ""
@@ -2255,10 +2223,8 @@ msgstr ""
 "\n"
 "选项：\n"
 
-#, fuzzy
-#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
 msgid "      --badname                 do not check for bad names\n"
-msgstr "  -s, --shadow                  编辑 shadow 或 gshadow 数�库\n"
+msgstr "     --badname                    �检查 bad names\n"
 
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
@@ -2350,6 +2316,15 @@ msgid ""
 "mapping\n"
 msgstr "  -Z, --selinux-user SEUSER     为 SELinux 用户映射使用指定 SEUSER\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr "  -Z, --selinux-user SEUSER     为 SELinux 用户映射使用指定 SEUSER\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s：无效的基目录“%s�\n"
@@ -2378,108 +2353,93 @@ msgstr "%s：无效的字段“%s�\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s：无效的 shell“%s�\n"
 
-#, fuzzy, c-format
-#| msgid "%s: Warning: %s is not executable\n"
+#, c-format
 msgid "%s: Warning: missing or non-executable shell '%s'\n"
-msgstr "%s：警告：%s ��执行\n"
+msgstr "%s：警告：缺少或��执行 shell '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "%s: Option -C cannot be used together with option -S\n"
+#, c-format
 msgid "%s: -Z cannot be used with --prefix\n"
-msgstr "%s：选项 -C �能与 -S 选项一起使用\n"
+msgstr "%s：-Z �能与 --prefix一起使用\n"
 
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s：-Z 选项�求内核�用 SELinux\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to open the faillog file for UID %lu: %s\n"
-msgstr "%s：�置 UID %lu 的登录失败�目失败：%s\n"
+msgstr "%s：打开 UID %lu 的登录失败文件失败：%s\n"
 
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr "%s：�置 UID %lu 的登录失败�目失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to close the faillog file for UID %lu: %s\n"
-msgstr "%s：�置 UID %lu 的登录失败�目失败：%s\n"
+msgstr "%s：关闭 UID %lu 的登录失败文件失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
-msgstr "%s：�置 UID %lu 的最近登录�目失败：%s\n"
+msgstr "%s：打开 UID %lu 的最近登录文件失败：%s\n"
 
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s：�置 UID %lu 的最近登录�目失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
-msgstr "%s：�置 UID %lu 的最近登录�目失败：%s\n"
+msgstr "%s：打开 UID %lu 的最近登录文件失败：%s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
-msgstr "%s：�置 UID %lu 的登录失败�目失败：%s\n"
+msgstr "%s：�置 的记录认�失败�目失败：%s\n"
 
 #, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s：准备新 %s �目失败\n"
 
-#, fuzzy, c-format
-#| msgid "%s: error updating files\n"
+#, c-format
 msgid "%s: error while duplicating string %s\n"
-msgstr "%s：更新文件出错\n"
+msgstr "%s：�制字符串时出错 %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: cannot create directory %s\n"
+#, c-format
 msgid "%s: cannot set SELinux context for home directory %s\n"
-msgstr "%s：无法创建目录 %s\n"
+msgstr "%s：无法为主目录设置SELinux上下文 %s\n"
 
 #, c-format
 msgid "%s: error while duplicating string in BTRFS check %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: %s home directory (%s) not found\n"
+#, c-format
 msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
-msgstr "%s：未找到 %s 的主目录“%s�\n"
+msgstr "%s：home目录\"%s\"必须挂载在BTRFS上\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to allocate memory: %s\n"
+#, c-format
 msgid "%s: failed to create BTRFS subvolume: %s\n"
-msgstr "%s：申请内存失败：%s\n"
+msgstr "%s：创建BTRFS��失败：%s\n"
 
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s：无法创建目录 %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: line %d: chown %s failed: %s\n"
+#, c-format
 msgid "%s: warning: chown on `%s' failed: %m\n"
-msgstr "%s：第 %d 行：改� %s 的属主失败：%s\n"
+msgstr "%s 警告：改� `%s' 的属主失败：%m\n"
 
-#, fuzzy, c-format
-#| msgid "%s: line %d: chown %s failed: %s\n"
+#, c-format
 msgid "%s: warning: chmod on `%s' failed: %m\n"
-msgstr "%s：第 %d 行：改� %s 的属主失败：%s\n"
+msgstr "%s：警告：改� `%s' 的属主失败：%m\n"
 
-#, fuzzy, c-format
-#| msgid "%s: line %d: chown %s failed: %s\n"
+#, c-format
 msgid "%s: warning: chown on '%s' failed: %m\n"
-msgstr "%s：第 %d 行：改� %s 的属主失败：%s\n"
+msgstr "%s：警告：改� %s 的属主失败：%m\n"
 
 #, c-format
 msgid "%s: cannot reset SELinux file creation context\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "Cannot create SELinux login mapping for %s\n"
+#, c-format
 msgid "%s: cannot set SELinux context for mailbox file %s\n"
-msgstr "无法为 %s 创建登录映射\n"
+msgstr "%s: 无法为邮箱文件设置SELinux上下文 %s\n"
 
 msgid "Creating mailbox file"
 msgstr "正在创建信箱文件"
@@ -2491,6 +2451,16 @@ msgstr "没有找到“mailâ€�组。以 0600 æ�ƒé™�模å¼�创建用户的信箱æ–
 msgid "Setting mailbox file permissions"
 msgstr "正在设置信箱文件访问��"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "正在创建信箱文件"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "正在创建信箱文件"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2613,10 +2583,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s：无法从 %s 中删除 tcb 文件：%s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s：用户 %s 是 NIS 用户\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s：未找到 %s 的主目录“%s�\n"
 
@@ -2624,10 +2590,9 @@ msgstr "%s：未找到 %s 的主目录“%s�\n"
 msgid "%s: not removing directory %s (would remove home of user %s)\n"
 msgstr "%s：�删除目录 %s (因为这将删除用户 %s 的主目录)\n"
 
-#, fuzzy, c-format
-#| msgid "%s: error removing directory %s\n"
+#, c-format
 msgid "%s: error removing subvolume %s\n"
-msgstr "%s：删除目录 %s 时出错\n"
+msgstr "%s：删除分� %s 时出错\n"
 
 #, c-format
 msgid "%s: error removing directory %s\n"
@@ -2727,6 +2692,14 @@ msgid ""
 "account\n"
 msgstr "  -Z, --selinux-user SEUSER     用户的新的 SELinux 用户映射\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr "  -Z, --selinux-user SEUSER     用户的新的 SELinux 用户映射\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2814,10 +2787,20 @@ msgstr "%s：先å‰�的主目录 (%s) ä¸�是一个目录。没有移除它，也æ
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr "%s：将用户 %lu 的登录失败�目�制给用户 %lu 失败：%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s：将用户 %lu 的登录失败�目�制给用户 %lu 失败：%s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr "%s：将用户 %lu 的登录失败�目�制给用户 %lu 失败：%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s：将用户 %lu 的登录失败�目�制给用户 %lu 失败：%s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s：警告：%s �属于 %s\n"
@@ -2918,8 +2901,10 @@ msgstr "删除(unlink)临时文件失败"
 msgid "failed to stat edited file"
 msgstr "获�编辑过的文件的信�失败"
 
-msgid "failed to allocate memory"
-msgstr "申请内存失败"
+#, fuzzy
+#| msgid "%s: snprintf failed!\n"
+msgid "asprintf(3) failed"
+msgstr "%s：snprintf 失败\n"
 
 msgid "failed to create backup file"
 msgstr "创建备份文件失败"
@@ -2932,6 +2917,59 @@ msgstr "%s：无法�� %s：%s (您的修改在 %s 中)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s：无法为“%s�找到 tcb 目录\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "环境溢出\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s：�能在 NIS 客户端上修改用户“%s�。\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s：“%s�是此客户端的 NIS 管�员。\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s：“%s�组是一个 NIS 组。\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s：%s 是 NIS 管�员\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s：%s 组是一个 NIS 组\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s：无法创建新的默认文件\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s：“%s�组是一个 NIS 组。\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s：用户 %s 是 NIS 用户\n"
+
+#, c-format
+#~ msgid "%s: Not enough arguments to form %u mappings\n"
+#~ msgstr "%s：没有足够的�数�形�%u映射\n"
+
+#~ msgid "too simple"
+#~ msgstr "太简�"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr "没有 utmp �目。您必须在最底层的“sh�里执行“login�"
+
+#, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s：无法打开目标的proc目录%u\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "申请内存失败"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "用法：id\n"
 
@@ -2947,10 +2985,6 @@ msgstr "%s：无法为“%s�找到 tcb 目录\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s：密�过期信�已更改。\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "无效的用户�“%s�\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "用户�           端�     �自             最�登录时间"
 
diff --git a/po/zh_TW.gmo b/po/zh_TW.gmo
index 7d77259..c4ffca8 100644
--- a/po/zh_TW.gmo
+++ b/po/zh_TW.gmo
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 39b57c6..709f566 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.9\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2022-11-08 10:37-0600\n"
+"POT-Creation-Date: 2024-06-21 11:23+0200\n"
 "PO-Revision-Date: 2022-07-27 23:04+0800\n"
 "Last-Translator: Celeste Liu <coelacanthus@outlook.com>\n"
 "Language-Team: Chinese <chinese-l10n@googlegroups.com>\n"
@@ -20,224 +20,6 @@ msgstr ""
 "X-Generator: Lokalize 19.08.1\n"
 
 #, c-format
-msgid ""
-"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
-msgstr "%2$s 中有多個項目的�稱是「%1$s�。請使用 pwck 或 grpck 修復。\n"
-
-#, c-format
-msgid "crypt method not supported by libcrypt? (%s)\n"
-msgstr "libcrypt �支�該加密方法？(%s)\n"
-
-#, c-format
-msgid "configuration error - cannot parse %s value: '%s'"
-msgstr "組態設定錯誤 - 無法解� %s 值：「%s�"
-
-msgid "Could not allocate space for config info.\n"
-msgstr "無法為組態設定資訊分�空間。\n"
-
-#, c-format
-msgid "configuration error - unknown item '%s' (notify administrator)\n"
-msgstr "組態設定錯誤 - 項目「%s�未知（請通知管�員）\n"
-
-#, c-format
-msgid "%s: nscd did not terminate normally (signal %d)\n"
-msgstr "%s：nscd �正常終止（信號 %d）\n"
-
-#, c-format
-msgid "%s: nscd exited with status %d\n"
-msgstr "%s：nscd ��並回傳狀態碼 %d\n"
-
-msgid "Password: "
-msgstr "密碼："
-
-#, c-format
-msgid "%s's Password: "
-msgstr "%s 的密碼："
-
-#, fuzzy
-#| msgid "Cannot open audit interface - aborting.\n"
-msgid "Cannot open audit interface.\n"
-msgstr "無法開啟稽核介� - �消。\n"
-
-#, fuzzy, c-format
-#| msgid "%s: cannot reset SELinux file creation context\n"
-msgid "%s: can not get previous SELinux process context: %s\n"
-msgstr "%s: 無法�設 SELinux 檔案建立上下文\n"
-
-#, c-format
-msgid "[libsemanage]: %s\n"
-msgstr "[libsemanage]：%s\n"
-
-#, c-format
-msgid "Cannot create SELinux management handle\n"
-msgstr "無法建立 SELinux 管�工具的處�器\n"
-
-#, c-format
-msgid "SELinux policy not managed\n"
-msgstr "SELinux 政策未�管�\n"
-
-#, c-format
-msgid "Cannot read SELinux policy store\n"
-msgstr "無法讀� SELinux 原則儲存�\n"
-
-#, c-format
-msgid "Cannot establish SELinux management connection\n"
-msgstr "無法建立 SELinux 管�工具的連線\n"
-
-#, c-format
-msgid "Cannot begin SELinux transaction\n"
-msgstr "無法開始 SELinux 交易\n"
-
-#, c-format
-msgid "Could not query seuser for %s\n"
-msgstr "無法查詢 %s 的 seuser\n"
-
-#, c-format
-msgid "Could not set serange for %s\n"
-msgstr "無法設定 %s 的 serange\n"
-
-#, c-format
-msgid "Could not set sename for %s\n"
-msgstr "無法設定 %s 的 sename\n"
-
-#, c-format
-msgid "Could not modify login mapping for %s\n"
-msgstr "無法修改 %s 的登入映射\n"
-
-#, c-format
-msgid "Cannot create SELinux login mapping for %s\n"
-msgstr "無法建立 %s 的 SELinux 登入映射\n"
-
-#, c-format
-msgid "Could not set name for %s\n"
-msgstr "無法設定 %s 的�稱\n"
-
-#, c-format
-msgid "Could not set SELinux user for %s\n"
-msgstr "無法設定 %s 的 SELinux 使用者\n"
-
-#, c-format
-msgid "Could not add login mapping for %s\n"
-msgstr "無法新增 %s 的登入映射\n"
-
-#, c-format
-msgid "Cannot init SELinux management\n"
-msgstr "無法�始化 SELinux 管�工具\n"
-
-#, c-format
-msgid "Cannot create SELinux user key\n"
-msgstr "無法建立 SELinux 使用者金鑰\n"
-
-#, c-format
-msgid "Cannot verify the SELinux user\n"
-msgstr "無法驗證 SELinux 使用者\n"
-
-#, c-format
-msgid "Cannot modify SELinux user mapping\n"
-msgstr "無法修改 SELinux 使用者映射\n"
-
-#, c-format
-msgid "Cannot add SELinux user mapping\n"
-msgstr "無法新增 SELinux 使用者映射\n"
-
-#, c-format
-msgid "Cannot commit SELinux transaction\n"
-msgstr "無法�交 SELinux 交易。\n"
-
-#, c-format
-msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
-msgstr "未定義 %s 的登入映射。如果已使用�設映射，那就行\n"
-
-#, c-format
-msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
-msgstr "已在原則中定義 %s 的登入映射，�能刪除\n"
-
-#, c-format
-msgid "Could not delete login mapping for %s"
-msgstr "無法刪除 %s 的登入映射"
-
-#, c-format
-msgid "%s: out of memory\n"
-msgstr "%s：記憶體�足\n"
-
-#, c-format
-msgid "%s: Cannot stat %s: %s\n"
-msgstr "%s：無法�得 %s 檔案的資訊 (stat)：%s\n"
-
-#, c-format
-msgid "%s: %s is neither a directory, nor a symlink.\n"
-msgstr "%s：%s 既�是目錄，也�是符號連�。\n"
-
-#, c-format
-msgid "%s: Cannot read symbolic link %s: %s\n"
-msgstr "%s：無法讀� %s 符號連�：%s\n"
-
-#, c-format
-msgid "%s: Suspiciously long symlink: %s\n"
-msgstr "%s：符號連��長：%s\n"
-
-#, c-format
-msgid "%s: Cannot create directory %s: %s\n"
-msgstr "%s：無法建立 %s 目錄：%s\n"
-
-#, c-format
-msgid "%s: Cannot change owner of %s: %s\n"
-msgstr "%s：無法變更 %s 的所有者：%s\n"
-
-#, c-format
-msgid "%s: Cannot change mode of %s: %s\n"
-msgstr "%s：無法變更 %s 的模�：%s\n"
-
-#, c-format
-msgid "%s: unlink: %s: %s\n"
-msgstr "%s：�消連� (unlink)：%s：%s\n"
-
-#, c-format
-msgid "%s: Cannot remove directory %s: %s\n"
-msgstr "%s：無法移除 %s 目錄：%s\n"
-
-#, c-format
-msgid "%s: Cannot rename %s to %s: %s\n"
-msgstr "%s：無法將 %s �命�至 %s：%s\n"
-
-#, c-format
-msgid "%s: Cannot remove %s: %s\n"
-msgstr "%s：無法移除 %s：%s\n"
-
-#, c-format
-msgid "%s: Cannot create symbolic link %s: %s\n"
-msgstr "%s：無法建立 %s 符號連�：%s\n"
-
-#, c-format
-msgid "%s: Cannot change owners of %s: %s\n"
-msgstr "%s：無法變更 %s 的所有者：%s\n"
-
-#, c-format
-msgid "%s: Cannot lstat %s: %s\n"
-msgstr "%s：無法執行 lstat %s：%s\n"
-
-#, c-format
-msgid "%s: Warning, user %s has no tcb shadow file.\n"
-msgstr "%s：警告，使用者 %s 沒有 tcb 陰影檔案。\n"
-
-#, c-format
-msgid ""
-"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
-"The account is left locked.\n"
-msgstr ""
-"%s：緊急情�：%s 的 tcb 陰影檔並�包� st_nlink=1 的正常檔案。\n"
-"已鎖定帳戶。\n"
-"\n"
-
-#, c-format
-msgid "%s: mkdir: %s: %s\n"
-msgstr "%s：建立目錄 (mkdir)：%s：%s\n"
-
-#, c-format
-msgid "%s: Cannot open %s: %s\n"
-msgstr "%s：無法開啟 %s：%s\n"
-
-#, c-format
 msgid "Warning: unknown group %s\n"
 msgstr "警告：未知群組 %s\n"
 
@@ -284,14 +66,20 @@ msgid "%s: failed to unlock %s\n"
 msgstr "%s：無法解鎖 %s\n"
 
 #, c-format
+msgid ""
+"Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+msgstr "%2$s 中有多個項目的�稱是「%1$s�。請使用 pwck 或 grpck 修復。\n"
+
+#, c-format
 msgid "%s: "
 msgstr "%s："
 
 msgid ": "
 msgstr "："
 
-msgid "Environment overflow\n"
-msgstr "環境溢�\n"
+#, c-format
+msgid "crypt method not supported by libcrypt? (%s)\n"
+msgstr "libcrypt �支�該加密方法？(%s)\n"
 
 #, c-format
 msgid "You may not change $%s\n"
@@ -399,8 +187,15 @@ msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s：無法�得唯一 UID（沒有更多�用 UID）\n"
 
 #, c-format
-msgid "%s: Not enough arguments to form %u mappings\n"
-msgstr ""
+msgid "configuration error - cannot parse %s value: '%s'"
+msgstr "組態設定錯誤 - 無法解� %s 值：「%s�"
+
+msgid "Could not allocate space for config info.\n"
+msgstr "無法為組態設定資訊分�空間。\n"
+
+#, c-format
+msgid "configuration error - unknown item '%s' (notify administrator)\n"
+msgstr "組態設定錯誤 - 項目「%s�未知（請通知管�員）\n"
 
 #, fuzzy, c-format
 #| msgid "%s: Authentication failure\n"
@@ -432,7 +227,7 @@ msgstr "無法設定 %s 的�稱\n"
 
 #, fuzzy, c-format
 #| msgid "%s: can't open file\n"
-msgid "%s: snprintf failed!\n"
+msgid "%s: stpeprintf failed!\n"
 msgstr "%s：無法打開檔案\n"
 
 #, fuzzy, c-format
@@ -445,9 +240,22 @@ msgstr "%s：第 %d 行：變更 %s 的�有權失敗：%s\n"
 msgid "%s: write to %s failed: %s\n"
 msgstr "%s：第 %d 行：變更 %s 的�有權失敗：%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: closing %s failed: %s\n"
+msgstr "%s：第 %d 行：變更 %s 的�有權失敗：%s\n"
+
 msgid "Too many logins.\n"
 msgstr "登入次數�多。\n"
 
+#, c-format
+msgid ""
+"\n"
+"%s login: "
+msgstr ""
+"\n"
+" %s 使用者�稱："
+
 msgid "You have new mail."
 msgstr "您有新信件。"
 
@@ -457,6 +265,14 @@ msgstr "沒有信件。"
 msgid "You have mail."
 msgstr "您有信件。"
 
+#, c-format
+msgid "%s: nscd did not terminate normally (signal %d)\n"
+msgstr "%s：nscd �正常終止（信號 %d）\n"
+
+#, c-format
+msgid "%s: nscd exited with status %d\n"
+msgstr "%s：nscd ��並回傳狀態碼 %d\n"
+
 msgid "no change"
 msgstr "沒有變更"
 
@@ -469,9 +285,6 @@ msgstr "僅變更大�寫"
 msgid "too similar"
 msgstr "�於相似"
 
-msgid "too simple"
-msgstr "�於簡單"
-
 msgid "rotated"
 msgstr "已旋轉"
 
@@ -517,6 +330,13 @@ msgid ""
 "%s\n"
 msgstr "passwd: pam_start() 失敗，錯誤 %d\n"
 
+msgid "Password: "
+msgstr "密碼："
+
+#, c-format
+msgid "%s's Password: "
+msgstr "%s 的密碼："
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "%s 的密碼錯誤。\n"
@@ -542,16 +362,13 @@ msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s：無法存� chroot 目錄 %s：%s\n"
 
 #, c-format
-msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s：無法切�至 chroot 目錄 %s：%s\n"
-
-#, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s：無法 chroot 到 %s 目錄：%s\n"
 
-#, c-format
-msgid "Unable to obtain random bytes.\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: cannot chdir to chroot directory %s: %s\n"
+msgid "%s: cannot chdir in chroot directory %s: %s\n"
+msgstr "%s：無法切�至 chroot 目錄 %s：%s\n"
 
 #, c-format
 msgid ""
@@ -568,6 +385,109 @@ msgid ""
 "method.\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "無法開啟稽核介� - �消。\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot reset SELinux file creation context\n"
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr "%s: 無法�設 SELinux 檔案建立上下文\n"
+
+#, c-format
+msgid "[libsemanage]: %s\n"
+msgstr "[libsemanage]：%s\n"
+
+#, c-format
+msgid "Cannot create SELinux management handle\n"
+msgstr "無法建立 SELinux 管�工具的處�器\n"
+
+#, c-format
+msgid "SELinux policy not managed\n"
+msgstr "SELinux 政策未�管�\n"
+
+#, c-format
+msgid "Cannot read SELinux policy store\n"
+msgstr "無法讀� SELinux 原則儲存�\n"
+
+#, c-format
+msgid "Cannot establish SELinux management connection\n"
+msgstr "無法建立 SELinux 管�工具的連線\n"
+
+#, c-format
+msgid "Cannot begin SELinux transaction\n"
+msgstr "無法開始 SELinux 交易\n"
+
+#, c-format
+msgid "Could not query seuser for %s\n"
+msgstr "無法查詢 %s 的 seuser\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set serange for %s\n"
+msgid "Could not set serange for %s to %s\n"
+msgstr "無法設定 %s 的 serange\n"
+
+#, c-format
+msgid "Could not set sename for %s\n"
+msgstr "無法設定 %s 的 sename\n"
+
+#, c-format
+msgid "Could not modify login mapping for %s\n"
+msgstr "無法修改 %s 的登入映射\n"
+
+#, c-format
+msgid "Cannot create SELinux login mapping for %s\n"
+msgstr "無法建立 %s 的 SELinux 登入映射\n"
+
+#, c-format
+msgid "Could not set name for %s\n"
+msgstr "無法設定 %s 的�稱\n"
+
+#, c-format
+msgid "Could not set SELinux user for %s\n"
+msgstr "無法設定 %s 的 SELinux 使用者\n"
+
+#, c-format
+msgid "Could not add login mapping for %s\n"
+msgstr "無法新增 %s 的登入映射\n"
+
+#, c-format
+msgid "Cannot init SELinux management\n"
+msgstr "無法�始化 SELinux 管�工具\n"
+
+#, c-format
+msgid "Cannot create SELinux user key\n"
+msgstr "無法建立 SELinux 使用者金鑰\n"
+
+#, c-format
+msgid "Cannot verify the SELinux user\n"
+msgstr "無法驗證 SELinux 使用者\n"
+
+#, c-format
+msgid "Cannot modify SELinux user mapping\n"
+msgstr "無法修改 SELinux 使用者映射\n"
+
+#, c-format
+msgid "Cannot add SELinux user mapping\n"
+msgstr "無法新增 SELinux 使用者映射\n"
+
+#, c-format
+msgid "Cannot commit SELinux transaction\n"
+msgstr "無法�交 SELinux 交易。\n"
+
+#, c-format
+msgid "Login mapping for %s is not defined, OK if default mapping was used\n"
+msgstr "未定義 %s 的登入映射。如果已使用�設映射，那就行\n"
+
+#, c-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted\n"
+msgstr "已在原則中定義 %s 的登入映射，�能刪除\n"
+
+#, c-format
+msgid "Could not delete login mapping for %s"
+msgstr "無法刪除 %s 的登入映射"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "無法切�至「%s�目錄\n"
@@ -580,6 +500,10 @@ msgid "Cannot execute %s"
 msgstr "無法執行 %s"
 
 #, c-format
+msgid "Maximum subsystem depth reached\n"
+msgstr ""
+
+#, c-format
 msgid "Invalid root directory '%s'\n"
 msgstr "根目錄「%s�無效\n"
 
@@ -588,6 +512,87 @@ msgid "Can't change root directory to '%s'\n"
 msgstr "無法將根目錄變更至「%s�\n"
 
 #, c-format
+msgid "%s: out of memory\n"
+msgstr "%s：記憶體�足\n"
+
+#, c-format
+msgid "%s: Cannot stat %s: %s\n"
+msgstr "%s：無法�得 %s 檔案的資訊 (stat)：%s\n"
+
+#, c-format
+msgid "%s: %s is neither a directory, nor a symlink.\n"
+msgstr "%s：%s 既�是目錄，也�是符號連�。\n"
+
+#, c-format
+msgid "%s: Cannot read symbolic link %s: %s\n"
+msgstr "%s：無法讀� %s 符號連�：%s\n"
+
+#, c-format
+msgid "%s: Suspiciously long symlink: %s\n"
+msgstr "%s：符號連��長：%s\n"
+
+#, c-format
+msgid "%s: Cannot create directory %s: %s\n"
+msgstr "%s：無法建立 %s 目錄：%s\n"
+
+#, c-format
+msgid "%s: Cannot change owner of %s: %s\n"
+msgstr "%s：無法變更 %s 的所有者：%s\n"
+
+#, c-format
+msgid "%s: Cannot change mode of %s: %s\n"
+msgstr "%s：無法變更 %s 的模�：%s\n"
+
+#, c-format
+msgid "%s: unlink: %s: %s\n"
+msgstr "%s：�消連� (unlink)：%s：%s\n"
+
+#, c-format
+msgid "%s: Cannot remove directory %s: %s\n"
+msgstr "%s：無法移除 %s 目錄：%s\n"
+
+#, c-format
+msgid "%s: Cannot rename %s to %s: %s\n"
+msgstr "%s：無法將 %s �命�至 %s：%s\n"
+
+#, c-format
+msgid "%s: Cannot remove %s: %s\n"
+msgstr "%s：無法移除 %s：%s\n"
+
+#, c-format
+msgid "%s: Cannot create symbolic link %s: %s\n"
+msgstr "%s：無法建立 %s 符號連�：%s\n"
+
+#, c-format
+msgid "%s: Cannot change owners of %s: %s\n"
+msgstr "%s：無法變更 %s 的所有者：%s\n"
+
+#, c-format
+msgid "%s: Cannot lstat %s: %s\n"
+msgstr "%s：無法執行 lstat %s：%s\n"
+
+#, c-format
+msgid "%s: Warning, user %s has no tcb shadow file.\n"
+msgstr "%s：警告，使用者 %s 沒有 tcb 陰影檔案。\n"
+
+#, c-format
+msgid ""
+"%s: Emergency: %s's tcb shadow is not a regular file with st_nlink=1.\n"
+"The account is left locked.\n"
+msgstr ""
+"%s：緊急情�：%s 的 tcb 陰影檔並�包� st_nlink=1 的正常檔案。\n"
+"已鎖定帳戶。\n"
+"\n"
+
+#, c-format
+msgid "%s: mkdir: %s: %s\n"
+msgstr "%s：建立目錄 (mkdir)：%s：%s\n"
+
+#, c-format
+msgid "%s: Cannot open %s: %s\n"
+msgstr "%s：無法開啟 %s：%s\n"
+
+#, c-format
 msgid "%s: user %s is currently logged in\n"
 msgstr "%s：使用者 %s 目�已登入\n"
 
@@ -650,6 +655,11 @@ msgstr "  -M, --maxdays 最長天數       設定密碼變更的最長間隔天æ
 msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
 msgstr "  -R, --root CHROOT_目錄         � chroot 進去的目錄\n"
 
+#, fuzzy
+#| msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
+msgstr "  -P, --prefix 目錄�綴        目錄�綴\n"
+
 msgid ""
 "  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"
 msgstr "  -W, --warndays 警告天數      將�期警告天數設� <警告天數>\n"
@@ -675,12 +685,15 @@ msgstr "密碼�用時間"
 msgid "Account Expiration Date (YYYY-MM-DD)"
 msgstr "帳戶�期時間 (YYYY-MM-DD)"
 
-msgid "Last password change\t\t\t\t\t: "
-msgstr "最近一次密碼變更時間\t\t\t\t："
-
 msgid "never"
 msgstr "永�"
 
+msgid "future"
+msgstr ""
+
+msgid "Last password change\t\t\t\t\t: "
+msgstr "最近一次密碼變更時間\t\t\t\t："
+
 msgid "password must be changed"
 msgstr "必須變更密碼"
 
@@ -854,14 +867,6 @@ msgid "%s: user '%s' does not exist\n"
 msgstr "%s：使用者「%s��存在\n"
 
 #, c-format
-msgid "%s: cannot change user '%s' on NIS client.\n"
-msgstr "%s：無法在 NIS 客戶端變更使用者「%s�。\n"
-
-#, c-format
-msgid "%s: '%s' is the NIS master for this client.\n"
-msgstr "%s：「%s�是此客戶端的 NIS 管�員。\n"
-
-#, c-format
 msgid "Changing the user information for %s\n"
 msgstr "正在變更 %s 的使用者資訊\n"
 
@@ -898,6 +903,11 @@ msgid ""
 "                                or YESCRYPT crypt algorithms\n"
 msgstr "  -s, --sha-rounds              SHA* 加密算法的 SHA 回數\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unsupported crypt method: %s\n"
+msgid "%s: no crypt method defined\n"
+msgstr "%s：加密方��支�：%s\n"
+
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
 msgstr "%s：%s 旗標僅�許�� %s 旗標\n"
@@ -948,6 +958,16 @@ msgstr "  -s, --shell SHELL             用於此使用者帳號的新登入 She
 msgid "Login Shell"
 msgstr "登入 Shell"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot get the size of %s: %s\n"
+msgid "Cannot parse shell files: %s"
+msgstr "%s：無法�得 %s 的大�：%s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file: %s\n"
+msgid "Cannot evaluate entries in shell files: %s"
+msgstr "%s：無法建立新的�設檔案：%s\n"
+
 #, c-format
 msgid "You may not change the shell for '%s'.\n"
 msgstr "您�能變更「%s�的 Shell。\n"
@@ -960,6 +980,11 @@ msgstr "正在變更 %s 的 shell\n"
 msgid "%s: Invalid entry: %s\n"
 msgstr "%s：項目無效：%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: %s is an invalid shell\n"
+msgid "%s: Warning: %s is an invalid shell\n"
+msgstr "%s：%s 為無效 shell\n"
+
 #, c-format
 msgid "%s: %s is an invalid shell\n"
 msgstr "%s：%s 為無效 shell\n"
@@ -1184,11 +1209,6 @@ msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  建立系統帳號\n"
 
 #, fuzzy
-#| msgid "  -P, --prefix PREFIX_DIR       directory prefix\n"
-msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
-msgstr "  -P, --prefix 目錄�綴        目錄�綴\n"
-
-#, fuzzy
 #| msgid "  -l, --list                    list the members of the group\n"
 msgid "  -U, --users USERS             list of user members of this group\n"
 msgstr "  -l, --list                    列出群組�員\n"
@@ -1202,6 +1222,11 @@ msgstr "無效的使用者�稱「%s�\n"
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s：「%s��有效群組�稱\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Cannot open %s: %s\n"
+msgid "%s: cannot open %s: %s\n"
+msgstr "%s：無法開啟 %s：%s\n"
+
 #, c-format
 msgid "%s: invalid group ID '%s'\n"
 msgstr "%s：GID「%s�無效\n"
@@ -1246,14 +1271,6 @@ msgid "%s: group '%s' does not exist\n"
 msgstr "%s：「%s�群組�存在\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group\n"
-msgstr "%s：「%s�群組為 NIS 群組\n"
-
-#, c-format
-msgid "%s: %s is the NIS master\n"
-msgstr "%s：%s 是 NIS 管�員\n"
-
-#, c-format
 msgid "%s: user '%s' is already a member of '%s'\n"
 msgstr "%s：「%s�使用者已是「%s�的一員\n"
 
@@ -1343,10 +1360,6 @@ msgid "%s: invalid group name '%s'\n"
 msgstr "%s：群組�稱「%s�無效\n"
 
 #, c-format
-msgid "%s: group %s is a NIS group\n"
-msgstr "%s：%s 群組是 NIS 群組\n"
-
-#, c-format
 msgid "%s: unknown user %s\n"
 msgstr "%s：未知使用者 %s\n"
 
@@ -1468,8 +1481,12 @@ msgid ""
 "  -b, --before DAYS             print only lastlog records older than DAYS\n"
 msgstr "  -b, --before DAYS             僅輸出舊於 DAYS 天的 lastlog 記錄\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -C, --clear                   clear lastlog record of an user (usable "
+#| "only with -u)\n"
 msgid ""
-"  -C, --clear                   clear lastlog record of an user (usable only "
+"  -C, --clear                   clear lastlog record of a user (usable only "
 "with -u)\n"
 msgstr ""
 "  -C, --clear                   清空�使用者的 lastlog 記錄 (僅在使用 -u 時有"
@@ -1571,9 +1588,6 @@ msgstr ""
 msgid "%s: Cannot possibly work without effective root\n"
 msgstr "%s: �能無法在無有效 root 時�作\n"
 
-msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
-msgstr "無 utmp 項目。您必須在最低階的 \"sh\" 執行 \"login\""
-
 #, c-format
 msgid ""
 "\n"
@@ -1608,14 +1622,6 @@ msgid "Cannot find user (%s)\n"
 msgstr "找�到使用者 (%s)\n"
 
 #, c-format
-msgid ""
-"\n"
-"%s login: "
-msgstr ""
-"\n"
-" %s 使用者�稱："
-
-#, c-format
 msgid "%s: failure forking: %s"
 msgstr "%s: 無法 fork：%s"
 
@@ -1650,7 +1656,8 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+"usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> "
+"<count> ] ... \n"
 msgstr ""
 
 #, c-format
@@ -1678,19 +1685,14 @@ msgid "%s: failed to setgroups %s policy: %s\n"
 msgstr "%s：無法解鎖 %s\n"
 
 #, fuzzy, c-format
-#| msgid "%s: failed to find tcb directory for %s\n"
-msgid "%s: Could not open proc directory for target %u\n"
-msgstr "%s：找�到 %s 的 tcb 目錄\n"
-
-#, fuzzy, c-format
 #| msgid "%s: Failed to create tcb directory for %s\n"
-msgid "%s: Could not stat directory for target %u\n"
+msgid "%s: Could not stat directory for process\n"
 msgstr "%s：無法� %s 建立 tcb 目錄\n"
 
 #, c-format
 msgid ""
-"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
-"gid:%lu pw_gid:%lu st_gid:%lu\n"
+"%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:"
+"%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 msgstr ""
 
 msgid "Usage: newgrp [-] [group]\n"
@@ -1723,14 +1725,14 @@ msgstr ""
 
 #, c-format
 msgid ""
-"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+"usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> "
+"<count> ] ... \n"
 msgstr ""
 
-#, c-format
-msgid ""
-"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
-"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
-msgstr ""
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target process\n"
+msgstr "%s：無法� %s 建立 tcb 目錄\n"
 
 #, fuzzy
 #| msgid "  -q, --quiet                   quiet mode\n"
@@ -1754,6 +1756,10 @@ msgid "%s: invalid user name '%s': use --badname to ignore\n"
 msgstr "%s：無效使用者�稱「%s�\n"
 
 #, c-format
+msgid "%s: Provide '--crypt-method' before number of rounds\n"
+msgstr ""
+
+#, c-format
 msgid "%s: line %d: invalid line\n"
 msgstr "%s：第 %d 行：無效行\n"
 
@@ -1773,6 +1779,11 @@ msgstr "%s：第 %d 行：無法建立群組\n"
 msgid "%s: line %d: user '%s' does not exist in %s\n"
 msgstr "%s：第 %d 行：「%s�使用者�存在 %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: unlink: %s: %s\n"
+msgid "%s: line %d: %s\n"
+msgstr "%s：�消連� (unlink)：%s：%s\n"
+
 #, c-format
 msgid "%s: line %d: can't update password\n"
 msgstr "%s：第 %d 行：無法更新密碼\n"
@@ -1795,14 +1806,14 @@ msgid "%s: line %d: can't update entry\n"
 msgstr "%s：第 %d 行：無法更新項目\n"
 
 #, c-format
-msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s：無法準備新 %s 項目\n"
-
-#, c-format
 msgid "%s: can't find subordinate user range\n"
 msgstr "%s：找�到次級使用者範�\n"
 
 #, c-format
+msgid "%s: failed to prepare new %s entry\n"
+msgstr "%s：無法準備新 %s 項目\n"
+
+#, c-format
 msgid "%s: can't find subordinate group range\n"
 msgstr "%s：找�到次級群組範�\n"
 
@@ -1862,6 +1873,11 @@ msgid ""
 "                                change to MAX_DAYS\n"
 msgstr ""
 
+#, fuzzy
+#| msgid "  -l, --list                    show account aging information\n"
+msgid "  -s, --stdin                   read new token from stdin\n"
+msgstr "  -l, --list                    顯示帳號的時效資訊\n"
+
 msgid "Old password: "
 msgstr "舊密碼："
 
@@ -1881,6 +1897,11 @@ msgstr ""
 "請輸入新密碼(最少 %d 最多 %d 個字元)\n"
 "請混�使用大�寫字�和數字。\n"
 
+#, fuzzy
+#| msgid "%s: fields too long\n"
+msgid "Password is too long.\n"
+msgstr "%s：欄��長\n"
+
 msgid "New password: "
 msgstr "新密碼："
 
@@ -1924,6 +1945,11 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s：�支� %s 套件存庫。\n"
 
 #, fuzzy, c-format
+#| msgid "%s: only root can use the -g/--group option\n"
+msgid "%s: only root can use --stdin/-s option\n"
+msgstr "%s：�有 root �能使用 -g/--group �項\n"
+
+#, fuzzy, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: 未授權 %s 變更 %s 的密碼\n"
@@ -2073,11 +2099,9 @@ msgstr "%s: 訊號發生�題\n"
 msgid "Session terminated, terminating shell..."
 msgstr "已終止工作階段，正在終止 shell..."
 
-#, c-format
 msgid " ...killed.\n"
 msgstr " ...已強制��。\n"
 
-#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...等待�處�程�終止。\n"
 
@@ -2149,6 +2173,11 @@ msgstr "%s：目�您尚未授權使用 su\n"
 msgid "No passwd entry for user '%s'\n"
 msgstr "沒有使用者「%s�的 passwd 項目\n"
 
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Overlong user name '%s'\n"
+msgstr "無效的使用者�稱「%s�\n"
+
 #, c-format
 msgid "%s: must be run from a terminal\n"
 msgstr "%s：必須從終端中執行\n"
@@ -2198,6 +2227,13 @@ msgstr "%s: %s 已經建立，但是無法移除\n"
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%1$s: 會忽略 %3$s 中的 %2$s 組態設定檔\n"
 
+#, fuzzy, c-format
+#| msgid "%s: the %s configuration in %s will be ignored\n"
+msgid ""
+"%s: the '%s' configuration in %s has an invalid group, ignoring the bad "
+"group\n"
+msgstr "%1$s: 會忽略 %3$s 中的 %2$s 組態設定檔\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s：無法建立新的�設檔案：%s\n"
@@ -2208,10 +2244,6 @@ msgid "%s: cannot create directory for defaults file\n"
 msgstr "%s：無法建立新的�設檔案\n"
 
 #, c-format
-msgid "%s: cannot create new defaults file\n"
-msgstr "%s：無法建立新的�設檔案\n"
-
-#, c-format
 msgid "%s: cannot open new defaults file\n"
 msgstr "%s：無法打開新的�設檔案\n"
 
@@ -2228,10 +2260,6 @@ msgid "%s: rename: %s: %s\n"
 msgstr "%s：�新命�：%s：%s\n"
 
 #, c-format
-msgid "%s: group '%s' is a NIS group.\n"
-msgstr "%s：群組「%s�是 NIS 群組。\n"
-
-#, c-format
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s：指定了�多群組(最多 %d)。\n"
 
@@ -2355,6 +2383,16 @@ msgid ""
 msgstr ""
 "  -Z, --selinux-user SEUSER     使用指定的 SEUSER 來用於 SELinux 使用者映射\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux "
+#| "user mapping\n"
+msgid ""
+"      --selinux-range SERANGE   use a specific MLS range for the SELinux "
+"user mapping\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     使用指定的 SEUSER 來用於 SELinux 使用者映射\n"
+
 #, c-format
 msgid "%s: invalid base directory '%s'\n"
 msgstr "%s：基礎目錄「%s�無效\n"
@@ -2488,6 +2526,16 @@ msgstr "找ä¸�到 'mail' 群組。將建立模å¼�為 0600 的使用者 mailbox æ
 msgid "Setting mailbox file permissions"
 msgstr "正在設定 mailbox 檔案的權�"
 
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Synchronize mailbox file"
+msgstr "正在建立 mailbox 檔案"
+
+#, fuzzy
+#| msgid "Creating mailbox file"
+msgid "Closing mailbox file"
+msgstr "正在建立 mailbox 檔案"
+
 #, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
 msgstr ""
@@ -2611,10 +2659,6 @@ msgid "%s: Cannot remove tcb files for %s: %s\n"
 msgstr "%s：無法移除 %s 的 tcb 檔案：%s\n"
 
 #, c-format
-msgid "%s: user %s is a NIS user\n"
-msgstr "%s：使用者 %s 是 NIS 使用者\n"
-
-#, c-format
 msgid "%s: %s home directory (%s) not found\n"
 msgstr "%s：找�到 %s 的家目錄 (%s)\n"
 
@@ -2725,6 +2769,15 @@ msgid ""
 msgstr ""
 "  -Z, --selinux-user SEUSER     �使用者帳戶設定新 SELinux 使用者映射\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
+#| "account\n"
+msgid ""
+"      --selinux-range SERANGE   new SELinux MLS range for the user account\n"
+msgstr ""
+"  -Z, --selinux-user SEUSER     �使用者帳戶設定新 SELinux 使用者映射\n"
+
 #, c-format
 msgid ""
 "%s: unlocking the user's password would result in a passwordless account.\n"
@@ -2815,10 +2868,20 @@ msgstr ""
 msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
 msgstr "%s: 無法複製使用者編號為 %lu 的 lastlog 項目至使用者 %lu：%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"
+msgstr "%s: 無法複製使用者編號為 %lu 的 lastlog 項目至使用者 %lu：%s\n"
+
 #, c-format
 msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
 msgstr "%s: 無法複製使用者編號為 %lu 的 faillog 項目至使用者 %lu：%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"
+msgid "%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"
+msgstr "%s: 無法複製使用者編號為 %lu 的 faillog 項目至使用者 %lu：%s\n"
+
 #, c-format
 msgid "%s: warning: %s not owned by %s\n"
 msgstr "%s：警告：%s �屬於 %s\n"
@@ -2917,8 +2980,10 @@ msgstr "無法�消暫存檔的連�"
 msgid "failed to stat edited file"
 msgstr "無法�得編輯�檔案的資訊"
 
-msgid "failed to allocate memory"
-msgstr "無法�置記憶體"
+#, fuzzy
+#| msgid "%s: can't open file\n"
+msgid "asprintf(3) failed"
+msgstr "%s：無法打開檔案\n"
 
 msgid "failed to create backup file"
 msgstr "無法建立備份檔案"
@@ -2931,6 +2996,55 @@ msgstr "%s：無法復原 %s：%s (您的修改在 %s 中)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s：找�到 %s 的 tcb 目錄\n"
 
+#~ msgid "Environment overflow\n"
+#~ msgstr "環境溢�\n"
+
+#, c-format
+#~ msgid "%s: cannot change user '%s' on NIS client.\n"
+#~ msgstr "%s：無法在 NIS 客戶端變更使用者「%s�。\n"
+
+#, c-format
+#~ msgid "%s: '%s' is the NIS master for this client.\n"
+#~ msgstr "%s：「%s�是此客戶端的 NIS 管�員。\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group\n"
+#~ msgstr "%s：「%s�群組為 NIS 群組\n"
+
+#, c-format
+#~ msgid "%s: %s is the NIS master\n"
+#~ msgstr "%s：%s 是 NIS 管�員\n"
+
+#, c-format
+#~ msgid "%s: group %s is a NIS group\n"
+#~ msgstr "%s：%s 群組是 NIS 群組\n"
+
+#, c-format
+#~ msgid "%s: cannot create new defaults file\n"
+#~ msgstr "%s：無法建立新的�設檔案\n"
+
+#, c-format
+#~ msgid "%s: group '%s' is a NIS group.\n"
+#~ msgstr "%s：群組「%s�是 NIS 群組。\n"
+
+#, c-format
+#~ msgid "%s: user %s is a NIS user\n"
+#~ msgstr "%s：使用者 %s 是 NIS 使用者\n"
+
+#~ msgid "too simple"
+#~ msgstr "�於簡單"
+
+#~ msgid "No utmp entry.  You must exec \"login\" from the lowest level \"sh\""
+#~ msgstr "無 utmp 項目。您必須在最低階的 \"sh\" 執行 \"login\""
+
+#, fuzzy, c-format
+#~| msgid "%s: failed to find tcb directory for %s\n"
+#~ msgid "%s: Could not open proc directory for target %u\n"
+#~ msgstr "%s：找�到 %s 的 tcb 目錄\n"
+
+#~ msgid "failed to allocate memory"
+#~ msgstr "無法�置記憶體"
+
 #~ msgid "Usage: id\n"
 #~ msgstr "用法：id\n"
 
@@ -2946,10 +3060,6 @@ msgstr "%s：找�到 %s 的 tcb 目錄\n"
 #~ msgid "%s: password expiry information changed.\n"
 #~ msgstr "%s：已變更密碼�期資訊。\n"
 
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "無效的使用者�稱「%s�\n"
-
 #~ msgid "Username         Port     From             Latest"
 #~ msgstr "使用者�         埠號     來自             最後登入時間"
 
diff --git a/shadow.spec.in b/shadow.spec.in
deleted file mode 100644
index 0f9a958..0000000
--- a/shadow.spec.in
+++ /dev/null
@@ -1,93 +0,0 @@
-# shadow-utils.spec generated automatically from shadow-utils.spec.in
-# $Id$
-
-Summary:	Shadow password file utilities for Linux
-Name:		shadow-utils
-Version:	@VERSION@
-Release:	1
-Copyright:	Free
-Group:		Utilities/System
-Source:		ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/%{name}-%{version}.tar.gz
-BuildRoot:	%{_tmppath}/%{name}-%{version}-root
-Obsoletes:	adduser
-
-%description
-This package includes the programs necessary to convert traditional
-V7 UNIX password files to the SVR4 shadow password format and additional
-tools to work with shadow passwords.
-	- 'pwconv' converts everything to the shadow password format.
-	- 'pwunconv' converts back to non-shadow passwords.
-	- 'pwck' checks the integrity of the password and shadow files.
-	- 'lastlog' prints out the last login times of all users.
-	- 'useradd', 'userdel', 'usermod' to manage user accounts.
-	- 'groupadd', 'groupdel', 'groupmod' to manage groups.
-
-A number of man pages are also included that relate to these utilities,
-and shadow passwords in general.
-
-%prep
-%setup
-
-%build
-%configure \
-	--disable-shared \
-	--prefix=/usr \
-	--exec-prefix=/usr
-make
-
-%install
-rm -rf $RPM_BUILD_ROOT
-
-make install DESTDIR=$RPM_BUILD_ROOT
-
-mkdir -p $RPM_BUILD_ROOT/etc/default
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%doc doc/ANNOUNCE doc/CHANGES doc/HOWTO
-%doc doc/LICENSE doc/README doc/README.linux
-%dir /etc/default
-%config /etc/default/useradd
-%config /etc/login.defs
-%{_bindir}/chage
-%{_bindir}/gpasswd
-%{_bindir}/lastlog
-%{_mandir}/man1/chage.1*
-%{_mandir}/man1/gpasswd.1*
-%{_mandir}/man3/shadow.3*
-%{_mandir}/man5/shadow.5*
-%{_mandir}/man8/chpasswd.8*
-%{_mandir}/man8/groupadd.8*
-%{_mandir}/man8/groupdel.8*
-%{_mandir}/man8/groupmod.8*
-%{_mandir}/man8/grpck.8*
-%{_mandir}/man8/lastlog.8*
-%{_mandir}/man8/newusers.8*
-%{_mandir}/man8/pwck.8*
-%{_mandir}/man8/pwconv.8*
-%{_mandir}/man8/useradd.8*
-%{_mandir}/man8/userdel.8*
-%{_mandir}/man8/usermod.8*
-%{_sbindir}/chpasswd
-%{_sbindir}/groupadd
-%{_sbindir}/groupdel
-%{_sbindir}/groupmod
-%{_sbindir}/grpck
-%{_sbindir}/grpconv
-%{_sbindir}/grpunconv
-%{_sbindir}/newusers
-%{_sbindir}/pwck
-%{_sbindir}/pwconv
-%{_sbindir}/pwunconv
-%{_sbindir}/useradd
-%{_sbindir}/userdel
-%{_sbindir}/usermod
-
-%changelog
-* Sun Dec 14 1997 Marek Michalkiewicz <marekm@piast.t19.ds.pwr.wroc.pl>
-- Lots of changes, see doc/CHANGES for more details
-
-* Sun Jun 08 1997 Timo Karjalainen <timok@iki.fi>
-- Initial release
diff --git a/src/Makefile.am b/src/Makefile.am
index a1a2e4e..b6cb09e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -9,9 +9,11 @@ sgidperms = 2755
 
 AM_CPPFLAGS = \
 	-I${top_srcdir}/lib \
-	-I$(top_srcdir)/libmisc \
 	-I$(top_srcdir) \
-	-DLOCALEDIR=\"$(datadir)/locale\"
+	-DLOCALEDIR=\"$(datadir)/locale\" \
+	$(ECONF_CPPFLAGS)
+
+AM_CFLAGS = $(LIBBSD_CFLAGS)
 
 # XXX why are login and su in /bin anyway (other than for
 # historical reasons)?
@@ -26,10 +28,13 @@ AM_CPPFLAGS = \
 
 bin_PROGRAMS   = groups login
 sbin_PROGRAMS  = nologin
-ubin_PROGRAMS  = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
+ubin_PROGRAMS  = faillog chage chfn chsh expiry gpasswd newgrp passwd
 if ENABLE_SUBIDS
 ubin_PROGRAMS += newgidmap newuidmap
 endif
+if ENABLE_LASTLOG
+ubin_PROGRAMS += lastlog
+endif
 if WITH_SU
 bin_PROGRAMS  += su
 endif
@@ -79,7 +84,6 @@ shadowsgidubins = passwd
 endif
 
 LDADD          = $(INTLLIBS) \
-		 $(top_builddir)/libmisc/libmisc.la \
 		 $(top_builddir)/lib/libshadow.la \
 		 $(LIBTCB)
 
@@ -95,13 +99,13 @@ else
 LIBCRYPT_NOPAM = $(LIBCRYPT)
 endif
 
-chage_LDADD    = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+chage_LDADD    = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
 newuidmap_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
 newgidmap_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
 chfn_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
 chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
 chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl
 expiry_LDADD = $(LDADD) $(LIBECONF)
 gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
 groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
@@ -115,18 +119,18 @@ lastlog_LDADD   = $(LDADD) $(LIBAUDIT) $(LIBECONF)
 login_SOURCES  = \
 	login.c \
 	login_nopam.c
-login_LDADD    = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
+login_LDADD    = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) $(LIBSELINUX)
 newgrp_LDADD   = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF)
 newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl
 nologin_LDADD  =
-passwd_LDADD   = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF)
+passwd_LDADD   = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) -ldl
 pwck_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 pwconv_LDADD   = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 pwunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 su_SOURCES     = \
 	su.c \
 	suauth.c
-su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
+su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) $(LIBSELINUX)
 sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
 useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
 userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
@@ -177,59 +181,49 @@ MISCLIBS = \
 
 getsubids_LDADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/libsubid/libsubid.la \
 	$(MISCLIBS) -ldl
 
 getsubids_CPPFLAGS = \
 	-I$(top_srcdir)/lib \
-	-I$(top_srcdir)/libmisc \
 	-I$(top_srcdir) \
-	-I$(top_srcdir)/libsubid
+	-I$(top_builddir)/libsubid
 
 get_subid_owners_LDADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/libsubid/libsubid.la \
 	$(MISCLIBS) -ldl
 
 get_subid_owners_CPPFLAGS = \
 	-I$(top_srcdir)/lib \
-	-I$(top_srcdir)/libmisc \
 	-I$(top_srcdir) \
-	-I$(top_srcdir)/libsubid
+	-I$(top_builddir)/libsubid
 
 new_subid_range_CPPFLAGS = \
 	-I$(top_srcdir)/lib \
-	-I$(top_srcdir)/libmisc \
 	-I$(top_srcdir) \
-	-I$(top_srcdir)/libsubid
+	-I$(top_builddir)/libsubid
 
 new_subid_range_LDADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/libsubid/libsubid.la \
 	$(MISCLIBS) -ldl
 
 free_subid_range_CPPFLAGS = \
 	-I$(top_srcdir)/lib \
-	-I$(top_srcdir)/libmisc \
 	-I$(top_srcdir) \
-	-I$(top_srcdir)/libsubid
+	-I$(top_builddir)/libsubid
 
 free_subid_range_LDADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/libsubid/libsubid.la \
 	$(MISCLIBS) -ldl
 
 check_subid_range_CPPFLAGS = \
 	-I$(top_srcdir)/lib \
-	-I$(top_srcdir) \
-	-I$(top_srcdir)/libmisc
+	-I$(top_srcdir)
 
 check_subid_range_LDADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(MISCLIBS) -ldl
 endif
diff --git a/src/Makefile.in b/src/Makefile.in
index da31572..f62a5cf 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -91,11 +91,12 @@ host_triplet = @host@
 bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) $(am__EXEEXT_1) \
 	$(am__EXEEXT_2)
 sbin_PROGRAMS = nologin$(EXEEXT)
-ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \
-	chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \
-	newgrp$(EXEEXT) passwd$(EXEEXT) $(am__EXEEXT_4)
+ubin_PROGRAMS = faillog$(EXEEXT) chage$(EXEEXT) chfn$(EXEEXT) \
+	chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) newgrp$(EXEEXT) \
+	passwd$(EXEEXT) $(am__EXEEXT_4) $(am__EXEEXT_5)
 @ENABLE_SUBIDS_TRUE@am__append_1 = newgidmap newuidmap
-@WITH_SU_TRUE@am__append_2 = su
+@ENABLE_LASTLOG_TRUE@am__append_2 = lastlog
+@WITH_SU_TRUE@am__append_3 = su
 usbin_PROGRAMS = chgpasswd$(EXEEXT) chpasswd$(EXEEXT) \
 	groupadd$(EXEEXT) groupdel$(EXEEXT) groupmems$(EXEEXT) \
 	groupmod$(EXEEXT) grpck$(EXEEXT) grpconv$(EXEEXT) \
@@ -104,12 +105,12 @@ usbin_PROGRAMS = chgpasswd$(EXEEXT) chpasswd$(EXEEXT) \
 	useradd$(EXEEXT) userdel$(EXEEXT) usermod$(EXEEXT) \
 	vipw$(EXEEXT)
 noinst_PROGRAMS = id$(EXEEXT) sulogin$(EXEEXT) $(am__EXEEXT_3)
-@WITH_SU_TRUE@am__append_3 = su
-@WITH_TCB_FALSE@am__append_4 = passwd
-@ACCT_TOOLS_SETUID_TRUE@am__append_5 = chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
-@ENABLE_SUBIDS_TRUE@@FCAPS_FALSE@am__append_6 = newgidmap newuidmap
-@ENABLE_SUBIDS_TRUE@am__append_7 = getsubids
-@ENABLE_SUBIDS_TRUE@am__append_8 = get_subid_owners \
+@WITH_SU_TRUE@am__append_4 = su
+@WITH_TCB_FALSE@am__append_5 = passwd
+@ACCT_TOOLS_SETUID_TRUE@am__append_6 = chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
+@ENABLE_SUBIDS_TRUE@@FCAPS_FALSE@am__append_7 = newgidmap newuidmap
+@ENABLE_SUBIDS_TRUE@am__append_8 = getsubids
+@ENABLE_SUBIDS_TRUE@am__append_9 = get_subid_owners \
 @ENABLE_SUBIDS_TRUE@					new_subid_range \
 @ENABLE_SUBIDS_TRUE@					free_subid_range \
 @ENABLE_SUBIDS_TRUE@					check_subid_range
@@ -142,13 +143,13 @@ am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
 @ENABLE_SUBIDS_TRUE@	check_subid_range$(EXEEXT)
 @ENABLE_SUBIDS_TRUE@am__EXEEXT_4 = newgidmap$(EXEEXT) \
 @ENABLE_SUBIDS_TRUE@	newuidmap$(EXEEXT)
+@ENABLE_LASTLOG_TRUE@am__EXEEXT_5 = lastlog$(EXEEXT)
 PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) \
 	$(ubin_PROGRAMS) $(usbin_PROGRAMS)
 chage_SOURCES = chage.c
 chage_OBJECTS = chage.$(OBJEXT)
 am__DEPENDENCIES_1 =
 am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1)
 @ACCT_TOOLS_SETUID_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1)
 chage_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \
@@ -173,7 +174,6 @@ check_subid_range_OBJECTS =  \
 @ENABLE_SUBIDS_TRUE@	$(am__DEPENDENCIES_1)
 @ENABLE_SUBIDS_TRUE@check_subid_range_DEPENDENCIES =  \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(am__DEPENDENCIES_5)
 chfn_SOURCES = chfn.c
 chfn_OBJECTS = chfn.$(OBJEXT)
@@ -204,14 +204,12 @@ faillog_SOURCES = faillog.c
 faillog_OBJECTS = faillog.$(OBJEXT)
 faillog_LDADD = $(LDADD)
 faillog_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1)
 free_subid_range_SOURCES = free_subid_range.c
 free_subid_range_OBJECTS =  \
 	free_subid_range-free_subid_range.$(OBJEXT)
 @ENABLE_SUBIDS_TRUE@free_subid_range_DEPENDENCIES =  \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(am__DEPENDENCIES_5)
 get_subid_owners_SOURCES = get_subid_owners.c
@@ -219,14 +217,12 @@ get_subid_owners_OBJECTS =  \
 	get_subid_owners-get_subid_owners.$(OBJEXT)
 @ENABLE_SUBIDS_TRUE@get_subid_owners_DEPENDENCIES =  \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(am__DEPENDENCIES_5)
 getsubids_SOURCES = getsubids.c
 getsubids_OBJECTS = getsubids-getsubids.$(OBJEXT)
 @ENABLE_SUBIDS_TRUE@getsubids_DEPENDENCIES =  \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(am__DEPENDENCIES_5)
 gpasswd_SOURCES = gpasswd.c
@@ -258,7 +254,6 @@ groups_SOURCES = groups.c
 groups_OBJECTS = groups.$(OBJEXT)
 groups_LDADD = $(LDADD)
 groups_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1)
 grpck_SOURCES = grpck.c
 grpck_OBJECTS = grpck.$(OBJEXT)
@@ -276,7 +271,6 @@ id_SOURCES = id.c
 id_OBJECTS = id.$(OBJEXT)
 id_LDADD = $(LDADD)
 id_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1)
 lastlog_SOURCES = lastlog.c
 lastlog_OBJECTS = lastlog.$(OBJEXT)
@@ -287,18 +281,16 @@ login_OBJECTS = $(am_login_OBJECTS)
 login_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 logoutd_SOURCES = logoutd.c
 logoutd_OBJECTS = logoutd.$(OBJEXT)
 logoutd_LDADD = $(LDADD)
 logoutd_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1)
 new_subid_range_SOURCES = new_subid_range.c
 new_subid_range_OBJECTS = new_subid_range-new_subid_range.$(OBJEXT)
 @ENABLE_SUBIDS_TRUE@new_subid_range_DEPENDENCIES =  \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(am__DEPENDENCIES_5)
 newgidmap_SOURCES = newgidmap.c
@@ -325,8 +317,7 @@ passwd_SOURCES = passwd.c
 passwd_OBJECTS = passwd.$(OBJEXT)
 passwd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \
-	$(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1)
 pwck_SOURCES = pwck.c
 pwck_OBJECTS = pwck.$(OBJEXT)
 pwck_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
@@ -344,7 +335,7 @@ su_OBJECTS = $(am_su_OBJECTS)
 su_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 sulogin_SOURCES = sulogin.c
 sulogin_OBJECTS = sulogin.$(OBJEXT)
 sulogin_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
@@ -478,6 +469,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -496,6 +489,7 @@ EGREP = @EGREP@
 ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
@@ -511,9 +505,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -529,6 +529,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
@@ -537,6 +538,8 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -559,6 +562,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -639,17 +645,17 @@ suidperms = 4755
 sgidperms = 2755
 AM_CPPFLAGS = \
 	-I${top_srcdir}/lib \
-	-I$(top_srcdir)/libmisc \
 	-I$(top_srcdir) \
-	-DLOCALEDIR=\"$(datadir)/locale\"
-
-suidusbins = $(am__append_5)
-suidbins = $(am__append_3)
-suidubins = chage chfn chsh expiry gpasswd newgrp $(am__append_4) \
-	$(am__append_6)
+	-DLOCALEDIR=\"$(datadir)/locale\" \
+	$(ECONF_CPPFLAGS)
+
+AM_CFLAGS = $(LIBBSD_CFLAGS)
+suidusbins = $(am__append_6)
+suidbins = $(am__append_4)
+suidubins = chage chfn chsh expiry gpasswd newgrp $(am__append_5) \
+	$(am__append_7)
 @WITH_TCB_TRUE@shadowsgidubins = passwd
 LDADD = $(INTLLIBS) \
-		 $(top_builddir)/libmisc/libmisc.la \
 		 $(top_builddir)/lib/libshadow.la \
 		 $(LIBTCB)
 
@@ -657,13 +663,13 @@ LDADD = $(INTLLIBS) \
 @ACCT_TOOLS_SETUID_TRUE@LIBPAM_SUID = $(LIBPAM)
 @USE_PAM_FALSE@LIBCRYPT_NOPAM = $(LIBCRYPT)
 @USE_PAM_TRUE@LIBCRYPT_NOPAM = 
-chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
 newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
 newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
 chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
 chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
 chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl
 expiry_LDADD = $(LDADD) $(LIBECONF)
 gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
 groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
@@ -678,11 +684,11 @@ login_SOURCES = \
 	login.c \
 	login_nopam.c
 
-login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
+login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) $(LIBSELINUX)
 newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF)
 newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl
 nologin_LDADD = 
-passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF)
+passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) -ldl
 pwck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 pwconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 pwunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
@@ -690,7 +696,7 @@ su_SOURCES = \
 	su.c \
 	suauth.c
 
-su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
+su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) $(LIBSELINUX)
 sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
 useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
 userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
@@ -709,60 +715,50 @@ vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 
 @ENABLE_SUBIDS_TRUE@getsubids_LDADD = \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(MISCLIBS) -ldl
 
 @ENABLE_SUBIDS_TRUE@getsubids_CPPFLAGS = \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/lib \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libmisc \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir) \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libsubid
+@ENABLE_SUBIDS_TRUE@	-I$(top_builddir)/libsubid
 
 @ENABLE_SUBIDS_TRUE@get_subid_owners_LDADD = \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(MISCLIBS) -ldl
 
 @ENABLE_SUBIDS_TRUE@get_subid_owners_CPPFLAGS = \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/lib \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libmisc \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir) \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libsubid
+@ENABLE_SUBIDS_TRUE@	-I$(top_builddir)/libsubid
 
 @ENABLE_SUBIDS_TRUE@new_subid_range_CPPFLAGS = \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/lib \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libmisc \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir) \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libsubid
+@ENABLE_SUBIDS_TRUE@	-I$(top_builddir)/libsubid
 
 @ENABLE_SUBIDS_TRUE@new_subid_range_LDADD = \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(MISCLIBS) -ldl
 
 @ENABLE_SUBIDS_TRUE@free_subid_range_CPPFLAGS = \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/lib \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libmisc \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir) \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libsubid
+@ENABLE_SUBIDS_TRUE@	-I$(top_builddir)/libsubid
 
 @ENABLE_SUBIDS_TRUE@free_subid_range_LDADD = \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/libsubid/libsubid.la \
 @ENABLE_SUBIDS_TRUE@	$(MISCLIBS) -ldl
 
 @ENABLE_SUBIDS_TRUE@check_subid_range_CPPFLAGS = \
 @ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/lib \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir) \
-@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)/libmisc
+@ENABLE_SUBIDS_TRUE@	-I$(top_srcdir)
 
 @ENABLE_SUBIDS_TRUE@check_subid_range_LDADD = \
 @ENABLE_SUBIDS_TRUE@	$(top_builddir)/lib/libshadow.la \
-@ENABLE_SUBIDS_TRUE@	$(top_builddir)/libmisc/libmisc.la \
 @ENABLE_SUBIDS_TRUE@	$(MISCLIBS) -ldl
 
 all: all-am
@@ -1220,22 +1216,25 @@ $(am__depfiles_remade):
 am--depfiles: $(am__depfiles_remade)
 
 .c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
diff --git a/src/chage.c b/src/chage.c
index 01570d7..1edab47 100644
--- a/src/chage.c
+++ b/src/chage.c
@@ -25,21 +25,31 @@
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
 #include <pwd.h>
-#include "prototypes.h"
+
+#include "alloc.h"
+#include "atoi/str2i.h"
 #include "defines.h"
+#include "memzero.h"
+#include "prototypes.h"
 #include "pwio.h"
 #include "shadowio.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+#include "string/strftime.h"
+#include "string/strtcpy.h"
+#include "time/day_to_str.h"
+/*@-exitarg@*/
+#include "exitcodes.h"
+
 #ifdef WITH_TCB
 #include "tcbfuncs.h"
 #endif
-/*@-exitarg@*/
-#include "exitcodes.h"
+
 
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "chage";
 
 static bool
     dflg = false,		/* set last password change date */
@@ -52,6 +62,8 @@ static bool
     Wflg = false;		/* set expiration warning days */
 static bool amroot = false;
 
+static const char *prefix = "";
+
 static bool pw_locked  = false;	/* Indicate if the password file is locked */
 static bool spw_locked = false;	/* Indicate if the shadow file is locked */
 /* The name and UID of the user being worked on */
@@ -66,21 +78,23 @@ static long inactdays;
 static long expdate;
 
 /* local function prototypes */
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static int new_fields (void);
-static void print_date (time_t date);
+static void print_day_as_date (long day);
 static void list_fields (void);
 static void process_flags (int argc, char **argv);
 static void check_flags (int argc, int opt_index);
 static void check_perms (void);
 static void open_files (bool readonly);
 static void close_files (void);
-static /*@noreturn@*/void fail_exit (int code);
+NORETURN static void fail_exit (int code);
 
 /*
  * fail_exit - do some cleanup and exit with the given error code
  */
-static /*@noreturn@*/void fail_exit (int code)
+NORETURN
+static void
+fail_exit (int code)
 {
 	if (spw_locked) {
 		if (spw_unlock () == 0) {
@@ -101,8 +115,7 @@ static /*@noreturn@*/void fail_exit (int code)
 #ifdef WITH_AUDIT
 	if (E_SUCCESS != code) {
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "change age",
-		              user_name, (unsigned int) user_uid, 0);
+		              "change age", user_name, user_uid, 0);
 	}
 #endif
 
@@ -112,7 +125,9 @@ static /*@noreturn@*/void fail_exit (int code)
 /*
  * usage - print command line syntax and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -132,6 +147,7 @@ static /*@noreturn@*/void usage (int status)
 	(void) fputs (_("  -M, --maxdays MAX_DAYS        set maximum number of days before password\n"
 	                "                                change to MAX_DAYS\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
 	(void) fputs (_("  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"), usageout);
 	(void) fputs ("\n", usageout);
 	exit (status);
@@ -148,30 +164,29 @@ static /*@noreturn@*/void usage (int status)
  */
 static int new_fields (void)
 {
-	char buf[200];
+	char  buf[200];
 
 	(void) puts (_("Enter the new value, or press ENTER for the default"));
 	(void) puts ("");
 
-	(void) snprintf (buf, sizeof buf, "%ld", mindays);
+	SNPRINTF(buf, "%ld", mindays);
 	change_field (buf, sizeof buf, _("Minimum Password Age"));
-	if (   (getlong (buf, &mindays) == 0)
+	if (   (str2sl(&mindays, buf) == -1)
 	    || (mindays < -1)) {
 		return 0;
 	}
 
-	(void) snprintf (buf, sizeof buf, "%ld", maxdays);
+	SNPRINTF(buf, "%ld", maxdays);
 	change_field (buf, sizeof buf, _("Maximum Password Age"));
-	if (   (getlong (buf, &maxdays) == 0)
+	if (   (str2sl(&maxdays, buf) == -1)
 	    || (maxdays < -1)) {
 		return 0;
 	}
 
-	if (-1 == lstchgdate || lstchgdate > LONG_MAX / SCALE) {
-		strcpy (buf, "-1");
-	} else {
-		date_to_str (sizeof(buf), buf, lstchgdate * SCALE);
-	}
+	if (-1 == lstchgdate || lstchgdate > LONG_MAX / DAY)
+		strcpy(buf, "-1");
+	else
+		DAY_TO_STR(buf, lstchgdate);
 
 	change_field (buf, sizeof buf, _("Last Password Change (YYYY-MM-DD)"));
 
@@ -184,25 +199,24 @@ static int new_fields (void)
 		}
 	}
 
-	(void) snprintf (buf, sizeof buf, "%ld", warndays);
+	SNPRINTF(buf, "%ld", warndays);
 	change_field (buf, sizeof buf, _("Password Expiration Warning"));
-	if (   (getlong (buf, &warndays) == 0)
+	if (   (str2sl(&warndays, buf) == -1)
 	    || (warndays < -1)) {
 		return 0;
 	}
 
-	(void) snprintf (buf, sizeof buf, "%ld", inactdays);
+	SNPRINTF(buf, "%ld", inactdays);
 	change_field (buf, sizeof buf, _("Password Inactive"));
-	if (   (getlong (buf, &inactdays) == 0)
+	if (   (str2sl(&inactdays, buf) == -1)
 	    || (inactdays < -1)) {
 		return 0;
 	}
 
-	if (-1 == expdate || LONG_MAX / SCALE < expdate) {
-		strcpy (buf, "-1");
-	} else {
-		date_to_str (sizeof(buf), buf, expdate * SCALE);
-	}
+	if (-1 == expdate || LONG_MAX / DAY < expdate)
+		strcpy(buf, "-1");
+	else
+		DAY_TO_STR(buf, expdate);
 
 	change_field (buf, sizeof buf,
 	              _("Account Expiration Date (YYYY-MM-DD)"));
@@ -219,20 +233,33 @@ static int new_fields (void)
 	return 1;
 }
 
-static void print_date (time_t date)
+
+static void
+print_day_as_date(long day)
 {
-	struct tm *tp;
-	char buf[80];
+	char       buf[80];
+	time_t     date;
+	struct tm  tm;
 
-	tp = gmtime (&date);
-	if (NULL == tp) {
+	if (day < 0) {
+		puts(_("never"));
+		return;
+	}
+	if (__builtin_mul_overflow(day, DAY, &date)) {
+		puts(_("future"));
+		return;
+	}
+
+	if (gmtime_r(&date, &tm) == NULL) {
 		(void) printf ("time_t: %lu\n", (unsigned long)date);
-	} else {
-		(void) strftime (buf, sizeof buf, iflg ? "%Y-%m-%d" : "%b %d, %Y", tp);
-		(void) puts (buf);
+		return;
 	}
+
+	STRFTIME(buf, iflg ? "%Y-%m-%d" : "%b %d, %Y", &tm);
+	(void) puts (buf);
 }
 
+
 /*
  * list_fields - display the current values of the expiration fields
  *
@@ -242,21 +269,15 @@ static void print_date (time_t date)
  */
 static void list_fields (void)
 {
-	long changed = 0;
-	long expires;
-
 	/*
 	 * The "last change" date is either "never" or the date the password
 	 * was last modified. The date is the number of days since 1/1/1970.
 	 */
 	(void) fputs (_("Last password change\t\t\t\t\t: "), stdout);
-	if (lstchgdate < 0 || lstchgdate > LONG_MAX / SCALE) {
-		(void) puts (_("never"));
-	} else if (lstchgdate == 0) {
+	if (lstchgdate == 0) {
 		(void) puts (_("password must be changed"));
 	} else {
-		changed = lstchgdate * SCALE;
-		print_date ((time_t) changed);
+		print_day_as_date(lstchgdate);
 	}
 
 	/*
@@ -267,13 +288,13 @@ static void list_fields (void)
 	if (lstchgdate == 0) {
 		(void) puts (_("password must be changed"));
 	} else if (   (lstchgdate < 0)
-	           || (maxdays >= (10000 * (DAY / SCALE)))
+	           || (maxdays >= 10000)
 	           || (maxdays < 0)
-	           || ((LONG_MAX - changed) / SCALE < maxdays)) {
+	           || (LONG_MAX - lstchgdate < maxdays))
+	{
 		(void) puts (_("never"));
 	} else {
-		expires = changed + maxdays * SCALE;
-		print_date ((time_t) expires);
+		print_day_as_date(lstchgdate + maxdays);
 	}
 
 	/*
@@ -287,14 +308,14 @@ static void list_fields (void)
 		(void) puts (_("password must be changed"));
 	} else if (   (lstchgdate < 0)
 	           || (inactdays < 0)
-	           || (maxdays >= (10000 * (DAY / SCALE)))
+	           || (maxdays >= 10000)
 	           || (maxdays < 0)
-	           || (maxdays > LONG_MAX - inactdays)
-	           || ((LONG_MAX - changed) / SCALE < maxdays + inactdays)) {
+	           || (LONG_MAX - inactdays < maxdays)
+	           || (LONG_MAX - lstchgdate < maxdays + inactdays))
+	{
 		(void) puts (_("never"));
 	} else {
-		expires = changed + (maxdays + inactdays) * SCALE;
-		print_date ((time_t) expires);
+		print_day_as_date(lstchgdate + maxdays + inactdays);
 	}
 
 	/*
@@ -302,12 +323,7 @@ static void list_fields (void)
 	 * password expiring or not.
 	 */
 	(void) fputs (_("Account expires\t\t\t\t\t\t: "), stdout);
-	if (expdate < 0 || LONG_MAX / SCALE < expdate) {
-		(void) puts (_("never"));
-	} else {
-		expires = expdate * SCALE;
-		print_date ((time_t) expires);
-	}
+	print_day_as_date(expdate);
 
 	/*
 	 * Start with the easy numbers - the number of days before the
@@ -344,12 +360,13 @@ static void process_flags (int argc, char **argv)
 		{"mindays",    required_argument, NULL, 'm'},
 		{"maxdays",    required_argument, NULL, 'M'},
 		{"root",       required_argument, NULL, 'R'},
+		{"prefix",     required_argument, NULL, 'P'},
 		{"warndays",   required_argument, NULL, 'W'},
 		{"iso8601",    no_argument,       NULL, 'i'},
 		{NULL, 0, NULL, '\0'}
 	};
 
-	while ((c = getopt_long (argc, argv, "d:E:hiI:lm:M:R:W:",
+	while ((c = getopt_long (argc, argv, "d:E:hiI:lm:M:R:P:W:",
 	                         long_options, NULL)) != -1) {
 		switch (c) {
 		case 'd':
@@ -380,7 +397,7 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'I':
 			Iflg = true;
-			if (   (getlong (optarg, &inactdays) == 0)
+			if (   (str2sl(&inactdays, optarg) == -1)
 			    || (inactdays < -1)) {
 				fprintf (stderr,
 				         _("%s: invalid numeric argument '%s'\n"),
@@ -393,7 +410,7 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'm':
 			mflg = true;
-			if (   (getlong (optarg, &mindays) == 0)
+			if (   (str2sl(&mindays, optarg) == -1)
 			    || (mindays < -1)) {
 				fprintf (stderr,
 				         _("%s: invalid numeric argument '%s'\n"),
@@ -403,7 +420,7 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'M':
 			Mflg = true;
-			if (   (getlong (optarg, &maxdays) == 0)
+			if (   (str2sl(&maxdays, optarg) == -1)
 			    || (maxdays < -1)) {
 				fprintf (stderr,
 				         _("%s: invalid numeric argument '%s'\n"),
@@ -413,9 +430,11 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'R': /* no-op, handled in process_root_flag () */
 			break;
+		case 'P': /* no-op, handled in process_prefix_flag () */
+			break;
 		case 'W':
 			Wflg = true;
-			if (   (getlong (optarg, &warndays) == 0)
+			if (   (str2sl(&warndays, optarg) == -1)
 			    || (warndays < -1)) {
 				fprintf (stderr,
 				         _("%s: invalid numeric argument '%s'\n"),
@@ -500,7 +519,7 @@ static void check_perms (void)
 		exit (E_NOPERM);
 	}
 
-	retval = pam_start ("chage", pampw->pw_name, &conv, &pamh);
+	retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 
 	if (PAM_SUCCESS == retval) {
 		retval = pam_authenticate (pamh, 0);
@@ -751,24 +770,23 @@ int main (int argc, char **argv)
 	gid_t rgid;
 	const struct passwd *pw;
 
-	/*
-	 * Get the program name so that error messages can use it.
-	 */
-	Prog = Basename (argv[0]);
+	sanitize_env ();
+	check_fds ();
+
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
-	sanitize_env ();
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
 	process_root_flag ("-R", argc, argv);
+	prefix = process_prefix_flag ("-P", argc, argv);
 
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif
-	OPENLOG ("chage");
+	OPENLOG (Prog);
 
 	ruid = getuid ();
 	rgid = getgid ();
@@ -809,7 +827,7 @@ int main (int argc, char **argv)
 		fail_exit (E_NOPERM);
 	}
 
-	STRFCPY (user_name, pw->pw_name);
+	STRTCPY(user_name, pw->pw_name);
 #ifdef WITH_TCB
 	if (shadowtcb_set_user (pw->pw_name) == SHADOWTCB_FAILURE) {
 		fail_exit (E_NOPERM);
@@ -831,8 +849,7 @@ int main (int argc, char **argv)
 		}
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "display aging info",
-		              user_name, (unsigned int) user_uid, 1);
+		              "display aging info", user_name, user_uid, 1);
 #endif
 		list_fields ();
 		fail_exit (E_SUCCESS);
@@ -854,40 +871,38 @@ int main (int argc, char **argv)
 		else {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "change all aging information",
-			              user_name, (unsigned int) user_uid, 1);
+			              user_name, user_uid, 1);
 		}
 #endif
 	} else {
 #ifdef WITH_AUDIT
 		if (Mflg) {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-			              "change max age",
-			              user_name, (unsigned int) user_uid, 1);
+			              "change max age", user_name, user_uid, 1);
 		}
 		if (mflg) {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-			              "change min age",
-			              user_name, (unsigned int) user_uid, 1);
+			              "change min age", user_name, user_uid, 1);
 		}
 		if (dflg) {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "change last change date",
-			              user_name, (unsigned int) user_uid, 1);
+			              user_name, user_uid, 1);
 		}
 		if (Wflg) {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "change passwd warning",
-			              user_name, (unsigned int) user_uid, 1);
+			              user_name, user_uid, 1);
 		}
 		if (Iflg) {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "change inactive days",
-			              user_name, (unsigned int) user_uid, 1);
+			              user_name, user_uid, 1);
 		}
 		if (Eflg) {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "change passwd expiration",
-			              user_name, (unsigned int) user_uid, 1);
+			              user_name, user_uid, 1);
 		}
 #endif
 	}
diff --git a/src/check_subid_range.c b/src/check_subid_range.c
index 38703b6..68266f5 100644
--- a/src/check_subid_range.c
+++ b/src/check_subid_range.c
@@ -12,20 +12,21 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+
+#include "atoi/str2i.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "subordinateio.h"
 #include "idmapping.h"
 #include "shadowlog.h"
 
-const char *Prog;
+static const char Prog[] = "check_subid_range";
 
 int main(int argc, char **argv)
 {
 	char *owner;
 	unsigned long start, count;
 	bool check_uids;
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -34,11 +35,10 @@ int main(int argc, char **argv)
 
 	owner = argv[1];
 	check_uids = argv[2][0] == 'u';
-	start = strtoul(argv[3], NULL, 10);
-	if (start == ULONG_MAX && errno == ERANGE)
+	errno = 0;
+	if (str2ul(&start, argv[3]) == -1)
 		exit(1);
-	count = strtoul(argv[4], NULL, 10);
-	if (count == ULONG_MAX && errno == ERANGE)
+	if (str2ul(&count, argv[4]) == -1)
 		exit(1);
 	if (check_uids) {
 		if (have_sub_uids(owner, start, count))
diff --git a/src/chfn.c b/src/chfn.c
index 1c2f1cc..9043212 100644
--- a/src/chfn.c
+++ b/src/chfn.c
@@ -17,6 +17,8 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <getopt.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "getdef.h"
 #include "nscd.h"
@@ -30,11 +32,14 @@
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+#include "string/strtcpy.h"
+
 
 /*
  * Global variables.
  */
-const char *Prog;
+static const char Prog[] = "chfn";
 static char fullnm[BUFSIZ];
 static char roomno[BUFSIZ];
 static char workph[BUFSIZ];
@@ -54,8 +59,8 @@ static bool pw_locked = false;
  */
 
 /* local function prototypes */
-static void fail_exit (int code);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void fail_exit (int code);
+NORETURN static void usage (int status);
 static bool may_change_field (int);
 static void new_fields (void);
 static char *copy_field (char *, char *, char *);
@@ -86,7 +91,9 @@ static void fail_exit (int code)
 /*
  * usage - print command line syntax and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -175,19 +182,19 @@ static void new_fields (void)
 	if (may_change_field ('r')) {
 		change_field (roomno, sizeof roomno, _("Room Number"));
 	} else {
-		printf (_("\t%s: %s\n"), _("Room Number"), fullnm);
+		printf (_("\t%s: %s\n"), _("Room Number"), roomno);
 	}
 
 	if (may_change_field ('w')) {
 		change_field (workph, sizeof workph, _("Work Phone"));
 	} else {
-		printf (_("\t%s: %s\n"), _("Work Phone"), fullnm);
+		printf (_("\t%s: %s\n"), _("Work Phone"), workph);
 	}
 
 	if (may_change_field ('h')) {
 		change_field (homeph, sizeof homeph, _("Home Phone"));
 	} else {
-		printf (_("\t%s: %s\n"), _("Home Phone"), fullnm);
+		printf (_("\t%s: %s\n"), _("Home Phone"), homeph);
 	}
 
 	if (amroot) {
@@ -271,7 +278,7 @@ static void process_flags (int argc, char **argv)
 				exit (E_NOPERM);
 			}
 			fflg = true;
-			STRFCPY (fullnm, optarg);
+			STRTCPY(fullnm, optarg);
 			break;
 		case 'h':
 			if (!may_change_field ('h')) {
@@ -280,7 +287,7 @@ static void process_flags (int argc, char **argv)
 				exit (E_NOPERM);
 			}
 			hflg = true;
-			STRFCPY (homeph, optarg);
+			STRTCPY(homeph, optarg);
 			break;
 		case 'o':
 			if (!amroot) {
@@ -294,7 +301,7 @@ static void process_flags (int argc, char **argv)
 				         _("%s: fields too long\n"), Prog);
 				exit (E_NOPERM);
 			}
-			STRFCPY (slop, optarg);
+			STRTCPY(slop, optarg);
 			break;
 		case 'r':
 			if (!may_change_field ('r')) {
@@ -303,7 +310,7 @@ static void process_flags (int argc, char **argv)
 				exit (E_NOPERM);
 			}
 			rflg = true;
-			STRFCPY (roomno, optarg);
+			STRTCPY(roomno, optarg);
 			break;
 		case 'R': /* no-op, handled in process_root_flag () */
 			break;
@@ -317,7 +324,7 @@ static void process_flags (int argc, char **argv)
 				exit (E_NOPERM);
 			}
 			wflg = true;
-			STRFCPY (workph, optarg);
+			STRTCPY(workph, optarg);
 			break;
 		default:
 			usage (E_USAGE);
@@ -358,7 +365,7 @@ static void check_perms (const struct passwd *pw)
 	 * check if the change is allowed by SELinux policy.
 	 */
 	if ((pw->pw_uid != getuid ())
-	    && (check_selinux_permit ("chfn") != 0)) {
+	    && (check_selinux_permit (Prog) != 0)) {
 		fprintf (stderr, _("%s: Permission denied.\n"), Prog);
 		closelog ();
 		exit (E_NOPERM);
@@ -373,7 +380,7 @@ static void check_perms (const struct passwd *pw)
 	 * --marekm
 	 */
 	if (!amroot && getdef_bool ("CHFN_AUTH")) {
-		passwd_check (pw->pw_name, pw->pw_passwd, "chfn");
+		passwd_check (pw->pw_name, pw->pw_passwd, Prog);
 	}
 
 #else				/* !USE_PAM */
@@ -385,7 +392,7 @@ static void check_perms (const struct passwd *pw)
 		exit (E_NOPERM);
 	}
 
-	retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh);
+	retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 
 	if (PAM_SUCCESS == retval) {
 		retval = pam_authenticate (pamh, 0);
@@ -504,34 +511,35 @@ static void get_old_fields (const char *gecos)
 {
 	char *cp;		/* temporary character pointer       */
 	char old_gecos[BUFSIZ];	/* buffer for old GECOS fields       */
-	STRFCPY (old_gecos, gecos);
+
+	STRTCPY(old_gecos, gecos);
 
 	/*
 	 * Now get the full name. It is the first comma separated field in
 	 * the GECOS field.
 	 */
-	cp = copy_field (old_gecos, fflg ? (char *) 0 : fullnm, slop);
+	cp = copy_field (old_gecos, fflg ? NULL : fullnm, slop);
 
 	/*
 	 * Now get the room number. It is the next comma separated field,
 	 * if there is indeed one.
 	 */
 	if (NULL != cp) {
-		cp = copy_field (cp, rflg ? (char *) 0 : roomno, slop);
+		cp = copy_field (cp, rflg ? NULL : roomno, slop);
 	}
 
 	/*
 	 * Now get the work phone number. It is the third field.
 	 */
 	if (NULL != cp) {
-		cp = copy_field (cp, wflg ? (char *) 0 : workph, slop);
+		cp = copy_field (cp, wflg ? NULL : workph, slop);
 	}
 
 	/*
 	 * Now get the home phone number. It is the fourth field.
 	 */
 	if (NULL != cp) {
-		cp = copy_field (cp, hflg ? (char *) 0 : homeph, slop);
+		cp = copy_field (cp, hflg ? NULL : homeph, slop);
 	}
 
 	/*
@@ -608,19 +616,16 @@ static void check_fields (void)
  */
 int main (int argc, char **argv)
 {
-	const struct passwd *pw;	/* password file entry               */
-	char new_gecos[BUFSIZ];	/* buffer for new GECOS fields       */
-	char *user;
+	char                 new_gecos[BUFSIZ];
+	char                 *user;
+	const struct passwd  *pw;
+
+	sanitize_env ();
+	check_fds ();
 
-	/*
-	 * Get the program name. The program name is used as a
-	 * prefix to most error messages.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
-	sanitize_env ();
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
@@ -633,7 +638,7 @@ int main (int argc, char **argv)
 	 */
 	amroot = (getuid () == 0);
 
-	OPENLOG ("chfn");
+	OPENLOG (Prog);
 
 	/* parse the command line options */
 	process_flags (argc, argv);
@@ -663,29 +668,6 @@ int main (int argc, char **argv)
 		user = xstrdup (pw->pw_name);
 	}
 
-#ifdef	USE_NIS
-	/*
-	 * Now we make sure this is a LOCAL password entry for this user ...
-	 */
-	if (__ispwNIS ()) {
-		char *nis_domain;
-		char *nis_master;
-
-		fprintf (stderr,
-		         _("%s: cannot change user '%s' on NIS client.\n"),
-		         Prog, user);
-
-		if (!yp_get_default_domain (&nis_domain) &&
-		    !yp_master (nis_domain, "passwd.byname", &nis_master)) {
-			fprintf (stderr,
-			         _
-			         ("%s: '%s' is the NIS master for this client.\n"),
-			         Prog, nis_master);
-		}
-		fail_exit (E_NOPERM);
-	}
-#endif
-
 	/* Check that the caller is allowed to change the gecos of the
 	 * specified user */
 	check_perms (pw);
@@ -717,9 +699,9 @@ int main (int argc, char **argv)
 		fprintf (stderr, _("%s: fields too long\n"), Prog);
 		fail_exit (E_NOPERM);
 	}
-	snprintf (new_gecos, sizeof new_gecos, "%s,%s,%s,%s%s%s",
-	          fullnm, roomno, workph, homeph,
-	          ('\0' != slop[0]) ? "," : "", slop);
+	SNPRINTF(new_gecos, "%s,%s,%s,%s%s%s",
+	         fullnm, roomno, workph, homeph,
+	         ('\0' != slop[0]) ? "," : "", slop);
 
 	/* Rewrite the user's gecos in the passwd file */
 	update_gecos (user, new_gecos);
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index d17acb6..1ff6776 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -16,11 +16,13 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
+
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
+#include "atoi/str2i.h"
 #include "defines.h"
 #include "nscd.h"
 #include "sssd.h"
@@ -33,10 +35,11 @@
 #include "exitcodes.h"
 #include "shadowlog.h"
 
+
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "chgpasswd";
 static bool eflg   = false;
 static bool md5flg = false;
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
@@ -62,8 +65,8 @@ static bool sgr_locked = false;
 static bool gr_locked = false;
 
 /* local function prototypes */
-static void fail_exit (int code);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void fail_exit (int code);
+NORETURN static void usage (int status);
 static void process_flags (int argc, char **argv);
 static void check_flags (void);
 static void check_perms (void);
@@ -99,7 +102,9 @@ static void fail_exit (int code)
 /*
  * usage - display usage message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -184,21 +189,28 @@ static void process_flags (int argc, char **argv)
 		case 's':
 			sflg = true;
                         bad_s = 0;
+
+			if (!crypt_method) {
+				fprintf (stderr,
+				         _("%s: no crypt method defined\n"),
+				         Prog);
+				usage (E_USAGE);
+			}
 #if defined(USE_SHA_CRYPT)
 			if (  (   ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512")))
-			       && (0 == getlong(optarg, &sha_rounds)))) {
+			       && (-1 == str2sl(&sha_rounds, optarg)))) {
                             bad_s = 1;
                         }
 #endif				/* USE_SHA_CRYPT */
 #if defined(USE_BCRYPT)
                         if ((   (0 == strcmp (crypt_method, "BCRYPT"))
-			       && (0 == getlong(optarg, &bcrypt_rounds)))) {
+			       && (-1 == str2sl(&bcrypt_rounds, optarg)))) {
                             bad_s = 1;
                         }
 #endif				/* USE_BCRYPT */
 #if defined(USE_YESCRYPT)
                         if ((   (0 == strcmp (crypt_method, "YESCRYPT"))
-			       && (0 == getlong(optarg, &yescrypt_cost)))) {
+			       && (-1 == str2sl(&yescrypt_cost, optarg)))) {
                             bad_s = 1;
                         }
 #endif				/* USE_YESCRYPT */
@@ -294,7 +306,7 @@ static void check_perms (void)
 		exit (1);
 	}
 
-	retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh);
+	retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 
 	if (PAM_SUCCESS == retval) {
 		retval = pam_authenticate (pamh, 0);
@@ -414,7 +426,6 @@ int main (int argc, char **argv)
 	int errors = 0;
 	int line = 0;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -422,11 +433,17 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
+#ifdef WITH_SELINUX
+	if (check_selinux_permit ("passwd") != 0) {
+		return (E_NOPERM);
+	}
+#endif				/* WITH_SELINUX */
+
 	process_root_flag ("-R", argc, argv);
 
 	process_flags (argc, argv);
 
-	OPENLOG ("chgpasswd");
+	OPENLOG (Prog);
 
 	check_perms ();
 
@@ -441,7 +458,7 @@ int main (int argc, char **argv)
 	 * group entry for each group will be looked up in the appropriate
 	 * file (gshadow or group) and the password changed.
 	 */
-	while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
+	while (fgets (buf, (int) sizeof buf, stdin) != NULL) {
 		line++;
 		cp = strrchr (buf, '\n');
 		if (NULL != cp) {
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 48d5178..79880f5 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -16,9 +16,11 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
+
 #ifdef USE_PAM
 #include "pam_defs.h"
 #endif				/* USE_PAM */
+#include "atoi/str2i.h"
 #include "defines.h"
 #include "nscd.h"
 #include "sssd.h"
@@ -30,12 +32,13 @@
 #include "exitcodes.h"
 #include "shadowlog.h"
 
+
 #define IS_CRYPT_METHOD(str) ((crypt_method != NULL && strcmp(crypt_method, str) == 0) ? true : false)
 
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "chpasswd";
 static bool eflg   = false;
 static bool md5flg = false;
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
@@ -54,13 +57,15 @@ static long bcrypt_rounds = 13;
 static long yescrypt_cost = 5;
 #endif
 
+static const char *prefix = "";
+
 static bool is_shadow_pwd;
 static bool pw_locked = false;
 static bool spw_locked = false;
 
 /* local function prototypes */
-static void fail_exit (int code);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void fail_exit (int code);
+NORETURN static void usage (int status);
 static void process_flags (int argc, char **argv);
 static void check_flags (void);
 static void check_perms (void);
@@ -94,7 +99,9 @@ static void fail_exit (int code)
 /*
  * usage - display usage message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -121,6 +128,7 @@ static /*@noreturn@*/void usage (int status)
 	                "                                the MD5 algorithm\n"),
 	              usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 	(void) fputs (_("  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
 	                "                                or YESCRYPT crypt algorithms\n"),
@@ -148,6 +156,7 @@ static void process_flags (int argc, char **argv)
 		{"help",         no_argument,       NULL, 'h'},
 		{"md5",          no_argument,       NULL, 'm'},
 		{"root",         required_argument, NULL, 'R'},
+		{"prefix",       required_argument, NULL, 'P'},
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		{"sha-rounds",   required_argument, NULL, 's'},
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
@@ -156,9 +165,9 @@ static void process_flags (int argc, char **argv)
 
 	while ((c = getopt_long (argc, argv,
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
-	                         "c:ehmR:s:",
+	                         "c:ehmR:P:s:",
 #else
-	                         "c:ehmR:",
+	                         "c:ehmR:P:",
 #endif
 	                         long_options, NULL)) != -1) {
 		switch (c) {
@@ -176,25 +185,27 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'R': /* no-op, handled in process_root_flag () */
 			break;
+		case 'P': /* no-op, handled in process_prefix_flag () */
+			break;
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		case 's':
 			sflg = true;
                         bad_s = 0;
 #if defined(USE_SHA_CRYPT)
 			if ((IS_CRYPT_METHOD("SHA256") || IS_CRYPT_METHOD("SHA512"))
-			    && (0 == getlong(optarg, &sha_rounds))) {
+			    && (-1 == str2sl(&sha_rounds, optarg))) {
                             bad_s = 1;
                         }
 #endif				/* USE_SHA_CRYPT */
 #if defined(USE_BCRYPT)
                         if (IS_CRYPT_METHOD("BCRYPT")
-			    && (0 == getlong(optarg, &bcrypt_rounds))) {
+			    && (-1 == str2sl(&bcrypt_rounds, optarg))) {
                             bad_s = 1;
                         }
 #endif				/* USE_BCRYPT */
 #if defined(USE_YESCRYPT)
                         if (IS_CRYPT_METHOD("YESCRYPT")
-			    && (0 == getlong(optarg, &yescrypt_cost))) {
+			    && (-1 == str2sl(&yescrypt_cost, optarg))) {
                             bad_s = 1;
                         }
 #endif				/* USE_YESCRYPT */
@@ -294,7 +305,7 @@ static void check_perms (void)
 		exit (1);
 	}
 
-	retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh);
+	retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 
 	if (PAM_SUCCESS == retval) {
 		retval = pam_authenticate (pamh, 0);
@@ -442,7 +453,6 @@ int main (int argc, char **argv)
 	int errors = 0;
 	int line = 0;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -450,18 +460,25 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
+#ifdef WITH_SELINUX
+	if (check_selinux_permit ("passwd") != 0) {
+		return (E_NOPERM);
+	}
+#endif				/* WITH_SELINUX */
+
 	process_flags (argc, argv);
 
 	salt = get_salt();
 	process_root_flag ("-R", argc, argv);
+	prefix = process_prefix_flag ("-P", argc, argv);
 
 #ifdef USE_PAM
-	if (md5flg || eflg || cflg) {
+	if (md5flg || eflg || cflg || prefix[0]) {
 		use_pam = false;
 	}
 #endif				/* USE_PAM */
 
-	OPENLOG ("chpasswd");
+	OPENLOG (Prog);
 
 	check_perms ();
 
@@ -482,7 +499,7 @@ int main (int argc, char **argv)
 	 * last change date is set in the age only if aging information is
 	 * present.
 	 */
-	while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
+	while (fgets (buf, sizeof buf, stdin) != NULL) {
 		line++;
 		cp = strrchr (buf, '\n');
 		if (NULL != cp) {
@@ -491,7 +508,7 @@ int main (int argc, char **argv)
 			if (feof (stdin) == 0) {
 
 				// Drop all remaining characters on this line.
-				while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
+				while (fgets (buf, sizeof buf, stdin) != NULL) {
 					cp = strchr (buf, '\n');
 					if (cp != NULL) {
 						break;
@@ -531,7 +548,7 @@ int main (int argc, char **argv)
 
 #ifdef USE_PAM
 		if (use_pam) {
-			if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) {
+			if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) {
 				fprintf (stderr,
 				         _("%s: (line %d, user %s) password not changed\n"),
 				         Prog, line, name);
@@ -606,7 +623,7 @@ int main (int argc, char **argv)
 		if (NULL != sp) {
 			newsp = *sp;
 			newsp.sp_pwdp = cp;
-			newsp.sp_lstchg = (long) gettime () / SCALE;
+			newsp.sp_lstchg = gettime () / DAY;
 			if (0 == newsp.sp_lstchg) {
 				/* Better disable aging than requiring a
 				 * password change */
diff --git a/src/chsh.c b/src/chsh.c
index 21d1c3e..c4918c1 100644
--- a/src/chsh.c
+++ b/src/chsh.c
@@ -16,6 +16,8 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <sys/types.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "getdef.h"
 #include "nscd.h"
@@ -29,14 +31,22 @@
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "string/strtcpy.h"
 
 #ifndef SHELLS_FILE
 #define SHELLS_FILE "/etc/shells"
 #endif
+
+#ifdef HAVE_VENDORDIR
+#include <libeconf.h>
+#define SHELLS "shells"
+#define ETCDIR "/etc"
+#endif
+
 /*
  * Global variables
  */
-const char *Prog;		/* Program name */
+static const char Prog[] = "chsh";	/* Program name */
 static bool amroot;		/* Real UID is root */
 static char loginsh[BUFSIZ];	/* Name of new login shell */
 /* command line options */
@@ -46,8 +56,8 @@ static bool pw_locked = false;
 /* external identifiers */
 
 /* local function prototypes */
-static /*@noreturn@*/void fail_exit (int code);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void fail_exit (int code);
+NORETURN static void usage (int status);
 static void new_fields (void);
 static bool shell_is_listed (const char *);
 static bool is_restricted_shell (const char *);
@@ -58,7 +68,9 @@ static void update_shell (const char *user, char *loginsh);
 /*
  * fail_exit - do some cleanup and exit with the given error code
  */
-static /*@noreturn@*/void fail_exit (int code)
+NORETURN
+static void
+fail_exit (int code)
 {
 	if (pw_locked) {
 		if (pw_unlock () == 0) {
@@ -76,7 +88,9 @@ static /*@noreturn@*/void fail_exit (int code)
 /*
  * usage - print command line syntax and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -127,17 +141,60 @@ static bool is_restricted_shell (const char *sh)
  * If getusershell() is available (Linux, *BSD, possibly others), use it
  * instead of re-implementing it.
  */
+
+#ifdef HAVE_VENDORDIR
 static bool shell_is_listed (const char *sh)
 {
-	char *cp;
 	bool found = false;
 
-#ifndef HAVE_GETUSERSHELL
-	char buf[BUFSIZ];
-	FILE *fp;
-#endif
+	size_t size = 0;
+	econf_err error;
+	char **keys;
+	econf_file *key_file;
+
+	error = econf_readDirs(&key_file,
+			       VENDORDIR,
+			       ETCDIR,
+			       SHELLS,
+			       NULL,
+			       "", /* key only */
+			       "#" /* comment */);
+	if (error) {
+		fprintf (stderr,
+			 _("Cannot parse shell files: %s"),
+			 econf_errString(error));
+		fail_exit (1);
+	}
+
+	error = econf_getKeys(key_file, NULL, &size, &keys);
+	if (error) {
+		fprintf (stderr,
+			 _("Cannot evaluate entries in shell files: %s"),
+			 econf_errString(error));
+		econf_free (key_file);
+		fail_exit (1);
+	}
+
+	for (size_t i = 0; i < size; i++) {
+		if (strcmp (keys[i], sh) == 0) {
+			found = true;
+			break;
+		}
+	}
+	econf_free (keys);
+	econf_free (key_file);
+
+	return found;
+}
+
+#else /* without HAVE_VENDORDIR */
+
+static bool shell_is_listed (const char *sh)
+{
+	bool found = false;
 
 #ifdef HAVE_GETUSERSHELL
+	char *cp;
 	setusershell ();
 	while ((cp = getusershell ())) {
 		if (strcmp (cp, sh) == 0) {
@@ -147,18 +204,17 @@ static bool shell_is_listed (const char *sh)
 	}
 	endusershell ();
 #else
+	char *buf = NULL;
+	FILE *fp;
+	size_t n = 0;
+
 	fp = fopen (SHELLS_FILE, "r");
 	if (NULL == fp) {
 		return false;
 	}
 
-	while (fgets (buf, sizeof (buf), fp) == buf) {
-		cp = strrchr (buf, '\n');
-		if (NULL != cp) {
-			*cp = '\0';
-		}
-
-		if (buf[0] == '#') {
+	while (getline (&buf, &n, fp) != -1) {
+		if (buf[0] != '/') {
 			continue;
 		}
 
@@ -167,10 +223,13 @@ static bool shell_is_listed (const char *sh)
 			break;
 		}
 	}
+
+	free(buf);
 	fclose (fp);
 #endif
 	return found;
 }
+#endif /* with HAVE_VENDORDIR */
 
 /*
  * process_flags - parse the command line options
@@ -197,7 +256,7 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 's':
 			sflg = true;
-			STRFCPY (loginsh, optarg);
+			STRTCPY(loginsh, optarg);
 			break;
 		default:
 			usage (E_USAGE);
@@ -260,7 +319,7 @@ static void check_perms (const struct passwd *pw)
 	 * check if the change is allowed by SELinux policy.
 	 */
 	if ((pw->pw_uid != getuid ())
-	    && (check_selinux_permit("chsh") != 0)) {
+	    && (check_selinux_permit(Prog) != 0)) {
 		SYSLOG ((LOG_WARN, "can't change shell for '%s'", pw->pw_name));
 		fprintf (stderr,
 		         _("You may not change the shell for '%s'.\n"),
@@ -277,7 +336,7 @@ static void check_perms (const struct passwd *pw)
 	 * chfn/chsh.  --marekm
 	 */
 	if (!amroot && getdef_bool ("CHSH_AUTH")) {
-		passwd_check (pw->pw_name, pw->pw_passwd, "chsh");
+		passwd_check (pw->pw_name, pw->pw_passwd, Prog);
         }
 
 #else				/* !USE_PAM */
@@ -289,7 +348,7 @@ static void check_perms (const struct passwd *pw)
 		exit (E_NOPERM);
 	}
 
-	retval = pam_start ("chsh", pampw->pw_name, &conv, &pamh);
+	retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 
 	if (PAM_SUCCESS == retval) {
 		retval = pam_authenticate (pamh, 0);
@@ -413,12 +472,8 @@ int main (int argc, char **argv)
 	const struct passwd *pw;	/* Password entry from /etc/passwd   */
 
 	sanitize_env ();
+	check_fds ();
 
-	/*
-	 * Get the program name. The program name is used as a prefix to
-	 * most error messages.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -433,7 +488,7 @@ int main (int argc, char **argv)
 	 */
 	amroot = (getuid () == 0);
 
-	OPENLOG ("chsh");
+	OPENLOG (Prog);
 
 	/* parse the command line options */
 	process_flags (argc, argv);
@@ -463,28 +518,6 @@ int main (int argc, char **argv)
 		user = xstrdup (pw->pw_name);
 	}
 
-#ifdef	USE_NIS
-	/*
-	 * Now we make sure this is a LOCAL password entry for this user ...
-	 */
-	if (__ispwNIS ()) {
-		char *nis_domain;
-		char *nis_master;
-
-		fprintf (stderr,
-		         _("%s: cannot change user '%s' on NIS client.\n"),
-		         Prog, user);
-
-		if (!yp_get_default_domain (&nis_domain) &&
-		    !yp_master (nis_domain, "passwd.byname", &nis_master)) {
-			fprintf (stderr,
-			         _("%s: '%s' is the NIS master for this client.\n"),
-			         Prog, nis_master);
-		}
-		fail_exit (1);
-	}
-#endif
-
 	check_perms (pw);
 
 	/*
@@ -492,7 +525,7 @@ int main (int argc, char **argv)
 	 * file, or use the value from the command line.
 	 */
 	if (!sflg) {
-		STRFCPY (loginsh, pw->pw_shell);
+		STRTCPY(loginsh, pw->pw_shell);
 	}
 
 	/*
@@ -514,11 +547,15 @@ int main (int argc, char **argv)
 		fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
 		fail_exit (1);
 	}
-	if (   !amroot
-	    && (   is_restricted_shell (loginsh)
-	        || (access (loginsh, X_OK) != 0))) {
-		fprintf (stderr, _("%s: %s is an invalid shell\n"), Prog, loginsh);
-		fail_exit (1);
+	if (loginsh[0] != '/'
+			|| is_restricted_shell (loginsh)
+			|| (access (loginsh, X_OK) != 0)) {
+		if (amroot) {
+			fprintf (stderr, _("%s: Warning: %s is an invalid shell\n"), Prog, loginsh);
+		} else {
+			fprintf (stderr, _("%s: %s is an invalid shell\n"), Prog, loginsh);
+			fail_exit (1);
+		}
 	}
 
 	/* Even for root, warn if an invalid shell is specified. */
diff --git a/src/expiry.c b/src/expiry.c
index dc20b90..12647a2 100644
--- a/src/expiry.c
+++ b/src/expiry.c
@@ -16,6 +16,8 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <getopt.h>
+
+#include "attr.h"
 #include "defines.h"
 #include "prototypes.h"
 /*@-exitarg@*/
@@ -23,18 +25,18 @@
 #include "shadowlog.h"
 
 /* Global variables */
-const char *Prog;
+static const char Prog[] = "expiry";
 static bool cflg = false;
 
 /* local function prototypes */
-static void catch_signals (unused int sig);
-static /*@noreturn@*/void usage (int status);
+static void catch_signals (MAYBE_UNUSED int sig);
+NORETURN static void usage (int status);
 static void process_flags (int argc, char **argv);
 
 /*
  * catch_signals - signal catcher
  */
-static void catch_signals (unused int sig)
+static void catch_signals (MAYBE_UNUSED int sig)
 {
 	_exit (10);
 }
@@ -42,7 +44,9 @@ static void catch_signals (unused int sig)
 /*
  * usage - print syntax message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -121,21 +125,19 @@ int main (int argc, char **argv)
 	struct passwd *pwd;
 	struct spwd *spwd;
 
-	Prog = Basename (argv[0]);
+	sanitize_env ();
+	check_fds ();
+
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
-	sanitize_env ();
-
 	/*
 	 * Start by disabling all of the keyboard signals.
 	 */
 	(void) signal (SIGHUP, catch_signals);
 	(void) signal (SIGINT, catch_signals);
 	(void) signal (SIGQUIT, catch_signals);
-#ifdef	SIGTSTP
 	(void) signal (SIGTSTP, catch_signals);
-#endif
 
 	/*
 	 * expiry takes one of two arguments. The default action is to give
@@ -145,7 +147,7 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
-	OPENLOG ("expiry");
+	OPENLOG (Prog);
 
 	process_flags (argc, argv);
 
diff --git a/src/faillog.c b/src/faillog.c
index 0f94836..77c25b8 100644
--- a/src/faillog.c
+++ b/src/faillog.c
@@ -18,15 +18,21 @@
 #include <sys/types.h>
 #include <time.h>
 #include <assert.h>
+
+#include "atoi/str2i.h"
 #include "defines.h"
 #include "faillog.h"
+#include "memzero.h"
 #include "prototypes.h"
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "string/strftime.h"
+
+
 
 /* local function prototypes */
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static void print_one (/*@null@*/const struct passwd *pw, bool force);
 static void set_locktime (long locktime);
 static bool set_locktime_one (uid_t uid, long locktime);
@@ -39,7 +45,7 @@ static void reset (void);
 /*
  * Global variables
  */
-const char *Prog;		/* Program name */
+static const char Prog[] = "faillog";	/* Program name */
 static FILE *fail;		/* failure file stream */
 static time_t seconds;		/* that number of days in seconds */
 static unsigned long umin;	/* if uflg and has_umin, only display users with uid >= umin */
@@ -57,9 +63,11 @@ static bool rflg = false;	/* reset the counters of login failures */
 
 static struct stat statbuf;	/* fstat buffer for file size */
 
-#define	NOW	(time((time_t *) 0))
+#define	NOW	time(NULL)
 
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -81,34 +89,36 @@ static /*@noreturn@*/void usage (int status)
 	exit (status);
 }
 
-static void print_one (/*@null@*/const struct passwd *pw, bool force)
+/*
+ * Looks up the offset in the faillog file for the given uid.
+ * Returns -1 on error.
+ */
+static off_t lookup_faillog(struct faillog *fl, uid_t uid)
 {
-	static bool once = false;
-	struct tm *tm;
-	off_t offset;
-	struct faillog fl;
-	time_t now;
-	char *cp;
-	char ptime[80];
-
-	if (NULL == pw) {
-		return;
+	off_t offset, size;
+
+	/* Ensure multiplication does not overflow and retrieving a wrong entry */
+	if (__builtin_mul_overflow(uid, sizeof(*fl), &offset)) {
+		fprintf(stderr,
+		        _("%s: Failed to get the entry for UID %lu\n"),
+		        Prog, (unsigned long)uid);
+		return -1;
 	}
 
-	offset = (off_t) pw->pw_uid * sizeof (fl);
-	if (offset + sizeof (fl) <= statbuf.st_size) {
+	if (!__builtin_add_overflow(offset, sizeof(*fl), &size)
+	    && size <= statbuf.st_size) {
 		/* fseeko errors are not really relevant for us. */
-		int err = fseeko (fail, offset, SEEK_SET);
-		assert (0 == err);
+		int err = fseeko(fail, offset, SEEK_SET);
+		assert(0 == err);
 		/* faillog is a sparse file. Even if no entries were
 		 * entered for this user, which should be able to get the
 		 * empty entry in this case.
 		 */
-		if (fread ((char *) &fl, sizeof (fl), 1, fail) != 1) {
-			fprintf (stderr,
-			         _("%s: Failed to get the entry for UID %lu\n"),
-			         Prog, (unsigned long int)pw->pw_uid);
-			return;
+		if (fread(fl, sizeof(*fl), 1, fail) != 1) {
+			fprintf(stderr,
+			        _("%s: Failed to get the entry for UID %lu\n"),
+			        Prog, (unsigned long)uid);
+			return -1;
 		}
 	} else {
 		/* Outsize of the faillog file.
@@ -116,7 +126,27 @@ static void print_one (/*@null@*/const struct passwd *pw, bool force)
 		 * as if we were reading an non existing entry in the
 		 * sparse faillog file).
 		 */
-		memzero (&fl, sizeof (fl));
+		memzero(fl, sizeof(*fl));
+	}
+
+	return offset;
+}
+
+static void print_one (/*@null@*/const struct passwd *pw, bool force)
+{
+	static bool once = false;
+	struct tm *tm;
+	struct faillog fl;
+	time_t now;
+	char *cp;
+	char ptime[80];
+
+	if (NULL == pw) {
+		return;
+	}
+
+	if (lookup_faillog(&fl, pw->pw_uid) < 0) {
+		return;
 	}
 
 	/* Nothing to report */
@@ -142,7 +172,7 @@ static void print_one (/*@null@*/const struct passwd *pw, bool force)
 		fprintf (stderr, "Cannot read time from faillog.\n");
 		return;
 	}
-	strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
+	STRFTIME(ptime, "%D %H:%M:%S %z", tm);
 	cp = ptime;
 
 	printf ("%-9s   %5d    %5d   ",
@@ -164,7 +194,7 @@ static void print_one (/*@null@*/const struct passwd *pw, bool force)
 static void print (void)
 {
 	if (uflg && has_umin && has_umax && (umin==umax)) {
-		print_one (getpwuid ((uid_t)umin), true);
+		print_one (getpwuid (umin), true);
 	} else {
 		/* We only print records for existing users.
 		 * Loop based on the user database instead of reading the
@@ -197,28 +227,10 @@ static bool reset_one (uid_t uid)
 	off_t offset;
 	struct faillog fl;
 
-	offset = (off_t) uid * sizeof (fl);
-	if (offset + sizeof (fl) <= statbuf.st_size) {
-		/* fseeko errors are not really relevant for us. */
-		int err = fseeko (fail, offset, SEEK_SET);
-		assert (0 == err);
-		/* faillog is a sparse file. Even if no entries were
-		 * entered for this user, which should be able to get the
-		 * empty entry in this case.
-		 */
-		if (fread ((char *) &fl, sizeof (fl), 1, fail) != 1) {
-			fprintf (stderr,
-			         _("%s: Failed to get the entry for UID %lu\n"),
-			         Prog, (unsigned long int)uid);
-			return true;
-		}
-	} else {
-		/* Outsize of the faillog file.
-		 * Behave as if there were a missing entry (same behavior
-		 * as if we were reading an non existing entry in the
-		 * sparse faillog file).
-		 */
-		memzero (&fl, sizeof (fl));
+	offset = lookup_faillog(&fl, uid);
+	if (offset < 0) {
+		/* failure */
+		return true;
 	}
 
 	if (0 == fl.fail_cnt) {
@@ -232,21 +244,21 @@ static bool reset_one (uid_t uid)
 	fl.fail_cnt = 0;
 
 	if (   (fseeko (fail, offset, SEEK_SET) == 0)
-	    && (fwrite ((char *) &fl, sizeof (fl), 1, fail) == 1)) {
+	    && (fwrite (&fl, sizeof (fl), 1, fail) == 1)) {
 		(void) fflush (fail);
 		return false;
 	}
 
 	fprintf (stderr,
 	         _("%s: Failed to reset fail count for UID %lu\n"),
-	         Prog, (unsigned long int)uid);
+	         Prog, (unsigned long)uid);
 	return true;
 }
 
 static void reset (void)
 {
 	if (uflg && has_umin && has_umax && (umin==umax)) {
-		if (reset_one ((uid_t)umin)) {
+		if (reset_one (umin)) {
 			errors = true;
 		}
 	} else {
@@ -258,7 +270,7 @@ static void reset (void)
 			uidmax--;
 		}
 		if (has_umax && (uid_t)umax < uidmax) {
-			uidmax = (uid_t)umax;
+			uidmax = umax;
 		}
 
 		/* Reset all entries in the specified range.
@@ -271,7 +283,7 @@ static void reset (void)
 
 			/* Make sure we stay in the umin-umax range if specified */
 			if (has_umin) {
-				uid = (uid_t)umin;
+				uid = umin;
 			}
 
 			while (uid <= uidmax) {
@@ -289,7 +301,7 @@ static void reset (void)
 			while ( (pwent = getpwent ()) != NULL ) {
 				if (   uflg
 				    && (   (has_umin && (pwent->pw_uid < (uid_t)umin))
-				        || (pwent->pw_uid > (uid_t)uidmax))) {
+				        || (pwent->pw_uid > uidmax))) {
 					continue;
 				}
 				if (reset_one (pwent->pw_uid)) {
@@ -311,28 +323,9 @@ static bool setmax_one (uid_t uid, short max)
 	off_t offset;
 	struct faillog fl;
 
-	offset = (off_t) uid * sizeof (fl);
-	if (offset + sizeof (fl) <= statbuf.st_size) {
-		/* fseeko errors are not really relevant for us. */
-		int err = fseeko (fail, offset, SEEK_SET);
-		assert (0 == err);
-		/* faillog is a sparse file. Even if no entries were
-		 * entered for this user, which should be able to get the
-		 * empty entry in this case.
-		 */
-		if (fread ((char *) &fl, sizeof (fl), 1, fail) != 1) {
-			fprintf (stderr,
-			         _("%s: Failed to get the entry for UID %lu\n"),
-			         Prog, (unsigned long int)uid);
-			return true;
-		}
-	} else {
-		/* Outsize of the faillog file.
-		 * Behave as if there were a missing entry (same behavior
-		 * as if we were reading an non existing entry in the
-		 * sparse faillog file).
-		 */
-		memzero (&fl, sizeof (fl));
+	offset = lookup_faillog(&fl, uid);
+	if (offset < 0) {
+		return true;
 	}
 
 	if (max == fl.fail_max) {
@@ -347,21 +340,21 @@ static bool setmax_one (uid_t uid, short max)
 	fl.fail_max = max;
 
 	if (   (fseeko (fail, offset, SEEK_SET) == 0)
-	    && (fwrite ((char *) &fl, sizeof (fl), 1, fail) == 1)) {
+	    && (fwrite (&fl, sizeof (fl), 1, fail) == 1)) {
 		(void) fflush (fail);
 		return false;
 	}
 
 	fprintf (stderr,
 	         _("%s: Failed to set max for UID %lu\n"),
-	         Prog, (unsigned long int)uid);
+	         Prog, (unsigned long)uid);
 	return true;
 }
 
 static void setmax (short max)
 {
 	if (uflg && has_umin && has_umax && (umin==umax)) {
-		if (setmax_one ((uid_t)umin, max)) {
+		if (setmax_one (umin, max)) {
 			errors = true;
 		}
 	} else {
@@ -385,10 +378,10 @@ static void setmax (short max)
 
 			/* Make sure we stay in the umin-umax range if specified */
 			if (has_umin) {
-				uid = (uid_t)umin;
+				uid = umin;
 			}
 			if (has_umax) {
-				uidmax = (uid_t)umax;
+				uidmax = umax;
 			}
 
 			while (uid <= uidmax) {
@@ -428,28 +421,9 @@ static bool set_locktime_one (uid_t uid, long locktime)
 	off_t offset;
 	struct faillog fl;
 
-	offset = (off_t) uid * sizeof (fl);
-	if (offset + sizeof (fl) <= statbuf.st_size) {
-		/* fseeko errors are not really relevant for us. */
-		int err = fseeko (fail, offset, SEEK_SET);
-		assert (0 == err);
-		/* faillog is a sparse file. Even if no entries were
-		 * entered for this user, which should be able to get the
-		 * empty entry in this case.
-		 */
-		if (fread ((char *) &fl, sizeof (fl), 1, fail) != 1) {
-			fprintf (stderr,
-			         _("%s: Failed to get the entry for UID %lu\n"),
-			         Prog, (unsigned long int)uid);
-			return true;
-		}
-	} else {
-		/* Outsize of the faillog file.
-		 * Behave as if there were a missing entry (same behavior
-		 * as if we were reading an non existing entry in the
-		 * sparse faillog file).
-		 */
-		memzero (&fl, sizeof (fl));
+	offset = lookup_faillog(&fl, uid);
+	if (offset < 0) {
+		return true;
 	}
 
 	if (locktime == fl.fail_locktime) {
@@ -464,21 +438,21 @@ static bool set_locktime_one (uid_t uid, long locktime)
 	fl.fail_locktime = locktime;
 
 	if (   (fseeko (fail, offset, SEEK_SET) == 0)
-	    && (fwrite ((char *) &fl, sizeof (fl), 1, fail) == 1)) {
+	    && (fwrite (&fl, sizeof (fl), 1, fail) == 1)) {
 		(void) fflush (fail);
 		return false;
 	}
 
 	fprintf (stderr,
 	         _("%s: Failed to set locktime for UID %lu\n"),
-	         Prog, (unsigned long int)uid);
+	         Prog, (unsigned long)uid);
 	return true;
 }
 
 static void set_locktime (long locktime)
 {
 	if (uflg && has_umin && has_umax && (umin==umax)) {
-		if (set_locktime_one ((uid_t)umin, locktime)) {
+		if (set_locktime_one (umin, locktime)) {
 			errors = true;
 		}
 	} else {
@@ -502,10 +476,10 @@ static void set_locktime (long locktime)
 
 			/* Make sure we stay in the umin-umax range if specified */
 			if (has_umin) {
-				uid = (uid_t)umin;
+				uid = umin;
 			}
 			if (has_umax) {
-				uidmax = (uid_t)umax;
+				uidmax = umax;
 			}
 
 			while (uid <= uidmax) {
@@ -541,11 +515,6 @@ int main (int argc, char **argv)
 	short fail_max = 0; // initialize to silence compiler warning
 	long days = 0;
 
-	/*
-	 * Get the program name. The program name is used as a prefix to
-	 * most error messages.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -578,7 +547,7 @@ int main (int argc, char **argv)
 				usage (E_SUCCESS);
 				/*@notreached@*/break;
 			case 'l':
-				if (getlong (optarg, &fail_locktime) == 0) {
+				if (str2sl(&fail_locktime, optarg) == -1) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
 					         Prog, optarg);
@@ -588,15 +557,16 @@ int main (int argc, char **argv)
 				break;
 			case 'm':
 			{
-				long int lmax;
-				if (   (getlong (optarg, &lmax) == 0)
-				    || ((long int)(short) lmax != lmax)) {
+				long  lmax;
+
+				if (   (str2sl(&lmax, optarg) == -1)
+				    || ((long)(short) lmax != lmax)) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
 					         Prog, optarg);
 					exit (E_BAD_ARG);
 				}
-				fail_max = (short) lmax;
+				fail_max = lmax;
 				mflg = true;
 				break;
 			}
@@ -606,7 +576,7 @@ int main (int argc, char **argv)
 			case 'R': /* no-op, handled in process_root_flag () */
 				break;
 			case 't':
-				if (getlong (optarg, &days) == 0) {
+				if (str2sl(&days, optarg) == -1) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
 					         Prog, optarg);
@@ -630,14 +600,14 @@ int main (int argc, char **argv)
 				/* local, no need for xgetpwnam */
 				pwent = getpwnam (optarg);
 				if (NULL != pwent) {
-					umin = (unsigned long) pwent->pw_uid;
+					umin = pwent->pw_uid;
 					has_umin = true;
 					umax = umin;
 					has_umax = true;
 				} else {
-					if (getrange (optarg,
-					              &umin, &has_umin,
-					              &umax, &has_umax) == 0) {
+					if (getrange(optarg,
+					             &umin, &has_umin,
+					             &umax, &has_umax) == -1) {
 						fprintf (stderr,
 						         _("%s: Unknown user or range: %s\n"),
 						         Prog, optarg);
diff --git a/src/free_subid_range.c b/src/free_subid_range.c
index d9a2cd8..441c227 100644
--- a/src/free_subid_range.c
+++ b/src/free_subid_range.c
@@ -9,7 +9,7 @@
 
 /* Test program for the subid freeing routine */
 
-const char *Prog;
+static const char Prog[] = "free_subid_range";
 
 static void usage(void)
 {
@@ -25,7 +25,6 @@ int main(int argc, char *argv[])
 	struct subordinate_range range;
 	bool group = false;   // get subuids by default
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 	while ((c = getopt(argc, argv, "g")) != EOF) {
diff --git a/src/get_subid_owners.c b/src/get_subid_owners.c
index 36974b8..e1c1e79 100644
--- a/src/get_subid_owners.c
+++ b/src/get_subid_owners.c
@@ -6,7 +6,7 @@
 #include "prototypes.h"
 #include "shadowlog.h"
 
-const char *Prog;
+static const char Prog[] = "get_subid_owners";
 
 static void usage(void)
 {
@@ -21,7 +21,6 @@ int main(int argc, char *argv[])
 	int i, n;
 	uid_t *uids;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 	if (argc < 2) {
diff --git a/src/getsubids.c b/src/getsubids.c
index c91ae39..0753abd 100644
--- a/src/getsubids.c
+++ b/src/getsubids.c
@@ -7,7 +7,7 @@
 #include "prototypes.h"
 #include "shadowlog.h"
 
-const char *Prog;
+static const char Prog[] = "getsubids";
 
 static void usage(void)
 {
@@ -23,7 +23,6 @@ int main(int argc, char *argv[])
 	struct subid_range *ranges;
 	const char *owner;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 	if (argc < 2)
@@ -45,5 +44,6 @@ int main(int argc, char *argv[])
 		printf("%d: %s %lu %lu\n", i, owner,
 			ranges[i].start, ranges[i].count);
 	}
+	free(ranges);
 	return 0;
 }
diff --git a/src/gpasswd.c b/src/gpasswd.c
index 5983f78..de6b1c4 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -19,8 +19,13 @@
 #include <signal.h>
 #include <stdio.h>
 #include <sys/types.h>
+
+#include "agetpass.h"
+#include "alloc.h"
+#include "attr.h"
 #include "defines.h"
 #include "groupio.h"
+#include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -29,13 +34,16 @@
 #endif
 /*@-exitarg@*/
 #include "exitcodes.h"
-
 #include "shadowlog.h"
+#include "string/sprintf.h"
+#include "string/strtcpy.h"
+
+
 /*
  * Global variables
  */
 /* The name of this command, as it is invoked */
-const char *Prog;
+static const char Prog[] = "gpasswd";
 
 #ifdef SHADOWGRP
 /* Indicate if shadow groups are enabled on the system
@@ -73,6 +81,7 @@ static uid_t bywho;
 #endif
 
 /* local function prototypes */
+NORETURN static void failure(void);
 static void usage (int status);
 static void catch_signals (int killed);
 static bool is_valid_user_list (const char *users);
@@ -92,14 +101,14 @@ static void update_group (struct group *gr);
 static void change_passwd (struct group *gr);
 #endif
 static void log_gpasswd_failure (const char *suffix);
-static void log_gpasswd_failure_system (/*@null@*/unused void *arg);
-static void log_gpasswd_failure_group (/*@null@*/unused void *arg);
+static void log_gpasswd_failure_system (/*@null@*/MAYBE_UNUSED void *arg);
+static void log_gpasswd_failure_group (/*@null@*/MAYBE_UNUSED void *arg);
 #ifdef SHADOWGRP
-static void log_gpasswd_failure_gshadow (/*@null@*/unused void *arg);
+static void log_gpasswd_failure_gshadow (/*@null@*/MAYBE_UNUSED void *arg);
 #endif
 static void log_gpasswd_success (const char *suffix);
-static void log_gpasswd_success_system (/*@null@*/unused void *arg);
-static void log_gpasswd_success_group (/*@null@*/unused void *arg);
+static void log_gpasswd_success_system (/*@null@*/MAYBE_UNUSED void *arg);
+static void log_gpasswd_success_group (/*@null@*/MAYBE_UNUSED void *arg);
 
 /*
  * usage - display usage message
@@ -194,11 +203,11 @@ static bool is_valid_user_list (const char *users)
 	return is_valid;
 }
 
-static void failure (void)
+static void failure(void)
 {
-	fprintf (stderr, _("%s: Permission denied.\n"), Prog);
-	log_gpasswd_failure (": Permission denied");
-	exit (E_NOPERM);
+	fprintf(stderr, _("%s: Permission denied.\n"), Prog);
+	log_gpasswd_failure(": Permission denied");
+	exit(E_NOPERM);
 }
 
 /*
@@ -376,17 +385,16 @@ static void open_files (void)
 static void log_gpasswd_failure (const char *suffix)
 {
 #ifdef WITH_AUDIT
-	char buf[1024];
+	char  buf[1024];
 #endif
+
 	if (aflg) {
 		SYSLOG ((LOG_ERR,
 		         "%s failed to add user %s to group %s%s",
 		         myname, user, group, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "%s failed to add user %s to group %s%s",
-		          myname, user, group, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "%s failed to add user %s to group %s%s",
+		         myname, user, group, suffix);
 		audit_logger (AUDIT_USER_ACCT, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -397,10 +405,8 @@ static void log_gpasswd_failure (const char *suffix)
 		         "%s failed to remove user %s from group %s%s",
 		         myname, user, group, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "%s failed to remove user %s from group %s%s",
-		          myname, user, group, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "%s failed to remove user %s from group %s%s",
+		         myname, user, group, suffix);
 		audit_logger (AUDIT_USER_ACCT, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -411,10 +417,8 @@ static void log_gpasswd_failure (const char *suffix)
 		         "%s failed to remove password of group %s%s",
 		         myname, group, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "%s failed to remove password of group %s%s",
-		          myname, group, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "%s failed to remove password of group %s%s",
+		         myname, group, suffix);
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -425,10 +429,8 @@ static void log_gpasswd_failure (const char *suffix)
 		         "%s failed to restrict access to group %s%s",
 		         myname, group, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "%s failed to restrict access to group %s%s",
-		          myname, group, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "%s failed to restrict access to group %s%s",
+		         myname, group, suffix);
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -441,10 +443,8 @@ static void log_gpasswd_failure (const char *suffix)
 			         "%s failed to set the administrators of group %s to %s%s",
 			         myname, group, admins, suffix));
 #ifdef WITH_AUDIT
-			snprintf (buf, 1023,
-			          "%s failed to set the administrators of group %s to %s%s",
-			          myname, group, admins, suffix);
-			buf[1023] = '\0';
+			SNPRINTF(buf, "%s failed to set the administrators of group %s to %s%s",
+			         myname, group, admins, suffix);
 			audit_logger (AUDIT_USER_ACCT, Prog,
 			              buf,
 			              group, AUDIT_NO_ID,
@@ -457,10 +457,8 @@ static void log_gpasswd_failure (const char *suffix)
 			         "%s failed to set the members of group %s to %s%s",
 			         myname, group, members, suffix));
 #ifdef WITH_AUDIT
-			snprintf (buf, 1023,
-			          "%s failed to set the members of group %s to %s%s",
-			          myname, group, members, suffix);
-			buf[1023] = '\0';
+			SNPRINTF(buf, "%s failed to set the members of group %s to %s%s",
+			         myname, group, members, suffix);
 			audit_logger (AUDIT_USER_ACCT, Prog,
 			              buf,
 			              group, AUDIT_NO_ID,
@@ -472,10 +470,8 @@ static void log_gpasswd_failure (const char *suffix)
 		         "%s failed to change password of group %s%s",
 		         myname, group, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "%s failed to change password of group %s%s",
-		          myname, group, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "%s failed to change password of group %s%s",
+		         myname, group, suffix);
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -484,25 +480,25 @@ static void log_gpasswd_failure (const char *suffix)
 	}
 }
 
-static void log_gpasswd_failure_system (unused void *arg)
+static void log_gpasswd_failure_system (MAYBE_UNUSED void *arg)
 {
 	log_gpasswd_failure ("");
 }
 
-static void log_gpasswd_failure_group (unused void *arg)
+static void log_gpasswd_failure_group (MAYBE_UNUSED void *arg)
 {
-	char buf[1024];
-	snprintf (buf, 1023, " in %s", gr_dbname ());
-	buf[1023] = '\0';
+	char  buf[1024];
+
+	SNPRINTF(buf, " in %s", gr_dbname());
 	log_gpasswd_failure (buf);
 }
 
 #ifdef SHADOWGRP
-static void log_gpasswd_failure_gshadow (unused void *arg)
+static void log_gpasswd_failure_gshadow (MAYBE_UNUSED void *arg)
 {
-	char buf[1024];
-	snprintf (buf, 1023, " in %s", sgr_dbname ());
-	buf[1023] = '\0';
+	char  buf[1024];
+
+	SNPRINTF(buf, " in %s", sgr_dbname());
 	log_gpasswd_failure (buf);
 }
 #endif				/* SHADOWGRP */
@@ -510,17 +506,16 @@ static void log_gpasswd_failure_gshadow (unused void *arg)
 static void log_gpasswd_success (const char *suffix)
 {
 #ifdef WITH_AUDIT
-	char buf[1024];
+	char  buf[1024];
 #endif
+
 	if (aflg) {
 		SYSLOG ((LOG_INFO,
 		         "user %s added by %s to group %s%s",
 		         user, myname, group, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "user %s added by %s to group %s%s",
-		          user, myname, group, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "user %s added by %s to group %s%s",
+		         user, myname, group, suffix);
 		audit_logger (AUDIT_USER_ACCT, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -531,10 +526,8 @@ static void log_gpasswd_success (const char *suffix)
 		         "user %s removed by %s from group %s%s",
 		         user, myname, group, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "user %s removed by %s from group %s%s",
-		          user, myname, group, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "user %s removed by %s from group %s%s",
+		         user, myname, group, suffix);
 		audit_logger (AUDIT_USER_ACCT, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -545,10 +538,8 @@ static void log_gpasswd_success (const char *suffix)
 		         "password of group %s removed by %s%s",
 		         group, myname, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "password of group %s removed by %s%s",
-		          group, myname, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "password of group %s removed by %s%s",
+		         group, myname, suffix);
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -559,10 +550,8 @@ static void log_gpasswd_success (const char *suffix)
 		         "access to group %s restricted by %s%s",
 		         group, myname, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "access to group %s restricted by %s%s",
-		          group, myname, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "access to group %s restricted by %s%s",
+		         group, myname, suffix);
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -575,10 +564,8 @@ static void log_gpasswd_success (const char *suffix)
 			         "administrators of group %s set by %s to %s%s",
 			         group, myname, admins, suffix));
 #ifdef WITH_AUDIT
-			snprintf (buf, 1023,
-			          "administrators of group %s set by %s to %s%s",
-			          group, myname, admins, suffix);
-			buf[1023] = '\0';
+			SNPRINTF(buf, "administrators of group %s set by %s to %s%s",
+			         group, myname, admins, suffix);
 			audit_logger (AUDIT_USER_ACCT, Prog,
 			              buf,
 			              group, AUDIT_NO_ID,
@@ -591,10 +578,8 @@ static void log_gpasswd_success (const char *suffix)
 			         "members of group %s set by %s to %s%s",
 			         group, myname, members, suffix));
 #ifdef WITH_AUDIT
-			snprintf (buf, 1023,
-			          "members of group %s set by %s to %s%s",
-			          group, myname, members, suffix);
-			buf[1023] = '\0';
+			SNPRINTF(buf, "members of group %s set by %s to %s%s",
+			         group, myname, members, suffix);
 			audit_logger (AUDIT_USER_ACCT, Prog,
 			              buf,
 			              group, AUDIT_NO_ID,
@@ -606,10 +591,8 @@ static void log_gpasswd_success (const char *suffix)
 		         "password of group %s changed by %s%s",
 		         group, myname, suffix));
 #ifdef WITH_AUDIT
-		snprintf (buf, 1023,
-		          "password of group %s changed by %s%s",
-		          group, myname, suffix);
-		buf[1023] = '\0';
+		SNPRINTF(buf, "password of group %s changed by %s%s",
+		         group, myname, suffix);
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              buf,
 		              group, AUDIT_NO_ID,
@@ -618,16 +601,16 @@ static void log_gpasswd_success (const char *suffix)
 	}
 }
 
-static void log_gpasswd_success_system (unused void *arg)
+static void log_gpasswd_success_system (MAYBE_UNUSED void *arg)
 {
 	log_gpasswd_success ("");
 }
 
-static void log_gpasswd_success_group (unused void *arg)
+static void log_gpasswd_success_group (MAYBE_UNUSED void *arg)
 {
-	char buf[1024];
-	snprintf (buf, 1023, " in %s", gr_dbname ());
-	buf[1023] = '\0';
+	char  buf[1024];
+
+	SNPRINTF(buf, " in %s", gr_dbname());
 	log_gpasswd_success (buf);
 }
 
@@ -704,8 +687,7 @@ static void check_perms (const struct group *gr)
 		}
 	} else
 #endif				/* SHADOWGRP */
-	{
-#ifdef FIRST_MEMBER_IS_ADMIN
+	if (!amroot) {
 		/*
 		 * The policy here for changing a group is that
 		 * 1) you must be root or
@@ -720,20 +702,14 @@ static void check_perms (const struct group *gr)
 		 * first group member might be just a normal user.
 		 * --marekm
 		 */
-		if (!amroot) {
-			if (gr->gr_mem[0] == (char *) 0) {
-				failure ();
-			}
-
-			if (strcmp (gr->gr_mem[0], myname) != 0) {
-				failure ();
-			}
-		}
-#else				/* ! FIRST_MEMBER_IS_ADMIN */
-		if (!amroot) {
-			failure ();
-		}
+#if !defined(FIRST_MEMBER_IS_ADMIN)
+		failure();
 #endif
+		if (gr->gr_mem[0] == NULL)
+			failure();
+
+		if (strcmp(gr->gr_mem[0], myname) != 0)
+			failure();
 	}
 }
 
@@ -834,7 +810,7 @@ static void get_group (struct group *gr)
 
 			sg->sg_mem = dup_list (gr->gr_mem);
 
-			sg->sg_adm = (char **) xmalloc (sizeof (char *) * 2);
+			sg->sg_adm = XMALLOC(2, char *);
 #ifdef FIRST_MEMBER_IS_ADMIN
 			if (sg->sg_mem[0]) {
 				sg->sg_adm[0] = xstrdup (sg->sg_mem[0]);
@@ -887,25 +863,26 @@ static void change_passwd (struct group *gr)
 	printf (_("Changing the password for group %s\n"), group);
 
 	for (retries = 0; retries < RETRIES; retries++) {
-		cp = getpass (_("New Password: "));
+		cp = agetpass (_("New Password: "));
 		if (NULL == cp) {
 			exit (1);
 		}
 
-		STRFCPY (pass, cp);
-		strzero (cp);
-		cp = getpass (_("Re-enter new password: "));
+		STRTCPY(pass, cp);
+		erase_pass (cp);
+		cp = agetpass (_("Re-enter new password: "));
 		if (NULL == cp) {
+			MEMZERO(pass);
 			exit (1);
 		}
 
 		if (strcmp (pass, cp) == 0) {
-			strzero (cp);
+			erase_pass (cp);
 			break;
 		}
 
-		strzero (cp);
-		memzero (pass, sizeof pass);
+		erase_pass (cp);
+		MEMZERO(pass);
 
 		if (retries + 1 < RETRIES) {
 			puts (_("They don't match; try again"));
@@ -925,7 +902,7 @@ static void change_passwd (struct group *gr)
 		         Prog, salt, strerror (errno));
 		exit (1);
 	}
-	memzero (pass, sizeof pass);
+	MEMZERO(pass);
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
 		gr->gr_passwd = SHADOW_PASSWD_STRING;
@@ -953,6 +930,8 @@ int main (int argc, char **argv)
 #endif
 
 	sanitize_env ();
+	check_fds ();
+
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
@@ -965,11 +944,10 @@ int main (int argc, char **argv)
 	 * with this command.
 	 */
 	bywho = getuid ();
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
-	OPENLOG ("gpasswd");
+	OPENLOG (Prog);
 	setbuf (stdout, NULL);
 	setbuf (stderr, NULL);
 
@@ -1145,9 +1123,7 @@ int main (int argc, char **argv)
 	(void) signal (SIGINT, catch_signals);
 	(void) signal (SIGQUIT, catch_signals);
 	(void) signal (SIGTERM, catch_signals);
-#ifdef SIGTSTP
 	(void) signal (SIGTSTP, catch_signals);
-#endif
 
 	/* Prompt for the new password */
 #ifdef SHADOWGRP
diff --git a/src/groupadd.c b/src/groupadd.c
index 66ccb53..46e6550 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -27,6 +27,7 @@
 #include "defines.h"
 #include "getdef.h"
 #include "groupio.h"
+#include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -34,6 +35,7 @@
 #include "sgroupio.h"
 #endif
 #include "shadowlog.h"
+#include "run_part.h"
 
 /*
  * exit status values
@@ -49,7 +51,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "groupadd";
 
 static /*@null@*/char *group_name;
 static gid_t group_id;
@@ -70,7 +72,7 @@ static bool is_shadow_grp;
 #endif
 
 /* local function prototypes */
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static void new_grent (struct group *grent);
 
 #ifdef SHADOWGRP
@@ -87,7 +89,9 @@ static void check_perms (void);
 /*
  * usage - display usage message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -105,7 +109,7 @@ static /*@noreturn@*/void usage (int status)
 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
-	(void) fputs (_("  -P, --prefix PREFIX_DI        directory prefix\n"), usageout);
+	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
 	(void) fputs (_("  -U, --users USERS             list of user members of this group\n"), usageout);
 	(void) fputs ("\n", usageout);
 	exit (status);
@@ -262,8 +266,7 @@ static void close_files (void)
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_ADD_GROUP, Prog,
 	              "adding group to /etc/group",
-	              group_name, (unsigned int) group_id,
-	              SHADOW_AUDIT_SUCCESS);
+	              group_name, group_id, SHADOW_AUDIT_SUCCESS);
 #endif
 	SYSLOG ((LOG_INFO, "group added to %s: name=%s, GID=%u",
 	         gr_dbname (), group_name, (unsigned int) group_id));
@@ -284,8 +287,7 @@ static void close_files (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_ADD_GROUP, Prog,
 		              "adding group to /etc/gshadow",
-		              group_name, (unsigned int) group_id,
-		              SHADOW_AUDIT_SUCCESS);
+		              group_name, group_id, SHADOW_AUDIT_SUCCESS);
 #endif
 		SYSLOG ((LOG_INFO, "group added to %s: name=%s",
 		         sgr_dbname (), group_name));
@@ -299,9 +301,7 @@ static void close_files (void)
 	/* Report success at the system level */
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_ADD_GROUP, Prog,
-	              "",
-	              group_name, (unsigned int) group_id,
-	              SHADOW_AUDIT_SUCCESS);
+	              "", group_name, group_id, SHADOW_AUDIT_SUCCESS);
 #endif
 	SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u",
 	         group_name, (unsigned int) group_id));
@@ -344,8 +344,8 @@ static void open_files (void)
 
 	/* And now open the databases */
 	if (gr_open (O_CREAT | O_RDWR) == 0) {
-		fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
-		SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
+		fprintf (stderr, _("%s: cannot open %s: %s\n"), Prog, gr_dbname (), strerror(errno));
+		SYSLOG ((LOG_WARN, "cannot open %s: %s", gr_dbname (), strerror(errno)));
 		exit (E_GRP_UPDATE);
 	}
 
@@ -353,9 +353,9 @@ static void open_files (void)
 	if (is_shadow_grp) {
 		if (sgr_open (O_CREAT | O_RDWR) == 0) {
 			fprintf (stderr,
-			         _("%s: cannot open %s\n"),
-			         Prog, sgr_dbname ());
-			SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
+			         _("%s: cannot open %s: %s\n"),
+			         Prog, sgr_dbname (), strerror(errno));
+			SYSLOG ((LOG_WARN, "cannot open %s: %s", sgr_dbname (), strerror(errno)));
 			exit (E_GRP_UPDATE);
 		}
 	}
@@ -403,7 +403,7 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'g':
 			gflg = true;
-			if (   (get_gid (optarg, &group_id) == 0)
+			if (   (get_gid(optarg, &group_id) == -1)
 			    || (group_id == (gid_t)-1)) {
 				fprintf (stderr,
 				         _("%s: invalid group ID '%s'\n"),
@@ -429,7 +429,7 @@ static void process_flags (int argc, char **argv)
 			}
 			/* terminate name, point to value */
 			*cp++ = '\0';
-			if (putdef_str (optarg, cp) < 0) {
+			if (putdef_str (optarg, cp, NULL) < 0) {
 				exit (E_BAD_ARG);
 			}
 			break;
@@ -511,7 +511,7 @@ static void check_flags (void)
 		} else {
 			fprintf (stderr,
 			         _("%s: GID '%lu' already exists\n"),
-			         Prog, (unsigned long int) group_id);
+			         Prog, (unsigned long) group_id);
 			exit (E_GID_IN_USE);
 		}
 	}
@@ -543,7 +543,7 @@ static void check_perms (void)
 		exit (1);
 	}
 
-	retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh);
+	retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 
 	if (PAM_SUCCESS == retval) {
 		retval = pam_authenticate (pamh, 0);
@@ -572,10 +572,6 @@ static void check_perms (void)
  */
 int main (int argc, char **argv)
 {
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -586,7 +582,7 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
-	OPENLOG ("groupadd");
+	OPENLOG (Prog);
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif
@@ -605,6 +601,11 @@ int main (int argc, char **argv)
 
 	check_perms ();
 
+	if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name,
+			Prog)) {
+		exit(1);
+	}
+
 #ifdef SHADOWGRP
 	is_shadow_grp = sgr_file_present ();
 #endif
@@ -623,6 +624,11 @@ int main (int argc, char **argv)
 
 	grp_update ();
 	close_files ();
+	if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name,
+			Prog)) {
+		exit(1);
+	}
+
 
 	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_GROUP);
diff --git a/src/groupdel.c b/src/groupdel.c
index c84faa7..4bc58aa 100644
--- a/src/groupdel.c
+++ b/src/groupdel.c
@@ -32,10 +32,11 @@
 #include "sgroupio.h"
 #endif
 #include "shadowlog.h"
+#include "run_part.h"
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "groupdel";
 
 static char *group_name;
 static gid_t group_id = -1;
@@ -58,7 +59,7 @@ static bool is_shadow_grp;
 #define E_GRP_UPDATE	10	/* can't update group file */
 
 /* local function prototypes */
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static void grp_update (void);
 static void close_files (void);
 static void open_files (void);
@@ -68,7 +69,9 @@ static void process_flags (int argc, char **argv);
 /*
  * usage - display usage message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -147,8 +150,7 @@ static void close_files (void)
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_DEL_GROUP, Prog,
 	              "removing group from /etc/group",
-	              group_name, (unsigned int) group_id,
-	              SHADOW_AUDIT_SUCCESS);
+	              group_name, group_id, SHADOW_AUDIT_SUCCESS);
 #endif
 	SYSLOG ((LOG_INFO,
 	         "group '%s' removed from %s",
@@ -172,8 +174,7 @@ static void close_files (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_GROUP, Prog,
 		              "removing group from /etc/gshadow",
-		              group_name, (unsigned int) group_id,
-		              SHADOW_AUDIT_SUCCESS);
+		              group_name, group_id, SHADOW_AUDIT_SUCCESS);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "group '%s' removed from %s",
@@ -188,9 +189,7 @@ static void close_files (void)
 	/* Report success at the system level */
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_DEL_GROUP, Prog,
-	              "",
-	              group_name, (unsigned int) group_id,
-	              SHADOW_AUDIT_SUCCESS);
+	              "", group_name, group_id, SHADOW_AUDIT_SUCCESS);
 #endif
 	SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
 	del_cleanup (cleanup_report_del_group);
@@ -275,7 +274,7 @@ static void group_busy (gid_t gid)
 	 * If pwd isn't NULL, it stopped because the gid's matched.
 	 */
 
-	if (pwd == (struct passwd *) 0) {
+	if (pwd == NULL) {
 		return;
 	}
 
@@ -350,10 +349,6 @@ int main (int argc, char **argv)
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -364,7 +359,7 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
-	OPENLOG ("groupdel");
+	OPENLOG (Prog);
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif
@@ -390,7 +385,7 @@ int main (int argc, char **argv)
 			exit (1);
 		}
 
-		retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh);
+		retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 	}
 
 	if (PAM_SUCCESS == retval) {
@@ -434,28 +429,6 @@ int main (int argc, char **argv)
 		group_id = grp->gr_gid;
 	}
 
-#ifdef	USE_NIS
-	/*
-	 * Make sure this isn't a NIS group
-	 */
-	if (__isgrNIS ()) {
-		char *nis_domain;
-		char *nis_master;
-
-		fprintf (stderr,
-		         _("%s: group '%s' is a NIS group\n"),
-		         Prog, group_name);
-
-		if (!yp_get_default_domain (&nis_domain) &&
-		    !yp_master (nis_domain, "group.byname", &nis_master)) {
-			fprintf (stderr,
-			         _("%s: %s is the NIS master\n"),
-			         Prog, nis_master);
-		}
-		exit (E_NOTFOUND);
-	}
-#endif
-
 	/*
 	 * Make sure this isn't the primary group of anyone.
 	 */
@@ -463,6 +436,11 @@ int main (int argc, char **argv)
 		group_busy (group_id);
 	}
 
+	if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name,
+			Prog)) {
+		exit(1);
+	}
+
 	/*
 	 * Do the hard stuff - open the files, delete the group entries,
 	 * then close and update the files.
@@ -473,6 +451,11 @@ int main (int argc, char **argv)
 
 	close_files ();
 
+	if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name,
+			Prog)) {
+		exit(1);
+	}
+
 	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_GROUP);
 
diff --git a/src/groupmems.c b/src/groupmems.c
index a0e3266..a369a61 100644
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -18,6 +18,8 @@
 #include "pam_defs.h"
 #endif				/* USE_PAM */
 #include <pwd.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "groupio.h"
@@ -42,7 +44,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "groupmems";
 
 static char *adduser = NULL;
 static char *deluser = NULL;
@@ -66,10 +68,10 @@ static void remove_user (const char *user,
                          const struct group *grp);
 static void purge_members (const struct group *grp);
 static void display_members (const char *const *members);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static void process_flags (int argc, char **argv);
 static void check_perms (void);
-static void fail_exit (int code);
+NORETURN static void fail_exit (int code);
 #define isroot()		(getuid () == 0)
 
 static char *whoami (void)
@@ -89,7 +91,7 @@ static char *whoami (void)
 }
 
 /*
- * add_user - Add an user to the specified group
+ * add_user - Add a user to the specified group
  */
 static void add_user (const char *user,
                       const struct group *grp)
@@ -125,7 +127,7 @@ static void add_user (const char *user,
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
 			sgrent.sg_mem = dup_list (newgrp->gr_mem);
-			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_adm = XMALLOC(1, char *);
 #ifdef FIRST_MEMBER_IS_ADMIN
 			if (sgrent.sg_mem[0]) {
 				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
@@ -172,7 +174,7 @@ static void add_user (const char *user,
 }
 
 /*
- * remove_user - Remove an user from a given group
+ * remove_user - Remove a user from a given group
  */
 static void remove_user (const char *user,
                          const struct group *grp)
@@ -208,7 +210,7 @@ static void remove_user (const char *user,
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
 			sgrent.sg_mem = dup_list (newgrp->gr_mem);
-			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_adm = XMALLOC(1, char *);
 #ifdef FIRST_MEMBER_IS_ADMIN
 			if (sgrent.sg_mem[0]) {
 				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
@@ -281,9 +283,9 @@ static void purge_members (const struct group *grp)
 			/* Create a shadow group based on this group */
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
-			sgrent.sg_mem = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_mem = XMALLOC(1, char *);
 			sgrent.sg_mem[0] = NULL;
-			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_adm = XMALLOC(1, char *);
 			sgrent.sg_adm[0] = NULL;
 
 			/* Move any password to gshadow */
@@ -339,7 +341,9 @@ static void display_members (const char *const *members)
 	}
 }
 
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (EXIT_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -439,7 +443,7 @@ static void check_perms (void)
 			fail_exit (1);
 		}
 
-		retval = pam_start ("groupmems", pampw->pw_name, &conv, &pamh);
+		retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 
 		if (PAM_SUCCESS == retval) {
 			retval = pam_authenticate (pamh, 0);
@@ -569,10 +573,6 @@ int main (int argc, char **argv)
 	char *name;
 	const struct group *grp;
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -582,7 +582,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	OPENLOG ("groupmems");
+	OPENLOG (Prog);
 
 #ifdef SHADOWGRP
 	is_shadowgrp = sgr_file_present ();
diff --git a/src/groupmod.c b/src/groupmod.c
index 006eca1..989d7ea 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -15,7 +15,9 @@
 #include <fcntl.h>
 #include <getopt.h>
 #include <grp.h>
+#include <stdint.h>
 #include <stdio.h>
+#include <strings.h>
 #include <sys/types.h>
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
@@ -23,6 +25,8 @@
 #include <pwd.h>
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
+
+#include "alloc.h"
 #include "chkname.h"
 #include "defines.h"
 #include "groupio.h"
@@ -34,6 +38,8 @@
 #include "sgroupio.h"
 #endif
 #include "shadowlog.h"
+#include "string/stpecpy.h"
+#include "string/stpeprintf.h"
 /*
  * exit status values
  */
@@ -53,7 +59,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "groupmod";
 
 #ifdef	SHADOWGRP
 static bool is_shadow_grp;
@@ -224,7 +230,7 @@ static void grp_update (void)
 			 * shadowed password, we force the creation of a
 			 * gshadow entry when a new password is requested.
 			 */
-			memset (&sgrp, 0, sizeof sgrp);
+			bzero(&sgrp, sizeof sgrp);
 			sgrp.sg_name   = xstrdup (grp.gr_name);
 			sgrp.sg_passwd = xstrdup (grp.gr_passwd);
 			sgrp.sg_adm    = &empty;
@@ -244,10 +250,8 @@ static void grp_update (void)
 
 		if (!aflg) {
 			// requested to replace the existing groups
-			if (NULL != grp.gr_mem[0])
-				gr_free_members(&grp);
-			grp.gr_mem = (char **)xmalloc(sizeof(char *));
-			grp.gr_mem[0] = (char *)0;
+			grp.gr_mem = XMALLOC(1, char *);
+			grp.gr_mem[0] = NULL;
 		} else {
 			// append to existing groups
 			if (NULL != grp.gr_mem[0])
@@ -333,7 +337,7 @@ static void check_new_gid (void)
 	 */
 	fprintf (stderr,
 	         _("%s: GID '%lu' already exists\n"),
-	         Prog, (unsigned long int) group_newid);
+	         Prog, (unsigned long) group_newid);
 	exit (E_GID_IN_USE);
 }
 
@@ -408,7 +412,7 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'g':
 			gflg = true;
-			if (   (get_gid (optarg, &group_newid) == 0)
+			if (   (get_gid(optarg, &group_newid) == -1)
 			    || (group_newid == (gid_t)-1)) {
 				fprintf (stderr,
 				         _("%s: invalid group ID '%s'\n"),
@@ -542,95 +546,74 @@ static void close_files (void)
  */
 static void prepare_failure_reports (void)
 {
+	char *gr, *gr_end;
+#ifdef	SHADOWGRP
+	char *sgr, *sgr_end;
+#endif
+	char *pw, *pw_end;
+
 	info_group.name   = group_name;
 #ifdef	SHADOWGRP
 	info_gshadow.name = group_name;
 #endif
 	info_passwd.name  = group_name;
 
-	info_group.audit_msg   = xmalloc (512);
+	gr                     = XMALLOC(512, char);
+	info_group.audit_msg   = gr;
+	gr_end                 = gr + 512;
 #ifdef	SHADOWGRP
-	info_gshadow.audit_msg = xmalloc (512);
+	sgr                    = XMALLOC(512, char);
+	info_gshadow.audit_msg = sgr;
+	sgr_end                = sgr + 512;
 #endif
-	info_passwd.audit_msg  = xmalloc (512);
+	pw                     = XMALLOC(512, char);
+	info_passwd.audit_msg  = pw;
+	pw_end                 = pw + 512;
 
-	(void) snprintf (info_group.audit_msg, 511,
-	                 "changing %s; ", gr_dbname ());
+	gr = stpeprintf(gr, gr_end, "changing %s; ", gr_dbname ());
 #ifdef	SHADOWGRP
-	(void) snprintf (info_gshadow.audit_msg, 511,
-	                 "changing %s; ", sgr_dbname ());
+	sgr = stpeprintf(sgr, sgr_end, "changing %s; ", sgr_dbname ());
 #endif
-	(void) snprintf (info_passwd.audit_msg, 511,
-	                 "changing %s; ", pw_dbname ());
+	pw = stpeprintf(pw, pw_end, "changing %s; ", pw_dbname ());
 
-	info_group.action   =   info_group.audit_msg
-	                      + strlen (info_group.audit_msg);
+	info_group.action   = gr;
 #ifdef	SHADOWGRP
-	info_gshadow.action =   info_gshadow.audit_msg
-	                      + strlen (info_gshadow.audit_msg);
+	info_gshadow.action = sgr;
 #endif
-	info_passwd.action  =   info_passwd.audit_msg
-	                      + strlen (info_passwd.audit_msg);
+	info_passwd.action  = pw;
 
-	(void) snprintf (info_group.action,
-	                 511 - strlen (info_group.audit_msg),
-	                 "group %s/%lu",
-	                 group_name, (unsigned long int) group_id);
+	gr  = stpeprintf(gr, gr_end,
+	                 "group %s/%ju", group_name, (uintmax_t) group_id);
 #ifdef	SHADOWGRP
-	(void) snprintf (info_gshadow.action,
-	                 511 - strlen (info_group.audit_msg),
+	sgr = stpeprintf(sgr, sgr_end,
 	                 "group %s", group_name);
 #endif
-	(void) snprintf (info_passwd.action,
-	                 511 - strlen (info_group.audit_msg),
-	                 "group %s/%lu",
-	                 group_name, (unsigned long int) group_id);
+	pw  = stpeprintf(pw, pw_end,
+	                 "group %s/%ju", group_name, (uintmax_t) group_id);
 
 	if (nflg) {
-		strncat (info_group.action, ", new name: ",
-		         511 - strlen (info_group.audit_msg));
-		strncat (info_group.action, group_newname,
-		         511 - strlen (info_group.audit_msg));
-
+		gr = stpecpy(gr, gr_end, ", new name: ");
+		gr = stpecpy(gr, gr_end, group_newname);
 #ifdef	SHADOWGRP
-		strncat (info_gshadow.action, ", new name: ",
-		         511 - strlen (info_gshadow.audit_msg));
-		strncat (info_gshadow.action, group_newname,
-		         511 - strlen (info_gshadow.audit_msg));
+		sgr = stpecpy(sgr, sgr_end, ", new name: ");
+		sgr = stpecpy(sgr, sgr_end, group_newname);
 #endif
-
-		strncat (info_passwd.action, ", new name: ",
-		         511 - strlen (info_passwd.audit_msg));
-		strncat (info_passwd.action, group_newname,
-		         511 - strlen (info_passwd.audit_msg));
+		pw = stpecpy(pw, pw_end, ", new name: ");
+		pw = stpecpy(pw, pw_end, group_newname);
 	}
 	if (pflg) {
-		strncat (info_group.action, ", new password",
-		         511 - strlen (info_group.audit_msg));
-
+		gr = stpecpy(gr, gr_end, ", new password");
 #ifdef	SHADOWGRP
-		strncat (info_gshadow.action, ", new password",
-		         511 - strlen (info_gshadow.audit_msg));
+		sgr = stpecpy(sgr, sgr_end, ", new password");
 #endif
 	}
 	if (gflg) {
-		strncat (info_group.action, ", new gid: ",
-		         511 - strlen (info_group.audit_msg));
-		(void) snprintf (info_group.action+strlen (info_group.action),
-		                 511 - strlen (info_group.audit_msg),
-		                 "%lu", (unsigned long int) group_newid);
-
-		strncat (info_passwd.action, ", new gid: ",
-		         511 - strlen (info_passwd.audit_msg));
-		(void) snprintf (info_passwd.action+strlen (info_passwd.action),
-		                 511 - strlen (info_passwd.audit_msg),
-		                 "%lu", (unsigned long int) group_newid);
-	}
-	info_group.audit_msg[511]   = '\0';
-#ifdef	SHADOWGRP
-	info_gshadow.audit_msg[511] = '\0';
-#endif
-	info_passwd.audit_msg[511]  = '\0';
+		gr = stpecpy(gr, gr_end, ", new gid: ");
+		stpeprintf(gr, gr_end, "%ju", (uintmax_t) group_newid);
+
+		pw = stpecpy(pw, pw_end, ", new gid: ");
+		stpeprintf(pw, pw_end, "%ju", (uintmax_t) group_newid);
+	}
 
 // FIXME: add a system cleanup
 	add_cleanup (cleanup_report_mod_group, &info_group);
@@ -766,10 +749,6 @@ int main (int argc, char **argv)
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -780,7 +759,7 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
-	OPENLOG ("groupmod");
+	OPENLOG (Prog);
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif
@@ -806,7 +785,7 @@ int main (int argc, char **argv)
 			exit (E_PAM_USERNAME);
 		}
 
-		retval = pam_start ("groupmod", pampw->pw_name, &conv, &pamh);
+		retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 	}
 
 	if (PAM_SUCCESS == retval) {
@@ -849,28 +828,6 @@ int main (int argc, char **argv)
 		}
 	}
 
-#ifdef	USE_NIS
-	/*
-	 * Now make sure it isn't an NIS group.
-	 */
-	if (__isgrNIS ()) {
-		char *nis_domain;
-		char *nis_master;
-
-		fprintf (stderr,
-		         _("%s: group %s is a NIS group\n"),
-		         Prog, group_name);
-
-		if (!yp_get_default_domain (&nis_domain) &&
-		    !yp_master (nis_domain, "group.byname", &nis_master)) {
-			fprintf (stderr,
-			         _("%s: %s is the NIS master\n"),
-			         Prog, nis_master);
-		}
-		exit (E_NOTFOUND);
-	}
-#endif
-
 	if (gflg) {
 		check_new_gid ();
 	}
diff --git a/src/groups.c b/src/groups.c
index 12bd224..d19a80a 100644
--- a/src/groups.c
+++ b/src/groups.c
@@ -14,13 +14,16 @@
 #include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
+
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "groups";
 
 /* local function prototypes */
 static void print_groups (const char *member);
@@ -88,16 +91,12 @@ int main (int argc, char **argv)
 	GETGROUPS_T *groups;
 
 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	groups = (GETGROUPS_T *) malloc (sizeof (GETGROUPS_T) * sys_ngroups);
+	groups = XMALLOC(sys_ngroups, GETGROUPS_T);
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
-	/*
-	 * Get the program name so that error messages can use it.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
diff --git a/src/grpck.c b/src/grpck.c
index 881fb4d..4ef1b15 100644
--- a/src/grpck.c
+++ b/src/grpck.c
@@ -43,7 +43,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "grpck";
 
 static const char *grp_file = GROUP_FILE;
 static bool use_system_grp_file = true;
@@ -62,7 +62,7 @@ static bool silence_warnings = false;
 
 /* local function prototypes */
 static void fail_exit (int status);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static void delete_member (char **, const char *);
 static void process_flags (int argc, char **argv);
 static void open_files (void);
@@ -114,7 +114,9 @@ static void fail_exit (int status)
 /*
  * usage - print syntax message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 #ifdef	SHADOWGRP
@@ -814,10 +816,6 @@ int main (int argc, char **argv)
 	int errors = 0;
 	bool changed = false;
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -827,7 +825,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	OPENLOG ("grpck");
+	OPENLOG (Prog);
 
 	/* Parse the command line arguments */
 	process_flags (argc, argv);
diff --git a/src/grpconv.c b/src/grpconv.c
index 57d8d58..4d941cd 100644
--- a/src/grpconv.c
+++ b/src/grpconv.c
@@ -21,9 +21,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <strings.h>
 #include <time.h>
 #include <unistd.h>
 #include <getopt.h>
+
+#include "attr.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -36,7 +39,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "grpconv";
 
 static bool gr_locked  = false;
 static bool sgr_locked = false;
@@ -123,7 +126,6 @@ int main (int argc, char **argv)
 	const struct sgrp *sg;
 	struct sgrp sgent;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -133,7 +135,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	OPENLOG ("grpconv");
+	OPENLOG (Prog);
 
 	process_flags (argc, argv);
 
@@ -198,7 +200,7 @@ int main (int argc, char **argv)
 			static char *empty = 0;
 
 			/* add new shadow group entry */
-			memset (&sgent, 0, sizeof sgent);
+			bzero(&sgent, sizeof sgent);
 			sgent.sg_name = gr->gr_name;
 			sgent.sg_passwd = gr->gr_passwd;
 			sgent.sg_adm = &empty;
@@ -259,7 +261,7 @@ int main (int argc, char **argv)
 	return 0;
 }
 #else				/* !SHADOWGRP */
-int main (int unused(argc), char **argv)
+int main (MAYBE_UNUSED int argc, char **argv)
 {
 	fprintf (stderr,
 		 "%s: not configured for shadow group support.\n", argv[0]);
diff --git a/src/grpunconv.c b/src/grpunconv.c
index fc6cecf..d001ece 100644
--- a/src/grpunconv.c
+++ b/src/grpunconv.c
@@ -24,6 +24,8 @@
 #include <unistd.h>
 #include <grp.h>
 #include <getopt.h>
+
+#include "attr.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -36,7 +38,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "grpunconv";
 
 static bool gr_locked  = false;
 static bool sgr_locked = false;
@@ -122,7 +124,6 @@ int main (int argc, char **argv)
 	struct group grent;
 	const struct sgrp *sg;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -132,7 +133,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	OPENLOG ("grpunconv");
+	OPENLOG (Prog);
 
 	process_flags (argc, argv);
 
@@ -222,7 +223,7 @@ int main (int argc, char **argv)
 	return 0;
 }
 #else				/* !SHADOWGRP */
-int main (int unused(argc), char **argv)
+int main (MAYBE_UNUSED int argc, char **argv)
 {
 	fprintf (stderr,
 		 "%s: not configured for shadow group support.\n", argv[0]);
diff --git a/src/id.c b/src/id.c
index 4952109..673693e 100644
--- a/src/id.c
+++ b/src/id.c
@@ -23,7 +23,10 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <sys/types.h>
+
+#include "alloc.h"
 #include "defines.h"
+
 /* local function prototypes */
 static void usage (void);
 
@@ -33,7 +36,8 @@ static void usage (void)
 	exit (EXIT_FAILURE);
 }
 
- /*ARGSUSED*/ int main (int argc, char **argv)
+int
+main(int argc, char *argv[])
 {
 	uid_t ruid, euid;
 	gid_t rgid, egid;
@@ -63,7 +67,7 @@ static void usage (void)
 	 * work if the system library is recompiled.
 	 */
 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	groups = (GETGROUPS_T *) malloc (sizeof (GETGROUPS_T) * sys_ngroups);
+	groups = MALLOC(sys_ngroups, GETGROUPS_T);
 
 	/*
 	 * See if the -a flag has been given to print out the concurrent
@@ -71,11 +75,10 @@ static void usage (void)
 	 */
 
 	if (argc > 1) {
-		if ((argc > 2) || (strcmp (argv[1], "-a") != 0)) {
-			usage ();
-		} else {
+		if (argc > 2 || strcmp(argv[1], "-a") != 0)
+			usage();
+		else
 			aflg = true;
-		}
 	}
 
 	ruid = getuid ();
diff --git a/src/lastlog.c b/src/lastlog.c
index f5c0a5c..3914b72 100644
--- a/src/lastlog.c
+++ b/src/lastlog.c
@@ -22,12 +22,18 @@
 #ifdef HAVE_LL_HOST
 #include <net/if.h>
 #endif
+
+#include "atoi/str2i.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "getdef.h"
+#include "memzero.h"
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "string/strftime.h"
+
+
 
 /*
  * Needed for MkLinux DR1/2/2.1 - J.
@@ -39,7 +45,7 @@
 /*
  * Global variables
  */
-const char *Prog;		/* Program name */
+static const char Prog[] = "lastlog";	/* Program name */
 static FILE *lastlogfile;	/* lastlog file stream */
 static unsigned long umin;	/* if uflg and has_umin, only display users with uid >= umin */
 static bool has_umin = false;
@@ -50,15 +56,17 @@ static time_t inverse_seconds;	/* that number of days in seconds */
 static struct stat statbuf;	/* fstat buffer for file size */
 
 
-static bool uflg = false;	/* print only an user of range of users */
+static bool uflg = false;	/* print only a user of range of users */
 static bool tflg = false;	/* print is restricted to most recent days */
 static bool bflg = false;	/* print excludes most recent days */
 static bool Cflg = false;	/* clear record for user */
 static bool Sflg = false;	/* set record for user */
 
-#define	NOW	(time ((time_t *) 0))
+#define	NOW	time(NULL)
 
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -67,7 +75,7 @@ static /*@noreturn@*/void usage (int status)
 	                  "Options:\n"),
 	                Prog);
 	(void) fputs (_("  -b, --before DAYS             print only lastlog records older than DAYS\n"), usageout);
-	(void) fputs (_("  -C, --clear                   clear lastlog record of an user (usable only with -u)\n"), usageout);
+	(void) fputs (_("  -C, --clear                   clear lastlog record of a user (usable only with -u)\n"), usageout);
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
 	(void) fputs (_("  -S, --set                     set lastlog record to current time (usable only with -u)\n"), usageout);
@@ -114,10 +122,10 @@ static void print_one (/*@null@*/const struct passwd *pw)
 		 * entered for this user, which should be able to get the
 		 * empty entry in this case.
 		 */
-		if (fread ((char *) &ll, sizeof (ll), 1, lastlogfile) != 1) {
+		if (fread (&ll, sizeof (ll), 1, lastlogfile) != 1) {
 			fprintf (stderr,
 			         _("%s: Failed to get the entry for UID %lu\n"),
-			         Prog, (unsigned long int)pw->pw_uid);
+			         Prog, (unsigned long)pw->pw_uid);
 			exit (EXIT_FAILURE);
 		}
 	} else {
@@ -141,7 +149,7 @@ static void print_one (/*@null@*/const struct passwd *pw)
 	/* Print the header only once */
 	if (!once) {
 #ifdef HAVE_LL_HOST
-		printf (_("Username         Port     From%*sLatest\n"), maxIPv6Addrlen-3, " ");
+		printf (_("Username         Port     From%*sLatest\n"), maxIPv6Addrlen-4, " ");
 #else
 		puts (_("Username                Port     Latest"));
 #endif
@@ -153,7 +161,7 @@ static void print_one (/*@null@*/const struct passwd *pw)
 	if (tm == NULL) {
 		cp = "(unknown)";
 	} else {
-		strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+		STRFTIME(ptime, "%a %b %e %H:%M:%S %z %Y", tm);
 		cp = ptime;
 	}
 	if (ll.ll_time == (time_t) 0) {
@@ -182,7 +190,7 @@ static void print (void)
 	}
 
 	if (uflg && has_umin && has_umax && (umin == umax)) {
-		print_one (getpwuid ((uid_t)umin));
+		print_one (getpwuid (umin));
 	} else {
 		setpwent ();
 		while ( (pwent = getpwent ()) != NULL ) {
@@ -225,21 +233,21 @@ static void update_one (/*@null@*/const struct passwd *pw)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
 			"clearing-lastlog",
-			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+			pw->pw_name, pw->pw_uid, SHADOW_AUDIT_SUCCESS);
 #endif
 	}
 #ifdef WITH_AUDIT
 	else {
 		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
 			"refreshing-lastlog",
-			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+			pw->pw_name, pw->pw_uid, SHADOW_AUDIT_SUCCESS);
 	}
 #endif
 
 	if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
 			fprintf (stderr,
 			         _("%s: Failed to update the entry for UID %lu\n"),
-			         Prog, (unsigned long int)pw->pw_uid);
+			         Prog, (unsigned long)pw->pw_uid);
 			exit (EXIT_FAILURE);
 	}
 }
@@ -261,7 +269,7 @@ static void update (void)
 	}
 
 	if (has_umin && has_umax && (umin == umax)) {
-		update_one (getpwuid ((uid_t)umin));
+		update_one (getpwuid (umin));
 	} else {
 		setpwent ();
 		while ( (pwent = getpwent ()) != NULL ) {
@@ -288,7 +296,6 @@ int main (int argc, char **argv)
 	 * Get the program name. The program name is used as a prefix to
 	 * most error messages.
 	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -321,7 +328,7 @@ int main (int argc, char **argv)
 			case 'b':
 			{
 				unsigned long inverse_days;
-				if (getulong (optarg, &inverse_days) == 0) {
+				if (str2ul(&inverse_days, optarg) == -1) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
 					         Prog, optarg);
@@ -349,7 +356,7 @@ int main (int argc, char **argv)
 			case 't':
 			{
 				unsigned long days;
-				if (getulong (optarg, &days) == 0) {
+				if (str2ul(&days, optarg) == -1) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
 					         Prog, optarg);
@@ -373,14 +380,14 @@ int main (int argc, char **argv)
 				/* local, no need for xgetpwnam */
 				pwent = getpwnam (optarg);
 				if (NULL != pwent) {
-					umin = (unsigned long) pwent->pw_uid;
+					umin = pwent->pw_uid;
 					has_umin = true;
 					umax = umin;
 					has_umax = true;
 				} else {
-					if (getrange (optarg,
-					              &umin, &has_umin,
-					              &umax, &has_umax) == 0) {
+					if (getrange(optarg,
+					             &umin, &has_umin,
+					             &umax, &has_umax) == -1) {
 						fprintf (stderr,
 						         _("%s: Unknown user or range: %s\n"),
 						         Prog, optarg);
diff --git a/src/login.c b/src/login.c
index 0048281..9fed7b3 100644
--- a/src/login.c
+++ b/src/login.c
@@ -14,7 +14,9 @@
 #include <errno.h>
 #include <grp.h>
 #ifndef USE_PAM
+#ifdef ENABLE_LASTLOG
 #include <lastlog.h>
+#endif 				/* ENABLE_LASTLOG */
 #endif				/* !USE_PAM */
 #include <pwd.h>
 #include <signal.h>
@@ -22,15 +24,24 @@
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <assert.h>
+
+#include "alloc.h"
+#include "attr.h"
+#include "chkname.h"
 #include "defines.h"
 #include "faillog.h"
 #include "failure.h"
 #include "getdef.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "pwauth.h"
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+#include "string/strftime.h"
+#include "string/strtcpy.h"
+
 
 #ifdef USE_PAM
 #include "pam_defs.h"
@@ -60,14 +71,16 @@ static pam_handle_t *pamh = NULL;
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "login";
 
 static const char *hostname = "";
 static /*@null@*/ /*@only@*/char *username = NULL;
 static int reason = PW_LOGIN;
 
 #ifndef USE_PAM
+#ifdef ENABLE_LASTLOG
 static struct lastlog ll;
+#endif				/* ENABLE_LASTLOG */
 #endif				/* !USE_PAM */
 static bool pflg = false;
 static bool fflg = false;
@@ -89,7 +102,6 @@ static char tmsg[256];
 
 extern char **newenvp;
 extern size_t newenvc;
-extern char **environ;
 
 #ifndef	ALARM
 #define	ALARM	60
@@ -104,15 +116,6 @@ static void usage (void);
 static void setup_tty (void);
 static void process_flags (int argc, char *const *argv);
 static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user);
-static void update_utmp (const char *user,
-                         const char *tty,
-                         const char *host,
-#ifdef USE_UTMPX
-                         /*@null@*/const struct utmpx *utent
-#else
-                         /*@null@*/const struct utmp *utent
-#endif
-			);
 
 #ifndef USE_PAM
 static struct faillog faillog;
@@ -125,6 +128,7 @@ static void get_pam_user (char **ptr_pam_user);
 
 static void init_env (void);
 static void alarm_handler (int);
+static void exit_handler (int);
 
 /*
  * usage - print login command usage and exit
@@ -172,10 +176,10 @@ static void setup_tty (void)
 #endif
 
 		/* leave these values unchanged if not specified in login.defs */
-		erasechar = getdef_num ("ERASECHAR", (int) termio.c_cc[VERASE]);
-		killchar = getdef_num ("KILLCHAR", (int) termio.c_cc[VKILL]);
-		termio.c_cc[VERASE] = (cc_t) erasechar;
-		termio.c_cc[VKILL] = (cc_t) killchar;
+		erasechar = getdef_num ("ERASECHAR", termio.c_cc[VERASE]);
+		killchar = getdef_num ("KILLCHAR", termio.c_cc[VKILL]);
+		termio.c_cc[VERASE] = erasechar;
+		termio.c_cc[VKILL] = killchar;
 		/* Make sure the values were valid.
 		 * getdef_num cannot validate this.
 		 */
@@ -396,13 +400,18 @@ static void init_env (void)
 #endif				/* !USE_PAM */
 }
 
-
-static void alarm_handler (unused int sig)
+static void exit_handler (MAYBE_UNUSED int sig)
 {
-	write (STDERR_FILENO, tmsg, strlen (tmsg));
 	_exit (0);
 }
 
+static void alarm_handler (MAYBE_UNUSED int sig)
+{
+	write_full(STDERR_FILENO, tmsg, strlen(tmsg));
+	signal(SIGALRM, exit_handler);
+	alarm(2);
+}
+
 #ifdef USE_PAM
 /*
  * get_pam_user - Get the username according to PAM
@@ -411,17 +420,17 @@ static void alarm_handler (unused int sig)
  */
 static void get_pam_user (char **ptr_pam_user)
 {
-	int retcode;
-	void *ptr_user;
+	int         retcode;
+	const void  *ptr_user;
 
 	assert (NULL != ptr_pam_user);
 
-	retcode = pam_get_item (pamh, PAM_USER, (const void **)&ptr_user);
+	retcode = pam_get_item (pamh, PAM_USER, &ptr_user);
 	PAM_FAIL_CHECK;
 
 	free (*ptr_pam_user);
 	if (NULL != ptr_user) {
-		*ptr_pam_user = xstrdup ((const char *)ptr_user);
+		*ptr_pam_user = xstrdup (ptr_user);
 	} else {
 		*ptr_pam_user = NULL;
 	}
@@ -430,7 +439,7 @@ static void get_pam_user (char **ptr_pam_user)
 
 /*
  * get_failent_user - Return a string that can be used to log failure
- *                    from an user.
+ *                    from a user.
  *
  * This will be either the user argument, or "UNKNOWN".
  *
@@ -453,38 +462,6 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use
 }
 
 /*
- * update_utmp - Update or create an utmp entry in utmp, wtmp, utmpw, and
- *               wtmpx
- *
- *	utent should be the utmp entry returned by get_current_utmp (or
- *	NULL).
- */
-static void update_utmp (const char *user,
-                         const char *tty,
-                         const char *host,
-#ifdef USE_UTMPX
-                         /*@null@*/const struct utmpx *utent
-#else
-                         /*@null@*/const struct utmp *utent
-#endif
-			 )
-{
-#ifdef USE_UTMPX
-	struct utmpx *utx = prepare_utmpx (user, tty, host, utent);
-#else
-	struct utmp  *ut  = prepare_utmp  (user, tty, host, utent);
-#endif				/* USE_UTMPX */
-
-#ifndef USE_UTMPX
-	(void) setutmp  (ut);	/* make entry in the utmp & wtmp files */
-	free (ut);
-#else
-	(void) setutmpx (utx);	/* make entry in the utmpx & wtmpx files */
-	free (utx);
-#endif				/* USE_UTMPX */
-}
-
-/*
  * login - create a new login session for a user
  *
  *	login is typically called by getty as the second step of a
@@ -503,42 +480,36 @@ static void update_utmp (const char *user,
  */
 int main (int argc, char **argv)
 {
-	const char *tmptty;
-	char tty[BUFSIZ];
-
-#ifdef RLOGIN
-	char term[128] = "";
-#endif				/* RLOGIN */
-#if !defined(USE_PAM)
-	char ptime[80];
-#endif
-	unsigned int delay;
-	unsigned int retries;
-	bool subroot = false;
-#ifndef USE_PAM
+	int            err;
+	bool           subroot = false;
+	char           **envp = environ;
+	char           *host = NULL;
+	char           tty[BUFSIZ];
+	char           fromhost[512];
+	const char     *failent_user;
+	const char     *tmptty;
+	const char     *cp;
+	const char     *tmp;
+	unsigned int   delay;
+	unsigned int   retries;
+	unsigned int   timeout;
+	struct passwd  *pwd = NULL;
+
+#if defined(USE_PAM)
+	int            retcode;
+	char           *pam_user = NULL;
+	pid_t          child;
+#else
 	bool is_console;
+	struct spwd *spwd = NULL;
+# if defined(ENABLE_LASTLOG)
+	char           ptime[80];
+# endif
 #endif
-	int err;
-	unsigned int timeout;
-	const char *cp;
-	const char *tmp;
-	char fromhost[512];
-	struct passwd *pwd = NULL;
-	char **envp = environ;
-	const char *failent_user;
-#ifdef USE_UTMPX
-	/*@null@*/struct utmpx *utent;
-#else
-	/*@null@*/struct utmp *utent;
+#if defined(RLOGIN)
+	char           term[128] = "";
 #endif
 
-#ifdef USE_PAM
-	int retcode;
-	pid_t child;
-	char *pam_user = NULL;
-#else
-	struct spwd *spwd = NULL;
-#endif
 	/*
 	 * Some quick initialization.
 	 */
@@ -552,7 +523,6 @@ int main (int argc, char **argv)
 	initenv ();
 
 	amroot = (getuid () == 0);
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -567,25 +537,23 @@ int main (int argc, char **argv)
 		exit (1);	/* must be a terminal */
 	}
 
-	utent = get_current_utmp ();
+	err = get_session_host(&host);
 	/*
 	 * Be picky if run by normal users (possible if installed setuid
-	 * root), but not if run by root. This way it still allows logins
-	 * even if your getty is broken, or if something corrupts utmp,
-	 * but users must "exec login" which will use the existing utmp
-	 * entry (will not overwrite remote hostname).  --marekm
+	 * root), but not if run by root.
 	 */
-	if (!amroot && (NULL == utent)) {
-		(void) puts (_("No utmp entry.  You must exec \"login\" from the lowest level \"sh\""));
+	if (!amroot && (err != 0)) {
+		SYSLOG ((LOG_ERR,
+				 "No session entry, error %d.  You must exec \"login\" from the lowest level \"sh\"",
+				 err));
 		exit (1);
 	}
-	/* NOTE: utent might be NULL afterwards */
 
 	tmptty = ttyname (0);
 	if (NULL == tmptty) {
 		tmptty = "UNKNOWN";
 	}
-	STRFCPY (tty, tmptty);
+	STRTCPY(tty, tmptty);
 
 #ifndef USE_PAM
 	is_console = console (tty);
@@ -606,10 +574,14 @@ int main (int argc, char **argv)
 	}
 #ifdef RLOGIN
 	if (rflg) {
+		size_t  max_size;
+
+		max_size = login_name_max_size();
 		assert (NULL == username);
-		username = xmalloc (USER_NAME_MAX_LENGTH + 1);
-		username[USER_NAME_MAX_LENGTH] = '\0';
-		if (do_rlogin (hostname, username, USER_NAME_MAX_LENGTH, term, sizeof term)) {
+		username = XMALLOC(max_size, char);
+		username[max_size - 1] = '\0';
+		if (do_rlogin(hostname, username, max_size, term, sizeof(term)))
+		{
 			preauth_flag = true;
 		} else {
 			free (username);
@@ -618,7 +590,7 @@ int main (int argc, char **argv)
 	}
 #endif				/* RLOGIN */
 
-	OPENLOG ("login");
+	OPENLOG (Prog);
 
 	setup_tty ();
 
@@ -674,27 +646,23 @@ int main (int argc, char **argv)
 
 	if (rflg || hflg) {
 		cp = hostname;
-#if defined(HAVE_STRUCT_UTMP_UT_HOST) || defined(USE_UTMPX)
-	} else if ((NULL != utent) && ('\0' != utent->ut_host[0])) {
-		cp = utent->ut_host;
-#endif				/* HAVE_STRUCT_UTMP_UT_HOST */
+	} else if ((host != NULL) && (host[0] != '\0')) {
+		cp = host;
 	} else {
 		cp = "";
 	}
 
 	if ('\0' != *cp) {
-		snprintf (fromhost, sizeof fromhost,
-		          " on '%.100s' from '%.200s'", tty, cp);
+		SNPRINTF(fromhost, " on '%.100s' from '%.200s'", tty, cp);
 	} else {
-		snprintf (fromhost, sizeof fromhost,
-		          " on '%.100s'", tty);
+		SNPRINTF(fromhost, " on '%.100s'", tty);
 	}
+	free(host);
 
       top:
 	/* only allow ALARM sec. for login */
 	timeout = getdef_unum ("LOGIN_TIMEOUT", ALARM);
-	snprintf (tmsg, sizeof tmsg,
-	          _("\nLogin timed out after %u seconds.\n"), timeout);
+	SNPRINTF(tmsg, _("\nLogin timed out after %u seconds.\n"), timeout);
 	(void) signal (SIGALRM, alarm_handler);
 	if (timeout > 0) {
 		(void) alarm (timeout);
@@ -705,7 +673,7 @@ int main (int argc, char **argv)
 	retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
 
 #ifdef USE_PAM
-	retcode = pam_start ("login", username, &conv, &pamh);
+	retcode = pam_start (Prog, username, &conv, &pamh);
 	if (retcode != PAM_SUCCESS) {
 		fprintf (stderr,
 		         _("login: PAM Failure, aborting: %s\n"),
@@ -733,18 +701,15 @@ int main (int argc, char **argv)
 #endif
 	/* if fflg, then the user has already been authenticated */
 	if (!fflg) {
-		unsigned int failcount = 0;
-		char hostn[256];
-		char loginprompt[256];	/* That's one hell of a prompt :) */
+		char          hostn[256];
+		char          loginprompt[256]; //That's one hell of a prompt :)
+		unsigned int  failcount = 0;
 
 		/* Make the login prompt look like we want it */
 		if (gethostname (hostn, sizeof (hostn)) == 0) {
-			snprintf (loginprompt,
-			          sizeof (loginprompt),
-			          _("%s login: "), hostn);
+			SNPRINTF(loginprompt, _("%s login: "), hostn);
 		} else {
-			strncpy (loginprompt, _("login: "),
-			         sizeof (loginprompt));
+			STRTCPY(loginprompt, _("login: "));
 		}
 
 		retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
@@ -919,14 +884,17 @@ int main (int argc, char **argv)
 
 		failed = false;	/* haven't failed authentication yet */
 		if (NULL == username) {	/* need to get a login id */
+			size_t  max_size;
+
+			max_size = login_name_max_size();
 			if (subroot) {
 				closelog ();
 				exit (1);
 			}
 			preauth_flag = false;
-			username = xmalloc (USER_NAME_MAX_LENGTH + 1);
-			username[USER_NAME_MAX_LENGTH] = '\0';
-			login_prompt (_("\n%s login: "), username, USER_NAME_MAX_LENGTH);
+			username = XMALLOC(max_size, char);
+			username[max_size - 1] = '\0';
+			login_prompt(username, max_size);
 
 			if ('\0' == username[0]) {
 				/* Prompt for a new login */
@@ -956,7 +924,8 @@ int main (int argc, char **argv)
 			}
 
 			if (strcmp (user_passwd, "") == 0) {
-				char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
+				const char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
+
 				if (prevent_no_auth == NULL) {
 					prevent_no_auth = "superuser";
 				}
@@ -992,7 +961,7 @@ int main (int argc, char **argv)
 			goto auth_ok;
 		}
 
-		if (pw_auth (user_passwd, username, reason, (char *) 0) == 0) {
+		if (pw_auth (user_passwd, username, reason, NULL) == 0) {
 			goto auth_ok;
 		}
 
@@ -1035,23 +1004,9 @@ int main (int argc, char **argv)
 		if ((NULL != pwd) && getdef_bool ("FAILLOG_ENAB")) {
 			failure (pwd->pw_uid, tty, &faillog);
 		}
-		if (getdef_str ("FTMP_FILE") != NULL) {
-#ifdef USE_UTMPX
-			struct utmpx *failent =
-				prepare_utmpx (failent_user,
-				               tty,
-			/* FIXME: or fromhost? */hostname,
-				               utent);
-#else				/* !USE_UTMPX */
-			struct utmp *failent =
-				prepare_utmp (failent_user,
-				              tty,
-				              hostname,
-				              utent);
-#endif				/* !USE_UTMPX */
-			failtmp (failent_user, failent);
-			free (failent);
-		}
+#ifndef ENABLE_LOGIND
+		record_failure(failent_user, tty, hostname);
+#endif /* ENABLE_LOGIND */
 
 		retries--;
 		if (retries <= 0) {
@@ -1067,7 +1022,7 @@ int main (int argc, char **argv)
 		 * all).  --marekm
 		 */
 		if (user_passwd[0] == '\0') {
-			pw_auth ("!", username, reason, (char *) 0);
+			pw_auth ("!", username, reason, NULL);
 		}
 
 		/*
@@ -1107,7 +1062,7 @@ int main (int argc, char **argv)
 	 * by Ivan Nejgebauer <ian@unsux.ns.ac.yu>.  --marekm
 	 */
 	if (   getdef_bool ("PORTTIME_CHECKS_ENAB")
-	    && !isttytime (username, tty, time ((time_t *) 0))) {
+	    && !isttytime (username, tty, time (NULL))) {
 		SYSLOG ((LOG_WARN, "invalid login time for '%s'%s",
 		         username, fromhost));
 		closelog ();
@@ -1151,11 +1106,13 @@ int main (int argc, char **argv)
 #endif				/* WITH_AUDIT */
 
 #ifndef USE_PAM			/* pam_lastlog handles this */
+#ifdef ENABLE_LASTLOG
 	if (   getdef_bool ("LASTLOG_ENAB")
 	    && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)) {
 		/* give last login and log this one */
 		dolastlog (&ll, pwd, tty, hostname);
 	}
+#endif /* ENABLE_LASTLOG */
 #endif
 
 #ifndef USE_PAM			/* PAM handles this as well */
@@ -1220,11 +1177,16 @@ int main (int argc, char **argv)
 		}
 	}
 
+#ifndef ENABLE_LOGIND
 	/*
 	 * The utmp entry needs to be updated to indicate the new status
 	 * of the session, the new PID and SID.
 	 */
-	update_utmp (username, tty, hostname, utent);
+	err = update_utmp (username, tty, hostname);
+	if (err != 0) {
+		SYSLOG ((LOG_WARN, "Unable to update utmp entry for %s", username));
+	}
+#endif /* ENABLE_LOGIND */
 
 	/* The pwd and spwd entries for the user have been copied.
 	 *
@@ -1289,14 +1251,16 @@ int main (int argc, char **argv)
 				         username, (int) faillog.fail_cnt));
 			}
 		}
+#ifdef ENABLE_LASTLOG
 		if (   getdef_bool ("LASTLOG_ENAB")
 		    && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)
-		    && (ll.ll_time != 0)) {
-			time_t ll_time = ll.ll_time;
+		    && (ll.ll_time != 0))
+		{
+			time_t     ll_time = ll.ll_time;
+			struct tm  tm;
 
-			(void) strftime (ptime, sizeof (ptime),
-			                 "%a %b %e %H:%M:%S %z %Y",
-			                 localtime (&ll_time));
+			localtime_r(&ll_time, &tm);
+			STRFTIME(ptime, "%a %b %e %H:%M:%S %z %Y", &tm);
 			printf (_("Last login: %s on %s"),
 			        ptime, ll.ll_line);
 #ifdef HAVE_LL_HOST		/* __linux__ || SUN4 */
@@ -1307,6 +1271,7 @@ int main (int argc, char **argv)
 #endif
 			printf (".\n");
 		}
+#endif /* ENABLE_LASTLOG */
 		agecheck (spwd);
 
 		mailcheck ();	/* report on the status of mail */
@@ -1334,7 +1299,7 @@ int main (int argc, char **argv)
 		err = shell (tmp, pwd->pw_shell, newenvp); /* fake shell */
 	} else {
 		/* exec the shell finally */
-		err = shell (pwd->pw_shell, (char *) 0, newenvp);
+		err = shell (pwd->pw_shell, NULL, newenvp);
 	}
 
 	return ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
diff --git a/src/login_nopam.c b/src/login_nopam.c
index df6ba88..e6f77d1 100644
--- a/src/login_nopam.c
+++ b/src/login_nopam.c
@@ -39,12 +39,11 @@
      * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
      */
 #include <sys/types.h>
+#include <stddef.h>
 #include <stdio.h>
 #include <syslog.h>
 #include <ctype.h>
-#ifdef HAVE_NETDB_H
 #include <netdb.h>
-#endif
 #include <grp.h>
 #ifdef PRIMARY_GROUP_MATCH
 #include <pwd.h>
@@ -57,6 +56,8 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>		/* for inet_ntoa() */
 
+#include "sizeof.h"
+
 #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64)
 #undef MAXHOSTNAMELEN
 #define MAXHOSTNAMELEN 256
@@ -98,11 +99,11 @@ int login_access (const char *user, const char *from)
 	if (NULL != fp) {
 		int lineno = 0;	/* for diagnostics */
 		while (   !match
-		       && (fgets (line, (int) sizeof (line), fp) == line)) {
-			int end;
+		       && (fgets (line, sizeof (line), fp) == line)) {
+			ptrdiff_t  end;
 			lineno++;
-			end = (int) strlen (line) - 1;
-			if (line[end] != '\n') {
+			end = strlen (line) - 1;
+			if (line[0] == '\0' || line[end] != '\n') {
 				SYSLOG ((LOG_ERR,
 					 "%s: line %d: missing newline or line too long",
 					 TABLE, lineno));
@@ -119,9 +120,9 @@ int login_access (const char *user, const char *from)
 				continue;
 			}
 			if (   ((perm = strtok (line, fs)) == NULL)
-			    || ((users = strtok ((char *) 0, fs)) == NULL)
-			    || ((froms = strtok ((char *) 0, fs)) == NULL)
-			    || (strtok ((char *) 0, fs) != NULL)) {
+			    || ((users = strtok (NULL, fs)) == NULL)
+			    || ((froms = strtok (NULL, fs)) == NULL)
+			    || (strtok (NULL, fs) != NULL)) {
 				SYSLOG ((LOG_ERR,
 					 "%s: line %d: bad field count",
 					 TABLE, lineno));
@@ -156,7 +157,7 @@ static bool list_match (char *list, const char *item, bool (*match_fn) (const ch
 	 * a match, look for an "EXCEPT" list and recurse to determine whether
 	 * the match is affected by any exceptions.
 	 */
-	for (tok = strtok (list, sep); tok != NULL; tok = strtok ((char *) 0, sep)) {
+	for (tok = strtok (list, sep); tok != NULL; tok = strtok (NULL, sep)) {
 		if (strcasecmp (tok, "EXCEPT") == 0) {	/* EXCEPT: give up */
 			break;
 		}
@@ -168,10 +169,10 @@ static bool list_match (char *list, const char *item, bool (*match_fn) (const ch
 
 	/* Process exceptions to matches. */
 	if (match) {
-		while (   ((tok = strtok ((char *) 0, sep)) != NULL)
+		while (   ((tok = strtok (NULL, sep)) != NULL)
 		       && (strcasecmp (tok, "EXCEPT") != 0))
 			/* VOID */ ;
-		if (tok == 0 || !list_match ((char *) 0, item, match_fn)) {
+		if (tok == 0 || !list_match (NULL, item, match_fn)) {
 			return (match);
 		}
 	}
@@ -195,9 +196,9 @@ static char *myhostname (void)
 static bool
 netgroup_match (const char *group, const char *machine, const char *user)
 {
-	static char *mydomain = (char *)0;
+	static char *mydomain = NULL;
 
-	if (mydomain == (char *)0) {
+	if (mydomain == NULL) {
 		static char domain[MAXHOSTNAMELEN + 1];
 
 		getdomainname (domain, MAXHOSTNAMELEN);
@@ -230,7 +231,7 @@ static bool user_match (const char *tok, const char *string)
 		        && from_match (at + 1, myhostname ()));
 #if HAVE_INNETGR
 	} else if (tok[0] == '@') {	/* netgroup */
-		return (netgroup_match (tok + 1, (char *) 0, string));
+		return (netgroup_match (tok + 1, NULL, string));
 #endif
 	} else if (string_match (tok, string)) {	/* ALL or exact match */
 		return true;
@@ -244,7 +245,7 @@ static bool user_match (const char *tok, const char *string)
 		}
 #ifdef PRIMARY_GROUP_MATCH
 		/*
-		 * If the string is an user whose initial GID matches the token,
+		 * If the string is a user whose initial GID matches the token,
 		 * accept it. May avoid excessively long lines in /etc/group.
 		 * Radu-Adrian Feurdean <raf@licj.soroscj.ro>
 		 *
@@ -265,19 +266,28 @@ static bool user_match (const char *tok, const char *string)
 
 static const char *resolve_hostname (const char *string)
 {
-	/*
-	 * Resolve hostname to numeric IP address, as suggested
-	 * by Dave Hagewood <admin@arrowweb.com>.  --marekm
-	 */
-	struct hostent *hp;
+	int              gai_err;
+	const char       *addr_str;
+	struct addrinfo  *addrs;
+
+	static char      host[MAXHOSTNAMELEN];
+
+	gai_err = getaddrinfo(string, NULL, NULL, &addrs);
+	if (gai_err != 0) {
+		SYSLOG ((LOG_ERR, "getaddrinfo(%s): %s", string, gai_strerror(gai_err)));
+		return string;
+	}
 
-	hp = gethostbyname (string);
-	if (NULL != hp) {
-		return inet_ntoa (*((struct in_addr *) *(hp->h_addr_list)));
+	addr_str = host;
+	gai_err = getnameinfo(addrs[0].ai_addr, addrs[0].ai_addrlen,
+	                      host, NITEMS(host), NULL, 0, NI_NUMERICHOST);
+	if (gai_err != 0) {
+		SYSLOG ((LOG_ERR, "getnameinfo(%s): %s", string, gai_strerror(gai_err)));
+		addr_str = string;
 	}
 
-	SYSLOG ((LOG_ERR, "%s - unknown host", string));
-	return string;
+	freeaddrinfo(addrs);
+	return addr_str;
 }
 
 /* from_match - match a host or tty against a list of tokens */
@@ -296,7 +306,7 @@ static bool from_match (const char *tok, const char *string)
 	 */
 #if HAVE_INNETGR
 	if (tok[0] == '@') {	/* netgroup */
-		return (netgroup_match (tok + 1, string, (char *) 0));
+		return (netgroup_match (tok + 1, string, NULL));
 	} else
 #endif
 	if (string_match (tok, string)) {	/* ALL or exact match */
@@ -313,7 +323,7 @@ static bool from_match (const char *tok, const char *string)
 		if (strchr (string, '.') == NULL) {
 			return true;
 		}
-	} else if (   (tok[(tok_len = strlen (tok)) - 1] == '.') /* network */
+	} else if (   (tok[0] != '\0' && tok[(tok_len = strlen (tok)) - 1] == '.') /* network */
 		   && (strncmp (tok, resolve_hostname (string), tok_len) == 0)) {
 		return true;
 	}
@@ -337,5 +347,5 @@ static bool string_match (const char *tok, const char *string)
 }
 
 #else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !USE_PAM */
diff --git a/src/logoutd.c b/src/logoutd.c
index 03680f3..c870510 100644
--- a/src/logoutd.c
+++ b/src/logoutd.c
@@ -15,13 +15,16 @@
 #include <stdio.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <utmpx.h>
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
+#include "sizeof.h"
+#include "string/zustr2stp.h"
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "logoutd";
 
 #ifndef DEFAULT_HUP_MESG
 #define DEFAULT_HUP_MESG _("login time exceeded\n\n")
@@ -31,38 +34,31 @@ const char *Prog;
 #define HUP_MESG_FILE "/etc/logoutd.mesg"
 #endif
 
+
 /* local function prototypes */
-#ifdef USE_UTMPX
 static int check_login (const struct utmpx *ut);
-#else				/* !USE_UTMPX */
-static int check_login (const struct utmp *ut);
-#endif				/* !USE_UTMPX */
 static void send_mesg_to_tty (int tty_fd);
 
+
 /*
- * check_login - check if user (struct utmpx/utmp) allowed to stay logged in
+ * check_login - check if user (struct utmpx) allowed to stay logged in
  */
-#ifdef USE_UTMPX
-static int check_login (const struct utmpx *ut)
-#else				/* !USE_UTMPX */
-static int check_login (const struct utmp *ut)
-#endif				/* !USE_UTMPX */
+static int
+check_login(const struct utmpx *ut)
 {
-	char user[sizeof (ut->ut_user) + 1];
-	time_t now;
+	char    user[sizeof(ut->ut_user) + 1];
+	char    line[sizeof(ut->ut_line) + 1];
+	time_t  now;
 
-	/*
-	 * ut_user may not have the terminating NUL.
-	 */
-	strncpy (user, ut->ut_user, sizeof (ut->ut_user));
-	user[sizeof (ut->ut_user)] = '\0';
+	ZUSTR2STP(user, ut->ut_user);
+	ZUSTR2STP(line, ut->ut_line);
 
 	(void) time (&now);
 
 	/*
 	 * Check if they are allowed to be logged in right now.
 	 */
-	if (!isttytime (user, ut->ut_line, now)) {
+	if (!isttytime(user, line, now)) {
 		return 0;
 	}
 	return 1;
@@ -116,23 +112,20 @@ static void send_mesg_to_tty (int tty_fd)
  *
  *	logoutd is started at system boot time and enforces the login
  *	time and port restrictions specified in /etc/porttime. The
- *	utmpx/utmp file is periodically scanned and offending users are logged
+ *	utmp file is periodically scanned and offending users are logged
  *	off from the system.
  */
-int main (int argc, char **argv)
+int
+main(int argc, char **argv)
 {
-	int i;
-	int status;
-	pid_t pid;
-
-#ifdef USE_UTMPX
-	struct utmpx *ut;
-#else				/* !USE_UTMPX */
-	struct utmp *ut;
-#endif				/* !USE_UTMPX */
-	char user[sizeof (ut->ut_user) + 1];	/* terminating NUL */
-	char tty_name[sizeof (ut->ut_line) + 6];	/* /dev/ + NUL */
-	int tty_fd;
+	int    i;
+	int    status;
+	pid_t  pid;
+
+	struct utmpx  *ut;
+	char          user[sizeof (ut->ut_user) + 1];	/* terminating NUL */
+	char          tty_name[sizeof (ut->ut_line) + 6];	/* /dev/ + NUL */
+	int           tty_fd;
 
 	if (1 != argc) {
 		(void) fputs (_("Usage: logoutd\n"), stderr);
@@ -164,39 +157,29 @@ int main (int argc, char **argv)
 	/*
 	 * Start syslogging everything
 	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
-	OPENLOG ("logoutd");
+	OPENLOG (Prog);
 
 	/*
-	 * Scan the utmpx/utmp file once per minute looking for users that
+	 * Scan the utmp file once per minute looking for users that
 	 * are not supposed to still be logged in.
 	 */
 	while (true) {
 
 		/*
-		 * Attempt to re-open the utmpx/utmp file. The file is only
+		 * Attempt to re-open the utmp file. The file is only
 		 * open while it is being used.
 		 */
-#ifdef USE_UTMPX
-		setutxent ();
-#else				/* !USE_UTMPX */
-		setutent ();
-#endif				/* !USE_UTMPX */
+		setutxent();
 
 		/*
-		 * Read all of the entries in the utmpx/utmp file. The entries
+		 * Read all of the entries in the utmp file. The entries
 		 * for login sessions will be checked to see if the user
 		 * is permitted to be signed on at this time.
 		 */
-#ifdef USE_UTMPX
-		while ((ut = getutxent ()) != NULL)
-#else				/* !USE_UTMPX */
-		while ((ut = getutent ()) != NULL)
-#endif				/* !USE_UTMPX */
-		{
+		while ((ut = getutxent()) != NULL) {
 			if (ut->ut_type != USER_PROCESS) {
 				continue;
 			}
@@ -228,7 +211,7 @@ int main (int argc, char **argv)
 				tty_name[0] = '\0';
 			}
 
-			strncat (tty_name, ut->ut_line, UT_LINESIZE);
+			strncat(tty_name, ut->ut_line, NITEMS(ut->ut_line));
 #ifndef O_NOCTTY
 #define O_NOCTTY 0
 #endif
@@ -246,8 +229,7 @@ int main (int argc, char **argv)
 				kill (-ut->ut_pid, SIGKILL);
 			}
 
-			strncpy (user, ut->ut_user, sizeof (user) - 1);
-			user[sizeof (user) - 1] = '\0';
+			ZUSTR2STP(user, ut->ut_user);
 
 			SYSLOG ((LOG_NOTICE,
 				 "logged off user '%s' on '%s'", user,
@@ -259,11 +241,7 @@ int main (int argc, char **argv)
 			exit (EXIT_SUCCESS);
 		}
 
-#ifdef USE_UTMPX
-		endutxent ();
-#else				/* !USE_UTMPX */
-		endutent ();
-#endif				/* !USE_UTMPX */
+		endutxent();
 
 #ifndef DEBUG
 		sleep (60);
diff --git a/src/new_subid_range.c b/src/new_subid_range.c
index 523d480..1ef71f3 100644
--- a/src/new_subid_range.c
+++ b/src/new_subid_range.c
@@ -9,7 +9,7 @@
 
 /* Test program for the subid creation routine */
 
-const char *Prog;
+static const char Prog[] = "new_subid_range";
 
 static void usage(void)
 {
@@ -28,7 +28,6 @@ int main(int argc, char *argv[])
 	bool group = false;   // get subuids by default
 	bool ok;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 	while ((c = getopt(argc, argv, "gn")) != EOF) {
diff --git a/src/newgidmap.c b/src/newgidmap.c
index 5b42431..96a89de 100644
--- a/src/newgidmap.c
+++ b/src/newgidmap.c
@@ -23,7 +23,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "newgidmap";
 
 
 static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
@@ -69,7 +69,7 @@ static void verify_ranges(struct passwd *pw, int ranges,
 
 static void usage(void)
 {
-	fprintf(stderr, _("usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"), Prog);
+	fprintf(stderr, _("usage: %s [<pid|fd:<pidfd>] <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"), Prog);
 	exit(EXIT_FAILURE);
 }
 
@@ -143,18 +143,14 @@ out:
  */
 int main(int argc, char **argv)
 {
-	char proc_dir_name[32];
 	char *target_str;
-	pid_t target;
 	int proc_dir_fd;
 	int ranges;
 	struct map_range *mappings;
 	struct stat st;
 	struct passwd *pw;
-	int written;
 	bool allow_setgroups = false;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -168,25 +164,19 @@ int main(int argc, char **argv)
 	/* Find the process that needs its user namespace
 	 * gid mapping set.
 	 */
-	target_str = argv[1];
-	if (!get_pid(target_str, &target))
-		usage();
 
-	/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
-	written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
-		target);
-	if ((written <= 0) || (written >= sizeof(proc_dir_name))) {
-		fprintf(stderr, "%s: snprintf of proc path failed: %s\n",
-			Prog, strerror(errno));
-	}
-
-	proc_dir_fd = open(proc_dir_name, O_DIRECTORY);
-	if (proc_dir_fd < 0) {
-		fprintf(stderr, _("%s: Could not open proc directory for target %u\n"),
-			Prog, target);
-		return EXIT_FAILURE;
+	target_str = argv[1];
+	if (strlen(target_str) > 3 && strncmp(target_str, "fd:", 3) == 0) {
+		/* the user passed in a /proc/pid fd for the process */
+		target_str = &target_str[3];
+		proc_dir_fd = get_pidfd_from_fd(target_str);
+		if (proc_dir_fd < 0)
+			usage();
+	} else {
+		proc_dir_fd = open_pidfd(target_str);
+		if (proc_dir_fd < 0)
+			usage();
 	}
-
 	/* Who am i? */
 	pw = get_my_pwent ();
 	if (NULL == pw) {
@@ -200,8 +190,8 @@ int main(int argc, char **argv)
 
 	/* Get the effective uid and effective gid of the target process */
 	if (fstat(proc_dir_fd, &st) < 0) {
-		fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
-			Prog, target);
+		fprintf(stderr, _("%s: Could not stat directory for process\n"),
+			Prog);
 		return EXIT_FAILURE;
 	}
 
@@ -213,10 +203,10 @@ int main(int argc, char **argv)
 	    (!getdef_bool("GRANT_AUX_GROUP_SUBIDS") && (getgid() != pw->pw_gid)) ||
 	    (pw->pw_uid != st.st_uid) ||
 	    (getgid() != st.st_gid)) {
-		fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-			Prog, target,
-			(unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-			(unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
+		fprintf(stderr, _( "%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
+			Prog,
+			(unsigned long)getuid(), (unsigned long)pw->pw_uid, (unsigned long)st.st_uid,
+			(unsigned long)getgid(), (unsigned long)pw->pw_gid, (unsigned long)st.st_gid);
 		return EXIT_FAILURE;
 	}
 
diff --git a/src/newgrp.c b/src/newgrp.c
index 9982083..1b3d76b 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -16,20 +16,24 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <assert.h>
+
+#include "agetpass.h"
+#include "alloc.h"
 #include "defines.h"
 #include "getdef.h"
 #include "prototypes.h"
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 /*
  * Global variables
  */
-const char *Prog;
+static const char *Prog;
 
 extern char **newenvp;
-extern char **environ;
 
 #ifdef HAVE_SETGROUPS
 static int ngroups;
@@ -158,7 +162,7 @@ static void check_perms (const struct group *grp,
 		 * get the password from her, and set the salt for
 		 * the decryption from the group file.
 		 */
-		cp = getpass (_("Password: "));
+		cp = agetpass (_("Password: "));
 		if (NULL == cp) {
 			goto failure;
 		}
@@ -169,7 +173,7 @@ static void check_perms (const struct group *grp,
 		 * must match the previously encrypted value in the file.
 		 */
 		cpasswd = pw_encrypt (cp, grp->gr_passwd);
-		strzero (cp);
+		erase_pass (cp);
 
 		if (NULL == cpasswd) {
 			fprintf (stderr,
@@ -184,12 +188,10 @@ static void check_perms (const struct group *grp,
 		if (grp->gr_passwd[0] == '\0' ||
 		    strcmp (cpasswd, grp->gr_passwd) != 0) {
 #ifdef WITH_AUDIT
-			snprintf (audit_buf, sizeof(audit_buf),
-			          "authentication new-gid=%lu",
-			          (unsigned long) grp->gr_gid);
+			SNPRINTF(audit_buf, "authentication new-gid=%lu",
+			         (unsigned long) grp->gr_gid);
 			audit_logger (AUDIT_GRP_AUTH, Prog,
-			              audit_buf, NULL,
-			              (unsigned int) getuid (), 0);
+			              audit_buf, NULL, getuid (), 0);
 #endif
 			SYSLOG ((LOG_INFO,
 				 "Invalid password for group '%s' from '%s'",
@@ -199,12 +201,10 @@ static void check_perms (const struct group *grp,
 			goto failure;
 		}
 #ifdef WITH_AUDIT
-		snprintf (audit_buf, sizeof(audit_buf),
-		          "authentication new-gid=%lu",
-		          (unsigned long) grp->gr_gid);
+		SNPRINTF(audit_buf, "authentication new-gid=%lu",
+		         (unsigned long) grp->gr_gid);
 		audit_logger (AUDIT_GRP_AUTH, Prog,
-		              audit_buf, NULL,
-		              (unsigned int) getuid (), 1);
+		              audit_buf, NULL, getuid (), 1);
 #endif
 	}
 
@@ -217,21 +217,17 @@ failure:
 	closelog ();
 #ifdef WITH_AUDIT
 	if (groupname) {
-		snprintf (audit_buf, sizeof(audit_buf),
-		          "changing new-group=%s", groupname);
+		SNPRINTF(audit_buf, "changing new-group=%s", groupname);
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              audit_buf, NULL,
-		              (unsigned int) getuid (), 0);
+		              audit_buf, NULL, getuid (), 0);
 	} else {
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              "changing", NULL,
-		              (unsigned int) getuid (), 0);
+		              "changing", NULL, getuid (), 0);
 	}
 #endif
 	exit (EXIT_FAILURE);
 }
 
-#ifdef USE_SYSLOG
 /*
  * syslog_sg - log the change of group to syslog
  *
@@ -292,6 +288,9 @@ static void syslog_sg (const char *name, const char *group)
 		(void) signal (SIGTSTP, SIG_IGN);
 		(void) signal (SIGTTIN, SIG_IGN);
 		(void) signal (SIGTTOU, SIG_IGN);
+		/* set SIGCHLD to default for waitpid */
+		(void) signal(SIGCHLD, SIG_DFL);
+
 		child = fork ();
 		if ((pid_t)-1 == child) {
 			/* error in fork() */
@@ -299,15 +298,13 @@ static void syslog_sg (const char *name, const char *group)
 				 is_newgrp ? "newgrp" : "sg", strerror (errno));
 #ifdef WITH_AUDIT
 			if (group) {
-				snprintf (audit_buf, sizeof(audit_buf),
-				          "changing new-group=%s", group);
+				SNPRINTF(audit_buf,
+				         "changing new-group=%s", group);
 				audit_logger (AUDIT_CHGRP_ID, Prog,
-				              audit_buf, NULL,
-				              (unsigned int) getuid (), 0);
+				              audit_buf, NULL, getuid (), 0);
 			} else {
 				audit_logger (AUDIT_CHGRP_ID, Prog,
-				              "changing", NULL,
-				              (unsigned int) getuid (), 0);
+				              "changing", NULL, getuid (), 0);
 			}
 #endif
 			exit (EXIT_FAILURE);
@@ -365,7 +362,6 @@ static void syslog_sg (const char *name, const char *group)
 	free(free_login);
 	free(free_tty);
 }
-#endif				/* USE_SYSLOG */
 
 /*
  * newgrp - change the invokers current real and effective group id
@@ -394,12 +390,15 @@ int main (int argc, char **argv)
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif
+
+	check_fds ();
+
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
 	/*
-	 * Save my name for error messages and save my real gid incase of
+	 * Save my name for error messages and save my real gid in case of
 	 * errors. If there is an error i have to exec a new login shell for
 	 * the user since her old shell won't have fork'd to create the
 	 * process. Skip over the program name to the next command line
@@ -421,11 +420,18 @@ int main (int argc, char **argv)
 	 * but we do not need to restore the previous process persona and we
 	 * don't need to re-exec anything.  -- JWP
 	 */
-	Prog = Basename (argv[0]);
+
+	/*
+	 * Ensure that "Prog" is always either "newgrp" or "sg" to avoid
+	 * injecting arbitrary strings into our stderr/stdout, as this can
+	 * be an exploit vector.
+	 */
+	is_newgrp = (strcmp (Basename (argv[0]), "newgrp") == 0);
+	Prog = is_newgrp ? "newgrp" : "sg";
+
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
-	is_newgrp = (strcmp (Prog, "newgrp") == 0);
-	OPENLOG (is_newgrp ? "newgrp" : "sg");
+	OPENLOG (Prog);
 	argc--;
 	argv++;
 
@@ -437,8 +443,7 @@ int main (int argc, char **argv)
 		         Prog);
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              "changing", NULL,
-		              (unsigned int) getuid (), 0);
+		              "changing", NULL, getuid (), 0);
 #endif
 		SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
 		         (unsigned long) getuid ()));
@@ -507,7 +512,7 @@ int main (int argc, char **argv)
 		if ((argc > 0) && (argv[0][0] == '-')) {
 			usage ();
 			goto failure;
-		} else if (argv[0] != (char *) 0) {
+		} else if (argv[0] != NULL) {
 			group = argv[0];
 		} else {
 			/*
@@ -541,7 +546,7 @@ int main (int argc, char **argv)
 	/* don't use getgroups(0, 0) - it doesn't work on some systems */
 	i = 16;
 	for (;;) {
-		grouplist = (GETGROUPS_T *) xmalloc (i * sizeof (GETGROUPS_T));
+		grouplist = XMALLOC(i, GETGROUPS_T);
 		ngroups = getgroups (i, grouplist);
 		if (i > ngroups && !(ngroups == -1 && errno == EINVAL)) {
 			break;
@@ -554,15 +559,12 @@ int main (int argc, char **argv)
 		perror ("getgroups");
 #ifdef WITH_AUDIT
 		if (group) {
-			snprintf (audit_buf, sizeof(audit_buf),
-			          "changing new-group=%s", group);
+			SNPRINTF(audit_buf, "changing new-group=%s", group);
 			audit_logger (AUDIT_CHGRP_ID, Prog,
-			              audit_buf, NULL,
-			              (unsigned int) getuid (), 0);
+			              audit_buf, NULL, getuid (), 0);
 		} else {
 			audit_logger (AUDIT_CHGRP_ID, Prog,
-			              "changing", NULL,
-			              (unsigned int) getuid (), 0);
+			              "changing", NULL, getuid (), 0);
 		}
 #endif
 		exit (EXIT_FAILURE);
@@ -628,7 +630,7 @@ int main (int argc, char **argv)
 	}
 #endif                          /* HAVE_SETGROUPS */
 	/*
-	 * For splitted groups (due to limitations of NIS), check all
+	 * For split groups (due to limitations of NIS), check all
 	 * groups of the same GID like the requested group for
 	 * membership of the current user.
 	 */
@@ -665,11 +667,9 @@ int main (int argc, char **argv)
 	 * all successful validations pass through this point. The group id
 	 * will be set, and the group added to the concurrent groupset.
 	 */
-#ifdef	USE_SYSLOG
 	if (getdef_bool ("SYSLOG_SG_ENAB")) {
 		syslog_sg (name, group);
 	}
-#endif				/* USE_SYSLOG */
 
 	gid = grp->gr_gid;
 
@@ -718,11 +718,9 @@ int main (int argc, char **argv)
 	if (setgid (gid) != 0) {
 		perror ("setgid");
 #ifdef WITH_AUDIT
-		snprintf (audit_buf, sizeof(audit_buf),
-		          "changing new-gid=%lu", (unsigned long) gid);
+		SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              audit_buf, NULL,
-		              (unsigned int) getuid (), 0);
+		              audit_buf, NULL, getuid (), 0);
 #endif
 		exit (EXIT_FAILURE);
 	}
@@ -730,11 +728,9 @@ int main (int argc, char **argv)
 	if (setuid (getuid ()) != 0) {
 		perror ("setuid");
 #ifdef WITH_AUDIT
-		snprintf (audit_buf, sizeof(audit_buf),
-		          "changing new-gid=%lu", (unsigned long) gid);
+		SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              audit_buf, NULL,
-		              (unsigned int) getuid (), 0);
+		              audit_buf, NULL, getuid (), 0);
 #endif
 		exit (EXIT_FAILURE);
 	}
@@ -745,13 +741,11 @@ int main (int argc, char **argv)
 	 */
 	if (cflag) {
 		closelog ();
-		execl (SHELL, "sh", "-c", command, (char *) 0);
+		execl (SHELL, "sh", "-c", command, (char *) NULL);
 #ifdef WITH_AUDIT
-		snprintf (audit_buf, sizeof(audit_buf),
-		          "changing new-gid=%lu", (unsigned long) gid);
+		SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              audit_buf, NULL,
-		              (unsigned int) getuid (), 0);
+		              audit_buf, NULL, getuid (), 0);
 #endif
 		perror (SHELL);
 		exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -815,17 +809,15 @@ int main (int argc, char **argv)
 	}
 
 #ifdef WITH_AUDIT
-	snprintf (audit_buf, sizeof(audit_buf), "changing new-gid=%lu",
-	          (unsigned long) gid);
+	SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
 	audit_logger (AUDIT_CHGRP_ID, Prog,
-	              audit_buf, NULL,
-	              (unsigned int) getuid (), 1);
+	              audit_buf, NULL, getuid (), 1);
 #endif
 	/*
 	 * Exec the login shell and go away. We are trying to get back to
 	 * the previous environment which should be the user's login shell.
 	 */
-	err = shell (prog, initflag ? (char *) 0 : progbase, newenvp);
+	err = shell (prog, initflag ? NULL : progbase, newenvp);
 	exit ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
 	/*@notreached@*/
       failure:
@@ -843,15 +835,12 @@ int main (int argc, char **argv)
 	closelog ();
 #ifdef WITH_AUDIT
 	if (NULL != group) {
-		snprintf (audit_buf, sizeof(audit_buf),
-		          "changing new-group=%s", group);
+		SNPRINTF(audit_buf, "changing new-group=%s", group);
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              audit_buf, NULL,
-		              (unsigned int) getuid (), 0);
+		              audit_buf, NULL, getuid (), 0);
 	} else {
 		audit_logger (AUDIT_CHGRP_ID, Prog,
-		              "changing", NULL,
-		              (unsigned int) getuid (), 0);
+		              "changing", NULL, getuid (), 0);
 	}
 #endif
 	exit (EXIT_FAILURE);
diff --git a/src/newuidmap.c b/src/newuidmap.c
index 546856a..e2652b5 100644
--- a/src/newuidmap.c
+++ b/src/newuidmap.c
@@ -23,7 +23,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "newuidmap";
 
 static bool verify_range(struct passwd *pw, struct map_range *range)
 {
@@ -64,7 +64,7 @@ static void verify_ranges(struct passwd *pw, int ranges,
 
 static void usage(void)
 {
-	fprintf(stderr, _("usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"), Prog);
+	fprintf(stderr, _("usage: %s [<pid>|fd:<pidfd>] <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"), Prog);
 	exit(EXIT_FAILURE);
 }
 
@@ -73,17 +73,13 @@ static void usage(void)
  */
 int main(int argc, char **argv)
 {
-	char proc_dir_name[32];
 	char *target_str;
-	pid_t target;
 	int proc_dir_fd;
 	int ranges;
 	struct map_range *mappings;
 	struct stat st;
 	struct passwd *pw;
-	int written;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -94,26 +90,20 @@ int main(int argc, char **argv)
 	if (argc < 2)
 		usage();
 
+	target_str = argv[1];
 	/* Find the process that needs its user namespace
 	 * uid mapping set.
 	 */
-	target_str = argv[1];
-	if (!get_pid(target_str, &target))
-		usage();
-
-	/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
-	written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
-		target);
-	if ((written <= 0) || (written >= sizeof(proc_dir_name))) {
-		fprintf(stderr, "%s: snprintf of proc path failed: %s\n",
-			Prog, strerror(errno));
-	}
-
-	proc_dir_fd = open(proc_dir_name, O_DIRECTORY);
-	if (proc_dir_fd < 0) {
-		fprintf(stderr, _("%s: Could not open proc directory for target %u\n"),
-			Prog, target);
-		return EXIT_FAILURE;
+	if (strlen(target_str) > 3 && strncmp(target_str, "fd:", 3) == 0) {
+		/* the user passed in a /proc/pid fd for the process */
+		target_str = &target_str[3];
+		proc_dir_fd = get_pidfd_from_fd(target_str);
+		if (proc_dir_fd < 0)
+			usage();
+	} else {
+		proc_dir_fd = open_pidfd(target_str);
+		if (proc_dir_fd < 0)
+			usage();
 	}
 
 	/* Who am i? */
@@ -129,8 +119,7 @@ int main(int argc, char **argv)
 
 	/* Get the effective uid and effective gid of the target process */
 	if (fstat(proc_dir_fd, &st) < 0) {
-		fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
-			Prog, target);
+		fprintf(stderr, _("%s: Could not stat directory for target process\n"), Prog);
 		return EXIT_FAILURE;
 	}
 
@@ -142,10 +131,10 @@ int main(int argc, char **argv)
 	    (!getdef_bool("GRANT_AUX_GROUP_SUBIDS") && (getgid() != pw->pw_gid)) ||
 	    (pw->pw_uid != st.st_uid) ||
 	    (getgid() != st.st_gid)) {
-		fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-			Prog, target,
-			(unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-			(unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
+		fprintf(stderr, _( "%s: Target process is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
+			Prog,
+			(unsigned long)getuid(), (unsigned long)pw->pw_uid, (unsigned long)st.st_uid,
+			(unsigned long)getgid(), (unsigned long)pw->pw_gid, (unsigned long)st.st_gid);
 		return EXIT_FAILURE;
 	}
 
diff --git a/src/newusers.c b/src/newusers.c
index deeb361..0705b57 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -29,6 +29,9 @@
 #include <ctype.h>
 #include <errno.h>
 #include <string.h>
+
+#include "alloc.h"
+#include "atoi/str2i.h"
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
@@ -48,17 +51,19 @@
 #endif				/* ENABLE_SUBIDS */
 #include "chkname.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "newusers";
 
 static bool rflg = false;	/* create a system account */
 #ifndef USE_PAM
 static /*@null@*//*@observer@*/char *crypt_method = NULL;
 #define cflg (NULL != crypt_method)
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 static bool sflg = false;
 #endif
 #ifdef USE_SHA_CRYPT
@@ -88,8 +93,8 @@ static bool sub_gid_locked = false;
 #endif				/* ENABLE_SUBIDS */
 
 /* local function prototypes */
-static void usage (int status);
-static void fail_exit (int);
+NORETURN static void usage (int status);
+NORETURN static void fail_exit (int);
 static int add_group (const char *, const char *, gid_t *, gid_t);
 static int get_user_id (const char *, uid_t *);
 static int add_user (const char *, uid_t, gid_t);
@@ -235,7 +240,7 @@ static int add_group (const char *name, const char *gid, gid_t *ngid, uid_t uid)
 		 * new group, or an existing group.
 		 */
 
-		if (get_gid (gid, &grent.gr_gid) == 0) {
+		if (get_gid(gid, &grent.gr_gid) == -1) {
 			fprintf (stderr,
 			         _("%s: invalid group ID '%s'\n"),
 			         Prog, gid);
@@ -245,11 +250,11 @@ static int add_group (const char *name, const char *gid, gid_t *ngid, uid_t uid)
 		/* Look in both the system database (getgrgid) and in the
 		 * internal database (gr_locate_gid), which may contain
 		 * uncommitted changes */
-		if (   (getgrgid ((gid_t) grent.gr_gid) != NULL)
-		    || (gr_locate_gid ((gid_t) grent.gr_gid) != NULL)) {
+		if (   (getgrgid (grent.gr_gid) != NULL)
+		    || (gr_locate_gid (grent.gr_gid) != NULL)) {
 			/* The user will use this ID for her
 			 * primary group */
-			*ngid = (gid_t) grent.gr_gid;
+			*ngid = grent.gr_gid;
 			return 0;
 		}
 
@@ -339,7 +344,7 @@ static int get_user_id (const char *uid, uid_t *nuid) {
 	 * caller provided, or the next available UID.
 	 */
 	if (isdigit (uid[0])) {
-		if ((get_uid (uid, nuid) == 0) || (*nuid == (uid_t)-1)) {
+		if ((get_uid(uid, nuid) == -1) || (*nuid == (uid_t)-1)) {
 			fprintf (stderr,
 			         _("%s: invalid user ID '%s'\n"),
 			         Prog, uid);
@@ -350,22 +355,20 @@ static int get_user_id (const char *uid, uid_t *nuid) {
 			const struct passwd *pwd;
 			/* local, no need for xgetpwnam */
 			pwd = getpwnam (uid);
-			if (NULL == pwd) {
+			if (pwd == NULL)
 				pwd = pw_locate (uid);
-			}
 
-			if (NULL != pwd) {
-				*nuid = pwd->pw_uid;
-			} else {
+			if (pwd == NULL) {
 				fprintf (stderr,
 				         _("%s: user '%s' does not exist\n"),
 				         Prog, uid);
 				return -1;
 			}
+
+			*nuid = pwd->pw_uid;
 		} else {
-			if (find_new_uid (rflg, nuid, NULL) < 0) {
+			if (find_new_uid (rflg, nuid, NULL) < 0)
 				return -1;
-			}
 		}
 	}
 
@@ -527,7 +530,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 			}
 			spent.sp_pwdp = cp;
 		}
-		spent.sp_lstchg = (long) gettime () / SCALE;
+		spent.sp_lstchg = gettime () / DAY;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
@@ -584,7 +587,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 	 */
 	spent.sp_pwdp = "!";
 #endif
-	spent.sp_lstchg = (long) gettime () / SCALE;
+	spent.sp_lstchg = gettime () / DAY;
 	if (0 == spent.sp_lstchg) {
 		/* Better disable aging than requiring a password change */
 		spent.sp_lstchg = -1;
@@ -662,21 +665,28 @@ static void process_flags (int argc, char **argv)
 		case 's':
 			sflg = true;
                         bad_s = 0;
+
+			if (!crypt_method){
+				fprintf(stderr,
+						_("%s: Provide '--crypt-method' before number of rounds\n"),
+						Prog);
+				usage (EXIT_FAILURE);
+			}
 #if defined(USE_SHA_CRYPT)
 			if (  (   ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512")))
-			       && (0 == getlong(optarg, &sha_rounds)))) {
+			       && (-1 == str2sl(&sha_rounds, optarg)))) {
                             bad_s = 1;
                         }
 #endif				/* USE_SHA_CRYPT */
 #if defined(USE_BCRYPT)
                         if ((   (0 == strcmp (crypt_method, "BCRYPT"))
-			       && (0 == getlong(optarg, &bcrypt_rounds)))) {
+			       && (-1 == str2sl(&bcrypt_rounds, optarg)))) {
                             bad_s = 1;
                         }
 #endif				/* USE_BCRYPT */
 #if defined(USE_YESCRYPT)
                         if ((   (0 == strcmp (crypt_method, "YESCRYPT"))
-			       && (0 == getlong(optarg, &yescrypt_cost)))) {
+			       && (-1 == str2sl(&yescrypt_cost, optarg)))) {
                             bad_s = 1;
                         }
 #endif				/* USE_YESCRYPT */
@@ -702,8 +712,9 @@ static void process_flags (int argc, char **argv)
 
 	if (argv[optind] != NULL) {
 		if (freopen (argv[optind], "r", stdin) == NULL) {
-			char buf[BUFSIZ];
-			snprintf (buf, sizeof buf, "%s: %s", Prog, argv[1]);
+			char  buf[BUFSIZ];
+
+			SNPRINTF(buf, "%s: %s", Prog, argv[1]);
 			perror (buf);
 			fail_exit (EXIT_FAILURE);
 		}
@@ -1039,7 +1050,6 @@ int main (int argc, char **argv)
 	char *cp;
 	const struct passwd *pw;
 	struct passwd newpw;
-	int errors = 0;
 	int line = 0;
 	uid_t uid;
 	gid_t gid;
@@ -1050,7 +1060,6 @@ int main (int argc, char **argv)
 	unsigned int nusers = 0;
 #endif				/* USE_PAM */
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -1088,19 +1097,16 @@ int main (int argc, char **argv)
 	 * over 100 is allocated. The pw_gid field will be updated with that
 	 * value.
 	 */
-	while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
+	while (fgets (buf, sizeof buf, stdin) != NULL) {
 		line++;
 		cp = strrchr (buf, '\n');
-		if (NULL != cp) {
+		if (cp == NULL && feof (stdin) == 0) {
+			fprintf (stderr, _("%s: line %d: line too long\n"),
+				 Prog, line);
+			fail_exit (EXIT_FAILURE);
+		}
+		if (cp != NULL) {
 			*cp = '\0';
-		} else {
-			if (feof (stdin) == 0) {
-				fprintf (stderr,
-				         _("%s: line %d: line too long\n"),
-				         Prog, line);
-				errors++;
-				continue;
-			}
 		}
 
 		/*
@@ -1111,39 +1117,35 @@ int main (int argc, char **argv)
 		for (cp = buf, nfields = 0; nfields < 7; nfields++) {
 			fields[nfields] = cp;
 			cp = strchr (cp, ':');
-			if (NULL != cp) {
-				*cp = '\0';
-				cp++;
-			} else {
+			if (cp == NULL)
 				break;
-			}
+
+			*cp = '\0';
+			cp++;
 		}
 		if (nfields != 6) {
 			fprintf (stderr, _("%s: line %d: invalid line\n"),
 			         Prog, line);
-			errors++;
-			continue;
+			fail_exit (EXIT_FAILURE);
 		}
 
 		/*
-		 * First check if we have to create or update an user
+		 * First check if we have to create or update a user
 		 */
 		pw = pw_locate (fields[0]);
 		/* local, no need for xgetpwnam */
-		if (   (NULL == pw)
-		    && (getpwnam (fields[0]) != NULL)) {
-			fprintf (stderr, _("%s: cannot update the entry of user %s (not in the passwd database)\n"), Prog, fields[0]);
-			errors++;
-			continue;
+		if (NULL == pw && getpwnam(fields[0]) != NULL) {
+			fprintf (stderr,
+				 _("%s: cannot update the entry of user %s (not in the passwd database)\n"),
+				 Prog, fields[0]);
+			fail_exit (EXIT_FAILURE);
 		}
 
-		if (   (NULL == pw)
-		    && (get_user_id (fields[2], &uid) != 0)) {
+		if (NULL == pw && get_user_id(fields[2], &uid) != 0) {
 			fprintf (stderr,
 			         _("%s: line %d: can't create user\n"),
 			         Prog, line);
-			errors++;
-			continue;
+			fail_exit (EXIT_FAILURE);
 		}
 
 		/*
@@ -1163,8 +1165,7 @@ int main (int argc, char **argv)
 			fprintf (stderr,
 			         _("%s: line %d: can't create group\n"),
 			         Prog, line);
-			errors++;
-			continue;
+			fail_exit (EXIT_FAILURE);
 		}
 
 		/*
@@ -1179,8 +1180,7 @@ int main (int argc, char **argv)
 			fprintf (stderr,
 			         _("%s: line %d: can't create user\n"),
 			         Prog, line);
-			errors++;
-			continue;
+			fail_exit (EXIT_FAILURE);
 		}
 
 		/*
@@ -1192,17 +1192,22 @@ int main (int argc, char **argv)
 			fprintf (stderr,
 			         _("%s: line %d: user '%s' does not exist in %s\n"),
 			         Prog, line, fields[0], pw_dbname ());
-			errors++;
-			continue;
+			fail_exit (EXIT_FAILURE);
 		}
 		newpw = *pw;
 
 #ifdef USE_PAM
 		/* keep the list of user/password for later update by PAM */
 		nusers++;
-		lines     = realloc (lines,     sizeof (lines[0])     * nusers);
-		usernames = realloc (usernames, sizeof (usernames[0]) * nusers);
-		passwords = realloc (passwords, sizeof (passwords[0]) * nusers);
+		lines     = REALLOCF(lines, nusers, int);
+		usernames = REALLOCF(usernames, nusers, char *);
+		passwords = REALLOCF(passwords, nusers, char *);
+		if (lines == NULL || usernames == NULL || passwords == NULL) {
+			fprintf (stderr,
+			         _("%s: line %d: %s\n"),
+			         Prog, line, strerror(errno));
+			fail_exit (EXIT_FAILURE);
+		}
 		lines[nusers-1]     = line;
 		usernames[nusers-1] = strdup (fields[0]);
 		passwords[nusers-1] = strdup (fields[1]);
@@ -1211,8 +1216,7 @@ int main (int argc, char **argv)
 			fprintf (stderr,
 			         _("%s: line %d: can't update password\n"),
 			         Prog, line);
-			errors++;
-			continue;
+			fail_exit (EXIT_FAILURE);
 		}
 		if ('\0' != fields[4][0]) {
 			newpw.pw_gecos = fields[4];
@@ -1235,21 +1239,24 @@ int main (int argc, char **argv)
 				fprintf(stderr,
 					_("%s: line %d: homedir must be an absolute path\n"),
 					Prog, line);
-				errors++;
-				continue;
-			};
+				fail_exit (EXIT_FAILURE);
+			}
 			if (mkdir (newpw.pw_dir, mode) != 0) {
 				fprintf (stderr,
 				         _("%s: line %d: mkdir %s failed: %s\n"),
 				         Prog, line, newpw.pw_dir,
 				         strerror (errno));
-			} else if (chown (newpw.pw_dir,
-			                  newpw.pw_uid,
-			                  newpw.pw_gid) != 0) {
+				if (errno != EEXIST) {
+					fail_exit (EXIT_FAILURE);
+				}
+			}
+			if (chown(newpw.pw_dir, newpw.pw_uid, newpw.pw_gid) != 0)
+			{
 				fprintf (stderr,
 				         _("%s: line %d: chown %s failed: %s\n"),
 				         Prog, line, newpw.pw_dir,
 				         strerror (errno));
+				fail_exit (EXIT_FAILURE);
 			}
 		}
 
@@ -1260,8 +1267,7 @@ int main (int argc, char **argv)
 			fprintf (stderr,
 			         _("%s: line %d: can't update entry\n"),
 			         Prog, line);
-			errors++;
-			continue;
+			fail_exit (EXIT_FAILURE);
 		}
 
 #ifdef ENABLE_SUBIDS
@@ -1271,17 +1277,19 @@ int main (int argc, char **argv)
 		if (is_sub_uid && want_subuids() && !local_sub_uid_assigned(fields[0])) {
 			uid_t sub_uid_start = 0;
 			unsigned long sub_uid_count = 0;
-			if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) == 0) {
-				if (sub_uid_add(fields[0], sub_uid_start, sub_uid_count) == 0) {
-					fprintf (stderr,
-						_("%s: failed to prepare new %s entry\n"),
-						Prog, sub_uid_dbname ());
-				}
-			} else {
+			if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) != 0)
+			{
 				fprintf (stderr,
 					_("%s: can't find subordinate user range\n"),
 					Prog);
-				errors++;
+				fail_exit (EXIT_FAILURE);
+			}
+			if (sub_uid_add(fields[0], sub_uid_start, sub_uid_count) == 0)
+			{
+				fprintf (stderr,
+					_("%s: failed to prepare new %s entry\n"),
+					Prog, sub_uid_dbname ());
+				fail_exit (EXIT_FAILURE);
 			}
 		}
 
@@ -1291,17 +1299,17 @@ int main (int argc, char **argv)
 		if (is_sub_gid && want_subgids() && !local_sub_gid_assigned(fields[0])) {
 			gid_t sub_gid_start = 0;
 			unsigned long sub_gid_count = 0;
-			if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) == 0) {
-				if (sub_gid_add(fields[0], sub_gid_start, sub_gid_count) == 0) {
-					fprintf (stderr,
-						_("%s: failed to prepare new %s entry\n"),
-						Prog, sub_uid_dbname ());
-				}
-			} else {
+			if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) != 0) {
 				fprintf (stderr,
 					_("%s: can't find subordinate group range\n"),
 					Prog);
-				errors++;
+				fail_exit (EXIT_FAILURE);
+			}
+			if (sub_gid_add(fields[0], sub_gid_start, sub_gid_count) == 0) {
+				fprintf (stderr,
+					_("%s: failed to prepare new %s entry\n"),
+					Prog, sub_uid_dbname ());
+				fail_exit (EXIT_FAILURE);
 			}
 		}
 #endif				/* ENABLE_SUBIDS */
@@ -1314,12 +1322,6 @@ int main (int argc, char **argv)
 	 * changes to be written out all at once, and then unlocked
 	 * afterwards.
 	 */
-	if (0 != errors) {
-		fprintf (stderr,
-		         _("%s: error detected, changes ignored\n"), Prog);
-		fail_exit (EXIT_FAILURE);
-	}
-
 	close_files ();
 
 	nscd_flush_cache ("passwd");
@@ -1334,11 +1336,11 @@ int main (int argc, char **argv)
 			fprintf (stderr,
 			         _("%s: (line %d, user %s) password not changed\n"),
 			         Prog, lines[i], usernames[i]);
-			errors++;
+			exit (EXIT_FAILURE);
 		}
 	}
 #endif				/* USE_PAM */
 
-	return ((0 == errors) ? EXIT_SUCCESS : EXIT_FAILURE);
+	exit (EXIT_SUCCESS);
 }
 
diff --git a/src/passwd.c b/src/passwd.c
index 8c6f81a..2999a3c 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -19,8 +19,13 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <time.h>
+
+#include "agetpass.h"
+#include "alloc.h"
+#include "atoi/str2i.h"
 #include "defines.h"
 #include "getdef.h"
+#include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -28,6 +33,10 @@
 #include "pwio.h"
 #include "shadowio.h"
 #include "shadowlog.h"
+#include "string/strtcpy.h"
+#include "time/day_to_str.h"
+
+
 
 /*
  * exit status values
@@ -43,12 +52,14 @@
 /*
  * Global variables
  */
-const char *Prog;		/* Program name */
+static const char Prog[] = "passwd";	/* Program name */
 
 static char *name;		/* The name of user whose password is being changed */
 static char *myname;		/* The current user's name */
 static bool amroot;		/* The caller's real UID was 0 */
 
+static const char *prefix = "";
+
 static bool
     aflg = false,			/* -a - show status for all users */
     dflg = false,			/* -d - delete password */
@@ -61,7 +72,8 @@ static bool
     Sflg = false,			/* -S - show password status */
     uflg = false,			/* -u - unlock the user's password */
     wflg = false,			/* -w - set warning days */
-    xflg = false;			/* -x - set maximum days */
+    xflg = false,			/* -x - set maximum days */
+    sflg = false;			/* -s - read passwd from stdin */
 
 /*
  * set to 1 if there are any flags which require root privileges,
@@ -74,14 +86,16 @@ static long age_max = 0;	/* Maximum days until change     */
 static long warn = 0;		/* Warning days before change   */
 static long inact = 0;		/* Days without change before locked */
 
-#ifndef USE_PAM
 static bool do_update_age = false;
-#endif				/* ! USE_PAM */
+#ifdef USE_PAM
+static bool use_pam = true;
+#else
+static bool use_pam = false;
+#endif				/* USE_PAM */
 
 static bool pw_locked = false;
 static bool spw_locked = false;
 
-#ifndef USE_PAM
 /*
  * Size of the biggest passwd:
  *   $6$	3
@@ -97,25 +111,21 @@ static bool spw_locked = false;
  */
 static char crypt_passwd[256];
 static bool do_update_pwd = false;
-#endif				/* !USE_PAM */
 
 /*
  * External identifiers
  */
 
 /* local function prototypes */
-static /*@noreturn@*/void usage (int);
+NORETURN static void usage (int);
 
-#ifndef USE_PAM
-static bool reuse (const char *, const struct passwd *);
 static int new_password (const struct passwd *);
 
 static void check_password (const struct passwd *, const struct spwd *);
-#endif				/* !USE_PAM */
 static /*@observer@*/const char *pw_status (const char *);
 static void print_status (const struct passwd *);
-static /*@noreturn@*/void fail_exit (int);
-static /*@noreturn@*/void oom (void);
+NORETURN static void fail_exit (int);
+NORETURN static void oom (void);
 static char *update_crypt_pw (char *);
 static void update_noshadow (void);
 
@@ -124,7 +134,9 @@ static void update_shadow (void);
 /*
  * usage - print command usage and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -145,37 +157,17 @@ static /*@noreturn@*/void usage (int status)
 	(void) fputs (_("  -q, --quiet                   quiet mode\n"), usageout);
 	(void) fputs (_("  -r, --repository REPOSITORY   change password in REPOSITORY repository\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
 	(void) fputs (_("  -S, --status                  report password status on the named account\n"), usageout);
 	(void) fputs (_("  -u, --unlock                  unlock the password of the named account\n"), usageout);
 	(void) fputs (_("  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS\n"), usageout);
 	(void) fputs (_("  -x, --maxdays MAX_DAYS        set maximum number of days before password\n"
 	                "                                change to MAX_DAYS\n"), usageout);
+	(void) fputs (_("  -s, --stdin                   read new token from stdin\n"), usageout);
 	(void) fputs ("\n", usageout);
 	exit (status);
 }
 
-#ifndef USE_PAM
-static bool reuse (const char *pass, const struct passwd *pw)
-{
-#ifdef HAVE_LIBCRACK_HIST
-	const char *reason;
-
-#ifdef HAVE_LIBCRACK_PW
-	const char *FascistHistoryPw (const char *, const struct passwd *);
-
-	reason = FascistHistory (pass, pw);
-#else				/* !HAVE_LIBCRACK_PW */
-	const char *FascistHistory (const char *, int);
-
-	reason = FascistHistory (pass, pw->pw_uid);
-#endif				/* !HAVE_LIBCRACK_PW */
-	if (NULL != reason) {
-		(void) printf (_("Bad password: %s.  "), reason);
-		return true;
-	}
-#endif				/* HAVE_LIBCRACK_HIST */
-	return false;
-}
 
 /*
  * new_password - validate old password and replace with new (both old and
@@ -186,25 +178,22 @@ static int new_password (const struct passwd *pw)
 	char *clear;		/* Pointer to clear text */
 	char *cipher;		/* Pointer to cipher text */
 	const char *salt;	/* Pointer to new salt */
-	char *cp;		/* Pointer to getpass() response */
-	char orig[200];		/* Original password */
-	char pass[200];		/* New password */
+	char *cp;		/* Pointer to agetpass() response */
+	char orig[PASS_MAX + 1];	/* Original password */
+	char pass[PASS_MAX + 1];	/* New password */
 	int i;			/* Counter for retries */
+	int ret;
 	bool warned;
 	int pass_max_len = -1;
 	const char *method;
 
-#ifdef HAVE_LIBCRACK_HIST
-	int HistUpdate (const char *, const char *);
-#endif				/* HAVE_LIBCRACK_HIST */
-
 	/*
 	 * Authenticate the user. The user will be prompted for their own
 	 * password.
 	 */
 
 	if (!amroot && ('\0' != crypt_passwd[0])) {
-		clear = getpass (_("Old password: "));
+		clear = agetpass (_("Old password: "));
 		if (NULL == clear) {
 			return -1;
 		}
@@ -212,7 +201,7 @@ static int new_password (const struct passwd *pw)
 		cipher = pw_encrypt (clear, crypt_passwd);
 
 		if (NULL == cipher) {
-			strzero (clear);
+			erase_pass (clear);
 			fprintf (stderr,
 			         _("%s: failed to crypt password with previous salt: %s\n"),
 			         Prog, strerror (errno));
@@ -223,7 +212,7 @@ static int new_password (const struct passwd *pw)
 		}
 
 		if (strcmp (cipher, crypt_passwd) != 0) {
-			strzero (clear);
+			erase_pass (clear);
 			strzero (cipher);
 			SYSLOG ((LOG_WARN, "incorrect password for %s",
 			         pw->pw_name));
@@ -233,8 +222,8 @@ static int new_password (const struct passwd *pw)
 			                pw->pw_name);
 			return -1;
 		}
-		STRFCPY (orig, clear);
-		strzero (clear);
+		STRTCPY(orig, clear);
+		erase_pass (clear);
 		strzero (cipher);
 	} else {
 		orig[0] = '\0';
@@ -270,7 +259,7 @@ static int new_password (const struct passwd *pw)
 			pass_max_len = getdef_num ("PASS_MAX_LEN", 8);
 		}
 	}
-	if (!qflg) {
+	if (!qflg && !sflg) {
 		if (pass_max_len == -1) {
 			(void) printf (_(
 "Enter the new password (minimum of %d characters)\n"
@@ -284,62 +273,87 @@ static int new_password (const struct passwd *pw)
 		}
 	}
 
-	warned = false;
-	for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) {
-		cp = getpass (_("New password: "));
+	if (sflg) {
+		/*
+		 * root is setting the passphrase from stdin
+		 */
+		cp = agetpass_stdin ();
 		if (NULL == cp) {
-			memzero (orig, sizeof orig);
-			memzero (pass, sizeof pass);
 			return -1;
 		}
-		if (warned && (strcmp (pass, cp) != 0)) {
-			warned = false;
+		ret = STRTCPY (pass, cp);
+		erase_pass (cp);
+		if (ret == -1) {
+			(void) fputs (_("Password is too long.\n"), stderr);
+			MEMZERO(pass);
+			return -1;
 		}
-		STRFCPY (pass, cp);
-		strzero (cp);
+	} else {
+		warned = false;
+		for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) {
+			cp = agetpass (_("New password: "));
+			if (NULL == cp) {
+				MEMZERO(orig);
+				MEMZERO(pass);
+				return -1;
+			}
+			if (warned && (strcmp (pass, cp) != 0)) {
+				warned = false;
+			}
+			ret = STRTCPY (pass, cp);
+			erase_pass (cp);
+			if (ret == -1) {
+				(void) fputs (_("Password is too long.\n"), stderr);
+				MEMZERO(orig);
+				MEMZERO(pass);
+				return -1;
+			}
 
-		if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
-			(void) puts (_("Try again."));
-			continue;
-		}
+			if (!amroot && !obscure(orig, pass, pw)) {
+				(void) puts (_("Try again."));
+				continue;
+			}
 
-		/*
-		 * If enabled, warn about weak passwords even if you are
-		 * root (enter this password again to use it anyway).
-		 * --marekm
-		 */
-		if (amroot && !warned && getdef_bool ("PASS_ALWAYS_WARN")
-		    && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
-			(void) puts (_("\nWarning: weak password (enter it again to use it anyway)."));
-			warned = true;
-			continue;
+			/*
+			 * If enabled, warn about weak passwords even if you are
+			 * root (enter this password again to use it anyway).
+			 * --marekm
+			 */
+			if (amroot && !warned && getdef_bool ("PASS_ALWAYS_WARN")
+				&& !obscure(orig, pass, pw)) {
+				(void) puts (_("\nWarning: weak password (enter it again to use it anyway)."));
+				warned = true;
+				continue;
+			}
+			cp = agetpass (_("Re-enter new password: "));
+			if (NULL == cp) {
+				MEMZERO(orig);
+				MEMZERO(pass);
+				return -1;
+			}
+			if (strcmp (cp, pass) != 0) {
+				erase_pass (cp);
+				(void) fputs (_("They don't match; try again.\n"), stderr);
+			} else {
+				erase_pass (cp);
+				break;
+			}
 		}
-		cp = getpass (_("Re-enter new password: "));
-		if (NULL == cp) {
-			memzero (orig, sizeof orig);
-			memzero (pass, sizeof pass);
+		MEMZERO(orig);
+
+		if (i == 0) {
+			MEMZERO(pass);
 			return -1;
 		}
-		if (strcmp (cp, pass) != 0) {
-			(void) fputs (_("They don't match; try again.\n"), stderr);
-		} else {
-			strzero (cp);
-			break;
-		}
 	}
-	memzero (orig, sizeof orig);
 
-	if (i == 0) {
-		memzero (pass, sizeof pass);
-		return -1;
-	}
 
 	/*
 	 * Encrypt the password, then wipe the cleartext password.
 	 */
 	salt = crypt_make_salt (NULL, NULL);
 	cp = pw_encrypt (pass, salt);
-	memzero (pass, sizeof pass);
+	MEMZERO(pass);
 
 	if (NULL == cp) {
 		fprintf (stderr,
@@ -348,10 +362,7 @@ static int new_password (const struct passwd *pw)
 		return -1;
 	}
 
-#ifdef HAVE_LIBCRACK_HIST
-	HistUpdate (pw->pw_name, crypt_passwd);
-#endif				/* HAVE_LIBCRACK_HIST */
-	STRFCPY (crypt_passwd, cp);
+	STRTCPY(crypt_passwd, cp);
 	return 0;
 }
 
@@ -363,7 +374,6 @@ static int new_password (const struct passwd *pw)
  */
 static void check_password (const struct passwd *pw, const struct spwd *sp)
 {
-	time_t now;
 	int exp_status;
 
 	exp_status = isexpired (pw, sp);
@@ -383,8 +393,6 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
 		return;
 	}
 
-	(void) time (&now);
-
 	/*
 	 * Expired accounts cannot be changed ever. Passwords which are
 	 * locked may not be changed. Passwords where min > max may not be
@@ -407,10 +415,12 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
 	 * Passwords may only be changed after sp_min time is up.
 	 */
 	if (sp->sp_lstchg > 0) {
-		time_t ok;
-		ok = (time_t) sp->sp_lstchg * SCALE;
-		if (sp->sp_min > 0) {
-			ok += (time_t) sp->sp_min * SCALE;
+		long now, ok;
+		now = time(NULL) / DAY;
+		ok = sp->sp_lstchg;
+		if (   (sp->sp_min > 0)
+		    && __builtin_add_overflow(ok, sp->sp_min, &ok)) {
+			ok = LONG_MAX;
 		}
 
 		if (now < ok) {
@@ -423,7 +433,6 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
 		}
 	}
 }
-#endif				/* !USE_PAM */
 
 static /*@observer@*/const char *pw_status (const char *pass)
 {
@@ -444,17 +453,17 @@ static void print_status (const struct passwd *pw)
 	char         date[80];
 	struct spwd *sp;
 
-	sp = getspnam (pw->pw_name); /* local, no need for xgetspnam */
+	sp = prefix_getspnam (pw->pw_name); /* local, no need for xprefix_getspnam */
 	if (NULL != sp) {
-		date_to_str (sizeof(date), date, sp->sp_lstchg * SCALE),
-		(void) printf ("%s %s %s %lld %lld %lld %lld\n",
+		DAY_TO_STR(date, sp->sp_lstchg);
+		(void) printf ("%s %s %s %ld %ld %ld %ld\n",
 		               pw->pw_name,
 		               pw_status (sp->sp_pwdp),
 		               date,
-		               ((long long)sp->sp_min * SCALE) / DAY,
-		               ((long long)sp->sp_max * SCALE) / DAY,
-		               ((long long)sp->sp_warn * SCALE) / DAY,
-		               ((long long)sp->sp_inact * SCALE) / DAY);
+		               sp->sp_min,
+		               sp->sp_max,
+		               sp->sp_warn,
+		               sp->sp_inact);
 	} else if (NULL != pw->pw_passwd) {
 		(void) printf ("%s %s\n",
 		               pw->pw_name, pw_status (pw->pw_passwd));
@@ -465,7 +474,9 @@ static void print_status (const struct passwd *pw)
 }
 
 
-static /*@noreturn@*/void fail_exit (int status)
+NORETURN
+static void
+fail_exit (int status)
 {
 	if (pw_locked) {
 		if (pw_unlock () == 0) {
@@ -486,7 +497,9 @@ static /*@noreturn@*/void fail_exit (int status)
 	exit (status);
 }
 
-static /*@noreturn@*/void oom (void)
+NORETURN
+static void
+oom (void)
 {
 	(void) fprintf (stderr, _("%s: out of memory\n"), Prog);
 	fail_exit (E_FAILURE);
@@ -494,11 +507,12 @@ static /*@noreturn@*/void oom (void)
 
 static char *update_crypt_pw (char *cp)
 {
-#ifndef USE_PAM
-	if (do_update_pwd) {
-		cp = xstrdup (crypt_passwd);
+	if (!use_pam)
+	{
+		if (do_update_pwd) {
+			cp = xstrdup (crypt_passwd);
+		}
 	}
-#endif				/* !USE_PAM */
 
 	if (dflg) {
 		*cp = '\0';
@@ -517,15 +531,16 @@ static char *update_crypt_pw (char *cp)
 	}
 
 	if (lflg && *cp != '!') {
-		char *newpw = xmalloc (strlen (cp) + 2);
+		char *newpw = XMALLOC(strlen(cp) + 2, char);
 
 		strcpy (newpw, "!");
 		strcat (newpw, cp);
-#ifndef USE_PAM
-		if (do_update_pwd) {
-			free (cp);
+		if (!use_pam)
+		{
+			if (do_update_pwd) {
+				free (cp);
+			}
 		}
-#endif /* USE_PAM */
 		cp = newpw;
 	}
 	return cp;
@@ -626,27 +641,28 @@ static void update_shadow (void)
 	}
 	nsp->sp_pwdp = update_crypt_pw (nsp->sp_pwdp);
 	if (xflg) {
-		nsp->sp_max = (age_max * DAY) / SCALE;
+		nsp->sp_max = age_max;
 	}
 	if (nflg) {
-		nsp->sp_min = (age_min * DAY) / SCALE;
+		nsp->sp_min = age_min;
 	}
 	if (wflg) {
-		nsp->sp_warn = (warn * DAY) / SCALE;
+		nsp->sp_warn = warn;
 	}
 	if (iflg) {
-		nsp->sp_inact = (inact * DAY) / SCALE;
+		nsp->sp_inact = inact;
 	}
-#ifndef USE_PAM
-	if (do_update_age) {
-		nsp->sp_lstchg = (long) gettime () / SCALE;
-		if (0 == nsp->sp_lstchg) {
-			/* Better disable aging than requiring a password
-			 * change */
-			nsp->sp_lstchg = -1;
+	if (!use_pam)
+	{
+		if (do_update_age) {
+			nsp->sp_lstchg = gettime () / DAY;
+			if (0 == nsp->sp_lstchg) {
+				/* Better disable aging than requiring a password
+				 * change */
+				nsp->sp_lstchg = -1;
+			}
 		}
 	}
-#endif				/* !USE_PAM */
 
 	/*
 	 * Force change on next login, like SunOS 4.x passwd -e or Solaris
@@ -690,18 +706,16 @@ static void update_shadow (void)
  *
  *	-d	delete the password for the named account (*)
  *	-e	expire the password for the named account (*)
- *	-f	execute chfn command to interpret flags
- *	-g	execute gpasswd command to interpret flags
  *	-i #	set sp_inact to # days (*)
  *	-k	change password only if expired
  *	-l	lock the password of the named account (*)
  *	-n #	set sp_min to # days (*)
  *	-r #	change password in # repository
- *	-s	execute chsh command to interpret flags
  *	-S	show password status of named account
  *	-u	unlock the password of the named account (*)
  *	-w #	set sp_warn to # days (*)
  *	-x #	set sp_max to # days (*)
+ *	-s	read password from stdin (*)
  *
  *	(*) requires root permission to execute.
  *
@@ -713,19 +727,13 @@ int main (int argc, char **argv)
 {
 	const struct passwd *pw;	/* Password file entry for user      */
 
-#ifndef USE_PAM
 	char *cp;		/* Miscellaneous character pointing  */
 
 	const struct spwd *sp;	/* Shadow file entry for user   */
-#endif				/* !USE_PAM */
 
 	sanitize_env ();
+	check_fds ();
 
-	/*
-	 * Get the program name. The program name is used as a prefix to
-	 * most error messages.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -734,6 +742,12 @@ int main (int argc, char **argv)
 	(void) textdomain (PACKAGE);
 
 	process_root_flag ("-R", argc, argv);
+	prefix = process_prefix_flag ("-P", argc, argv);
+
+	if (prefix[0]) {
+		use_pam = false;
+		do_update_age = true;
+	}
 
 	/*
 	 * The program behaves differently when executed by root than when
@@ -741,7 +755,7 @@ int main (int argc, char **argv)
 	 */
 	amroot = (getuid () == 0);
 
-	OPENLOG ("passwd");
+	OPENLOG (Prog);
 
 	{
 		/*
@@ -760,14 +774,16 @@ int main (int argc, char **argv)
 			{"quiet",       no_argument,       NULL, 'q'},
 			{"repository",  required_argument, NULL, 'r'},
 			{"root",        required_argument, NULL, 'R'},
+			{"prefix",      required_argument, NULL, 'P'},
 			{"status",      no_argument,       NULL, 'S'},
 			{"unlock",      no_argument,       NULL, 'u'},
 			{"warndays",    required_argument, NULL, 'w'},
 			{"maxdays",     required_argument, NULL, 'x'},
+			{"stdin",       no_argument,       NULL, 's'},
 			{NULL, 0, NULL, '\0'}
 		};
 
-		while ((c = getopt_long (argc, argv, "adehi:kln:qr:R:Suw:x:",
+		while ((c = getopt_long (argc, argv, "adehi:kln:qr:R:P:Suw:x:s",
 		                         long_options, NULL)) != -1) {
 			switch (c) {
 			case 'a':
@@ -785,7 +801,7 @@ int main (int argc, char **argv)
 				usage (E_SUCCESS);
 				/*@notreached@*/break;
 			case 'i':
-				if (   (getlong (optarg, &inact) == 0)
+				if (   (str2sl(&inact, optarg) == -1)
 				    || (inact < -1)) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
@@ -804,7 +820,7 @@ int main (int argc, char **argv)
 				anyflag = true;
 				break;
 			case 'n':
-				if (   (getlong (optarg, &age_min) == 0)
+				if (   (str2sl(&age_min, optarg) == -1)
 				    || (age_min < -1)) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
@@ -829,6 +845,8 @@ int main (int argc, char **argv)
 				break;
 			case 'R': /* no-op, handled in process_root_flag () */
 				break;
+			case 'P': /* no-op, handled in process_prefix_flag () */
+				break;
 			case 'S':
 				Sflg = true;	/* ok for users */
 				break;
@@ -837,7 +855,7 @@ int main (int argc, char **argv)
 				anyflag = true;
 				break;
 			case 'w':
-				if (   (getlong (optarg, &warn) == 0)
+				if (   (str2sl(&warn, optarg) == -1)
 				    || (warn < -1)) {
 					(void) fprintf (stderr,
 					                _("%s: invalid numeric argument '%s'\n"),
@@ -848,7 +866,7 @@ int main (int argc, char **argv)
 				anyflag = true;
 				break;
 			case 'x':
-				if (   (getlong (optarg, &age_max) == 0)
+				if (   (str2sl(&age_max, optarg) == -1)
 				    || (age_max < -1)) {
 					(void) fprintf (stderr,
 					                _("%s: invalid numeric argument '%s'\n"),
@@ -858,6 +876,15 @@ int main (int argc, char **argv)
 				xflg = true;
 				anyflag = true;
 				break;
+			case 's':
+				if (!amroot) {
+					(void) fprintf (stderr,
+					                _("%s: only root can use --stdin/-s option\n"),
+					                Prog);
+					usage (E_BAD_ARG);
+				}
+				sflg = true;
+				break;
 			default:
 				usage (E_BAD_ARG);
 			}
@@ -906,11 +933,11 @@ int main (int argc, char **argv)
 			                Prog);
 			exit (E_NOPERM);
 		}
-		setpwent ();
-		while ( (pw = getpwent ()) != NULL ) {
+		prefix_setpwent ();
+		while ( (pw = prefix_getpwent ()) != NULL ) {
 			print_status (pw);
 		}
-		endpwent ();
+		prefix_endpwent ();
 		exit (E_SUCCESS);
 	}
 #if 0
@@ -947,7 +974,7 @@ int main (int argc, char **argv)
 		exit (E_NOPERM);
 	}
 
-	pw = xgetpwnam (name);
+	pw = xprefix_getpwnam (name);
 	if (NULL == pw) {
 		(void) fprintf (stderr,
 		                _("%s: user '%s' does not exist\n"),
@@ -957,7 +984,7 @@ int main (int argc, char **argv)
 #ifdef WITH_SELINUX
 	/* only do this check when getuid()==0 because it's a pre-condition for
 	   changing a password without entering the old one */
-	if (amroot && (check_selinux_permit ("passwd") != 0)) {
+	if (amroot && (check_selinux_permit (Prog) != 0)) {
 		SYSLOG ((LOG_ALERT,
 		         "root is not authorized by SELinux to change the password of %s",
 		         name));
@@ -977,8 +1004,8 @@ int main (int argc, char **argv)
 		                _("%s: You may not view or modify password information for %s.\n"),
 		                Prog, name);
 		SYSLOG ((LOG_WARN,
-		         "%s: can't view or modify password information for %s",
-		         Prog, name));
+		         "can't view or modify password information for %s",
+		         name));
 		closelog ();
 		exit (E_NOPERM);
 	}
@@ -987,53 +1014,55 @@ int main (int argc, char **argv)
 		print_status (pw);
 		exit (E_SUCCESS);
 	}
-#ifndef USE_PAM
-	/*
-	 * The user name is valid, so let's get the shadow file entry.
-	 */
-	sp = getspnam (name); /* !USE_PAM, no need for xgetspnam */
-	if (NULL == sp) {
-		if (errno == EACCES) {
-			(void) fprintf (stderr,
-			                _("%s: Permission denied.\n"),
-			                Prog);
-			exit (E_NOPERM);
-		}
-		sp = pwd_to_spwd (pw);
-	}
-
-	cp = sp->sp_pwdp;
-
-	/*
-	 * If there are no other flags, just change the password.
-	 */
-	if (!anyflag) {
-		STRFCPY (crypt_passwd, cp);
-
+	if (!use_pam)
+	{
 		/*
-		 * See if the user is permitted to change the password.
-		 * Otherwise, go ahead and set a new password.
+		 * The user name is valid, so let's get the shadow file entry.
 		 */
-		check_password (pw, sp);
+		sp = prefix_getspnam (name); /* !use_pam, no need for xprefix_getspnam */
+		if (NULL == sp) {
+			if (errno == EACCES) {
+				(void) fprintf (stderr,
+				                _("%s: Permission denied.\n"),
+				                Prog);
+				exit (E_NOPERM);
+			}
+			sp = pwd_to_spwd (pw);
+		}
+
+		cp = sp->sp_pwdp;
 
 		/*
-		 * Let the user know whose password is being changed.
+		 * If there are no other flags, just change the password.
 		 */
-		if (!qflg) {
-			(void) printf (_("Changing password for %s\n"), name);
-		}
+		if (!anyflag) {
+			STRTCPY(crypt_passwd, cp);
+
+			/*
+			 * See if the user is permitted to change the password.
+			 * Otherwise, go ahead and set a new password.
+			 */
+			check_password (pw, sp);
+
+			/*
+			 * Let the user know whose password is being changed.
+			 */
+			if (!qflg) {
+				(void) printf (_("Changing password for %s\n"), name);
+			}
 
-		if (new_password (pw) != 0) {
-			(void) fprintf (stderr,
-			                _("The password for %s is unchanged.\n"),
-			                name);
-			closelog ();
-			exit (E_NOPERM);
+			if (new_password (pw) != 0) {
+				(void) fprintf (stderr,
+				                _("The password for %s is unchanged.\n"),
+				                name);
+				closelog ();
+				exit (E_NOPERM);
+			}
+			do_update_pwd = true;
+			do_update_age = true;
 		}
-		do_update_pwd = true;
-		do_update_age = true;
 	}
-#endif				/* !USE_PAM */
+
 	/*
 	 * Before going any further, raise the ulimit to prevent colliding
 	 * into a lowered ulimit, and set the real UID to root to protect
@@ -1046,8 +1075,17 @@ int main (int argc, char **argv)
 	/*
 	 * Don't set the real UID for PAM...
 	 */
-	if (!anyflag) {
-		do_pam_passwd (name, qflg, kflg);
+	if (!anyflag && use_pam) {
+		if (sflg) {
+			cp = agetpass_stdin ();
+			if (cp == NULL) {
+				exit (E_FAILURE);
+			}
+			do_pam_passwd_non_interactive ("passwd", name, cp);
+			erase_pass (cp);
+		} else {
+			do_pam_passwd (name, qflg, kflg);
+		}
 		exit (E_SUCCESS);
 	}
 #endif				/* USE_PAM */
@@ -1081,4 +1119,3 @@ int main (int argc, char **argv)
 
 	return E_SUCCESS;
 }
-
diff --git a/src/pwck.c b/src/pwck.c
index eaa4163..70ff5e6 100644
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -47,7 +47,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "pwck";
 
 static bool use_system_pw_file = true;
 static bool use_system_spw_file = true;
@@ -66,7 +66,7 @@ static bool quiet = false;		/* don't report warnings, only errors */
 
 /* local function prototypes */
 static void fail_exit (int code);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static void process_flags (int argc, char **argv);
 static void open_files (void);
 static void close_files (bool changed);
@@ -109,7 +109,9 @@ static void fail_exit (int code)
 /*
  * usage - print syntax message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 #ifdef WITH_TCB
@@ -367,8 +369,8 @@ static void check_pw_file (int *errors, bool *changed)
 	struct commonio_entry *pfe, *tpfe;
 	struct passwd *pwd;
 	const struct spwd *spw;
-	uid_t min_sys_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
-	uid_t max_sys_id = (uid_t) getdef_ulong ("SYS_UID_MAX", 999UL);
+	uid_t min_sys_id = getdef_ulong ("SYS_UID_MIN", 101UL);
+	uid_t max_sys_id = getdef_ulong ("SYS_UID_MAX", 999UL);
 
 	/*
 	 * Loop through the entire password file.
@@ -607,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
 					sp.sp_inact  = -1;
 					sp.sp_expire = -1;
 					sp.sp_flag   = SHADOW_SP_FLAG_UNSET;
-					sp.sp_lstchg = (long) gettime () / SCALE;
+					sp.sp_lstchg = gettime () / DAY;
 					if (0 == sp.sp_lstchg) {
 						/* Better disable aging than
 						 * requiring a password change
@@ -812,9 +814,9 @@ static void check_spw_file (int *errors, bool *changed)
 		 * Warn if last password change in the future.  --marekm
 		 */
 		if (!quiet) {
-			time_t t = time ((time_t *) 0);
+			time_t t = time (NULL);
 			if (   (t != 0)
-			    && (spw->sp_lstchg > (long) t / SCALE)) {
+			    && (spw->sp_lstchg > t / DAY)) {
 				printf (_("user %s: last password change in the future\n"),
 			                spw->sp_namp);
 				*errors += 1;
@@ -831,10 +833,6 @@ int main (int argc, char **argv)
 	int errors = 0;
 	bool changed = false;
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -844,7 +842,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	OPENLOG ("pwck");
+	OPENLOG (Prog);
 
 	/* Parse the command line arguments */
 	process_flags (argc, argv);
diff --git a/src/pwconv.c b/src/pwconv.c
index 21d36e7..7dd327a 100644
--- a/src/pwconv.c
+++ b/src/pwconv.c
@@ -40,9 +40,11 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <strings.h>
 #include <time.h>
 #include <unistd.h>
 #include <getopt.h>
+
 #include "defines.h"
 #include "getdef.h"
 #include "prototypes.h"
@@ -66,7 +68,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "pwconv";
 
 static bool spw_locked = false;
 static bool pw_locked = false;
@@ -153,7 +155,6 @@ int main (int argc, char **argv)
 	const struct spwd *sp;
 	struct spwd spent;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -163,7 +164,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	OPENLOG ("pwconv");
+	OPENLOG (Prog);
 
 	process_flags (argc, argv);
 
@@ -237,7 +238,7 @@ int main (int argc, char **argv)
 			spent = *sp;
 		} else {
 			/* add new shadow entry */
-			memset (&spent, 0, sizeof spent);
+			bzero(&spent, sizeof spent);
 			spent.sp_namp   = pw->pw_name;
 			spent.sp_min    = getdef_num ("PASS_MIN_DAYS", -1);
 			spent.sp_max    = getdef_num ("PASS_MAX_DAYS", -1);
@@ -247,7 +248,7 @@ int main (int argc, char **argv)
 			spent.sp_flag   = SHADOW_SP_FLAG_UNSET;
 		}
 		spent.sp_pwdp = pw->pw_passwd;
-		spent.sp_lstchg = (long) gettime () / SCALE;
+		spent.sp_lstchg = gettime () / DAY;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
diff --git a/src/pwunconv.c b/src/pwunconv.c
index b862435..fe18113 100644
--- a/src/pwunconv.c
+++ b/src/pwunconv.c
@@ -18,6 +18,7 @@
 #include <unistd.h>
 #include <getopt.h>
 #include "defines.h"
+#include "getdef.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -30,7 +31,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "pwunconv";
 
 static bool spw_locked = false;
 static bool pw_locked = false;
@@ -114,7 +115,6 @@ int main (int argc, char **argv)
 	struct passwd pwent;
 	const struct spwd *spwd;
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -124,7 +124,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	OPENLOG ("pwunconv");
+	OPENLOG (Prog);
 
 	process_flags (argc, argv);
 
diff --git a/src/su.c b/src/su.c
index 6cd82fc..80c0859 100644
--- a/src/su.c
+++ b/src/su.c
@@ -45,6 +45,10 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #endif				/* !USE_PAM */
+
+#include "alloc.h"
+#include "attr.h"
+#include "cast.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "pwauth.h"
@@ -55,11 +59,14 @@
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+#include "string/strtcpy.h"
+
 
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "su";
 static /*@observer@*/const char *caller_tty = NULL;	/* Name of tty SU is run from */
 static bool caller_is_root = false;
 static uid_t caller_uid;
@@ -95,8 +102,8 @@ static pid_t pid_child = 0;
  * External identifiers
  */
 
-extern char **newenvp; /* libmisc/env.c */
-extern size_t newenvc; /* libmisc/env.c */
+extern char **newenvp; /* lib/env.c */
+extern size_t newenvc; /* lib/env.c */
 
 /* local function prototypes */
 
@@ -104,15 +111,16 @@ static void execve_shell (const char *shellname,
                           char *args[],
                           char *const envp[]);
 #ifdef USE_PAM
-static void kill_child (int unused(s));
+static void kill_child (MAYBE_UNUSED int s);
 static void prepare_pam_close_session (void);
 #else				/* !USE_PAM */
 static void die (int);
 static bool iswheel (const char *);
 #endif				/* !USE_PAM */
 static bool restricted_shell (const char *shellname);
-static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root);
+NORETURN static void su_failure (const char *tty, bool su_to_root);
 static /*@only@*/struct passwd * check_perms (void);
+static /*@only@*/struct passwd * do_check_perms (void);
 #ifdef USE_PAM
 static void check_perms_pam (const struct passwd *pw);
 #else				/* !USE_PAM */
@@ -157,13 +165,13 @@ static bool iswheel (const char *username)
 	return is_on_list (grp->gr_mem, username);
 }
 #else				/* USE_PAM */
-static void kill_child (int unused(s))
+static void kill_child (MAYBE_UNUSED int s)
 {
 	if (0 != pid_child) {
 		(void) kill (-pid_child, SIGKILL);
-		(void) write (STDERR_FILENO, kill_msg, strlen (kill_msg));
+		(void) write_full(STDERR_FILENO, kill_msg, strlen(kill_msg));
 	} else {
-		(void) write (STDERR_FILENO, wait_msg, strlen (wait_msg));
+		(void) write_full(STDERR_FILENO, wait_msg, strlen(wait_msg));
 	}
 	_exit (255);
 }
@@ -185,10 +193,11 @@ static bool restricted_shell (const char *shellname)
 	return true;
 }
 
-static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root)
+NORETURN
+static void
+su_failure (const char *tty, bool su_to_root)
 {
 	sulog (tty, false, caller_name, name);	/* log failed attempt */
-#ifdef USE_SYSLOG
 	if (getdef_bool ("SYSLOG_SU_ENAB")) {
 		SYSLOG ((su_to_root ? LOG_NOTICE : LOG_INFO,
 		         "- %s %s:%s", tty,
@@ -196,7 +205,6 @@ static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root)
 		         ('\0' != name[0]) ? name : "???"));
 	}
 	closelog ();
-#endif
 
 #ifdef WITH_AUDIT
 	audit_fd = audit_open ();
@@ -225,7 +233,7 @@ static void execve_shell (const char *shellname,
                           char *const envp[])
 {
 	int err;
-	(void) execve (shellname, (char **) args, envp);
+	(void) execve (shellname, args, envp);
 	err = errno;
 
 	if (access (shellname, R_OK|X_OK) == 0) {
@@ -238,7 +246,7 @@ static void execve_shell (const char *shellname,
 		while (NULL != args[n_args]) {
 			n_args++;
 		}
-		targs = (char **) xmalloc ((n_args + 3) * sizeof (args[0]));
+		targs = XMALLOC(n_args + 3, char *);
 		targs[0] = "sh";
 		targs[1] = "-";
 		targs[2] = xstrdup (shellname);
@@ -382,8 +390,8 @@ static void prepare_pam_close_session (void)
 		              stderr);
 		(void) kill (-pid_child, caught);
 
-		snprintf (kill_msg, sizeof kill_msg, _(" ...killed.\n"));
-		snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
+		SNPRINTF(kill_msg, _(" ...killed.\n"));
+		SNPRINTF(wait_msg, _(" ...waiting for child to terminate.\n"));
 
 		/* Any signals other than SIGCHLD and SIGALRM will no longer have any effect,
 		 * so it's time to block all of them. */
@@ -430,6 +438,7 @@ static void prepare_pam_close_session (void)
 /*
  * usage - print command line syntax and exit
  */
+NORETURN
 static void usage (int status)
 {
 	(void)
@@ -501,7 +510,8 @@ static void check_perms_nopam (const struct passwd *pw)
 	}
 
 	if (strcmp (pw->pw_passwd, "") == 0) {
-		char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
+		const char  *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
+
 		if (prevent_no_auth == NULL) {
 			prevent_no_auth = "superuser";
 		}
@@ -577,7 +587,7 @@ static void check_perms_nopam (const struct passwd *pw)
 	 * The first character of an administrator defined method is an '@'
 	 * character.
 	 */
-	if (pw_auth (password, name, PW_SU, (char *) 0) != 0) {
+	if (pw_auth (password, name, PW_SU, NULL) != 0) {
 		SYSLOG (((pw->pw_uid != 0)? LOG_NOTICE : LOG_WARN,
 		         "Authentication failed for %s", name));
 		fprintf(stderr, _("%s: Authentication failure\n"), Prog);
@@ -600,7 +610,7 @@ static void check_perms_nopam (const struct passwd *pw)
 	 * there is a "SU" entry in the /etc/porttime file denying access to
 	 * the account.
 	 */
-	if (!isttytime (name, "SU", time ((time_t *) 0))) {
+	if (!isttytime (name, "SU", time (NULL))) {
 		SYSLOG (((0 != pw->pw_uid) ? LOG_WARN : LOG_CRIT,
 		         "SU by %s to restricted account %s",
 		         caller_name, name));
@@ -615,14 +625,30 @@ static void check_perms_nopam (const struct passwd *pw)
 /*
  * check_perms - check permissions to switch to the user 'name'
  *
- *	In case of subsystem login, the user is first authenticated in the
- *	caller's root subsystem, and then in the user's target subsystem.
+ *	The user is authenticated in all subsystems iterately.
  */
 static /*@only@*/struct passwd * check_perms (void)
 {
+	struct passwd *pw = NULL;
+
+	while (pw == NULL)
+		pw = do_check_perms();
+	return pw;
+}
+
+/*
+ * do_check_perms - check permissions to switch to the user 'name'
+ *
+ *	The user is authenticated in current subsystem, if any. Returns
+ *	NULL if permissions have to be checked in next subsystem, in
+ *	which case the subsystem has already been entered.
+ */
+static /*@only@*/struct passwd * do_check_perms (void)
+{
 #ifdef USE_PAM
-	const char *tmp_name;
-	int ret;
+	int         ret;
+	const char  *tmp_name;
+	const void  *item;
 #endif				/* !USE_PAM */
 	/*
 	 * The password file entries for the user is gotten and the account
@@ -642,7 +668,7 @@ static /*@only@*/struct passwd * check_perms (void)
 #ifdef USE_PAM
 	check_perms_pam (pw);
 	/* PAM authentication can request a change of account */
-	ret = pam_get_item(pamh, PAM_USER, (const void **) &tmp_name);
+	ret = pam_get_item(pamh, PAM_USER, &item);
 	if (ret != PAM_SUCCESS) {
 		SYSLOG((LOG_ERR, "pam_get_item: internal PAM error\n"));
 		(void) fprintf (stderr,
@@ -651,12 +677,18 @@ static /*@only@*/struct passwd * check_perms (void)
 		(void) pam_end (pamh, ret);
 		su_failure (caller_tty, 0 == pw->pw_uid);
 	}
+	tmp_name = item;
 	if (strcmp (name, tmp_name) != 0) {
 		SYSLOG ((LOG_INFO,
 		         "Change user from '%s' to '%s' as requested by PAM",
 		         name, tmp_name));
-		strncpy (name, tmp_name, sizeof(name) - 1);
-		name[sizeof(name) - 1] = '\0';
+		if (STRTCPY(name, tmp_name) == -1) {
+			fprintf (stderr, _("Overlong user name '%s'\n"),
+			         tmp_name);
+			SYSLOG ((LOG_NOTICE, "Overlong user name '%s'",
+			         tmp_name));
+			su_failure (caller_tty, true);
+		}
 		pw = xgetpwnam (name);
 		if (NULL == pw) {
 			(void) fprintf (stderr,
@@ -684,7 +716,7 @@ static /*@only@*/struct passwd * check_perms (void)
 		endpwent ();		/* close the old password databases */
 		endspent ();
 		pw_free (pw);
-		return check_perms ();	/* authenticate in the subsystem */
+		return NULL;	/* authenticate in the subsystem */
 	}
 
 	return pw;
@@ -706,11 +738,6 @@ static void save_caller_context (char **argv)
 	const char *password = NULL;
 #endif				/* SU_ACCESS */
 #endif				/* !USE_PAM */
-	/*
-	 * Get the program name. The program name is used as a prefix to
-	 * most error messages.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -752,7 +779,7 @@ static void save_caller_context (char **argv)
 		         (unsigned long) caller_uid));
 		su_failure (caller_tty, true); /* unknown target UID*/
 	}
-	STRFCPY (caller_name, pw->pw_name);
+	STRTCPY(caller_name, pw->pw_name);
 
 #ifndef USE_PAM
 #ifdef SU_ACCESS
@@ -808,7 +835,7 @@ static void process_flags (int argc, char **argv)
 		case 'm':
 		case 'p':
 			/* This will only have an effect if the target
-			 * user do not have a restricted shell, or if
+			 * user does not have a restricted shell, or if
 			 * su is called by root.
 			 */
 			change_environment = false;
@@ -827,7 +854,7 @@ static void process_flags (int argc, char **argv)
 	}
 
 	if (optind < argc) {
-		STRFCPY (name, argv[optind++]);	/* use this login id */
+		STRTCPY(name, argv[optind++]);	/* use this login id */
 	}
 	if ('\0' == name[0]) {		/* use default user */
 		struct passwd *root_pw = getpwnam ("root");
@@ -980,20 +1007,22 @@ int main (int argc, char **argv)
 	int ret;
 #endif				/* USE_PAM */
 
+	check_fds ();
+
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
 	save_caller_context (argv);
 
-	OPENLOG ("su");
+	OPENLOG (Prog);
 
 	process_flags (argc, argv);
 
 	initenv ();
 
 #ifdef USE_PAM
-	ret = pam_start ("su", name, &conv, &pamh);
+	ret = pam_start (Prog, name, &conv, &pamh);
 	if (PAM_SUCCESS != ret) {
 		SYSLOG ((LOG_ERR, "pam_start: error %d", ret);
 		fprintf (stderr,
@@ -1002,9 +1031,9 @@ int main (int argc, char **argv)
 		exit (1);
 	}
 
-	ret = pam_set_item (pamh, PAM_TTY, (const void *) caller_tty);
+	ret = pam_set_item (pamh, PAM_TTY, caller_tty);
 	if (PAM_SUCCESS == ret) {
-		ret = pam_set_item (pamh, PAM_RUSER, (const void *) caller_name);
+		ret = pam_set_item (pamh, PAM_RUSER, caller_name);
 	}
 	if (PAM_SUCCESS != ret) {
 		SYSLOG ((LOG_ERR, "pam_set_item: %s",
@@ -1017,7 +1046,7 @@ int main (int argc, char **argv)
 
 	pw = check_perms ();
 
-	/* If the user do not want to change the environment,
+	/* If the user does not want to change the environment,
 	 * use the current SHELL.
 	 * (unless another shell is required by the command line)
 	 */
@@ -1050,13 +1079,11 @@ int main (int argc, char **argv)
 	}
 
 	sulog (caller_tty, true, caller_name, name);	/* save SU information */
-#ifdef USE_SYSLOG
 	if (getdef_bool ("SYSLOG_SU_ENAB")) {
 		SYSLOG ((LOG_INFO, "+ %s %s:%s", caller_tty,
 		         ('\0' != caller_name[0]) ? caller_name : "???",
 		         ('\0' != name[0]) ? name : "???"));
 	}
-#endif
 
 #ifdef USE_PAM
 	/* set primary group id and supplementary groups */
@@ -1135,7 +1162,7 @@ int main (int argc, char **argv)
 		int fd = open ("/dev/tty", O_RDWR);
 
 		if (fd >= 0) {
-			err = ioctl (fd, TIOCNOTTY, (char *) 0);
+			err = ioctl (fd, TIOCNOTTY, (char *) NULL);
 			(void) close (fd);
 		} else if (ENXIO == errno) {
 			/* There are no controlling terminal already */
@@ -1178,7 +1205,7 @@ int main (int argc, char **argv)
 			cp = Basename (shellstr);
 		}
 
-		arg0 = xmalloc (strlen (cp) + 2);
+		arg0 = XMALLOC(strlen(cp) + 2, char);
 		arg0[0] = '-';
 		strcpy (arg0 + 1, cp);
 		cp = arg0;
@@ -1199,7 +1226,7 @@ int main (int argc, char **argv)
 		 * Use the shell and create an argv
 		 * with the rest of the command line included.
 		 */
-		argv[-1] = cp;
+		argv[-1] = const_cast(char *, cp);
 		execve_shell (shellstr, &argv[-1], environ);
 		err = errno;
 		(void) fprintf (stderr,
diff --git a/src/suauth.c b/src/suauth.c
index 2641d33..4d63190 100644
--- a/src/suauth.c
+++ b/src/suauth.c
@@ -68,8 +68,9 @@ int check_su_auth (const char *actual_id,
 
 	while (fgets (temp, sizeof (temp), authfile_fd) != NULL) {
 		lines++;
+		endline = strlen(temp) - 1;
 
-		if (temp[endline = strlen (temp) - 1] != '\n') {
+		if (temp[0] == '\0' || temp[endline] != '\n') {
 			SYSLOG ((LOG_ERR,
 				 "%s, line %d: line too long or missing newline",
 				 SUAUTHFILE, lines));
@@ -91,9 +92,9 @@ int check_su_auth (const char *actual_id,
 			continue;
 		}
 		if (!(to_users = strtok (temp + posn, field))
-		    || !(from_users = strtok ((char *) NULL, field))
-		    || !(action = strtok ((char *) NULL, field))
-		    || strtok ((char *) NULL, field)) {
+		    || !(from_users = strtok (NULL, field))
+		    || !(action = strtok (NULL, field))
+		    || strtok (NULL, field)) {
 			SYSLOG ((LOG_ERR,
 				 "%s, line %d. Bad number of fields.\n",
 				 SUAUTHFILE, lines));
diff --git a/src/sulogin.c b/src/sulogin.c
index 2c5e094..2097174 100644
--- a/src/sulogin.c
+++ b/src/sulogin.c
@@ -16,6 +16,11 @@
 #include <signal.h>
 #include <stdio.h>
 #include <sys/ioctl.h>
+#include <sys/types.h>
+
+#include "agetpass.h"
+#include "alloc.h"
+#include "attr.h"
 #include "defines.h"
 #include "getdef.h"
 #include "prototypes.h"
@@ -24,113 +29,76 @@
 #include "exitcodes.h"
 #include "shadowlog.h"
 
+
 /*
  * Global variables
  */
-const char *Prog;
-
-static char name[BUFSIZ];
-static char pass[BUFSIZ];
+static const char Prog[] = "sulogin";
 
-static struct passwd pwent;
 
 extern char **newenvp;
-extern size_t newenvc;
-
-extern char **environ;
 
 #ifndef	ALARM
 #define	ALARM	60
 #endif
 
-/* local function prototypes */
+
 static void catch_signals (int);
+static int pw_entry(const char *name, struct passwd *pwent);
 
-static void catch_signals (unused int sig)
+
+static void catch_signals (MAYBE_UNUSED int sig)
 {
 	_exit (1);
 }
 
-/*
- * syslogd is usually not running at the time when sulogin is typically
- * called, cluttering the screen with unnecessary messages. Suggested by
- * Ivan Nejgebauer <ian@unsux.ns.ac.yu>.  --marekm
- */
-#undef USE_SYSLOG
 
- /*ARGSUSED*/ int main (int argc, char **argv)
+int
+main(int argc, char *argv[])
 {
+	int            err = 0;
+	char           **envp = environ;
+	TERMIO         termio;
+	struct passwd  pwent = {};
+	bool           done;
 #ifndef USE_PAM
-	const char *env;
-#endif				/* !USE_PAM */
-	char **envp = environ;
-	TERMIO termio;
-	int err = 0;
-
-#ifdef	USE_TERMIO
-	ioctl (0, TCGETA, &termio);
-	termio.c_iflag |= (ICRNL | IXON);
-	termio.c_oflag |= (OPOST | ONLCR);
-	termio.c_cflag |= (CREAD);
-	termio.c_lflag |= (ISIG | ICANON | ECHO | ECHOE | ECHOK);
-	ioctl (0, TCSETAF, &termio);
+	const char     *env;
 #endif
-#ifdef	USE_TERMIOS
+
+
 	tcgetattr (0, &termio);
 	termio.c_iflag |= (ICRNL | IXON);
 	termio.c_oflag |= (CREAD);
 	termio.c_lflag |= (ECHO | ECHOE | ECHOK | ICANON | ISIG);
 	tcsetattr (0, TCSANOW, &termio);
-#endif
 
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
-#ifdef	USE_SYSLOG
-	OPENLOG ("sulogin");
-#endif
-	initenv ();
+	initenv();
 	if (argc > 1) {
-		close (0);
-		close (1);
-		close (2);
-
-		if (open (argv[1], O_RDWR) >= 0) {
-			dup (0);
-			dup (0);
-		} else {
-#ifdef	USE_SYSLOG
-			SYSLOG (LOG_WARN, "cannot open %s\n", argv[1]);
-			closelog ();
-#endif
-			exit (1);
-		}
+		close(0);
+		close(1);
+		close(2);
+
+		if (open(argv[1], O_RDWR) == -1)
+			exit(1);
+		dup(0);
+		dup(0);
 	}
 	if (access (PASSWD_FILE, F_OK) == -1) {	/* must be a password file! */
 		(void) puts (_("No password file"));
-#ifdef	USE_SYSLOG
-		SYSLOG (LOG_WARN, "No password file\n");
-		closelog ();
-#endif
 		exit (1);
 	}
 #if !defined(DEBUG) && defined(SULOGIN_ONLY_INIT)
 	if (getppid () != 1) {	/* parent must be INIT */
-#ifdef	USE_SYSLOG
-		SYSLOG (LOG_WARN, "Pid == %d, not 1\n", getppid ());
-		closelog ();
-#endif
 		exit (1);
 	}
 #endif
 	if ((isatty (0) == 0) || (isatty (1) == 0) || (isatty (2) == 0)) {
-#ifdef	USE_SYSLOG
-		closelog ();
-#endif
 		exit (1);	/* must be a terminal */
 	}
 	/* If we were init, we need to start a new session */
@@ -156,24 +124,17 @@ static void catch_signals (unused int sig)
 	}
 #endif				/* !USE_PAM */
 
-	(void) strcpy (name, "root");	/* KLUDGE!!! */
-
 	(void) signal (SIGALRM, catch_signals);	/* exit if the timer expires */
 	(void) alarm (ALARM);		/* only wait so long ... */
 
-	while (true) {		/* repeatedly get login/password pairs */
-		char *cp;
-		pw_entry (name, &pwent);	/* get entry from password file */
-		if (pwent.pw_name == (char *) 0) {
+	do {			/* repeatedly get login/password pairs */
+		char *pass;
+		if (pw_entry("root", &pwent) == -1) {	/* get entry from password file */
 			/*
 			 * Fail secure
 			 */
-			(void) puts (_("No password entry for 'root'"));
-#ifdef	USE_SYSLOG
-			SYSLOG (LOG_WARN, "No password entry for 'root'\n");
-			closelog ();
-#endif
-			exit (1);
+			(void) puts(_("No password entry for 'root'"));
+			exit(1);
 		}
 
 		/*
@@ -182,7 +143,7 @@ static void catch_signals (unused int sig)
 		 */
 
 		/* get a password for root */
-		cp = getpass (_(
+		pass = agetpass (_(
 "\n"
 "Type control-d to proceed with normal startup,\n"
 "(or give root password for system maintenance):"));
@@ -192,46 +153,65 @@ static void catch_signals (unused int sig)
 		 * it will work with standard getpass() (no NULL on EOF).
 		 * --marekm
 		 */
-		if ((NULL == cp) || ('\0' == *cp)) {
-#ifdef	USE_SYSLOG
-			SYSLOG (LOG_INFO, "Normal startup\n");
-			closelog ();
-#endif
+		if ((NULL == pass) || ('\0' == *pass)) {
+			erase_pass (pass);
 			(void) puts ("");
 #ifdef	TELINIT
-			execl (PATH_TELINIT, "telinit", RUNLEVEL, (char *) 0);
+			execl (PATH_TELINIT, "telinit", RUNLEVEL, (char *) NULL);
 #endif
 			exit (0);
-		} else {
-			STRFCPY (pass, cp);
-			strzero (cp);
-		}
-		if (valid (pass, &pwent)) {	/* check encrypted passwords ... */
-			break;	/* ... encrypted passwords matched */
 		}
 
-#ifdef	USE_SYSLOG
-		SYSLOG (LOG_WARN, "Incorrect root password\n");
-#endif
-		sleep (2);
-		(void) puts (_("Login incorrect"));
-	}
-	memzero (pass, sizeof pass);
+		done = valid(pass, &pwent);
+		erase_pass (pass);
+
+		if (!done) {	/* check encrypted passwords ... */
+			/* ... encrypted passwords did not match */
+			sleep (2);
+			(void) puts (_("Login incorrect"));
+		}
+	} while (!done);
 	(void) alarm (0);
 	(void) signal (SIGALRM, SIG_DFL);
 	environ = newenvp;	/* make new environment active */
 
 	(void) puts (_("Entering System Maintenance Mode"));
-#ifdef	USE_SYSLOG
-	SYSLOG (LOG_INFO, "System Maintenance Mode\n");
-#endif
 
-#ifdef	USE_SYSLOG
-	closelog ();
-#endif
 	/* exec the shell finally. */
-	err = shell (pwent.pw_shell, (char *) 0, environ);
+	err = shell (pwent.pw_shell, NULL, environ);
 
 	return ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
 }
 
+
+static int
+pw_entry(const char *name, struct passwd *pwent)
+{
+	struct spwd    *spwd;
+	struct passwd  *passwd;
+
+	if (!(passwd = getpwnam(name)))  /* local, no need for xgetpwnam */
+		return -1;
+
+	free(pwent->pw_name);
+	pwent->pw_name = xstrdup(passwd->pw_name);
+	pwent->pw_uid = passwd->pw_uid;
+	pwent->pw_gid = passwd->pw_gid;
+	free(pwent->pw_gecos);
+	pwent->pw_gecos = xstrdup(passwd->pw_gecos);
+	free(pwent->pw_dir);
+	pwent->pw_dir = xstrdup(passwd->pw_dir);
+	free(pwent->pw_shell);
+	pwent->pw_shell = xstrdup(passwd->pw_shell);
+#if !defined(AUTOSHADOW)
+	/* local, no need for xgetspnam */
+	if ((spwd = getspnam(name))) {
+		free(pwent->pw_passwd);
+		pwent->pw_passwd = xstrdup(spwd->sp_pwdp);
+		return 0;
+	}
+#endif
+	free(pwent->pw_passwd);
+	pwent->pw_passwd = xstrdup(passwd->pw_passwd);
+	return 0;
+}
diff --git a/src/useradd.c b/src/useradd.c
index 7ea0a9c..347334a 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -17,9 +17,12 @@
 #include <fcntl.h>
 #include <getopt.h>
 #include <grp.h>
+#ifdef ENABLE_LASTLOG
 #include <lastlog.h>
+#endif /* ENABLE_LASTLOG */
 #include <libgen.h>
 #include <pwd.h>
+#include <signal.h>
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
@@ -32,11 +35,15 @@
 #include <sys/wait.h>
 #include <time.h>
 #include <unistd.h>
+
+#include "alloc.h"
+#include "atoi/str2i.h"
 #include "chkname.h"
 #include "defines.h"
 #include "faillog.h"
 #include "getdef.h"
 #include "groupio.h"
+#include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -57,10 +64,15 @@
 #include "tcbfuncs.h"
 #endif
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 #ifndef SKEL_DIR
 #define SKEL_DIR "/etc/skel"
 #endif
+#ifndef USRSKELDIR
+#define USRSKELDIR "/usr/etc/skel"
+#endif
 #ifndef USER_DEFAULTS_FILE
 #define USER_DEFAULTS_FILE "/etc/default/useradd"
 #define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
@@ -74,16 +86,18 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "useradd";
 
 /*
  * These defaults are used if there is no defaults file.
  */
 static gid_t def_group = 1000;
+static const char *def_groups = "";
 static const char *def_gname = "other";
 static const char *def_home = "/home";
 static const char *def_shell = "/bin/bash";
 static const char *def_template = SKEL_DIR;
+static const char *def_usrtemplate = USRSKELDIR;
 static const char *def_create_mail_spool = "yes";
 static const char *def_log_init = "yes";
 
@@ -106,6 +120,7 @@ static const char *prefix_user_home = NULL;
 
 #ifdef WITH_SELINUX
 static /*@notnull@*/const char *user_selinux = "";
+static const char *user_selinux_range = NULL;
 #endif				/* WITH_SELINUX */
 
 static long user_expire = -1;
@@ -183,25 +198,26 @@ static bool home_added = false;
 #endif				/* ENABLE_SUBIDS */
 
 #define DGROUP			"GROUP="
+#define DGROUPS			"GROUPS="
 #define DHOME			"HOME="
 #define DSHELL			"SHELL="
 #define DINACT			"INACTIVE="
 #define DEXPIRE			"EXPIRE="
 #define DSKEL			"SKEL="
+#define DUSRSKEL		"USRSKEL="
 #define DCREATE_MAIL_SPOOL	"CREATE_MAIL_SPOOL="
 #define DLOG_INIT	"LOG_INIT="
 
 /* local function prototypes */
-static void fail_exit (int);
+NORETURN static void fail_exit (int);
 static void get_defaults (void);
 static void show_defaults (void);
 static int set_defaults (void);
 static int get_groups (char *);
 static struct group * get_local_group (char * grp_name);
-static void usage (int status);
+NORETURN static void usage (int status);
 static void new_pwent (struct passwd *);
 
-static long scale_age (long);
 static void new_spent (struct spwd *);
 static void grp_update (void);
 
@@ -213,118 +229,97 @@ static void open_files (void);
 static void open_group_files (void);
 static void open_shadow (void);
 static void faillog_reset (uid_t);
+#ifdef ENABLE_LASTLOG
 static void lastlog_reset (uid_t);
+#endif /* ENABLE_LASTLOG */
 static void tallylog_reset (const char *);
 static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
 static void create_home (void);
 static void create_mail (void);
 static void check_uid_range(int rflg, uid_t user_id);
 
+static FILE *fmkstemp(char *template);
+
+
 /*
  * fail_exit - undo as much as possible
  */
 static void fail_exit (int code)
 {
-	if (home_added) {
-		if (rmdir (prefix_user_home) != 0) {
-			fprintf (stderr,
-			         _("%s: %s was created, but could not be removed\n"),
-			         Prog, prefix_user_home);
-			SYSLOG ((LOG_ERR, "failed to remove %s", prefix_user_home));
-		}
+	if (home_added && rmdir(prefix_user_home) != 0) {
+		fprintf(stderr,
+		        _("%s: %s was created, but could not be removed\n"),
+		        Prog, prefix_user_home);
+		SYSLOG((LOG_ERR, "failed to remove %s", prefix_user_home));
 	}
 
-	if (spw_locked) {
-		if (spw_unlock () == 0) {
-			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
-			SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
+	if (spw_locked && spw_unlock() == 0) {
+		fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname());
+		SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname()));
 #ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "unlocking shadow file",
-			              user_name, AUDIT_NO_ID,
-			              SHADOW_AUDIT_FAILURE);
+		audit_logger(AUDIT_ADD_USER, Prog, "unlocking shadow file",
+			     user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
 #endif
-			/* continue */
-		}
+		/* continue */
 	}
-	if (pw_locked) {
-		if (pw_unlock () == 0) {
-			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
-			SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
+	if (pw_locked && pw_unlock() == 0) {
+		fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname());
+		SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname()));
 #ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "unlocking passwd file",
-			              user_name, AUDIT_NO_ID,
-			              SHADOW_AUDIT_FAILURE);
+		audit_logger(AUDIT_ADD_USER, Prog, "unlocking passwd file",
+			     user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
 #endif
-			/* continue */
-		}
+		/* continue */
 	}
-	if (gr_locked) {
-		if (gr_unlock () == 0) {
-			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
-			SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
+	if (gr_locked && gr_unlock() == 0) {
+		fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname());
+		SYSLOG((LOG_ERR, "failed to unlock %s", gr_dbname()));
 #ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "unlocking group file",
-			              user_name, AUDIT_NO_ID,
-			              SHADOW_AUDIT_FAILURE);
+		audit_logger(AUDIT_ADD_USER, Prog, "unlocking group file",
+			     user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
 #endif
-			/* continue */
-		}
+		/* continue */
 	}
-#ifdef	SHADOWGRP
-	if (sgr_locked) {
-		if (sgr_unlock () == 0) {
-			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
-			SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
-#ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "unlocking gshadow file",
-			              user_name, AUDIT_NO_ID,
-			              SHADOW_AUDIT_FAILURE);
-#endif
-			/* continue */
-		}
+#ifdef SHADOWGRP
+	if (sgr_locked && sgr_unlock() == 0) {
+		fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname());
+		SYSLOG((LOG_ERR, "failed to unlock %s", sgr_dbname()));
+# ifdef WITH_AUDIT
+		audit_logger(AUDIT_ADD_USER, Prog, "unlocking gshadow file",
+			     user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
+# endif
+		/* continue */
 	}
 #endif
 #ifdef ENABLE_SUBIDS
-	if (sub_uid_locked) {
-		if (sub_uid_unlock () == 0) {
-			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-#ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "unlocking subordinate user file",
-			              user_name, AUDIT_NO_ID,
-			              SHADOW_AUDIT_FAILURE);
-#endif
-			/* continue */
-		}
+	if (sub_uid_locked && sub_uid_unlock() == 0) {
+		fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname());
+		SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname()));
+# ifdef WITH_AUDIT
+		audit_logger(AUDIT_ADD_USER, Prog,
+		             "unlocking subordinate user file",
+			     user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
+# endif
+		/* continue */
 	}
-	if (sub_gid_locked) {
-		if (sub_gid_unlock () == 0) {
-			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-#ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "unlocking subordinate group file",
-			              user_name, AUDIT_NO_ID,
-			              SHADOW_AUDIT_FAILURE);
-#endif
-			/* continue */
-		}
+	if (sub_gid_locked && sub_gid_unlock() == 0) {
+		fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname());
+		SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname()));
+# ifdef WITH_AUDIT
+		audit_logger(AUDIT_ADD_USER, Prog,
+			     "unlocking subordinate group file",
+			     user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
+# endif
+		/* continue */
 	}
-#endif				/* ENABLE_SUBIDS */
+#endif  /* ENABLE_SUBIDS */
 
 #ifdef WITH_AUDIT
-	audit_logger (AUDIT_ADD_USER, Prog,
-	              "adding user",
-	              user_name, AUDIT_NO_ID,
-	              SHADOW_AUDIT_FAILURE);
+	audit_logger(AUDIT_ADD_USER, Prog, "adding user",
+	             user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
 #endif
-	SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
-	exit (code);
+	SYSLOG((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
+	exit(code);
 }
 
 #define MATCH(x,y) (strncmp((x),(y),strlen(y)) == 0)
@@ -338,21 +333,15 @@ static void fail_exit (int code)
  */
 static void get_defaults (void)
 {
-	FILE *fp;
-	char *default_file = USER_DEFAULTS_FILE;
-	char buf[1024];
-	char *cp;
+	FILE        *fp;
+	char        *default_file = USER_DEFAULTS_FILE;
+	char        buf[1024];
+	char        *cp;
+	const char  *ccp;
 
 	if (prefix[0]) {
-		size_t len;
-		int wlen;
-
-		len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
-		default_file = malloc(len);
-                if (default_file == NULL)
-                       return;
-		wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
-		assert (wlen == (int) len -1);
+		if (asprintf(&default_file, "%s/%s", prefix, USER_DEFAULTS_FILE) == -1)
+			return;
 	}
 
 	/*
@@ -368,7 +357,7 @@ static void get_defaults (void)
 	 * Read the file a line at a time. Only the lines that have relevant
 	 * values are used, everything else can be ignored.
 	 */
-	while (fgets (buf, (int) sizeof buf, fp) == buf) {
+	while (fgets (buf, sizeof buf, fp) == buf) {
 		cp = strrchr (buf, '\n');
 		if (NULL != cp) {
 			*cp = '\0';
@@ -399,29 +388,42 @@ static void get_defaults (void)
 			}
 		}
 
+		ccp = cp;
+
+		if (MATCH (buf, DGROUPS)) {
+			if (get_groups (cp) != 0) {
+				fprintf (stderr,
+				         _("%s: the '%s' configuration in %s has an invalid group, ignoring the bad group\n"),
+				         Prog, DGROUPS, default_file);
+			}
+			if (user_groups[0] != NULL) {
+				do_grp_update = true;
+				def_groups = xstrdup (cp);
+			}
+		}
 		/*
 		 * Default HOME filesystem
 		 */
 		else if (MATCH (buf, DHOME)) {
-			def_home = xstrdup (cp);
+			def_home = xstrdup(ccp);
 		}
 
 		/*
 		 * Default Login Shell command
 		 */
 		else if (MATCH (buf, DSHELL)) {
-			def_shell = xstrdup (cp);
+			def_shell = xstrdup(ccp);
 		}
 
 		/*
 		 * Default Password Inactive value
 		 */
 		else if (MATCH (buf, DINACT)) {
-			if (   (getlong (cp, &def_inactive) == 0)
+			if (   (str2sl(&def_inactive, ccp) == -1)
 			    || (def_inactive < -1)) {
 				fprintf (stderr,
 				         _("%s: invalid numeric argument '%s'\n"),
-				         Prog, cp);
+				         Prog, ccp);
 				fprintf (stderr,
 				         _("%s: the %s configuration in %s will be ignored\n"),
 				         Prog, DINACT, default_file);
@@ -433,52 +435,60 @@ static void get_defaults (void)
 		 * Default account expiration date
 		 */
 		else if (MATCH (buf, DEXPIRE)) {
-			def_expire = xstrdup (cp);
+			def_expire = xstrdup(ccp);
 		}
 
 		/*
 		 * Default Skeleton information
 		 */
 		else if (MATCH (buf, DSKEL)) {
-			if ('\0' == *cp) {
-				cp = SKEL_DIR;	/* XXX warning: const */
-			}
+			if ('\0' == *ccp)
+				ccp = SKEL_DIR;
 
 			if (prefix[0]) {
-				size_t len;
-				int wlen;
-				char* _def_template; /* avoid const warning */
-
-				len = strlen(prefix) + strlen(cp) + 2;
-				_def_template = xmalloc(len);
-				wlen = snprintf(_def_template, len, "%s/%s", prefix, cp);
-				assert (wlen == (int) len -1);
-				def_template = _def_template;
-			}
-			else {
-				def_template = xstrdup (cp);
+				char  *dt;
+
+				xasprintf(&dt, "%s/%s", prefix, ccp);
+				def_template = dt;
+			} else {
+				def_template = xstrdup(ccp);
 			}
 		}
 
 		/*
+		 * Default Usr Skeleton information
+		 */
+		else if (MATCH (buf, DUSRSKEL)) {
+			if ('\0' == *ccp)
+				ccp = USRSKELDIR;
+
+			if (prefix[0]) {
+				char  *dut;
+
+				xasprintf(&dut, "%s/%s", prefix, ccp);
+				def_usrtemplate = dut;
+			} else {
+				def_usrtemplate = xstrdup(ccp);
+			}
+		}
+		/*
 		 * Create by default user mail spool or not ?
 		 */
 		else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
-			if (*cp == '\0') {
-				cp = "no";	/* XXX warning: const */
-			}
+			if (*ccp == '\0')
+				ccp = "no";
 
-			def_create_mail_spool = xstrdup (cp);
+			def_create_mail_spool = xstrdup(ccp);
 		}
 
 		/*
 		 * By default do we add the user to the lastlog and faillog databases ?
 		 */
 		else if (MATCH (buf, DLOG_INIT)) {
-			if (*cp == '\0') {
-				cp = def_log_init;	/* XXX warning: const */
-			}
-			def_log_init = xstrdup (cp);
+			if (*ccp == '\0')
+				ccp = def_log_init;
+
+			def_log_init = xstrdup(ccp);
 		}
 	}
 	(void) fclose (fp);
@@ -497,11 +507,13 @@ static void get_defaults (void)
 static void show_defaults (void)
 {
 	printf ("GROUP=%u\n", (unsigned int) def_group);
+	printf ("GROUPS=%s\n", def_groups);
 	printf ("HOME=%s\n", def_home);
 	printf ("INACTIVE=%ld\n", def_inactive);
 	printf ("EXPIRE=%s\n", def_expire);
 	printf ("SHELL=%s\n", def_shell);
 	printf ("SKEL=%s\n", def_template);
+	printf ("USRSKEL=%s\n", def_usrtemplate);
 	printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
 	printf ("LOG_INIT=%s\n", def_log_init);
 }
@@ -515,49 +527,41 @@ static void show_defaults (void)
  */
 static int set_defaults (void)
 {
-	FILE *ifp;
-	FILE *ofp;
-	char buf[1024];
-	char *new_file = NULL;
-	char *new_file_dup = NULL;
-	char *default_file = USER_DEFAULTS_FILE;
-	char *cp;
-	int ofd;
-	int wlen;
-	bool out_group = false;
-	bool out_home = false;
-	bool out_inactive = false;
-	bool out_expire = false;
-	bool out_shell = false;
-	bool out_skel = false;
-	bool out_create_mail_spool = false;
-	bool out_log_init = false;
-	size_t len;
-	int ret = -1;
-
-
-	len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
-	new_file = malloc(len);
-        if (new_file == NULL) {
-		fprintf (stderr,
-		         _("%s: cannot create new defaults file: %s\n"),
-		         Prog, strerror(errno));
+	int   ret = -1;
+	bool  out_group = false;
+	bool  out_groups = false;
+	bool  out_home = false;
+	bool  out_inactive = false;
+	bool  out_expire = false;
+	bool  out_shell = false;
+	bool  out_skel = false;
+	bool  out_usrskel = false;
+	bool  out_create_mail_spool = false;
+	bool  out_log_init = false;
+	char  buf[1024];
+	char  *new_file = NULL;
+	char  *new_file_dup = NULL;
+	char  *default_file = USER_DEFAULTS_FILE;
+	char  *cp;
+	FILE  *ifp;
+	FILE  *ofp;
+
+
+	if (asprintf(&new_file, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE) == -1)
+	{
+		fprintf(stderr, _("%s: cannot create new defaults file: %s\n"),
+		        Prog, strerror(errno));
 		return -1;
         }
-	wlen = snprintf(new_file, len, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE);
-	assert (wlen <= (int) len -1);
 
 	if (prefix[0]) {
-		len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
-		default_file = malloc(len);
-		if (default_file == NULL) {
-			fprintf (stderr,
-			         _("%s: cannot create new defaults file: %s\n"),
-			         Prog, strerror(errno));
-			goto setdef_err;
+		if (asprintf(&default_file, "%s/%s", prefix, USER_DEFAULTS_FILE) == -1)
+		{
+			fprintf(stderr,
+			        _("%s: cannot create new defaults file: %s\n"),
+			        Prog, strerror(errno));
+			goto err_free_new;
 		}
-		wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
-		assert (wlen == (int) len -1);
 	}
 
 	new_file_dup = strdup(new_file);
@@ -565,36 +569,27 @@ static int set_defaults (void)
 		fprintf (stderr,
 			_("%s: cannot create directory for defaults file\n"),
 			Prog);
-		goto setdef_err;
+		goto err_free_def;
 	}
 
 	ret = mkdir(dirname(new_file_dup), 0755);
+	free(new_file_dup);
 	if (-1 == ret && EEXIST != errno) {
 		fprintf (stderr,
 			_("%s: cannot create directory for defaults file\n"),
 			Prog);
-		free(new_file_dup);
-		goto setdef_err;
+		goto err_free_def;
 	}
-	free(new_file_dup);
 
 	/*
 	 * Create a temporary file to copy the new output to.
 	 */
-	ofd = mkstemp (new_file);
-	if (-1 == ofd) {
-		fprintf (stderr,
-		         _("%s: cannot create new defaults file\n"),
-		         Prog);
-		goto setdef_err;
-	}
-
-	ofp = fdopen (ofd, "w");
+	ofp = fmkstemp(new_file);
 	if (NULL == ofp) {
 		fprintf (stderr,
 		         _("%s: cannot open new defaults file\n"),
 		         Prog);
-		goto setdef_err;
+		goto err_free_def;
 	}
 
 	/*
@@ -608,7 +603,7 @@ static int set_defaults (void)
 		goto skip;
 	}
 
-	while (fgets (buf, (int) sizeof buf, ifp) == buf) {
+	while (fgets (buf, sizeof buf, ifp) == buf) {
 		cp = strrchr (buf, '\n');
 		if (NULL != cp) {
 			*cp = '\0';
@@ -620,14 +615,18 @@ static int set_defaults (void)
 				fprintf (stderr,
 				         _("%s: line too long in %s: %s..."),
 				         Prog, default_file, buf);
-				(void) fclose (ifp);
-				goto setdef_err;
+				fclose(ifp);
+				fclose(ofp);
+				goto err_free_def;
 			}
 		}
 
 		if (!out_group && MATCH (buf, DGROUP)) {
 			fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
 			out_group = true;
+		} else if (!out_groups && MATCH (buf, DGROUPS)) {
+			fprintf (ofp, DGROUPS "%s\n", def_groups);
+			out_groups = true;
 		} else if (!out_home && MATCH (buf, DHOME)) {
 			fprintf (ofp, DHOME "%s\n", def_home);
 			out_home = true;
@@ -643,6 +642,9 @@ static int set_defaults (void)
 		} else if (!out_skel && MATCH (buf, DSKEL)) {
 			fprintf (ofp, DSKEL "%s\n", def_template);
 			out_skel = true;
+		} else if (!out_usrskel && MATCH (buf, DUSRSKEL)) {
+			fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
+			out_usrskel = true;
 		} else if (!out_create_mail_spool
 			   && MATCH (buf, DCREATE_MAIL_SPOOL)) {
 			fprintf (ofp,
@@ -668,6 +670,8 @@ static int set_defaults (void)
 	 */
 	if (!out_group)
 		fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
+	if (!out_groups)
+		fprintf (ofp, DGROUPS "%s\n", def_groups);
 	if (!out_home)
 		fprintf (ofp, DHOME "%s\n", def_home);
 	if (!out_inactive)
@@ -678,6 +682,8 @@ static int set_defaults (void)
 		fprintf (ofp, DSHELL "%s\n", def_shell);
 	if (!out_skel)
 		fprintf (ofp, DSKEL "%s\n", def_template);
+	if (!out_usrskel)
+		fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
 
 	if (!out_create_mail_spool)
 		fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
@@ -690,16 +696,16 @@ static int set_defaults (void)
 	(void) fflush (ofp);
 	if (   (ferror (ofp) != 0)
 	    || (fsync (fileno (ofp)) != 0)
-	    || (fclose (ofp) != 0)) {
+	    || (fclose (ofp) != 0))
+	{
 		unlink (new_file);
-		goto setdef_err;
+		goto err_free_def;
 	}
 
 	/*
 	 * Rename the current default file to its backup name.
 	 */
-	wlen = snprintf (buf, sizeof buf, "%s-", default_file);
-	assert (wlen < (int) sizeof buf);
+	assert(SNPRINTF(buf, "%s-", default_file) != -1);
 	unlink (buf);
 	if ((link (default_file, buf) != 0) && (ENOENT != errno)) {
 		int err = errno;
@@ -707,7 +713,7 @@ static int set_defaults (void)
 		         _("%s: Cannot create backup file (%s): %s\n"),
 		         Prog, buf, strerror (err));
 		unlink (new_file);
-		goto setdef_err;
+		goto err_free_def;
 	}
 
 	/*
@@ -718,7 +724,7 @@ static int set_defaults (void)
 		fprintf (stderr,
 		         _("%s: rename: %s: %s\n"),
 		         Prog, new_file, strerror (err));
-		goto setdef_err;
+		goto err_free_def;
 	}
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_USYS_CONFIG, Prog,
@@ -733,11 +739,12 @@ static int set_defaults (void)
 	         def_inactive, def_expire, def_template,
 	         def_create_mail_spool, def_log_init));
 	ret = 0;
-    setdef_err:
-	free(new_file);
-	if (prefix[0]) {
+
+err_free_def:
+	if (prefix[0])
 		free(default_file);
-	}
+err_free_new:
+	free(new_file);
 
 	return ret;
 }
@@ -807,20 +814,6 @@ static int get_groups (char *list)
 			continue;
 		}
 
-#ifdef	USE_NIS
-		/*
-		 * Don't add this group if they are an NIS group. Tell
-		 * the user to go to the server for this group.
-		 */
-		if (__isgrNIS ()) {
-			fprintf (stderr,
-			         _("%s: group '%s' is a NIS group.\n"),
-			         Prog, grp->gr_name);
-			gr_free(grp);
-			continue;
-		}
-#endif
-
 		if (ngroups == sys_ngroups) {
 			fprintf (stderr,
 			         _("%s: too many groups specified (max %d).\n"),
@@ -839,7 +832,7 @@ static int get_groups (char *list)
 	close_group_files ();
 	unlock_group_files ();
 
-	user_groups[ngroups] = (char *) 0;
+	user_groups[ngroups] = NULL;
 
 	/*
 	 * Any errors in finding group names are fatal
@@ -860,17 +853,17 @@ static int get_groups (char *list)
  */
 static struct group * get_local_group(char * grp_name)
 {
+	char  *end;
 	const struct group *grp;
 	struct group *result_grp = NULL;
-	long long int gid;
-	char *endptr;
+	long long  gid;
 
-	gid = strtoll (grp_name, &endptr, 10);
+	gid = strtoll(grp_name, &end, 10);
 	if (   ('\0' != *grp_name)
-		&& ('\0' == *endptr)
+		&& ('\0' == *end)
 		&& (ERANGE != errno)
 		&& (gid == (gid_t)gid)) {
-		grp = gr_locate_gid ((gid_t) gid);
+		grp = gr_locate_gid (gid);
 	}
 	else {
 		grp = gr_locate(grp_name);
@@ -923,8 +916,10 @@ static void usage (int status)
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
 	(void) fputs (_("  -k, --skel SKEL_DIR           use this alternative skeleton directory\n"), usageout);
 	(void) fputs (_("  -K, --key KEY=VALUE           override /etc/login.defs defaults\n"), usageout);
+#ifdef ENABLE_LASTLOG
 	(void) fputs (_("  -l, --no-log-init             do not add the user to the lastlog and\n"
 	                "                                faillog databases\n"), usageout);
+#endif /* ENABLE_LASTLOG */
 	(void) fputs (_("  -m, --create-home             create the user's home directory\n"), usageout);
 	(void) fputs (_("  -M, --no-create-home          do not create the user's home directory\n"), usageout);
 	(void) fputs (_("  -N, --no-user-group           do not create a group with the same name as\n"
@@ -940,6 +935,7 @@ static void usage (int status)
 	(void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
 #ifdef WITH_SELINUX
 	(void) fputs (_("  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping\n"), usageout);
+	(void) fputs (_("      --selinux-range SERANGE   use a specific MLS range for the SELinux user mapping\n"), usageout);
 #endif				/* WITH_SELINUX */
 	(void) fputs ("\n", usageout);
 	exit (status);
@@ -968,15 +964,6 @@ static void new_pwent (struct passwd *pwent)
 	pwent->pw_shell = (char *) user_shell;
 }
 
-static long scale_age (long x)
-{
-	if (x <= 0) {
-		return x;
-	}
-
-	return x * (DAY / SCALE);
-}
-
 /*
  * new_spent - initialize the values in a shadow password file entry
  *
@@ -988,17 +975,17 @@ static void new_spent (struct spwd *spent)
 	memzero (spent, sizeof *spent);
 	spent->sp_namp = (char *) user_name;
 	spent->sp_pwdp = (char *) user_pass;
-	spent->sp_lstchg = (long) gettime () / SCALE;
+	spent->sp_lstchg = gettime () / DAY;
 	if (0 == spent->sp_lstchg) {
 		/* Better disable aging than requiring a password change */
 		spent->sp_lstchg = -1;
 	}
 	if (!rflg) {
-		spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
-		spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
-		spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
-		spent->sp_inact = scale_age (def_inactive);
-		spent->sp_expire = scale_age (user_expire);
+		spent->sp_min = getdef_num ("PASS_MIN_DAYS", -1);
+		spent->sp_max = getdef_num ("PASS_MAX_DAYS", -1);
+		spent->sp_warn = getdef_num ("PASS_WARN_AGE", -1);
+		spent->sp_inact = def_inactive;
+		spent->sp_expire = user_expire;
 	} else {
 		spent->sp_min = -1;
 		spent->sp_max = -1;
@@ -1223,6 +1210,7 @@ static void process_flags (int argc, char **argv)
 			{"user-group",     no_argument,       NULL, 'U'},
 #ifdef WITH_SELINUX
 			{"selinux-user",   required_argument, NULL, 'Z'},
+			{"selinux-range",  required_argument, NULL, 202},
 #endif				/* WITH_SELINUX */
 			{NULL, 0, NULL, '\0'}
 		};
@@ -1310,7 +1298,7 @@ static void process_flags (int argc, char **argv)
 				eflg = true;
 				break;
 			case 'f':
-				if (   (getlong (optarg, &def_inactive) == 0)
+				if (   (str2sl(&def_inactive, optarg) == -1)
 				    || (def_inactive < -1)) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
@@ -1382,7 +1370,7 @@ static void process_flags (int argc, char **argv)
 				/* terminate name, point to value */
 				*cp = '\0';
 				cp++;
-				if (putdef_str (optarg, cp) < 0) {
+				if (putdef_str (optarg, cp, NULL) < 0) {
 					exit (E_BAD_ARG);
 				}
 				break;
@@ -1442,7 +1430,7 @@ static void process_flags (int argc, char **argv)
 				sflg = true;
 				break;
 			case 'u':
-				if (   (get_uid (optarg, &user_id) == 0)
+				if (   (get_uid(optarg, &user_id) == -1)
 				    || (user_id == (gid_t)-1)) {
 					fprintf (stderr,
 					         _("%s: invalid user ID '%s'\n"),
@@ -1472,6 +1460,9 @@ static void process_flags (int argc, char **argv)
 					exit (E_BAD_ARG);
 				}
 				break;
+			case 202:
+				user_selinux_range = optarg;
+				break;
 #endif				/* WITH_SELINUX */
 			default:
 				usage (E_USAGE);
@@ -1519,6 +1510,14 @@ static void process_flags (int argc, char **argv)
 		         Prog, "-m", "-M");
 		usage (E_USAGE);
 	}
+#ifdef WITH_SELINUX
+	if (user_selinux_range && !Zflg) {
+		fprintf (stderr,
+		         _("%s: %s flag is only allowed with the %s flag\n"),
+		         Prog, "--selinux-range", "--selinux-user");
+		usage (E_USAGE);
+	}
+#endif				/* WITH_SELINUX */
 
 	/*
 	 * Either -D or username is required. Defaults can be set with -D
@@ -1551,26 +1550,17 @@ static void process_flags (int argc, char **argv)
 			exit (E_BAD_ARG);
 		}
 		if (!dflg) {
-			char *uh;
-			size_t len = strlen (def_home) + strlen (user_name) + 2;
-			int wlen;
-
-			uh = xmalloc (len);
-			wlen = snprintf (uh, len, "%s/%s", def_home, user_name);
-			assert (wlen == (int) len -1);
+			char  *uh;
 
+			xasprintf(&uh, "%s/%s", def_home, user_name);
 			user_home = uh;
 		}
 		if (prefix[0]) {
-			size_t len = strlen(prefix) + strlen(user_home) + 2;
-			int wlen;
-			char* _prefix_user_home; /* to avoid const warning */
-			_prefix_user_home = xmalloc(len);
-			wlen = snprintf(_prefix_user_home, len, "%s/%s", prefix, user_home);
-			assert (wlen == (int) len -1);
-			prefix_user_home = _prefix_user_home;
-		}
-		else {
+			char  *puh; /* to avoid const warning */
+
+			xasprintf(&puh, "%s/%s", prefix, user_home);
+			prefix_user_home = puh;
+		} else {
 			prefix_user_home = user_home;
 		}
 	}
@@ -1716,23 +1706,25 @@ static void close_files (void)
  */
 static void close_group_files (void)
 {
-	if (do_grp_update) {
-		if (gr_close () == 0) {
-			fprintf (stderr,
-			         _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
-			SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
-			fail_exit (E_GRP_UPDATE);
-		}
+	if (!do_grp_update)
+		return;
+
+	if (gr_close() == 0) {
+		fprintf(stderr,
+		        _("%s: failure while writing changes to %s\n"),
+		        Prog, gr_dbname());
+		SYSLOG((LOG_ERR, "failure while writing changes to %s", gr_dbname()));
+		fail_exit(E_GRP_UPDATE);
+	}
 #ifdef	SHADOWGRP
-		if (is_shadow_grp && (sgr_close () == 0)) {
-			fprintf (stderr,
-			         _("%s: failure while writing changes to %s\n"),
-			         Prog, sgr_dbname ());
-			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
-			fail_exit (E_GRP_UPDATE);
-		}
-#endif /* SHADOWGRP */
+	if (is_shadow_grp && sgr_close() == 0) {
+		fprintf(stderr,
+		        _("%s: failure while writing changes to %s\n"),
+		        Prog, sgr_dbname());
+		SYSLOG((LOG_ERR, "failure while writing changes to %s", sgr_dbname()));
+		fail_exit(E_GRP_UPDATE);
 	}
+#endif /* SHADOWGRP */
 }
 
 /*
@@ -2013,14 +2005,14 @@ static void faillog_reset (uid_t uid)
 		return;
 	}
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl))
+	    || (write_full(fd, &fl, sizeof (fl)) == -1)
 	    || (fsync (fd) != 0)) {
 		fprintf (stderr,
 		         _("%s: failed to reset the faillog entry of UID %lu: %s\n"),
 		         Prog, (unsigned long) uid, strerror (errno));
 		SYSLOG ((LOG_WARN, "failed to reset the faillog entry of UID %lu", (unsigned long) uid));
 	}
-	if (close (fd) != 0) {
+	if (close (fd) != 0 && errno != EINTR) {
 		fprintf (stderr,
 		         _("%s: failed to close the faillog file for UID %lu: %s\n"),
 		         Prog, (unsigned long) uid, strerror (errno));
@@ -2028,6 +2020,7 @@ static void faillog_reset (uid_t uid)
 	}
 }
 
+#ifdef ENABLE_LASTLOG
 static void lastlog_reset (uid_t uid)
 {
 	struct lastlog ll;
@@ -2040,7 +2033,7 @@ static void lastlog_reset (uid_t uid)
 		return;
 	}
 
-	max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
+	max_uid = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
 	if (uid > max_uid) {
 		/* do not touch lastlog for large uids */
 		return;
@@ -2057,7 +2050,7 @@ static void lastlog_reset (uid_t uid)
 		return;
 	}
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
+	    || (write_full (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
 	    || (fsync (fd) != 0)) {
 		fprintf (stderr,
 		         _("%s: failed to reset the lastlog entry of UID %lu: %s\n"),
@@ -2065,7 +2058,7 @@ static void lastlog_reset (uid_t uid)
 		SYSLOG ((LOG_WARN, "failed to reset the lastlog entry of UID %lu", (unsigned long) uid));
 		/* continue */
 	}
-	if (close (fd) != 0) {
+	if (close (fd) != 0 && errno != EINTR) {
 		fprintf (stderr,
 		         _("%s: failed to close the lastlog file for UID %lu: %s\n"),
 		         Prog, (unsigned long) uid, strerror (errno));
@@ -2073,6 +2066,7 @@ static void lastlog_reset (uid_t uid)
 		/* continue */
 	}
 }
+#endif /* ENABLE_LASTLOG */
 
 static void tallylog_reset (const char *user_name)
 {
@@ -2085,6 +2079,9 @@ static void tallylog_reset (const char *user_name)
 	if (access(pam_tally2, X_OK) == -1)
 		return;
 
+	/* set SIGCHLD to default for waitpid */
+	signal(SIGCHLD, SIG_DFL);
+
 	failed = 0;
 	switch (childpid = fork())
 	{
@@ -2159,7 +2156,9 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
 	/* local, no need for xgetpwuid */
 	if ((!lflg) && (prefix_getpwuid (user_id) == NULL)) {
 		faillog_reset (user_id);
+#ifdef ENABLE_LASTLOG
 		lastlog_reset (user_id);
+#endif /* ENABLE_LASTLOG */
 	}
 
 	/*
@@ -2182,20 +2181,19 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_ADD_USER, Prog,
 		              "adding shadow password",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_FAILURE);
+		              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif
 		fail_exit (E_PW_UPDATE);
 	}
 #ifdef ENABLE_SUBIDS
-	if (is_sub_uid &&
+	if (is_sub_uid && !local_sub_uid_assigned(user_name) &&
 	    (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
 		fprintf (stderr,
 		         _("%s: failed to prepare the new %s entry\n"),
 		         Prog, sub_uid_dbname ());
 		fail_exit (E_SUB_UID_UPDATE);
 	}
-	if (is_sub_gid &&
+	if (is_sub_gid && !local_sub_gid_assigned(user_name) &&
 	    (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
 		fprintf (stderr,
 		         _("%s: failed to prepare the new %s entry\n"),
@@ -2205,9 +2203,14 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
 #endif				/* ENABLE_SUBIDS */
 
 #ifdef WITH_AUDIT
+	/*
+	 * Even though we have the ID of the user, we won't send it now
+	 * because its not written to disk yet. After close_files it is
+	 * and we can use the real ID thereafter.
+	 */
 	audit_logger (AUDIT_ADD_USER, Prog,
 	              "adding user",
-	              user_name, (unsigned int) user_id,
+	              user_name, AUDIT_NO_ID,
 	              SHADOW_AUDIT_SUCCESS);
 #endif
 	/*
@@ -2227,123 +2230,120 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
  */
 static void create_home (void)
 {
-	if (access (prefix_user_home, F_OK) != 0) {
-		char path[strlen (prefix_user_home) + 2];
-		char *bhome, *cp;
+	char    path[strlen(prefix_user_home) + 2];
+	char    *bhome, *cp;
+	mode_t  mode;
 
-		path[0] = '\0';
-		bhome = strdup (prefix_user_home);
-		if (!bhome) {
-			fprintf (stderr,
-							_("%s: error while duplicating string %s\n"),
-							Prog, user_home);
-			fail_exit (E_HOMEDIR);
-		}
+	if (access (prefix_user_home, F_OK) == 0)
+		return;
+
+	path[0] = '\0';
+	bhome = strdup(prefix_user_home);
+	if (!bhome) {
+		fprintf(stderr,
+			_("%s: error while duplicating string %s\n"),
+			Prog, user_home);
+		fail_exit(E_HOMEDIR);
+	}
 
 #ifdef WITH_SELINUX
-		if (set_selinux_file_context (prefix_user_home, S_IFDIR) != 0) {
-			fprintf (stderr,
-			         _("%s: cannot set SELinux context for home directory %s\n"),
-			         Prog, user_home);
-			fail_exit (E_HOMEDIR);
-		}
+	if (set_selinux_file_context(prefix_user_home, S_IFDIR) != 0) {
+		fprintf(stderr,
+			_("%s: cannot set SELinux context for home directory %s\n"),
+			Prog, user_home);
+		fail_exit(E_HOMEDIR);
+	}
 #endif
 
-		/* Check for every part of the path, if the directory
-		   exists. If not, create it with permissions 755 and
-		   owner root:root.
+	/* Check for every part of the path, if the directory
+	   exists. If not, create it with permissions 755 and
+	   owner root:root.
+	 */
+	for (cp = strtok(bhome, "/"); cp != NULL; cp = strtok(NULL, "/")) {
+		/* Avoid turning a relative path into an absolute path. */
+		if (bhome[0] == '/' || strlen(path) != 0) {
+			strcat(path, "/");
+		}
+		strcat(path, cp);
+		if (access(path, F_OK) == 0) {
+			continue;
+		}
+
+		/* Check if parent directory is BTRFS, fail if requesting
+		   subvolume but no BTRFS. The paths could be different by the
+		   trailing slash
 		 */
-		cp = strtok (bhome, "/");
-		while (cp) {
-                        /* Avoid turning a relative path into an absolute path.
-                         */
-                        if (bhome[0] == '/' || strlen (path) != 0) {
-			        strcat (path, "/");
-                        }
-			strcat (path, cp);
-			if (access (path, F_OK) != 0) {
-				/* Check if parent directory is BTRFS, fail if requesting
-				   subvolume but no BTRFS. The paths cound be different by the
-				   trailing slash
-				 */
 #if WITH_BTRFS
-				if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
-					char *btrfs_check = strdup(path);
-
-					if (!btrfs_check) {
-						fprintf (stderr,
-						         _("%s: error while duplicating string in BTRFS check %s\n"),
-						         Prog, path);
-						fail_exit (E_HOMEDIR);
-					}
-					btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
-					if (is_btrfs(btrfs_check) <= 0) {
-						fprintf (stderr,
-						         _("%s: home directory \"%s\" must be mounted on BTRFS\n"),
-						         Prog, path);
-						fail_exit (E_HOMEDIR);
-					}
-					// make subvolume to mount for user instead of directory
-					if (btrfs_create_subvolume(path)) {
-						fprintf (stderr,
-						         _("%s: failed to create BTRFS subvolume: %s\n"),
-						         Prog, path);
-						fail_exit (E_HOMEDIR);
-					}
-				}
-				else
+		if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
+			char *btrfs_check = strdup(path);
+
+			if (!btrfs_check) {
+				fprintf(stderr,
+					_("%s: error while duplicating string in BTRFS check %s\n"),
+					Prog, path);
+				fail_exit(E_HOMEDIR);
+			}
+			btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
+			if (is_btrfs(btrfs_check) <= 0) {
+				fprintf(stderr,
+					_("%s: home directory \"%s\" must be mounted on BTRFS\n"),
+					Prog, path);
+				fail_exit(E_HOMEDIR);
+			}
+			free(btrfs_check);
+			// make subvolume to mount for user instead of directory
+			if (btrfs_create_subvolume(path)) {
+				fprintf(stderr,
+					_("%s: failed to create BTRFS subvolume: %s\n"),
+					Prog, path);
+				fail_exit(E_HOMEDIR);
+			}
+		}
+		else
 #endif
-				if (mkdir (path, 0) != 0) {
-			fprintf (stderr,
-							_("%s: cannot create directory %s\n"),
-							Prog, path);
+		if (mkdir(path, 0) != 0) {
+			fprintf(stderr, _("%s: cannot create directory %s\n"),
+				Prog, path);
 #ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-										"adding home directory",
-										user_name, (unsigned int) user_id,
-										SHADOW_AUDIT_FAILURE);
+			audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
+				     user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif
-			fail_exit (E_HOMEDIR);
+			fail_exit(E_HOMEDIR);
 		}
-				if (chown (path, 0, 0) < 0) {
-					fprintf (stderr,
-									_("%s: warning: chown on `%s' failed: %m\n"),
-									Prog, path);
-				}
-				if (chmod (path, 0755) < 0) {
-					fprintf (stderr,
-									_("%s: warning: chmod on `%s' failed: %m\n"),
-									Prog, path);
-				}
-			}
-			cp = strtok (NULL, "/");
+		if (chown(path, 0, 0) < 0) {
+			fprintf(stderr,
+				_("%s: warning: chown on `%s' failed: %m\n"),
+				Prog, path);
 		}
-		free (bhome);
-
-		(void) chown (prefix_user_home, user_id, user_gid);
-		mode_t mode = getdef_num ("HOME_MODE",
-		                          0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
-		if (chmod (prefix_user_home, mode)) {
-			fprintf (stderr, _("%s: warning: chown on '%s' failed: %m\n"),
-			                 Prog, path);
+		if (chmod(path, 0755) < 0) {
+			fprintf(stderr,
+				_("%s: warning: chmod on `%s' failed: %m\n"),
+				Prog, path);
 		}
-		home_added = true;
+	}
+	free(bhome);
+
+	(void) chown(prefix_user_home, user_id, user_gid);
+	mode = getdef_num("HOME_MODE",
+			  0777 & ~getdef_num("UMASK", GETDEF_DEFAULT_UMASK));
+	if (chmod(prefix_user_home, mode)) {
+		fprintf(stderr, _("%s: warning: chown on '%s' failed: %m\n"),
+			Prog, path);
+	}
+	home_added = true;
 #ifdef WITH_AUDIT
-		audit_logger (AUDIT_ADD_USER, Prog,
-		              "adding home directory",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_SUCCESS);
+	audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
+		     user_name, user_id, SHADOW_AUDIT_SUCCESS);
 #endif
 #ifdef WITH_SELINUX
-		/* Reset SELinux to create files with default contexts */
-		if (reset_selinux_file_context () != 0) {
-			fprintf (stderr,
-			         _("%s: cannot reset SELinux file creation context\n"),
-			         Prog);
-			fail_exit (E_HOMEDIR);
-		}
-#endif
+	/* Reset SELinux to create files with default contexts */
+	if (reset_selinux_file_context() != 0) {
+		fprintf(stderr,
+			_("%s: cannot reset SELinux file creation context\n"),
+			Prog);
+		fail_exit(E_HOMEDIR);
 	}
+#endif
 }
 
 /*
@@ -2355,72 +2355,79 @@ static void create_home (void)
  */
 static void create_mail (void)
 {
-	if (strcasecmp (create_mail_spool, "yes") == 0) {
-		const char *spool;
-		char *file;
-		int fd;
-		struct group *gr;
-		gid_t gid;
-		mode_t mode;
-
-		spool = getdef_str ("MAIL_DIR");
+	int           fd;
+	char          *file;
+	gid_t         gid;
+	mode_t        mode;
+	const char    *spool;
+	struct group  *gr;
+
+	if (strcasecmp(create_mail_spool, "yes") != 0)
+		return;
+
+	spool = getdef_str("MAIL_DIR");
 #ifdef MAIL_SPOOL_DIR
-		if ((NULL == spool) && (getdef_str ("MAIL_FILE") == NULL)) {
-			spool = MAIL_SPOOL_DIR;
-		}
+	if ((NULL == spool) && (getdef_str("MAIL_FILE") == NULL)) {
+		spool = MAIL_SPOOL_DIR;
+	}
 #endif /* MAIL_SPOOL_DIR */
-		if (NULL == spool) {
-			return;
-		}
-		file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
-		if (prefix[0])
-			sprintf (file, "%s/%s/%s", prefix, spool, user_name);
-		else
-			sprintf (file, "%s/%s", spool, user_name);
+	if (NULL == spool) {
+		return;
+	}
+	if (prefix[0])
+		xasprintf(&file, "%s/%s/%s", prefix, spool, user_name);
+	else
+		xasprintf(&file, "%s/%s", spool, user_name);
 
 #ifdef WITH_SELINUX
-		if (set_selinux_file_context (file, S_IFREG) != 0) {
-			fprintf (stderr,
-			         _("%s: cannot set SELinux context for mailbox file %s\n"),
-			         Prog, file);
-			fail_exit (E_MAILBOXFILE);
-		}
+	if (set_selinux_file_context(file, S_IFREG) != 0) {
+		fprintf(stderr,
+		        _("%s: cannot set SELinux context for mailbox file %s\n"),
+		        Prog, file);
+		fail_exit(E_MAILBOXFILE);
+	}
 #endif
 
-		fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
-		if (fd < 0) {
-			perror (_("Creating mailbox file"));
-			return;
-		}
+	fd = open(file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
+	free(file);
 
-		gr = prefix_getgrnam ("mail"); /* local, no need for xgetgrnam */
-		if (NULL == gr) {
-			fputs (_("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"),
-			       stderr);
-			gid = user_gid;
-			mode = 0600;
-		} else {
-			gid = gr->gr_gid;
-			mode = 0660;
-		}
+	if (fd < 0) {
+		perror(_("Creating mailbox file"));
+		return;
+	}
 
-		if (   (fchown (fd, user_id, gid) != 0)
-		    || (fchmod (fd, mode) != 0)) {
-			perror (_("Setting mailbox file permissions"));
-		}
+	gr = prefix_getgrnam("mail"); /* local, no need for xgetgrnam */
+	if (NULL == gr) {
+		fputs(_("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"),
+		       stderr);
+		gid = user_gid;
+		mode = 0600;
+	} else {
+		gid = gr->gr_gid;
+		mode = 0660;
+	}
+
+	if (fchown(fd, user_id, gid) != 0
+	 || fchmod(fd, mode) != 0)
+	{
+		perror(_("Setting mailbox file permissions"));
+	}
 
-		fsync (fd);
-		close (fd);
+	if (fsync(fd) != 0) {
+		perror (_("Synchronize mailbox file"));
+	}
+	if (close(fd) != 0 && errno != EINTR) {
+		perror (_("Closing mailbox file"));
+	}
 #ifdef WITH_SELINUX
-		/* Reset SELinux to create files with default contexts */
-		if (reset_selinux_file_context () != 0) {
-			fprintf (stderr,
-			         _("%s: cannot reset SELinux file creation context\n"),
-			         Prog);
-			fail_exit (E_MAILBOXFILE);
-		}
-#endif
+	/* Reset SELinux to create files with default contexts */
+	if (reset_selinux_file_context() != 0) {
+		fprintf(stderr,
+		        _("%s: cannot reset SELinux file creation context\n"),
+		        Prog);
+		fail_exit(E_MAILBOXFILE);
 	}
+#endif
 }
 
 static void check_uid_range(int rflg, uid_t user_id)
@@ -2428,13 +2435,13 @@ static void check_uid_range(int rflg, uid_t user_id)
 	uid_t uid_min ;
 	uid_t uid_max ;
 	if (rflg) {
-		uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
+		uid_max = getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
 		if (user_id > uid_max) {
 			fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
 		}
 	}else{
-		uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL);
-		uid_max = (uid_t)getdef_ulong("UID_MAX", 6000UL);
+		uid_min = getdef_ulong("UID_MIN", 1000UL);
+		uid_max = getdef_ulong("UID_MAX", 6000UL);
 		if (uid_min <= uid_max) {
 			if (user_id < uid_min || user_id >uid_max)
 				fprintf(stderr, _("%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
@@ -2461,10 +2468,6 @@ int main (int argc, char **argv)
 	unsigned long subuid_count = 0;
 	unsigned long subgid_count = 0;
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -2476,17 +2479,17 @@ int main (int argc, char **argv)
 
 	prefix = process_prefix_flag("-P", argc, argv);
 
-	OPENLOG ("useradd");
+	OPENLOG (Prog);
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif
 
 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
+	user_groups = XMALLOC(1 + sys_ngroups, char *);
 	/*
 	 * Initialize the list to be empty
 	 */
-	user_groups[0] = (char *) 0;
+	user_groups[0] = NULL;
 
 
 	is_shadow_pwd = spw_file_present ();
@@ -2499,8 +2502,8 @@ int main (int argc, char **argv)
 	process_flags (argc, argv);
 
 #ifdef ENABLE_SUBIDS
-	uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-	uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+	uid_min = getdef_ulong ("UID_MIN", 1000UL);
+	uid_max = getdef_ulong ("UID_MAX", 60000UL);
 	subuid_count = getdef_ulong ("SUB_UID_COUNT", 65536);
 	subgid_count = getdef_ulong ("SUB_GID_COUNT", 65536);
 	is_sub_uid = subuid_count > 0 && sub_uid_file_present () &&
@@ -2528,7 +2531,7 @@ int main (int argc, char **argv)
 			fail_exit (1);
 		}
 
-		retval = pam_start ("useradd", pampw?pampw->pw_name:"root", &conv, &pamh);
+		retval = pam_start (Prog, pampw?pampw->pw_name:"root", &conv, &pamh);
 	}
 
 	if (PAM_SUCCESS == retval) {
@@ -2629,7 +2632,7 @@ int main (int argc, char **argv)
 #ifdef WITH_AUDIT
 				audit_logger (AUDIT_ADD_USER, Prog,
 				              "adding user",
-				              user_name, (unsigned int) user_id,
+				              user_name, user_id,
 				              SHADOW_AUDIT_FAILURE);
 #endif
 				fail_exit (E_UID_IN_USE);
@@ -2701,14 +2704,14 @@ int main (int argc, char **argv)
 
 #ifdef WITH_SELINUX
 	if (Zflg) {
-		if (set_seuser (user_name, user_selinux) != 0) {
+		if (set_seuser (user_name, user_selinux, user_selinux_range) != 0) {
 			fprintf (stderr,
 			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
 			         Prog, user_name, user_selinux);
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
 			              "adding SELinux user mapping",
-			              user_name, (unsigned int) user_id, 0);
+			              user_name, user_id, 0);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_SE_UPDATE);
 		}
@@ -2720,6 +2723,8 @@ int main (int argc, char **argv)
 		if (home_added) {
 			copy_tree (def_template, prefix_user_home, false, true,
 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
+			copy_tree (def_usrtemplate, prefix_user_home, false, true,
+			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
 		} else {
 			fprintf (stderr,
 			         _("%s: warning: the home directory %s already exists.\n"
@@ -2742,3 +2747,23 @@ int main (int argc, char **argv)
 	return E_SUCCESS;
 }
 
+
+static FILE *
+fmkstemp(char *template)
+{
+	int   fd;
+	FILE  *fp;
+
+	fd = mkstemp(template);
+	if (fd == -1)
+		return NULL;
+
+	fp = fdopen(fd, "w");
+	if (fp == NULL) {
+		close(fd);
+		unlink(template);
+		return NULL;
+	}
+
+	return fp;
+}
diff --git a/src/userdel.c b/src/userdel.c
index 7012b0e..ff1f7dd 100644
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -19,6 +19,8 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+
+#include "alloc.h"
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
@@ -50,6 +52,8 @@
 #include "subordinateio.h"
 #endif				/* ENABLE_SUBIDS */
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 /*
  * exit status values
@@ -68,7 +72,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "userdel";
 
 static char *user_name;
 static uid_t user_id;
@@ -204,8 +208,7 @@ static void update_groups (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "deleting user from group",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_SUCCESS);
+		              user_name, user_id, SHADOW_AUDIT_SUCCESS);
 #endif				/* WITH_AUDIT */
 		SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
 			 user_name, ngrp->gr_name));
@@ -266,8 +269,7 @@ static void update_groups (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "deleting user from shadow group",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_SUCCESS);
+		              user_name, user_id, SHADOW_AUDIT_SUCCESS);
 #endif				/* WITH_AUDIT */
 		SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
 		         user_name, nsgrp->sg_name));
@@ -526,8 +528,7 @@ static void fail_exit (int code)
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_DEL_USER, Prog,
 	              "deleting user",
-	              user_name, (unsigned int) user_id,
-	              SHADOW_AUDIT_FAILURE);
+	              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 
 	exit (code);
@@ -548,8 +549,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "locking password file",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_FAILURE);
+		              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 		fail_exit (E_PW_UPDATE);
 	}
@@ -560,8 +560,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "opening password file",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_FAILURE);
+		              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 		fail_exit (E_PW_UPDATE);
 	}
@@ -573,8 +572,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "locking shadow password file",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_FAILURE);
+			              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_PW_UPDATE);
 		}
@@ -586,8 +584,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "opening shadow password file",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_FAILURE);
+			              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_PW_UPDATE);
 		}
@@ -599,8 +596,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "locking group file",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_FAILURE);
+		              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 		fail_exit (E_GRP_UPDATE);
 	}
@@ -610,8 +606,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "opening group file",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_FAILURE);
+		              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 		fail_exit (E_GRP_UPDATE);
 	}
@@ -624,8 +619,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "locking shadow group file",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_FAILURE);
+			              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_GRP_UPDATE);
 		}
@@ -636,8 +630,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "opening shadow group file",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_FAILURE);
+			              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_GRP_UPDATE);
 		}
@@ -652,8 +645,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 				"locking subordinate user file",
-				user_name, (unsigned int) user_id,
-				SHADOW_AUDIT_FAILURE);
+				user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_SUB_UID_UPDATE);
 		}
@@ -664,8 +656,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 				"opening subordinate user file",
-				user_name, (unsigned int) user_id,
-				SHADOW_AUDIT_FAILURE);
+				user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_SUB_UID_UPDATE);
 		}
@@ -678,8 +669,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 				"locking subordinate group file",
-				user_name, (unsigned int) user_id,
-				SHADOW_AUDIT_FAILURE);
+				user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_SUB_GID_UPDATE);
 		}
@@ -690,8 +680,7 @@ static void open_files (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 				"opening subordinate group file",
-				user_name, (unsigned int) user_id,
-				SHADOW_AUDIT_FAILURE);
+				user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_SUB_GID_UPDATE);
 		}
@@ -738,8 +727,7 @@ static void update_user (void)
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_DEL_USER, Prog,
 	              "deleting user entries",
-	              user_name, (unsigned int) user_id,
-	              SHADOW_AUDIT_SUCCESS);
+	              user_name, user_id, SHADOW_AUDIT_SUCCESS);
 #endif				/* WITH_AUDIT */
 	SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name));
 }
@@ -763,7 +751,7 @@ static void user_cancel (const char *user)
 	}
 	argv[0] = cmd;
 	argv[1] = user;
-	argv[2] = (char *)0;
+	argv[2] = NULL;
 	(void) run_command (cmd, argv, NULL, &status);
 }
 
@@ -802,11 +790,9 @@ static int is_owner (uid_t uid, const char *path)
 
 static int remove_mailbox (void)
 {
-	const char *maildir;
-	char* mailfile;
-	int i;
-	int errors = 0;
-	size_t len;
+	int         i, errors = 0;
+	char        *mailfile;
+	const char  *maildir;
 
 	maildir = getdef_str ("MAIL_DIR");
 #ifdef MAIL_SPOOL_DIR
@@ -818,18 +804,11 @@ static int remove_mailbox (void)
 		return 0;
 	}
 
-	len = strlen (prefix) + strlen (maildir) + strlen (user_name) + 2;
-	mailfile = xmalloc (len);
-
 	if (prefix[0]) {
-		(void) snprintf (mailfile, len, "%s/%s/%s",
-	    	             prefix, maildir, user_name);
-	}
-	else {
-		(void) snprintf (mailfile, len, "%s/%s",
-	    	             maildir, user_name);
+		xasprintf(&mailfile, "%s/%s/%s", prefix, maildir, user_name);
+	} else {
+		xasprintf(&mailfile, "%s/%s", maildir, user_name);
 	}
-	mailfile[len-1] = '\0';
 
 	if (access (mailfile, F_OK) != 0) {
 		if (ENOENT == errno) {
@@ -846,8 +825,7 @@ static int remove_mailbox (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "deleting mail file",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_FAILURE);
+			              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			free(mailfile);
 			return -1;
@@ -863,8 +841,7 @@ static int remove_mailbox (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "deleting mail file",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_FAILURE);
+			              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			errors = 1;
 			/* continue */
@@ -874,8 +851,7 @@ static int remove_mailbox (void)
 		{
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "deleting mail file",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_SUCCESS);
+			              user_name, user_id, SHADOW_AUDIT_SUCCESS);
 		}
 #endif				/* WITH_AUDIT */
 		free(mailfile);
@@ -892,8 +868,7 @@ static int remove_mailbox (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "deleting mail file",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_FAILURE);
+		              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 		free(mailfile);
 		return 1;
@@ -909,8 +884,7 @@ static int remove_mailbox (void)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "deleting mail file",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_FAILURE);
+		              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 		errors = 1;
 		/* continue */
@@ -920,8 +894,7 @@ static int remove_mailbox (void)
 	{
 		audit_logger (AUDIT_DEL_USER, Prog,
 		              "deleting mail file",
-		              user_name, (unsigned int) user_id,
-		              SHADOW_AUDIT_SUCCESS);
+		              user_name, user_id, SHADOW_AUDIT_SUCCESS);
 	}
 #endif				/* WITH_AUDIT */
 	free(mailfile);
@@ -931,22 +904,19 @@ static int remove_mailbox (void)
 #ifdef WITH_TCB
 static int remove_tcbdir (const char *user_name, uid_t user_id)
 {
-	char *buf;
-	int ret = 0;
-	size_t buflen = (sizeof TCB_DIR) + strlen (user_name) + 2;
+	int   ret = 0;
+	char  *buf;
 
 	if (!getdef_bool ("USE_TCB")) {
 		return 0;
 	}
 
-	buf = malloc (buflen);
-	if (NULL == buf) {
-		fprintf (stderr, _("%s: Can't allocate memory, "
-		                   "tcb entry for %s not removed.\n"),
-		         Prog, user_name);
+	if (asprintf(&buf, TCB_DIR "/%s", user_name) == -1) {
+		fprintf(stderr,
+		        _("%s: Can't allocate memory, tcb entry for %s not removed.\n"),
+		        Prog, user_name);
 		return 1;
 	}
-	snprintf (buf, buflen, TCB_DIR "/%s", user_name);
 	if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
 		fprintf (stderr, _("%s: Cannot drop privileges: %s\n"),
 		         Prog, strerror (errno));
@@ -989,10 +959,6 @@ int main (int argc, char **argv)
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 	(void) setlocale (LC_ALL, "");
@@ -1002,7 +968,7 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
-	OPENLOG ("userdel");
+	OPENLOG (Prog);
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif				/* WITH_AUDIT */
@@ -1086,7 +1052,7 @@ int main (int argc, char **argv)
 			exit (E_PW_UPDATE);
 		}
 
-		retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh);
+		retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 	}
 
 	if (PAM_SUCCESS == retval) {
@@ -1148,15 +1114,9 @@ int main (int argc, char **argv)
 		user_gid = pwd->pw_gid;
 
 		if (prefix[0]) {
-
-			size_t len = strlen(prefix) + strlen(pwd->pw_dir) + 2;
-			int wlen;
-			user_home = xmalloc(len);
-			wlen = snprintf(user_home, len, "%s/%s", prefix, pwd->pw_dir);
-			assert (wlen == (int) len -1);
-		}
-		else {
-			user_home = xstrdup (pwd->pw_dir);
+			xasprintf(&user_home, "%s/%s", prefix, pwd->pw_dir);
+		} else {
+			user_home = xstrdup(pwd->pw_dir);
 		}
 		pw_close();
 	}
@@ -1165,26 +1125,6 @@ int main (int argc, char **argv)
 		exit (E_NOTFOUND);
 	}
 #endif				/* WITH_TCB */
-#ifdef	USE_NIS
-
-	/*
-	 * Now make sure it isn't an NIS user.
-	 */
-	if (__ispwNIS ()) {
-		char *nis_domain;
-		char *nis_master;
-
-		fprintf (stderr,
-		         _("%s: user %s is a NIS user\n"), Prog, user_name);
-		if (   !yp_get_default_domain (&nis_domain)
-		    && !yp_master (nis_domain, "passwd.byname", &nis_master)) {
-			fprintf (stderr,
-			         _("%s: %s is the NIS master\n"),
-			         Prog, nis_master);
-		}
-		exit (E_NOTFOUND);
-	}
-#endif				/* USE_NIS */
 	/*
 	 * Check to make certain the user isn't logged in.
 	 * Note: This is a best effort basis. The user may log in between,
@@ -1290,8 +1230,7 @@ int main (int argc, char **argv)
 		{
 			audit_logger (AUDIT_DEL_USER, Prog,
 			              "deleting home directory",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_SUCCESS);
+			              user_name, user_id, SHADOW_AUDIT_SUCCESS);
 		}
 #endif				/* WITH_AUDIT */
 	}
@@ -1313,8 +1252,7 @@ int main (int argc, char **argv)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
 			              "removing SELinux user mapping",
-			              user_name, (unsigned int) user_id,
-			              SHADOW_AUDIT_FAILURE);
+			              user_name, user_id, SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 			fail_exit (E_SE_UPDATE);
 		}
diff --git a/src/usermod.c b/src/usermod.c
index c1a5b2c..f889698 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -17,7 +17,9 @@
 #include <fcntl.h>
 #include <getopt.h>
 #include <grp.h>
+#ifdef ENABLE_LASTLOG
 #include <lastlog.h>
+#endif /* ENABLE_LASTLOG */
 #include <pwd.h>
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
@@ -25,14 +27,19 @@
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
 #include <stdio.h>
+#include <strings.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <time.h>
+
+#include "alloc.h"
+#include "atoi/str2i.h"
 #include "chkname.h"
 #include "defines.h"
 #include "faillog.h"
 #include "getdef.h"
 #include "groupio.h"
+#include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"
 #include "prototypes.h"
@@ -52,6 +59,9 @@
 #include "tcbfuncs.h"
 #endif
 #include "shadowlog.h"
+#include "string/sprintf.h"
+#include "time/day_to_str.h"
+
 
 /*
  * exit status values
@@ -82,7 +92,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char Prog[] = "usermod";
 
 static char *user_name;
 static char *user_newname;
@@ -98,6 +108,7 @@ static char *user_newhome;
 static char *user_shell;
 #ifdef WITH_SELINUX
 static const char *user_selinux = "";
+static const char *user_selinux_range = NULL;
 #endif				/* WITH_SELINUX */
 static char *user_newshell;
 static long user_expire;
@@ -163,14 +174,16 @@ static bool sub_gid_locked = false;
 
 /* local function prototypes */
 static int get_groups (char *);
-static /*@noreturn@*/void usage (int status);
+NORETURN static void usage (int status);
 static void new_pwent (struct passwd *);
 static void new_spent (struct spwd *);
-static /*@noreturn@*/void fail_exit (int);
-static void update_group (void);
+NORETURN static void fail_exit (int);
+static void update_group_file(void);
+static void update_group(const struct group *grp);
 
 #ifdef SHADOWGRP
-static void update_gshadow (void);
+static void update_gshadow_file(void);
+static void update_gshadow(const struct sgrp *sgrp);
 #endif
 static void grp_update (void);
 
@@ -179,7 +192,9 @@ static void close_files (void);
 static void open_files (void);
 static void usr_update (void);
 static void move_home (void);
+#ifdef ENABLE_LASTLOG
 static void update_lastlog (void);
+#endif /* ENABLE_LASTLOG */
 static void update_faillog (void);
 
 #ifndef NO_MOVE_MAILBOX
@@ -198,14 +213,14 @@ extern int allow_bad_names;
 static int get_groups (char *list)
 {
 	char *cp;
-	const struct group *grp;
+	struct group *grp;
 	int errors = 0;
 	int ngroups = 0;
 
 	/*
 	 * Initialize the list to be empty
 	 */
-	user_groups[0] = (char *) 0;
+	user_groups[0] = NULL;
 
 	if ('\0' == *list) {
 		return 0;
@@ -251,25 +266,11 @@ static int get_groups (char *list)
 			continue;
 		}
 
-#ifdef	USE_NIS
-		/*
-		 * Don't add this group if they are an NIS group. Tell the
-		 * user to go to the server for this group.
-		 */
-		if (__isgrNIS ()) {
-			fprintf (stderr,
-			         _("%s: group '%s' is a NIS group.\n"),
-			         Prog, grp->gr_name);
-			gr_free ((struct group *)grp);
-			continue;
-		}
-#endif
-
 		if (ngroups == sys_ngroups) {
 			fprintf (stderr,
 			         _("%s: too many groups specified (max %d).\n"),
 			         Prog, ngroups);
-			gr_free ((struct group *)grp);
+			gr_free (grp);
 			break;
 		}
 
@@ -277,10 +278,10 @@ static int get_groups (char *list)
 		 * Add the group name to the user's list of groups.
 		 */
 		user_groups[ngroups++] = xstrdup (grp->gr_name);
-		gr_free ((struct group *)grp);
+		gr_free (grp);
 	} while (NULL != list);
 
-	user_groups[ngroups] = (char *) 0;
+	user_groups[ngroups] = NULL;
 
 	/*
 	 * Any errors in finding group names are fatal
@@ -307,21 +308,28 @@ static struct ulong_range getulong_range(const char *str)
 
 	errno = 0;
 	first = strtoll(str, &pos, 10);
-	if (('\0' == *str) || ('-' != *pos ) || (ERANGE == errno) ||
-	    (first != (unsigned long int)first))
+	if (('\0' == *str) || ('-' != *pos ) || (0 != errno) ||
+	    (first != (unsigned long)first))
 		goto out;
 
 	errno = 0;
 	last = strtoll(pos + 1, &pos, 10);
-	if (('\0' != *pos ) || (ERANGE == errno) ||
-	    (last != (unsigned long int)last))
+	if (('\0' != *pos ) || (0 != errno) ||
+	    (last != (unsigned long)last))
 		goto out;
 
 	if (first > last)
 		goto out;
 
-	result.first = (unsigned long int)first;
-	result.last = (unsigned long int)last;
+	/*
+	 * uid_t in linux is an unsigned int, anything over this is an invalid
+	 * range will be later refused anyway by get_map_ranges().
+	 */
+	if (first > UINT_MAX || last > UINT_MAX)
+		goto out;
+
+	result.first = (unsigned long)first;
+	result.last = (unsigned long)last;
 out:
 	return result;
 }
@@ -342,7 +350,7 @@ static int prepend_range(const char *str, struct ulong_range_list_entry **head)
 	if (range.first > range.last)
 		return 0;
 
-	entry = malloc(sizeof(*entry));
+	entry = MALLOC(1, struct ulong_range_list_entry);
 	if (!entry) {
 		fprintf (stderr,
 			_("%s: failed to allocate memory: %s\n"),
@@ -359,7 +367,9 @@ static int prepend_range(const char *str, struct ulong_range_list_entry **head)
 /*
  * usage - display usage message and exit
  */
-static /*@noreturn@*/void usage (int status)
+NORETURN
+static void
+usage (int status)
 {
 	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
 	(void) fprintf (usageout,
@@ -401,6 +411,7 @@ static /*@noreturn@*/void usage (int status)
 #endif				/* ENABLE_SUBIDS */
 #ifdef WITH_SELINUX
 	(void) fputs (_("  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account\n"), usageout);
+	(void) fputs (_("      --selinux-range SERANGE   new SELinux MLS range for the user account\n"), usageout);
 #endif				/* WITH_SELINUX */
 	(void) fputs ("\n", usageout);
 	exit (status);
@@ -413,20 +424,17 @@ static /*@noreturn@*/void usage (int status)
 static char *new_pw_passwd (char *pw_pass)
 {
 	if (Lflg && ('!' != pw_pass[0])) {
-		char *buf = xmalloc (strlen (pw_pass) + 2);
+		char *buf = XMALLOC(strlen(pw_pass) + 2, char);
 
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "updating passwd",
-		              user_newname, (unsigned int) user_newid, 0);
+		              "updating passwd", user_newname, user_newid, 0);
 #endif
 		SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname));
 		strcpy (buf, "!");
 		strcat (buf, pw_pass);
 		pw_pass = buf;
 	} else if (Uflg && pw_pass[0] == '!') {
-		char *s;
-
 		if (pw_pass[1] == '\0') {
 			fprintf (stderr,
 			         _("%s: unlocking the user's password would result in a passwordless account.\n"
@@ -437,20 +445,14 @@ static char *new_pw_passwd (char *pw_pass)
 
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "updating password",
-		              user_newname, (unsigned int) user_newid, 0);
+		              "updating password", user_newname, user_newid, 0);
 #endif
 		SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
-		s = pw_pass;
-		while ('\0' != *s) {
-			*s = *(s + 1);
-			s++;
-		}
+		memmove(pw_pass, pw_pass + 1, strlen(pw_pass));
 	} else if (pflg) {
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "changing password",
-		              user_newname, (unsigned int) user_newid, 1);
+		              "changing password", user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO, "change user '%s' password", user_newname));
 		pw_pass = xstrdup (user_pass);
@@ -479,8 +481,7 @@ static void new_pwent (struct passwd *pwent)
 		}
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "changing name",
-		              user_newname, (unsigned int) user_newid, 1);
+		              "changing name", user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "change user name '%s' to '%s'",
@@ -500,8 +501,7 @@ static void new_pwent (struct passwd *pwent)
 	if (uflg) {
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "changing uid",
-		              user_newname, (unsigned int) user_newid, 1);
+		              "changing uid", user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "change user '%s' UID from '%d' to '%d'",
@@ -512,7 +512,7 @@ static void new_pwent (struct passwd *pwent)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              "changing primary group",
-		              user_newname, (unsigned int) user_newid, 1);
+		              user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "change user '%s' GID from '%d' to '%d'",
@@ -522,8 +522,7 @@ static void new_pwent (struct passwd *pwent)
 	if (cflg) {
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-		              "changing comment",
-		              user_newname, (unsigned int) user_newid, 1);
+		              "changing comment", user_newname, user_newid, 1);
 #endif
 		pwent->pw_gecos = user_newcomment;
 	}
@@ -532,7 +531,7 @@ static void new_pwent (struct passwd *pwent)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              "changing home directory",
-		              user_newname, (unsigned int) user_newid, 1);
+		              user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "change user '%s' home from '%s' to '%s'",
@@ -549,7 +548,7 @@ static void new_pwent (struct passwd *pwent)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              "changing user shell",
-		              user_newname, (unsigned int) user_newid, 1);
+		              user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "change user '%s' shell from '%s' to '%s'",
@@ -580,7 +579,7 @@ static void new_spent (struct spwd *spent)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              "changing inactive days",
-		              user_newname, (unsigned int) user_newid, 1);
+		              user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "change user '%s' inactive from '%ld' to '%ld'",
@@ -590,12 +589,13 @@ static void new_spent (struct spwd *spent)
 	if (eflg) {
 		/* log dates rather than numbers of days. */
 		char new_exp[16], old_exp[16];
-		date_to_str (sizeof(new_exp), new_exp, user_newexpire * DAY);
-		date_to_str (sizeof(old_exp), old_exp, user_expire * DAY);
+
+		DAY_TO_STR(new_exp, user_newexpire);
+		DAY_TO_STR(old_exp, user_expire);
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              "changing expiration date",
-		              user_newname, (unsigned int) user_newid, 1);
+		              user_newname, user_newid, 1);
 #endif
 		SYSLOG ((LOG_INFO,
 		         "change user '%s' expiration from '%s' to '%s'",
@@ -615,7 +615,7 @@ static void new_spent (struct spwd *spent)
 	spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
 
 	if (pflg) {
-		spent->sp_lstchg = (long) gettime () / SCALE;
+		spent->sp_lstchg = gettime () / DAY;
 		if (0 == spent->sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change. */
@@ -627,7 +627,9 @@ static void new_spent (struct spwd *spent)
 /*
  * fail_exit - exit with an error code after unlocking files
  */
-static /*@noreturn@*/void fail_exit (int code)
+NORETURN
+static void
+fail_exit (int code)
 {
 	if (gr_locked) {
 		if (gr_unlock () == 0) {
@@ -685,263 +687,277 @@ static /*@noreturn@*/void fail_exit (int code)
 }
 
 
-static void update_group (void)
+static void
+update_group_file(void)
 {
-	bool is_member;
-	bool was_member;
-	bool changed;
-	const struct group *grp;
-	struct group *ngrp;
-
-	changed = false;
+	const struct group  *grp;
 
 	/*
 	 * Scan through the entire group file looking for the groups that
 	 * the user is a member of.
 	 */
-	while ((grp = gr_next ()) != NULL) {
-		/*
-		 * See if the user specified this group as one of their
-		 * concurrent groups.
-		 */
-		was_member = is_on_list (grp->gr_mem, user_name);
-		is_member = Gflg && (   (was_member && aflg)
-		                     || is_on_list (user_groups, grp->gr_name));
+	while ((grp = gr_next()) != NULL)
+		update_group(grp);
+}
 
-		if (!was_member && !is_member) {
-			continue;
-		}
 
-		/*
-		* If rflg+Gflg  is passed in AKA -rG invert is_member flag, which removes
-		* mentioned groups while leaving the others.
-		*/
-		if (Gflg && rflg) {
-			is_member = !is_member;
-		}
+static void
+update_group(const struct group *grp)
+{
+	bool          changed;
+	bool          is_member;
+	bool          was_member;
+	struct group  *ngrp;
 
-		ngrp = __gr_dup (grp);
-		if (NULL == ngrp) {
-			fprintf (stderr,
-			         _("%s: Out of memory. Cannot update %s.\n"),
-			         Prog, gr_dbname ());
-			fail_exit (E_GRP_UPDATE);
-		}
+	changed = false;
 
-		if (was_member) {
-			if ((!Gflg) || is_member) {
-				/* User was a member and is still a member
-				 * of this group.
-				 * But the user might have been renamed.
-				 */
-				if (lflg) {
-					ngrp->gr_mem = del_list (ngrp->gr_mem,
-					                         user_name);
-					ngrp->gr_mem = add_list (ngrp->gr_mem,
-					                         user_newname);
-					changed = true;
-#ifdef WITH_AUDIT
-					audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-					              "changing group member",
-					              user_newname, AUDIT_NO_ID, 1);
-#endif
-					SYSLOG ((LOG_INFO,
-					         "change '%s' to '%s' in group '%s'",
-					         user_name, user_newname,
-					         ngrp->gr_name));
-				}
-			} else {
-				/* User was a member but is no more a
-				 * member of this group.
-				 */
-				ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
+	/*
+	 * See if the user specified this group as one of their
+	 * concurrent groups.
+	 */
+	was_member = is_on_list (grp->gr_mem, user_name);
+	is_member = Gflg && (   (was_member && aflg)
+			     || is_on_list (user_groups, grp->gr_name));
+
+	if (!was_member && !is_member)
+		return;
+
+	/*
+	* If rflg+Gflg  is passed in AKA -rG invert is_member flag, which removes
+	* mentioned groups while leaving the others.
+	*/
+	if (Gflg && rflg) {
+		is_member = !is_member;
+	}
+
+	ngrp = __gr_dup (grp);
+	if (NULL == ngrp) {
+		fprintf (stderr,
+			 _("%s: Out of memory. Cannot update %s.\n"),
+			 Prog, gr_dbname ());
+		fail_exit (E_GRP_UPDATE);
+	}
+
+	if (was_member) {
+		if ((!Gflg) || is_member) {
+			/* User was a member and is still a member
+			 * of this group.
+			 * But the user might have been renamed.
+			 */
+			if (lflg) {
+				ngrp->gr_mem = del_list (ngrp->gr_mem,
+							 user_name);
+				ngrp->gr_mem = add_list (ngrp->gr_mem,
+							 user_newname);
 				changed = true;
 #ifdef WITH_AUDIT
 				audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-				              "removing group member",
-				              user_name, AUDIT_NO_ID, 1);
+					      "changing group member",
+					      user_newname, AUDIT_NO_ID, 1);
 #endif
 				SYSLOG ((LOG_INFO,
-				         "delete '%s' from group '%s'",
-				         user_name, ngrp->gr_name));
+					 "change '%s' to '%s' in group '%s'",
+					 user_name, user_newname,
+					 ngrp->gr_name));
 			}
-		} else if (is_member) {
-			/* User was not a member but is now a member this
-			 * group.
+		} else {
+			/* User was a member but is no more a
+			 * member of this group.
 			 */
-			ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
+			ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
 			changed = true;
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-			              "adding user to group",
-			              user_name, AUDIT_NO_ID, 1);
+				      "removing group member",
+				      user_name, AUDIT_NO_ID, 1);
 #endif
-			SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
-			         user_newname, ngrp->gr_name));
-		}
-		if (!changed) {
-			continue;
-		}
-
-		changed = false;
-		if (gr_update (ngrp) == 0) {
-			fprintf (stderr,
-			         _("%s: failed to prepare the new %s entry '%s'\n"),
-			         Prog, gr_dbname (), ngrp->gr_name);
-			SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'", gr_dbname (), ngrp->gr_name));
-			fail_exit (E_GRP_UPDATE);
+			SYSLOG ((LOG_INFO,
+				 "delete '%s' from group '%s'",
+				 user_name, ngrp->gr_name));
 		}
+	} else if (is_member) {
+		/* User was not a member but is now a member this
+		 * group.
+		 */
+		ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
+		changed = true;
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "adding user to group",
+			      user_name, AUDIT_NO_ID, 1);
+#endif
+		SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
+			 user_newname, ngrp->gr_name));
+	}
+	if (!changed)
+		goto free_ngrp;
 
-		gr_free(ngrp);
+	if (gr_update (ngrp) == 0) {
+		fprintf (stderr,
+			 _("%s: failed to prepare the new %s entry '%s'\n"),
+			 Prog, gr_dbname (), ngrp->gr_name);
+		SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'", gr_dbname (), ngrp->gr_name));
+		fail_exit (E_GRP_UPDATE);
 	}
+
+free_ngrp:
+	gr_free(ngrp);
 }
 
+
 #ifdef SHADOWGRP
-static void update_gshadow (void)
+static void
+update_gshadow_file(void)
 {
-	bool is_member;
-	bool was_member;
-	bool was_admin;
-	bool changed;
-	const struct sgrp *sgrp;
-	struct sgrp *nsgrp;
-
-	changed = false;
+	const struct sgrp  *sgrp;
 
 	/*
 	 * Scan through the entire shadow group file looking for the groups
 	 * that the user is a member of.
 	 */
-	while ((sgrp = sgr_next ()) != NULL) {
+	while ((sgrp = sgr_next()) != NULL)
+		update_gshadow(sgrp);
+}
+#endif				/* SHADOWGRP */
 
-		/*
-		 * See if the user was a member of this group
-		 */
-		was_member = is_on_list (sgrp->sg_mem, user_name);
 
-		/*
-		 * See if the user was an administrator of this group
-		 */
-		was_admin = is_on_list (sgrp->sg_adm, user_name);
+#ifdef SHADOWGRP
+static void
+update_gshadow(const struct sgrp *sgrp)
+{
+	bool         changed;
+	bool         is_member;
+	bool         was_member;
+	bool         was_admin;
+	struct sgrp  *nsgrp;
 
-		/*
-		 * See if the user specified this group as one of their
-		 * concurrent groups.
-		 */
-		is_member = Gflg && (   (was_member && aflg)
-		                     || is_on_list (user_groups, sgrp->sg_name));
+	changed = false;
 
-		if (!was_member && !was_admin && !is_member) {
-			continue;
-		}
+	/*
+	 * See if the user was a member of this group
+	 */
+	was_member = is_on_list (sgrp->sg_mem, user_name);
 
-		/*
-		* If rflg+Gflg  is passed in AKA -rG invert is_member, to remove targeted
-		* groups while leaving the user apart of groups not mentioned
-		*/
-		if (Gflg && rflg) {
-			is_member = !is_member;
-		}
+	/*
+	 * See if the user was an administrator of this group
+	 */
+	was_admin = is_on_list (sgrp->sg_adm, user_name);
 
-		nsgrp = __sgr_dup (sgrp);
-		if (NULL == nsgrp) {
-			fprintf (stderr,
-			         _("%s: Out of memory. Cannot update %s.\n"),
-			         Prog, sgr_dbname ());
-			fail_exit (E_GRP_UPDATE);
-		}
+	/*
+	 * See if the user specified this group as one of their
+	 * concurrent groups.
+	 */
+	is_member = Gflg && (   (was_member && aflg)
+			     || is_on_list (user_groups, sgrp->sg_name));
 
-		if (was_admin && lflg) {
-			/* User was an admin of this group but the user
-			 * has been renamed.
-			 */
-			nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name);
-			nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
-			changed = true;
-#ifdef WITH_AUDIT
-			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-			              "changing admin name in shadow group",
-			              user_name, AUDIT_NO_ID, 1);
-#endif
-			SYSLOG ((LOG_INFO,
-			         "change admin '%s' to '%s' in shadow group '%s'",
-			         user_name, user_newname, nsgrp->sg_name));
-		}
-
-		if (was_member) {
-			if ((!Gflg) || is_member) {
-				/* User was a member and is still a member
-				 * of this group.
-				 * But the user might have been renamed.
-				 */
-				if (lflg) {
-					nsgrp->sg_mem = del_list (nsgrp->sg_mem,
-					                          user_name);
-					nsgrp->sg_mem = add_list (nsgrp->sg_mem,
-					                          user_newname);
-					changed = true;
+	if (!was_member && !was_admin && !is_member)
+		return;
+
+	/*
+	* If rflg+Gflg  is passed in AKA -rG invert is_member, to remove targeted
+	* groups while leaving the user apart of groups not mentioned
+	*/
+	if (Gflg && rflg) {
+		is_member = !is_member;
+	}
+
+	nsgrp = __sgr_dup (sgrp);
+	if (NULL == nsgrp) {
+		fprintf (stderr,
+			 _("%s: Out of memory. Cannot update %s.\n"),
+			 Prog, sgr_dbname ());
+		fail_exit (E_GRP_UPDATE);
+	}
+
+	if (was_admin && lflg) {
+		/* User was an admin of this group but the user
+		 * has been renamed.
+		 */
+		nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name);
+		nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
+		changed = true;
 #ifdef WITH_AUDIT
-					audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-					              "changing member in shadow group",
-					              user_name, AUDIT_NO_ID, 1);
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "changing admin name in shadow group",
+			      user_name, AUDIT_NO_ID, 1);
 #endif
-					SYSLOG ((LOG_INFO,
-					         "change '%s' to '%s' in shadow group '%s'",
-					         user_name, user_newname,
-					         nsgrp->sg_name));
-				}
-			} else {
-				/* User was a member but is no more a
-				 * member of this group.
-				 */
-				nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
+		SYSLOG ((LOG_INFO,
+			 "change admin '%s' to '%s' in shadow group '%s'",
+			 user_name, user_newname, nsgrp->sg_name));
+	}
+
+	if (was_member) {
+		if ((!Gflg) || is_member) {
+			/* User was a member and is still a member
+			 * of this group.
+			 * But the user might have been renamed.
+			 */
+			if (lflg) {
+				nsgrp->sg_mem = del_list (nsgrp->sg_mem,
+							  user_name);
+				nsgrp->sg_mem = add_list (nsgrp->sg_mem,
+							  user_newname);
 				changed = true;
 #ifdef WITH_AUDIT
 				audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-				              "removing user from shadow group",
-				              user_name, AUDIT_NO_ID, 1);
+					      "changing member in shadow group",
+					      user_name, AUDIT_NO_ID, 1);
 #endif
 				SYSLOG ((LOG_INFO,
-				         "delete '%s' from shadow group '%s'",
-				         user_name, nsgrp->sg_name));
+					 "change '%s' to '%s' in shadow group '%s'",
+					 user_name, user_newname,
+					 nsgrp->sg_name));
 			}
-		} else if (is_member) {
-			/* User was not a member but is now a member this
-			 * group.
+		} else {
+			/* User was a member but is no more a
+			 * member of this group.
 			 */
-			nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
+			nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
 			changed = true;
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-			              "adding user to shadow group",
-			              user_newname, AUDIT_NO_ID, 1);
+				      "removing user from shadow group",
+				      user_name, AUDIT_NO_ID, 1);
 #endif
-			SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
-			         user_newname, nsgrp->sg_name));
-		}
-		if (!changed) {
-			continue;
+			SYSLOG ((LOG_INFO,
+				 "delete '%s' from shadow group '%s'",
+				 user_name, nsgrp->sg_name));
 		}
-
-		changed = false;
-
-		/*
-		 * Update the group entry to reflect the changes.
+	} else if (is_member) {
+		/* User was not a member but is now a member this
+		 * group.
 		 */
-		if (sgr_update (nsgrp) == 0) {
-			fprintf (stderr,
-			         _("%s: failed to prepare the new %s entry '%s'\n"),
-			         Prog, sgr_dbname (), nsgrp->sg_name);
-			SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'",
-			         sgr_dbname (), nsgrp->sg_name));
-			fail_exit (E_GRP_UPDATE);
-		}
+		nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
+		changed = true;
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "adding user to shadow group",
+			      user_newname, AUDIT_NO_ID, 1);
+#endif
+		SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
+			 user_newname, nsgrp->sg_name));
+	}
+	if (!changed)
+		goto free_nsgrp;
 
-		free (nsgrp);
+	/*
+	 * Update the group entry to reflect the changes.
+	 */
+	if (sgr_update (nsgrp) == 0) {
+		fprintf (stderr,
+			 _("%s: failed to prepare the new %s entry '%s'\n"),
+			 Prog, sgr_dbname (), nsgrp->sg_name);
+		SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'",
+			 sgr_dbname (), nsgrp->sg_name));
+		fail_exit (E_GRP_UPDATE);
 	}
+
+free_nsgrp:
+	free (nsgrp);
 }
 #endif				/* SHADOWGRP */
 
+
 /*
  * grp_update - add user to secondary group set
  *
@@ -950,10 +966,10 @@ static void update_gshadow (void)
  */
 static void grp_update (void)
 {
-	update_group ();
+	update_group_file();
 #ifdef SHADOWGRP
 	if (is_shadow_grp) {
-		update_gshadow ();
+		update_gshadow_file();
 	}
 #endif
 }
@@ -967,7 +983,6 @@ static void grp_update (void)
  */
 static void process_flags (int argc, char **argv)
 {
-	const struct group *grp;
 	struct stat st;
 	bool anyflag = false;
 
@@ -978,6 +993,7 @@ static void process_flags (int argc, char **argv)
 		int c;
 		static struct option long_options[] = {
 			{"append",       no_argument,       NULL, 'a'},
+			{"badname",      no_argument,       NULL, 'b'},
 			{"badnames",     no_argument,       NULL, 'b'},
 			{"comment",      required_argument, NULL, 'c'},
 			{"home",         required_argument, NULL, 'd'},
@@ -1000,11 +1016,12 @@ static void process_flags (int argc, char **argv)
 #ifdef ENABLE_SUBIDS
 			{"add-subuids",  required_argument, NULL, 'v'},
 			{"del-subuids",  required_argument, NULL, 'V'},
- 			{"add-subgids",  required_argument, NULL, 'w'},
- 			{"del-subgids",  required_argument, NULL, 'W'},
+			{"add-subgids",  required_argument, NULL, 'w'},
+			{"del-subgids",  required_argument, NULL, 'W'},
 #endif				/* ENABLE_SUBIDS */
 #ifdef WITH_SELINUX
-			{"selinux-user", required_argument, NULL, 'Z'},
+			{"selinux-user",  required_argument, NULL, 'Z'},
+			{"selinux-range", required_argument, NULL, 202},
 #endif				/* WITH_SELINUX */
 			{NULL, 0, NULL, '\0'}
 		};
@@ -1058,11 +1075,10 @@ static void process_flags (int argc, char **argv)
 						 Prog, optarg);
 					exit (E_BAD_ARG);
 				}
-				user_newexpire *= DAY / SCALE;
 				eflg = true;
 				break;
 			case 'f':
-				if (   (getlong (optarg, &user_newinactive) == 0)
+				if (   (str2sl(&user_newinactive, optarg) == -1)
 				    || (user_newinactive < -1)) {
 					fprintf (stderr,
 					         _("%s: invalid numeric argument '%s'\n"),
@@ -1072,7 +1088,10 @@ static void process_flags (int argc, char **argv)
 				fflg = true;
 				break;
 			case 'g':
-				grp = getgr_nam_gid (optarg);
+			{
+				struct group  *grp;
+
+				grp = prefix_getgr_nam_gid (optarg);
 				if (NULL == grp) {
 					fprintf (stderr,
 					         _("%s: group '%s' does not exist\n"),
@@ -1083,6 +1102,7 @@ static void process_flags (int argc, char **argv)
 				gflg = true;
 				gr_free (grp);
 				break;
+			}
 			case 'G':
 				if (get_groups (optarg) != 0) {
 					exit (E_NOTFOUND);
@@ -1146,7 +1166,7 @@ static void process_flags (int argc, char **argv)
 				sflg = true;
 				break;
 			case 'u':
-				if (   (get_uid (optarg, &user_newid) ==0)
+				if (   (get_uid(optarg, &user_newid) == -1)
 				    || (user_newid == (uid_t)-1)) {
 					fprintf (stderr,
 					         _("%s: invalid user ID '%s'\n"),
@@ -1214,6 +1234,9 @@ static void process_flags (int argc, char **argv)
 					exit (E_BAD_ARG);
 				}
 				break;
+			case 202:
+				user_selinux_range = optarg;
+				break;
 #endif				/* WITH_SELINUX */
 			default:
 				usage (E_USAGE);
@@ -1258,46 +1281,16 @@ static void process_flags (int argc, char **argv)
 		user_newgid = user_gid;
 	}
 	if (prefix[0]) {
-		size_t len = strlen(prefix) + strlen(user_home) + 2;
-		int wlen;
-		prefix_user_home = xmalloc(len);
-		wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
-		assert (wlen == (int) len -1);
+		xasprintf(&prefix_user_home, "%s/%s", prefix, user_home);
 		if (user_newhome) {
-			len = strlen(prefix) + strlen(user_newhome) + 2;
-			prefix_user_newhome = xmalloc(len);
-			wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
-			assert (wlen == (int) len -1);
+			xasprintf(&prefix_user_newhome, "%s/%s",
+			          prefix, user_newhome);
 		}
-
-	}
-	else {
+	} else {
 		prefix_user_home = user_home;
 		prefix_user_newhome = user_newhome;
 	}
 
-#ifdef	USE_NIS
-	/*
-	 * Now make sure it isn't an NIS user.
-	 */
-	if (__ispwNIS ()) {
-		char *nis_domain;
-		char *nis_master;
-
-		fprintf (stderr,
-		         _("%s: user %s is a NIS user\n"),
-		         Prog, user_name);
-
-		if (   !yp_get_default_domain (&nis_domain)
-		    && !yp_master (nis_domain, "passwd.byname", &nis_master)) {
-			fprintf (stderr,
-			         _("%s: %s is the NIS master\n"),
-			         Prog, nis_master);
-		}
-		exit (E_NOTFOUND);
-	}
-#endif
-
 	{
 		const struct spwd *spwd = NULL;
 		/* local, no need for xgetspnam */
@@ -1354,6 +1347,15 @@ static void process_flags (int argc, char **argv)
 		usage (E_USAGE);
 	}
 
+#ifdef WITH_SELINUX
+	if (user_selinux_range && !Zflg) {
+		fprintf (stderr,
+		         _("%s: %s flag is only allowed with the %s flag\n"),
+		         Prog, "--selinux-range", "--selinux-user");
+		usage (E_USAGE);
+	}
+#endif				/* WITH_SELINUX */
+
 	if (user_newid == user_id) {
 		uflg = false;
 		oflg = false;
@@ -1723,7 +1725,7 @@ static void usr_update (void)
 			 *    a shadowed password
 			 *  + aging information is requested
 			 */
-			memset (&spent, 0, sizeof spent);
+			bzero(&spent, sizeof spent);
 			spent.sp_namp   = user_name;
 
 			/* The user explicitly asked for a shadow feature.
@@ -1732,7 +1734,7 @@ static void usr_update (void)
 			spent.sp_pwdp   = xstrdup (pwent.pw_passwd);
 			pwent.pw_passwd = xstrdup (SHADOW_PASSWD_STRING);
 
-			spent.sp_lstchg = (long) gettime () / SCALE;
+			spent.sp_lstchg = gettime () / DAY;
 			if (0 == spent.sp_lstchg) {
 				/* Better disable aging than
 				 * requiring a password change */
@@ -1819,7 +1821,7 @@ static void move_home (void)
 		if (uflg || gflg) {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 				      "changing home directory owner",
-				      user_newname, (unsigned int) user_newid, 1);
+				      user_newname, user_newid, 1);
 		}
 #endif
 
@@ -1838,8 +1840,7 @@ static void move_home (void)
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "moving home directory",
-			              user_newname, (unsigned int) user_newid,
-			              1);
+			              user_newname, user_newid, 1);
 #endif
 			return;
 		} else {
@@ -1869,7 +1870,7 @@ static void move_home (void)
 					              Prog,
 					              "moving home directory",
 					              user_newname,
-					              (unsigned int) user_newid,
+					              user_newid,
 					              1);
 #endif
 					return;
@@ -1897,6 +1898,7 @@ static void move_home (void)
  * left alone in case the UID was shared. It doesn't hurt anything
  * to just leave it be.
  */
+#ifdef ENABLE_LASTLOG
 static void update_lastlog (void)
 {
 	struct lastlog ll;
@@ -1909,7 +1911,7 @@ static void update_lastlog (void)
 		return;
 	}
 
-	max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
+	max_uid = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
 	if (user_newid > max_uid) {
 		/* do not touch lastlog for large uids */
 		return;
@@ -1928,7 +1930,7 @@ static void update_lastlog (void)
 	    && (read (fd, &ll, sizeof ll) == (ssize_t) sizeof ll)) {
 		/* Copy the old entry to its new location */
 		if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-		    || (write (fd, &ll, sizeof ll) != (ssize_t) sizeof ll)
+		    || (write_full(fd, &ll, sizeof ll) == -1)
 		    || (fsync (fd) != 0)) {
 			fprintf (stderr,
 			         _("%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"),
@@ -1944,7 +1946,7 @@ static void update_lastlog (void)
 			/* Reset the new uid's lastlog entry */
 			memzero (&ll, sizeof (ll));
 			if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-			    || (write (fd, &ll, sizeof ll) != (ssize_t) sizeof ll)
+			    || (write_full(fd, &ll, sizeof ll) == -1)
 			    || (fsync (fd) != 0)) {
 				fprintf (stderr,
 				         _("%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"),
@@ -1953,8 +1955,13 @@ static void update_lastlog (void)
 		}
 	}
 
-	(void) close (fd);
+	if (close (fd) != 0 && errno != EINTR) {
+		fprintf (stderr,
+		         _("%s: failed to copy the lastlog entry of user %ju to user %ju: %s\n"),
+		         Prog, (uintmax_t) user_id, (uintmax_t) user_newid, strerror (errno));
+	}
 }
+#endif /* ENABLE_LASTLOG */
 
 /*
  * update_faillog - update the faillog file
@@ -1984,10 +1991,10 @@ static void update_faillog (void)
 	}
 
 	if (   (lseek (fd, off_uid, SEEK_SET) == off_uid)
-	    && (read (fd, (char *) &fl, sizeof fl) == (ssize_t) sizeof fl)) {
+	    && (read (fd, &fl, sizeof fl) == (ssize_t) sizeof fl)) {
 		/* Copy the old entry to its new location */
 		if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-		    || (write (fd, &fl, sizeof fl) != (ssize_t) sizeof fl)
+		    || (write_full(fd, &fl, sizeof fl) == -1)
 		    || (fsync (fd) != 0)) {
 			fprintf (stderr,
 			         _("%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"),
@@ -2003,7 +2010,8 @@ static void update_faillog (void)
 			/* Reset the new uid's faillog entry */
 			memzero (&fl, sizeof (fl));
 			if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-			    || (write (fd, &fl, sizeof fl) != (ssize_t) sizeof fl)) {
+			    || (write_full(fd, &fl, sizeof fl) == -1))
+			{
 				fprintf (stderr,
 				         _("%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"),
 				         Prog, (unsigned long) user_id, (unsigned long) user_newid, strerror (errno));
@@ -2011,7 +2019,11 @@ static void update_faillog (void)
 		}
 	}
 
-	(void) close (fd);
+	if (close (fd) != 0 && errno != EINTR) {
+		fprintf (stderr,
+		         _("%s: failed to copy the faillog entry of user %ju to user %ju: %s\n"),
+		         Prog, (uintmax_t) user_id, (uintmax_t) user_newid, strerror (errno));
+	}
 }
 
 #ifndef NO_MOVE_MAILBOX
@@ -2024,12 +2036,10 @@ static void update_faillog (void)
  */
 static void move_mailbox (void)
 {
-	const char *maildir;
-	char* mailfile;
-	char* newmailfile;
-	int fd;
-	struct stat st;
-	size_t len;
+	int          fd;
+	char         *mailfile;
+	const char   *maildir;
+	struct stat  st;
 
 	maildir = getdef_str ("MAIL_DIR");
 #ifdef MAIL_SPOOL_DIR
@@ -2040,8 +2050,6 @@ static void move_mailbox (void)
 	if (NULL == maildir) {
 		return;
 	}
-	len = strlen (prefix) + strlen (maildir) + strlen (user_name) + 2;
-	mailfile = alloca (len);
 
 	/*
 	 * O_NONBLOCK is to make sure open won't hang on mandatory locks.
@@ -2050,14 +2058,10 @@ static void move_mailbox (void)
 	 * between stat and chown).  --marekm
 	 */
 	if (prefix[0]) {
-		(void) snprintf (mailfile, len, "%s/%s/%s",
-	    	             prefix, maildir, user_name);
-	}
-	else {
-		(void) snprintf (mailfile, len, "%s/%s",
-	    	             maildir, user_name);
+		xasprintf(&mailfile, "%s/%s/%s", prefix, maildir, user_name);
+	} else {
+		xasprintf(&mailfile, "%s/%s", maildir, user_name);
 	}
-	mailfile[len-1] = '\0';
 
 	fd = open (mailfile, O_RDONLY | O_NONBLOCK, 0);
 	if (fd < 0) {
@@ -2065,11 +2069,13 @@ static void move_mailbox (void)
 		if (errno != ENOENT) {
 			perror (mailfile);
 		}
+		free(mailfile);
 		return;
 	}
 	if (fstat (fd, &st) < 0) {
 		perror ("fstat");
 		(void) close (fd);
+		free(mailfile);
 		return;
 	}
 	if (st.st_uid != user_id) {
@@ -2077,6 +2083,7 @@ static void move_mailbox (void)
 		fprintf (stderr, _("%s: warning: %s not owned by %s\n"),
 		         Prog, mailfile, user_name);
 		(void) close (fd);
+		free(mailfile);
 		return;
 	}
 	if (uflg) {
@@ -2087,7 +2094,7 @@ static void move_mailbox (void)
 		else {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "changing mail file owner",
-			              user_newname, (unsigned int) user_newid, 1);
+			              user_newname, user_newid, 1);
 		}
 #endif
 	}
@@ -2095,17 +2102,14 @@ static void move_mailbox (void)
 	(void) close (fd);
 
 	if (lflg) {
-		len = strlen (prefix) + strlen (maildir) + strlen (user_newname) + 2;
-		newmailfile = alloca(len);
+		char  *newmailfile;
+
 		if (prefix[0]) {
-			(void) snprintf (newmailfile, len, "%s/%s/%s",
-			                 prefix, maildir, user_newname);
-		}
-		else {
-			(void) snprintf (newmailfile, len, "%s/%s",
-			                 maildir, user_newname);
+			xasprintf(&newmailfile, "%s/%s/%s",
+			          prefix, maildir, user_newname);
+		} else {
+			xasprintf(&newmailfile, "%s/%s", maildir, user_newname);
 		}
-		newmailfile[len - 1] = '\0';
 		if (   (link (mailfile, newmailfile) != 0)
 		    || (unlink (mailfile) != 0)) {
 			perror (_("failed to rename mailbox"));
@@ -2114,10 +2118,14 @@ static void move_mailbox (void)
 		else {
 			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 			              "changing mail file name",
-			              user_newname, (unsigned int) user_newid, 1);
+			              user_newname, user_newid, 1);
 		}
+
+		free(newmailfile);
 #endif
 	}
+
+	free(mailfile);
 }
 #endif
 
@@ -2133,10 +2141,6 @@ int main (int argc, char **argv)
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
 
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -2147,14 +2151,14 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
-	OPENLOG ("usermod");
+	OPENLOG (Prog);
 #ifdef WITH_AUDIT
 	audit_help_open ();
 #endif
 
 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	user_groups = (char **) malloc (sizeof (char *) * (1 + sys_ngroups));
-	user_groups[0] = (char *) 0;
+	user_groups = XMALLOC(sys_ngroups + 1, char *);
+	user_groups[0] = NULL;
 
 	is_shadow_pwd = spw_file_present ();
 #ifdef SHADOWGRP
@@ -2193,7 +2197,7 @@ int main (int argc, char **argv)
 			exit (1);
 		}
 
-		retval = pam_start ("usermod", pampw->pw_name, &conv, &pamh);
+		retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
 	}
 
 	if (PAM_SUCCESS == retval) {
@@ -2305,14 +2309,14 @@ int main (int argc, char **argv)
 #ifdef WITH_SELINUX
 	if (Zflg) {
 		if ('\0' != *user_selinux) {
-			if (set_seuser (user_name, user_selinux) != 0) {
+			if (set_seuser (user_name, user_selinux, user_selinux_range) != 0) {
 				fprintf (stderr,
 				         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
 				         Prog, user_name, user_selinux);
 #ifdef WITH_AUDIT
 				audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 				              "modifying User mapping ",
-				              user_name, (unsigned int) user_id,
+				              user_name, user_id,
 				              SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 				fail_exit (E_SE_UPDATE);
@@ -2325,7 +2329,7 @@ int main (int argc, char **argv)
 #ifdef WITH_AUDIT
 				audit_logger (AUDIT_ADD_USER, Prog,
 				              "removing SELinux user mapping",
-				              user_name, (unsigned int) user_id,
+				              user_name, user_id,
 				              SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
 				fail_exit (E_SE_UPDATE);
@@ -2345,7 +2349,9 @@ int main (int argc, char **argv)
 #endif				/* NO_MOVE_MAILBOX */
 
 	if (uflg) {
+#ifdef ENABLE_LASTLOG
 		update_lastlog ();
+#endif /* ENABLE_LASTLOG */
 		update_faillog ();
 	}
 
@@ -2367,7 +2373,7 @@ int main (int argc, char **argv)
 			if (uflg || gflg) {
 				audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 					      "changing home directory owner",
-					      user_newname, (unsigned int) user_newid, 1);
+					      user_newname, user_newid, 1);
 			}
 #endif
 			if (chown_tree (dflg ? prefix_user_newhome : prefix_user_home,
diff --git a/src/vipw.c b/src/vipw.c
index 488a97d..c30b32d 100644
--- a/src/vipw.c
+++ b/src/vipw.c
@@ -26,7 +26,10 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <utime.h>
+
+#include "alloc.h"
 #include "defines.h"
+#include "getdef.h"
 #include "groupio.h"
 #include "nscd.h"
 #include "sssd.h"
@@ -41,6 +44,8 @@
 #include "tcbfuncs.h"
 #endif				/* WITH_TCB */
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 #define MSG_WARN_EDIT_OTHER_FILE _( \
 	"You have modified %s.\n"\
@@ -50,7 +55,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char *Prog;
 
 static const char *filename, *fileeditname;
 static bool filelocked = false;
@@ -190,18 +195,17 @@ static void vipwexit (const char *msg, int syserr, int ret)
 static void
 vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 {
-	const char *editor;
-	pid_t pid;
-	struct stat st1, st2;
-	int status;
-	FILE *f;
-	pid_t orig_pgrp, editor_pgrp = -1;
-	sigset_t mask, omask;
+	int          status;
+	char         *to_rename;
+	FILE         *f;
+	pid_t        pid, orig_pgrp, editor_pgrp = -1;
+	sigset_t     mask, omask;
+	const char   *editor;
+	struct stat  st1, st2;
 	/* FIXME: the following should have variable sizes */
-	char filebackup[1024], fileedit[1024];
-	char *to_rename;
+	char         filebackup[1024], fileedit[1024];
 
-	snprintf (filebackup, sizeof filebackup, "%s-", file);
+	SNPRINTF(filebackup, "%s-", file);
 #ifdef WITH_TCB
 	if (tcb_mode) {
 		if (   (mkdir (TCB_DIR "/" SHADOWTCB_SCRATCHDIR, 0700) != 0)
@@ -211,12 +215,12 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 		if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
 			vipwexit (_("failed to drop privileges"), errno, 1);
 		}
-		snprintf (fileedit, sizeof fileedit,
-		          TCB_DIR "/" SHADOWTCB_SCRATCHDIR "/.vipw.shadow.%s",
-		          user);
+		SNPRINTF(fileedit,
+		         TCB_DIR "/" SHADOWTCB_SCRATCHDIR "/.vipw.shadow.%s",
+		         user);
 	} else {
 #endif				/* WITH_TCB */
-		snprintf (fileedit, sizeof fileedit, "%s.edit", file);
+		SNPRINTF(fileedit, "%s.edit", file);
 #ifdef WITH_TCB
 	}
 #endif				/* WITH_TCB */
@@ -292,7 +296,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 	} else if (0 == pid) {
 		/* use the system() call to invoke the editor so that it accepts
 		   command line args in the EDITOR and VISUAL environment vars */
-		char *buf;
+		char  *buf;
 
 		/* Wait for parent to make us the foreground pgrp. */
 		if (orig_pgrp != -1) {
@@ -302,9 +306,8 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 				continue;
 		}
 
-		buf = (char *) malloc (strlen (editor) + strlen (fileedit) + 2);
-		snprintf (buf, strlen (editor) + strlen (fileedit) + 2,
-		          "%s %s", editor, fileedit);
+		xasprintf(&buf, "%s %s", editor, fileedit);
+
 		status = system (buf);
 		if (-1 == status) {
 			fprintf (stderr, _("%s: %s: %s\n"), Prog, editor,
@@ -418,13 +421,11 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 		if (stat (file, &st1) != 0) {
 			vipwexit (_("failed to stat edited file"), errno, 1);
 		}
-		to_rename = malloc (strlen (file) + 2);
-		if (NULL == to_rename) {
-			vipwexit (_("failed to allocate memory"), errno, 1);
-		}
-		snprintf (to_rename, strlen (file) + 2, "%s+", file);
+		if (asprintf(&to_rename, "%s+", file) == -1)
+			vipwexit (_("asprintf(3) failed"), errno, 1);
+
 		if (create_backup_file (f, to_rename, &st1) != 0) {
-			free (to_rename);
+			free(to_rename);
 			vipwexit (_("failed to create backup file"), errno, 1);
 		}
 		(void) fclose (f);
@@ -442,7 +443,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 		         Prog, file, strerror (errno), to_rename);
 #ifdef WITH_TCB
 		if (tcb_mode) {
-			free (to_rename);
+			free(to_rename);
 		}
 #endif				/* WITH_TCB */
 		vipwexit (0, 0, 1);
@@ -450,7 +451,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 
 #ifdef WITH_TCB
 	if (tcb_mode) {
-		free (to_rename);
+		free(to_rename);
 		if (shadowtcb_gain_priv () == SHADOWTCB_FAILURE) {
 			vipwexit (_("failed to gain privileges"), errno, 1);
 		}
@@ -467,10 +468,12 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 
 int main (int argc, char **argv)
 {
-	bool editshadow = false;
-	bool do_vipw;
+	bool  editshadow = false;
+	bool  do_vigr;
+
+	do_vigr = (strcmp(Basename(argv[0]), "vigr") == 0);
 
-	Prog = Basename (argv[0]);
+	Prog = do_vigr ? "vigr" : "vipw";
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
 
@@ -480,9 +483,7 @@ int main (int argc, char **argv)
 
 	process_root_flag ("-R", argc, argv);
 
-	do_vipw = (strcmp (Prog, "vigr") != 0);
-
-	OPENLOG (do_vipw ? "vipw" : "vigr");
+	OPENLOG(Prog);
 
 	{
 		/*
@@ -510,13 +511,13 @@ int main (int argc, char **argv)
 		                         long_options, NULL)) != -1) {
 			switch (c) {
 			case 'g':
-				do_vipw = false;
+				do_vigr = true;
 				break;
 			case 'h':
 				usage (E_SUCCESS);
 				break;
 			case 'p':
-				do_vipw = true;
+				do_vigr = false;
 				break;
 			case 'q':
 				quiet = true;
@@ -541,7 +542,27 @@ int main (int argc, char **argv)
 		}
 	}
 
-	if (do_vipw) {
+	if (do_vigr) {
+#ifdef SHADOWGRP
+		if (editshadow) {
+			vipwedit (sgr_dbname (), sgr_lock, sgr_unlock);
+			printf (MSG_WARN_EDIT_OTHER_FILE,
+			        sgr_dbname (),
+			        gr_dbname (),
+			        "vigr");
+		} else {
+#endif				/* SHADOWGRP */
+			vipwedit (gr_dbname (), gr_lock, gr_unlock);
+#ifdef SHADOWGRP
+			if (sgr_file_present ()) {
+				printf (MSG_WARN_EDIT_OTHER_FILE,
+				        gr_dbname (),
+				        sgr_dbname (),
+				        "vigr -s");
+			}
+		}
+#endif				/* SHADOWGRP */
+	} else {
 		if (editshadow) {
 #ifdef WITH_TCB
 			if (getdef_bool ("USE_TCB") && (NULL != user)) {
@@ -568,26 +589,6 @@ int main (int argc, char **argv)
 				        "vipw -s");
 			}
 		}
-	} else {
-#ifdef SHADOWGRP
-		if (editshadow) {
-			vipwedit (sgr_dbname (), sgr_lock, sgr_unlock);
-			printf (MSG_WARN_EDIT_OTHER_FILE,
-			        sgr_dbname (),
-			        gr_dbname (),
-			        "vigr");
-		} else {
-#endif				/* SHADOWGRP */
-			vipwedit (gr_dbname (), gr_lock, gr_unlock);
-#ifdef SHADOWGRP
-			if (sgr_file_present ()) {
-				printf (MSG_WARN_EDIT_OTHER_FILE,
-				        gr_dbname (),
-				        sgr_dbname (),
-				        "vigr -s");
-			}
-		}
-#endif				/* SHADOWGRP */
 	}
 
 	nscd_flush_cache ("passwd");
diff --git a/test-driver b/test-driver
new file mode 100755
index 0000000..be73b80
--- /dev/null
+++ b/test-driver
@@ -0,0 +1,153 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 2011-2021 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <<END
+Usage:
+  test-driver --test-name NAME --log-file PATH --trs-file PATH
+              [--expect-failure {yes|no}] [--color-tests {yes|no}]
+              [--enable-hard-errors {yes|no}] [--]
+              TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+See the GNU Automake documentation for information.
+END
+}
+
+test_name= # Used for reporting.
+log_file=  # Where to save the output of the test script.
+trs_file=  # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+  case $1 in
+  --help) print_usage; exit $?;;
+  --version) echo "test-driver $scriptversion"; exit $?;;
+  --test-name) test_name=$2; shift;;
+  --log-file) log_file=$2; shift;;
+  --trs-file) trs_file=$2; shift;;
+  --color-tests) color_tests=$2; shift;;
+  --expect-failure) expect_failure=$2; shift;;
+  --enable-hard-errors) enable_hard_errors=$2; shift;;
+  --) shift; break;;
+  -*) usage_error "invalid option: '$1'";;
+   *) break;;
+  esac
+  shift
+done
+
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file"  = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file"  = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+  usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+  usage_error "missing argument"
+fi
+
+if test $color_tests = yes; then
+  # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+  red='' # Red.
+  grn='' # Green.
+  lgn='' # Light green.
+  blu='' # Blue.
+  mgn='' # Magenta.
+  std=''     # No color.
+else
+  red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here. We create the file first, then append to it,
+# to ameliorate tests themselves also writing to the log file. Our tests
+# don't, but others can (automake bug#35762).
+: >"$log_file"
+"$@" >>"$log_file" 2>&1
+estatus=$?
+
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  tweaked_estatus=1
+else
+  tweaked_estatus=$estatus
+fi
+
+case $tweaked_estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>"$log_file"
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/tests/tests/README b/tests/tests/README
new file mode 100644
index 0000000..2e5fdf8
--- /dev/null
+++ b/tests/tests/README
@@ -0,0 +1,19 @@
+This testsuite is NOT SECURE: it will temporarily change your passwords file
+with known passwords.
+You should run it on a chroot, or on a secured dedicated system.
+
+
+
+To test a Debian system:
+	$ mkdir sid-chroot
+	$ sudo debootstrap sid sid-chroot/ http://deb.debian.org/debian/
+edit or copy a sources.list
+	$ sudo cp /etc/apt/sources.list sid-chroot/etc/apt/
+edit or copy a resolv.conf
+	$ sudo cp /etc/resolv.conf sid-chroot/etc/
+	$ su - root -c "chroot sid-chroot/ /bin/bash"
+	# mount -t proc proc /proc
+	# mount -t devpts devpts /dev/pts
+	# aptitude update
+	# aptitude install expect
+	# cd /dev ; mknod --mode=666 /dev/ptmx c 5 2
diff --git a/tests/tests/bug332198-test.exp b/tests/tests/bug332198-test.exp
new file mode 100755
index 0000000..fd365bb
--- /dev/null
+++ b/tests/tests/bug332198-test.exp
@@ -0,0 +1,61 @@
+#!/usr/bin/expect -f
+
+# This is a script for repeatedly logging into the localhost
+# using `rlogin` in order to apparently see a symptoms described
+# in bug #332198.
+# As described in the bug log, sometimes `rlogind` will fail to
+# establish a connection, because it starts "login" process and
+# the latter fails with "unable to determine TTY name, got /dev/pts/1"
+# message.
+# 
+# BUGS
+# 
+# * the script rlogins to localhost
+# * the script doesn't handle passwdord prompt, because it's intended
+#   to use .rhosts auth and expects shell prompt immediately after
+#   `rlogin`
+# * the regexp for shell prompt is hardcoded
+
+log_user 0
+match_max 8192
+
+while {1} {
+    set rlogin_spawn [spawn rlogin localhost]
+    if { $rlogin_spawn == 0 } { exit 1 }
+    expect {
+	-timeout 10 -re "^.*(Last login\[^\r\n\]*).*\n(\[^\r\n\]*\[#$\] )$" {
+	    send_error "$expect_out(1,string)\n"
+	    send_error "$expect_out(2,string)\n"
+#	    send_error "$expect_out(0,string)\n"
+	}
+	timeout {
+	    send_error "TIMEOUT/prompt\n"
+	    send_error "$expect_out(buffer)\n"
+	    send_error "RETRYING\n"
+	    log_user 1
+	    send "tty /\r"
+	    expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {}
+	    send "tty /\r"
+	    expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {}
+	    send_error "\n"
+	    exit 2
+	}
+    }
+    send "tty\r"
+    expect {
+	-timeout 4 -re "tty\r?\n(\[^\r\n\]*)\r?\n(\[^\r\n\]*\[#$\] )$" {
+	    send_error "$expect_out(2,string)$expect_out(1,string)\n"
+#	    send_error "$expect_out(0,string)\n"
+	}
+	timeout { send_error "TIMEOUT/tty\n" ; exit 3 }
+    }
+    send "exit\r"
+    expect {
+	-timeout 2 eof {
+#	    send_error "OK4: EOF\n"
+	}
+	timeout { send_error "TIMEOUT/eof\n" ; exit 4 }
+    }
+    wait
+}
+# vi: set sw=4:
diff --git a/tests/tests/bug334803-test.exp b/tests/tests/bug334803-test.exp
new file mode 100755
index 0000000..19d9334
--- /dev/null
+++ b/tests/tests/bug334803-test.exp
@@ -0,0 +1,83 @@
+#!/usr/bin/expect --
+
+# This is a script for switching to another user and then
+# suspending (`suspend -f`) and resuming (`fg`) his shell
+
+package require cmdline
+set opts {
+    {s.arg "sudo su -"	"user switching method"}
+    {u.arg ""		"username to switch to"}
+}
+set usage ": \[options]\noptions:"
+array set conf [::cmdline::getoptions argv $opts $usage]
+
+log_user 1
+match_max 8192
+expect_after {
+    timeout { send_error "TIMEOUT\n" ; exit 1 }
+    eof     { send_error "EXITED\n" ; exit 2 }
+}
+set timeout 2
+
+# user switching command, by default `sudo su -`
+set swcmd $conf(s)
+# ending of typical shell prompt (zsh/sh):
+set shpmt "(%|#|\\$) \\Z"
+catch {set shpmt $env(EXPECT_PROMPT)}
+# initial username:
+set user0 [exec id -un]
+# user we switch to (with $swcmd), by default initial user
+if {$conf(u) != ""} {set swuser $conf(u)} else {set swuser $user0}
+
+# 1. start shell
+spawn bash
+expect -re "$shpmt" {}
+
+# 2. sudo-ing swuser's shell:
+send "$swcmd $swuser\r"
+expect {
+    -re "$swuser.*$shpmt" {}
+    -re "assword: ?\\Z" {
+	stty -echo
+	expect_user -timeout -1 -re "(.*)\n" {set swpwd $expect_out(1,string)}
+	stty echo
+	send "$swpwd\r"
+	expect -re "$swuser.*$shpmt" {}
+    }
+}
+
+# 3. getting pid and ppid of swuser's shell (needed for 5b):
+send "echo \$\$:\$PPID\r"
+expect -re "(?n)^(\[\[:digit:\]\]*):(\[\[:digit:\]\]*)\r?\n(.*)$shpmt" {}
+set swpid  $expect_out(1,string)
+set swppid $expect_out(2,string)
+
+#send_error "$user0:$swpid:$swppid\n"
+
+# 4. suspending swuser's shell (trying to return to parent shell):
+send "suspend -f\r"
+expect {
+    -re "$shpmt" {
+	# 5a. got to parent shell -- resuming swuser's shell by `fg`:
+	send "fg\r"
+	set hung no
+    }
+    timeout {
+	# 5b. `suspend -f` has hung -- resuming swuser's shell by SIGCONT:
+	send_error "kill $swppid\n"
+	send_error [exec kill -CONT $swppid]
+	set hung yes
+    }
+}
+expect -re "$shpmt" {}
+
+# 6. exiting [both] shells
+#set swstat [wait -nowait]
+#send_error [pid]:[exp_pid]:$swstat\n
+send "exit\rexit\r"
+expect eof {}
+#send_error [wait -nowait]\n
+#exec kill -KILL -[exp_pid]
+if {$hung} {send_error "BUGGY\n" ; exit 3 }
+
+# vi:set sw=4:
diff --git a/tests/tests/chage/01/data/chage1 b/tests/tests/chage/01/data/chage1
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage1
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage2 b/tests/tests/chage/01/data/chage2
new file mode 100644
index 0000000..7efdc0c
--- /dev/null
+++ b/tests/tests/chage/01/data/chage2
@@ -0,0 +1,7 @@
+Last password change					: Jul 28, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 1
+Maximum number of days between password change		: 99996
+Number of days of warning before password expires	: 5
diff --git a/tests/tests/chage/01/data/chage3 b/tests/tests/chage/01/data/chage3
new file mode 100644
index 0000000..a263db9
--- /dev/null
+++ b/tests/tests/chage/01/data/chage3
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 01, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage4 b/tests/tests/chage/01/data/chage4
new file mode 100644
index 0000000..11e2f2d
--- /dev/null
+++ b/tests/tests/chage/01/data/chage4
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 02, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage5 b/tests/tests/chage/01/data/chage5
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage5
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage6 b/tests/tests/chage/01/data/chage6
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage6
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage7 b/tests/tests/chage/01/data/chage7
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage7
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage7b b/tests/tests/chage/01/data/chage7b
new file mode 100644
index 0000000..0cea901
--- /dev/null
+++ b/tests/tests/chage/01/data/chage7b
@@ -0,0 +1,7 @@
+Last password change					: Jul 26, 2005
+Password expires					: Aug 09, 2005
+Password inactive					: Sep 13, 2005
+Account expires						: Jul 27, 2012
+Minimum number of days between password change		: 13
+Maximum number of days between password change		: 14
+Number of days of warning before password expires	: 9
diff --git a/tests/tests/chage/01/data/chage8 b/tests/tests/chage/01/data/chage8
new file mode 100644
index 0000000..25151a2
--- /dev/null
+++ b/tests/tests/chage/01/data/chage8
@@ -0,0 +1 @@
+chage: user 'myuser8' does not exist in /etc/passwd
diff --git a/tests/tests/chage/01/data/group b/tests/tests/chage/01/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/01/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/01/data/gshadow b/tests/tests/chage/01/data/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/01/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/01/data/passwd b/tests/tests/chage/01/data/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/01/data/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/01/data/shadow b/tests/tests/chage/01/data/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/01/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/01/data/usage b/tests/tests/chage/01/data/usage
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/01/data/usage
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/01/run b/tests/tests/chage/01/run
new file mode 100755
index 0000000..4434fcf
--- /dev/null
+++ b/tests/tests/chage/01/run
@@ -0,0 +1,206 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test chage options
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp /etc/$i- tmp/$i-
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm -f tmp/out
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+echo -n "testing option -l"
+chage -l myuser1 > tmp/out
+diff -au data/chage1 tmp/out
+echo -n .
+chage -l myuser2 > tmp/out
+diff -au data/chage2 tmp/out
+echo -n .
+chage -l myuser3 > tmp/out
+diff -au data/chage3 tmp/out
+echo -n .
+chage -l myuser4 > tmp/out
+diff -au data/chage4 tmp/out
+echo -n .
+chage -l myuser5 > tmp/out
+diff -au data/chage5 tmp/out
+echo -n .
+chage -l myuser6 > tmp/out
+diff -au data/chage6 tmp/out
+echo -n .
+chage --list myuser7 > tmp/out
+diff -au data/chage7 tmp/out
+echo -n .
+msg=$(chage -l myuser8 2> tmp/out) || err=$?
+[ "$err" = "1" ] && [ "$msg" = "" ] || exit 1
+diff -au data/chage8 tmp/out
+echo .
+
+echo "testing option -d"
+chage -d 2001-10-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:11597:0:99999:7:1::' ] || exit 1
+echo "testing option -d -1"
+chage -d -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:1::' ] || exit 1
+echo "testing option -d 0"
+chage -d 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:99999:7:1::' ] || exit 1
+echo "testing option --lastday"
+chage --lastday 2011-11-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1::' ] || exit 1
+
+echo "testing option -E"
+chage -E 2010-10-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:14884:' ] || exit 1
+echo "testing option -E -1"
+chage -E -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1::' ] || exit 1
+echo "testing option -E 0"
+chage -E 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:0:' ] || exit 1
+echo "testing option --expiredate"
+chage --expiredate 2020-02-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:18294:' ] || exit 1
+
+echo "testing option -I"
+# NOTE: I could pass a date to -I
+chage -I 42 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:42:18294:' ] || exit 1
+echo "testing option -I -1"
+# NOTE: this behavior is not documented
+chage -I -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7::18294:' ] || exit 1
+echo "testing option -I 0"
+# NOTE: We should check that this is the expected behavior
+chage -I 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:0:18294:' ] || exit 1
+echo "testing option --inactive"
+chage --inactive  12 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:12:18294:' ] || exit 1
+
+echo "testing option -m"
+chage -m 24 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:24:99999:7:12:18294:' ] || exit 1
+echo "testing option -m -1"
+# NOTE: this behavior is not documented
+chage -m -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280::99999:7:12:18294:' ] || exit 1
+echo "testing option -m 0"
+chage -m 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:12:18294:' ] || exit 1
+echo "testing option --mindays"
+chage --min 1 myuser7
+# NOTE: that shouldn't have work
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:99999:7:12:18294:' ] || exit 1
+
+echo "testing option -M"
+chage -M 25 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:25:7:12:18294:' ] || exit 1
+echo "testing option -M -1"
+# NOTE: this behavior is not documented
+chage -M -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1::7:12:18294:' ] || exit 1
+echo "testing option -M 0"
+chage -M 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:0:7:12:18294:' ] || exit 1
+echo "testing option --maxdays"
+chage --max 2 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:7:12:18294:' ] || exit 1
+
+echo "testing option -W"
+chage -W 26 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:26:12:18294:' ] || exit 1
+echo "testing option -W -1"
+# NOTE: this behavior is not documented
+chage -W -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2::12:18294:' ] || exit 1
+echo "testing option -W 0"
+chage -W 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:0:12:18294:' ] || exit 1
+echo "testing option --warndays"
+chage --warndays 3 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:3:12:18294:' ] || exit 1
+
+echo "testing with all options"
+chage -d 2030-03-02 -E 1979-11-24 -I 10 -m 11 -M 12 --warndays 4 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:21975:11:12:4:10:3614:' ] || exit 1
+
+echo "interactive test"
+./run1.exp
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:' ] || exit 1
+
+echo "interactive test (default)"
+./run2.exp
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:' ] || exit 1
+chage -l myuser7 > tmp/out
+diff -au data/chage7b tmp/out
+
+echo "usage"
+chage -h > tmp/out || {
+	if [ "$?" != "2" ]; then false; fi
+}
+diff -au data/usage tmp/out
+
+echo "OK"
diff --git a/tests/tests/chage/01/run1.exp b/tests/tests/chage/01/run1.exp
new file mode 100755
index 0000000..0160fb1
--- /dev/null
+++ b/tests/tests/chage/01/run1.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser7
+expect -re "Minimum Password Age .11\]: "
+send "13\r"
+expect -re "Maximum Password Age .12\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2030-03-02\]: "
+send "2005-07-26\r"
+expect -re "Password Expiration Warning .4\]: "
+send "9\r"
+expect -re "Password Inactive .10\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .1979-11-24\]: "
+send "2012-07-27\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/01/run2.exp b/tests/tests/chage/01/run2.exp
new file mode 100755
index 0000000..f4f342f
--- /dev/null
+++ b/tests/tests/chage/01/run2.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser7
+expect -re "Minimum Password Age .13\]: "
+send "\r"
+expect -re "Maximum Password Age .14\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-26\]: "
+send "\r"
+expect -re "Password Expiration Warning .9\]: "
+send "\r"
+expect -re "Password Inactive .35\]: "
+send "\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .2012-07-27\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/02/data/group b/tests/tests/chage/02/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/02/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/02/data/gshadow b/tests/tests/chage/02/data/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/02/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/02/data/passwd b/tests/tests/chage/02/data/passwd
new file mode 100644
index 0000000..5bec374
--- /dev/null
+++ b/tests/tests/chage/02/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/02/data/shadow b/tests/tests/chage/02/data/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chage/02/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chage/02/run b/tests/tests/chage/02/run
new file mode 100755
index 0000000..a792f0c
--- /dev/null
+++ b/tests/tests/chage/02/run
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test chage with bogus inputs
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp /etc/$i- tmp/$i-
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm -f tmp/out
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+echo "interactive test"
+./run.exp $(date "+%Y-%m-%d")
+
+echo "OK"
diff --git a/tests/tests/chage/02/run.exp b/tests/tests/chage/02/run.exp
new file mode 100755
index 0000000..0dbb27d
--- /dev/null
+++ b/tests/tests/chage/02/run.exp
@@ -0,0 +1,83 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+proc expect_error {} {
+	expect {
+		"chage: error changing fields" {
+			expect {
+				eof {
+				} default {
+					puts "\nFAIL"
+					exit 1
+				}
+			}
+		} default {
+			puts "\nFAIL"
+			exit 1
+		}
+	}
+}
+
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send -- "-2\r"
+expect_error
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send "foo\r"
+expect_error
+
+# chage accepts to be given only spaces
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send -- "   \r"
+#expect_error
+#
+#chage may not parse all the arguments.
+#This may be a problem is a date is provided instead of just a number
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send -- "1 2\r"
+#expect_error
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send "11\r"
+expect -re "Maximum Password Age .99999\]: "
+send -- "-2\r"
+expect_error
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "foo\r"
+expect_error
+
+# chage should verify the range of the arguments
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send "\r"
+#expect -re "Maximum Password Age .99999\]: "
+#send "100000\r"
+#expect_error
+
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send "\r"
+#expect -re "Maximum Password Age .99999\]: "
+#send "\r"
+#expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-25]: "
+#send "12\n"
+#expect_error
+
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/03_chsh_usage/chage.test b/tests/tests/chage/03_chsh_usage/chage.test
new file mode 100755
index 0000000..db6200c
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/chage.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chage usage (chage -h)..."
+chage -h >tmp/usage.out
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/03_chsh_usage/config.txt b/tests/tests/chage/03_chsh_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config.txt
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/group b/tests/tests/chage/03_chsh_usage/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/gshadow b/tests/tests/chage/03_chsh_usage/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/passwd b/tests/tests/chage/03_chsh_usage/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/shadow b/tests/tests/chage/03_chsh_usage/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/03_chsh_usage/data/usage.out b/tests/tests/chage/03_chsh_usage/data/usage.out
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/data/usage.out
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/chage.test b/tests/tests/chage/04_chsh_usage_invalid_option/chage.test
new file mode 100755
index 0000000..1ba8163
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when an invalid option is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with an invalid option (chage -Z bin)..."
+chage -Z bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config.txt b/tests/tests/chage/04_chsh_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config.txt
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/group b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/data/usage.out b/tests/tests/chage/04_chsh_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..4428283
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/data/usage.out
@@ -0,0 +1,17 @@
+chage: invalid option -- 'Z'
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/05_chsh_usage_2_users/chage.test b/tests/tests/chage/05_chsh_usage_2_users/chage.test
new file mode 100755
index 0000000..5860393
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when 2 users are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with 2 users (chage -I 12 bin nobody)..."
+chage -I 12 bin nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config.txt b/tests/tests/chage/05_chsh_usage_2_users/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config.txt
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/group b/tests/tests/chage/05_chsh_usage_2_users/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/gshadow b/tests/tests/chage/05_chsh_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/passwd b/tests/tests/chage/05_chsh_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/shadow b/tests/tests/chage/05_chsh_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/05_chsh_usage_2_users/data/usage.out b/tests/tests/chage/05_chsh_usage_2_users/data/usage.out
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/data/usage.out
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/06_chsh_usage_no_users/chage.test b/tests/tests/chage/06_chsh_usage_no_users/chage.test
new file mode 100755
index 0000000..0851d6e
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when no users are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage without an user (chage -I 12)..."
+chage -I 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config.txt b/tests/tests/chage/06_chsh_usage_no_users/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config.txt
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/group b/tests/tests/chage/06_chsh_usage_no_users/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/gshadow b/tests/tests/chage/06_chsh_usage_no_users/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/passwd b/tests/tests/chage/06_chsh_usage_no_users/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/shadow b/tests/tests/chage/06_chsh_usage_no_users/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/06_chsh_usage_no_users/data/usage.out b/tests/tests/chage/06_chsh_usage_no_users/data/usage.out
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/data/usage.out
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/chage.test b/tests/tests/chage/07_chsh_usage-l_exclusive/chage.test
new file mode 100755
index 0000000..9036f09
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/chage.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-m 12" "-M 12" "-d 2011-09-11" "-W 12" "-I 12" "-E 2011-09-11"
+do
+	echo -n "Use chage with -l and $opt (chage -l $opt bin)..."
+	chage -l $opt bin 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config.txt b/tests/tests/chage/07_chsh_usage-l_exclusive/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config.txt
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/group b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/data/usage.out b/tests/tests/chage/07_chsh_usage-l_exclusive/data/usage.out
new file mode 100644
index 0000000..e6c2635
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/data/usage.out
@@ -0,0 +1,17 @@
+chage: do not include "l" with other flags
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/chage.test b/tests/tests/chage/08_chsh_usage_invalid_date/chage.test
new file mode 100755
index 0000000..90007fc
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-d 2011-09" "-E 2011-09-09-11"
+do
+	echo -n "Use chage with an invalid date (chage $opt bin)..."
+	chage $opt bin 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	d=$(echo $opt | cut -d' ' -f2)
+	sed -e "s/'$d'/'DATE'/" -i tmp/usage.out
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config.txt b/tests/tests/chage/08_chsh_usage_invalid_date/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config.txt
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/group b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/data/usage.out b/tests/tests/chage/08_chsh_usage_invalid_date/data/usage.out
new file mode 100644
index 0000000..d284dd5
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/data/usage.out
@@ -0,0 +1,17 @@
+chage: invalid date 'DATE'
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test
new file mode 100755
index 0000000..36d11e5
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-I -12" "-m -12" "-M -12" "-W -12" "-I a" "-m 12.5" "-M 12a" "-W a12"
+do
+	echo -n "Use chage with an invalid date (chage $opt bin)..."
+	chage $opt bin 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	v=$(echo $opt | cut -d' ' -f2)
+	sed -e "s/'$v'/'VAL'/" -i tmp/usage.out
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out
new file mode 100644
index 0000000..1ac46cf
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out
@@ -0,0 +1,17 @@
+chage: invalid numeric argument 'VAL'
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/10_chsh-l/chage.test b/tests/tests/chage/10_chsh-l/chage.test
new file mode 100755
index 0000000..394c981
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/chage.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for user in $(ls data/)
+do
+	echo -n "Get $user aging info (chage -l $user)..."
+	chage -l $user >tmp/$user
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/$user
+	echo "======================================================================="
+	echo -n "Compare with expected output..."
+	diff -au data/$user tmp/$user
+	echo "OK"
+	rm -f tmp/$user
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/10_chsh-l/config.txt b/tests/tests/chage/10_chsh-l/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config.txt
diff --git a/tests/tests/chage/10_chsh-l/config/etc/group b/tests/tests/chage/10_chsh-l/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/10_chsh-l/config/etc/gshadow b/tests/tests/chage/10_chsh-l/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/10_chsh-l/config/etc/passwd b/tests/tests/chage/10_chsh-l/config/etc/passwd
new file mode 100644
index 0000000..31046cf
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/passwd
@@ -0,0 +1,32 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
+myuser8:x:424249:424242::/home:/bin/bash
+myuser9:x:424250:424242::/home:/bin/bash
+myuser10:x:424251:424242::/home:/bin/bash
+myuser11:x:424252:424242::/home:/bin/bash
+myuser12:x:424253:424242::/home:/bin/bash
+myuser13:x:424254:424242::/home:/bin/bash
diff --git a/tests/tests/chage/10_chsh-l/config/etc/shadow b/tests/tests/chage/10_chsh-l/config/etc/shadow
new file mode 100644
index 0000000..4b81469
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/shadow
@@ -0,0 +1,30 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
+myuser8:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:9999:7:1::
+myuser9:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:9999:7:1::
+myuser10:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0::7:1::
+#myuser11:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
diff --git a/tests/tests/chage/10_chsh-l/data/myuser1 b/tests/tests/chage/10_chsh-l/data/myuser1
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser1
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser10 b/tests/tests/chage/10_chsh-l/data/myuser10
new file mode 100644
index 0000000..8a9e5d1
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser10
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: -1
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser11 b/tests/tests/chage/10_chsh-l/data/myuser11
new file mode 100644
index 0000000..a54ec7a
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser11
@@ -0,0 +1,7 @@
+Last password change					: never
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: -1
+Maximum number of days between password change		: -1
+Number of days of warning before password expires	: -1
diff --git a/tests/tests/chage/10_chsh-l/data/myuser2 b/tests/tests/chage/10_chsh-l/data/myuser2
new file mode 100644
index 0000000..7efdc0c
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser2
@@ -0,0 +1,7 @@
+Last password change					: Jul 28, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 1
+Maximum number of days between password change		: 99996
+Number of days of warning before password expires	: 5
diff --git a/tests/tests/chage/10_chsh-l/data/myuser3 b/tests/tests/chage/10_chsh-l/data/myuser3
new file mode 100644
index 0000000..a263db9
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser3
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 01, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser4 b/tests/tests/chage/10_chsh-l/data/myuser4
new file mode 100644
index 0000000..11e2f2d
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser4
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 02, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser5 b/tests/tests/chage/10_chsh-l/data/myuser5
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser5
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser6 b/tests/tests/chage/10_chsh-l/data/myuser6
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser6
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser7 b/tests/tests/chage/10_chsh-l/data/myuser7
new file mode 100644
index 0000000..63debfb
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser7
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: Dec 11, 2032
+Password inactive					: Dec 12, 2032
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 9999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser8 b/tests/tests/chage/10_chsh-l/data/myuser8
new file mode 100644
index 0000000..4a3f4bd
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser8
@@ -0,0 +1,7 @@
+Last password change					: never
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 9999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser9 b/tests/tests/chage/10_chsh-l/data/myuser9
new file mode 100644
index 0000000..09f6fdc
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser9
@@ -0,0 +1,7 @@
+Last password change					: password must be changed
+Password expires					: password must be changed
+Password inactive					: password must be changed
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 9999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/chage.test b/tests/tests/chage/11_chsh_usage_invalid_user/chage.test
new file mode 100755
index 0000000..46d9d65
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns in case of invalid user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with an invalid user (chage -I 12 foo)..."
+chage -I 12 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config.txt b/tests/tests/chage/11_chsh_usage_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config.txt
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/group b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/data/usage.out b/tests/tests/chage/11_chsh_usage_invalid_user/data/usage.out
new file mode 100644
index 0000000..cdc8a1f
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/data/usage.out
@@ -0,0 +1 @@
+chage: user 'foo' does not exist in /etc/passwd
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/chage.test b/tests/tests/chage/12_chsh_usage-l_invalid_user2/chage.test
new file mode 100755
index 0000000..d3b5255
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns in case of invalid user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with an invalid user (chage -l foo)..."
+chage -l foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config.txt b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config.txt
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out b/tests/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out
new file mode 100644
index 0000000..cdc8a1f
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out
@@ -0,0 +1 @@
+chage: user 'foo' does not exist in /etc/passwd
diff --git a/tests/tests/chage/13_chsh_locked_passwd/chage.test b/tests/tests/chage/13_chsh_locked_passwd/chage.test
new file mode 100755
index 0000000..aeeb412
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns when passwd is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Use chage with an invalid user (chage -I 12 bin)..."
+chage -I 12 bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config.txt b/tests/tests/chage/13_chsh_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config.txt
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/group b/tests/tests/chage/13_chsh_locked_passwd/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/gshadow b/tests/tests/chage/13_chsh_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/passwd b/tests/tests/chage/13_chsh_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/shadow b/tests/tests/chage/13_chsh_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/13_chsh_locked_passwd/data/usage.out b/tests/tests/chage/13_chsh_locked_passwd/data/usage.out
new file mode 100644
index 0000000..caa44b5
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/data/usage.out
@@ -0,0 +1,2 @@
+chage: existing lock file /etc/passwd.lock without a PID
+chage: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/chage/14_chsh_locked_shadow/chage.test b/tests/tests/chage/14_chsh_locked_shadow/chage.test
new file mode 100755
index 0000000..3474d95
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns when shadow is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Use chage with an invalid user (chage -I 12 bin)..."
+chage -I 12 bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config.txt b/tests/tests/chage/14_chsh_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config.txt
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/group b/tests/tests/chage/14_chsh_locked_shadow/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/gshadow b/tests/tests/chage/14_chsh_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/passwd b/tests/tests/chage/14_chsh_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/shadow b/tests/tests/chage/14_chsh_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/14_chsh_locked_shadow/data/usage.out b/tests/tests/chage/14_chsh_locked_shadow/data/usage.out
new file mode 100644
index 0000000..f396f3c
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/data/usage.out
@@ -0,0 +1,2 @@
+chage: existing lock file /etc/shadow.lock without a PID
+chage: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/chage.test b/tests/tests/chage/15_chage-I_no_shadow_entry/chage.test
new file mode 100755
index 0000000..77a06a2
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's inactivity period (chage -I 12 bin)..."
+chage -I 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config.txt b/tests/tests/chage/15_chage-I_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/group b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/data/passwd b/tests/tests/chage/15_chage-I_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/data/shadow b/tests/tests/chage/15_chage-I_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..d32d937
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:::::12::
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/chage.test b/tests/tests/chage/16_chage-m_no_shadow_entry/chage.test
new file mode 100755
index 0000000..778a65a
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -m 12 bin)..."
+chage -m 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config.txt b/tests/tests/chage/16_chage-m_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/group b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/data/passwd b/tests/tests/chage/16_chage-m_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/data/shadow b/tests/tests/chage/16_chage-m_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..dc6bc8b
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*::12:::::
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/chage.test b/tests/tests/chage/17_chage-M_no_shadow_entry/chage.test
new file mode 100755
index 0000000..6b70f06
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -M 12 bin)..."
+chage -M 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config.txt b/tests/tests/chage/17_chage-M_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/group b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/data/passwd b/tests/tests/chage/17_chage-M_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/data/shadow b/tests/tests/chage/17_chage-M_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..fb623f7
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:::12::::
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/chage.test b/tests/tests/chage/18_chage-d_no_shadow_entry/chage.test
new file mode 100755
index 0000000..fb56cef
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -d 2011-09-11 bin)..."
+chage -d 2011-09-11 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config.txt b/tests/tests/chage/18_chage-d_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/group b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/data/passwd b/tests/tests/chage/18_chage-d_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/data/shadow b/tests/tests/chage/18_chage-d_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..df82e6c
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:15228::::::
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/chage.test b/tests/tests/chage/19_chage-W_no_shadow_entry/chage.test
new file mode 100755
index 0000000..410ccbb
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -W 12 bin)..."
+chage -W 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config.txt b/tests/tests/chage/19_chage-W_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/group b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/data/passwd b/tests/tests/chage/19_chage-W_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/data/shadow b/tests/tests/chage/19_chage-W_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..3265423
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*::::12:::
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/chage.test b/tests/tests/chage/20_chage-E_no_shadow_entry/chage.test
new file mode 100755
index 0000000..52079f7
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -E 2011-09-11 bin)..."
+chage -E 2011-09-11 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config.txt b/tests/tests/chage/20_chage-E_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/group b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/data/passwd b/tests/tests/chage/20_chage-E_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/data/shadow b/tests/tests/chage/20_chage-E_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..752a49a
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*::::::15228:
diff --git a/tests/tests/chage/21_chage_no_shadow_file/chage.test b/tests/tests/chage/21_chage_no_shadow_file/chage.test
new file mode 100755
index 0000000..c2e8d0e
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/chage.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns when shadow is not enabled"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Use chage with an invalid user (chage -I 12 bin)..."
+chage -I 12 bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "15"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config.txt b/tests/tests/chage/21_chage_no_shadow_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config.txt
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/group b/tests/tests/chage/21_chage_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/gshadow b/tests/tests/chage/21_chage_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/passwd b/tests/tests/chage/21_chage_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/shadow b/tests/tests/chage/21_chage_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/21_chage_no_shadow_file/data/usage.out b/tests/tests/chage/21_chage_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..07d7a30
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+chage: the shadow password file is not present
diff --git a/tests/tests/chage/22_chage_myuser-l/chage.test b/tests/tests/chage/22_chage_myuser-l/chage.test
new file mode 100755
index 0000000..34ad36d
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/chage.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage can be used to show one's aging info"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for user in $(ls data/)
+do
+	echo -n "Get $user aging info (chage -l $user)..."
+	su myuser1 -c "chage -l $user" >tmp/$user
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/$user
+	echo "======================================================================="
+	echo -n "Compare with expected output..."
+	diff -au data/$user tmp/$user
+	echo "OK"
+	rm -f tmp/$user
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/22_chage_myuser-l/config.txt b/tests/tests/chage/22_chage_myuser-l/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config.txt
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/group b/tests/tests/chage/22_chage_myuser-l/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/gshadow b/tests/tests/chage/22_chage_myuser-l/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/passwd b/tests/tests/chage/22_chage_myuser-l/config/etc/passwd
new file mode 100644
index 0000000..31046cf
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/passwd
@@ -0,0 +1,32 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
+myuser8:x:424249:424242::/home:/bin/bash
+myuser9:x:424250:424242::/home:/bin/bash
+myuser10:x:424251:424242::/home:/bin/bash
+myuser11:x:424252:424242::/home:/bin/bash
+myuser12:x:424253:424242::/home:/bin/bash
+myuser13:x:424254:424242::/home:/bin/bash
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/shadow b/tests/tests/chage/22_chage_myuser-l/config/etc/shadow
new file mode 100644
index 0000000..4b81469
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/shadow
@@ -0,0 +1,30 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
+myuser8:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:9999:7:1::
+myuser9:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:9999:7:1::
+myuser10:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0::7:1::
+#myuser11:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
diff --git a/tests/tests/chage/22_chage_myuser-l/data/myuser1 b/tests/tests/chage/22_chage_myuser-l/data/myuser1
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/data/myuser1
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/23_chage_myuser-I/chage.test b/tests/tests/chage/23_chage_myuser-I/chage.test
new file mode 100755
index 0000000..0bd7043
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage forbids to change aging info"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myusers1 uses chage to change myuser1 aging info (chage -I 12 myuser2)..."
+su myuser1 -c "chage -I 12 myuser1" 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/23_chage_myuser-I/config.txt b/tests/tests/chage/23_chage_myuser-I/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config.txt
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/group b/tests/tests/chage/23_chage_myuser-I/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/gshadow b/tests/tests/chage/23_chage_myuser-I/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/passwd b/tests/tests/chage/23_chage_myuser-I/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/shadow b/tests/tests/chage/23_chage_myuser-I/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/23_chage_myuser-I/data/usage.out b/tests/tests/chage/23_chage_myuser-I/data/usage.out
new file mode 100644
index 0000000..dc0d6ca
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/data/usage.out
@@ -0,0 +1 @@
+chage: Permission denied.
diff --git a/tests/tests/chage/24_chage_myuser-l_other/chage.test b/tests/tests/chage/24_chage_myuser-l_other/chage.test
new file mode 100755
index 0000000..ef2f8e2
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage forbids to get other accounts aging info"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myusers1 uses chage to get myuser2 aging info (chage -l myuser2)..."
+su myuser1 -c "chage -l myuser2" 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config.txt b/tests/tests/chage/24_chage_myuser-l_other/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config.txt
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/group b/tests/tests/chage/24_chage_myuser-l_other/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/gshadow b/tests/tests/chage/24_chage_myuser-l_other/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/passwd b/tests/tests/chage/24_chage_myuser-l_other/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/shadow b/tests/tests/chage/24_chage_myuser-l_other/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/24_chage_myuser-l_other/data/usage.out b/tests/tests/chage/24_chage_myuser-l_other/data/usage.out
new file mode 100644
index 0000000..dc0d6ca
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/data/usage.out
@@ -0,0 +1 @@
+chage: Permission denied.
diff --git a/tests/tests/chage/25_chage_interactive/chage.test b/tests/tests/chage/25_chage_interactive/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/25_chage_interactive/config.txt b/tests/tests/chage/25_chage_interactive/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/group b/tests/tests/chage/25_chage_interactive/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/gshadow b/tests/tests/chage/25_chage_interactive/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/login.defs b/tests/tests/chage/25_chage_interactive/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/passwd b/tests/tests/chage/25_chage_interactive/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/shadow b/tests/tests/chage/25_chage_interactive/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/25_chage_interactive/data/shadow b/tests/tests/chage/25_chage_interactive/data/shadow
new file mode 100644
index 0000000..334494a
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/25_chage_interactive/run.exp b/tests/tests/chage/25_chage_interactive/run.exp
new file mode 100755
index 0000000..5b4b1d0
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "2005-07-26\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "2012-07-27\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/26_chage_interactive_date_0/chage.test b/tests/tests/chage/26_chage_interactive_date_0/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config.txt b/tests/tests/chage/26_chage_interactive_date_0/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/group b/tests/tests/chage/26_chage_interactive_date_0/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/gshadow b/tests/tests/chage/26_chage_interactive_date_0/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/login.defs b/tests/tests/chage/26_chage_interactive_date_0/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/passwd b/tests/tests/chage/26_chage_interactive_date_0/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/shadow b/tests/tests/chage/26_chage_interactive_date_0/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/26_chage_interactive_date_0/data/shadow b/tests/tests/chage/26_chage_interactive_date_0/data/shadow
new file mode 100644
index 0000000..293987c
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:13:14:9:35:0:
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/26_chage_interactive_date_0/run.exp b/tests/tests/chage/26_chage_interactive_date_0/run.exp
new file mode 100755
index 0000000..2f97abb
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "0\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "0\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/chage.test b/tests/tests/chage/27_chage_interactive_date_-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config.txt b/tests/tests/chage/27_chage_interactive_date_-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/group b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/gshadow b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/login.defs b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/passwd b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/shadow b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/data/shadow b/tests/tests/chage/27_chage_interactive_date_-1/data/shadow
new file mode 100644
index 0000000..800f1a2
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::13:14:9:35::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/run.exp b/tests/tests/chage/27_chage_interactive_date_-1/run.exp
new file mode 100755
index 0000000..f4c20a1
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send -- "-1\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send -- "-1\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/chage.test b/tests/tests/chage/28_chage_interactive_date_EPOCH/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config.txt b/tests/tests/chage/28_chage_interactive_date_EPOCH/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/group b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/gshadow b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/login.defs b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/passwd b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/shadow b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/data/shadow b/tests/tests/chage/28_chage_interactive_date_EPOCH/data/shadow
new file mode 100644
index 0000000..293987c
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:13:14:9:35:0:
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/run.exp b/tests/tests/chage/28_chage_interactive_date_EPOCH/run.exp
new file mode 100755
index 0000000..a93e8cc
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "1970-01-01\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "1970-01-01\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/chage.test b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/chage.test
new file mode 100755
index 0000000..83b4ba2
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config.txt b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/group b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/gshadow b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/login.defs b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/passwd b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/shadow b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/run.exp b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/run.exp
new file mode 100755
index 0000000..a43fd04
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/run.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "1900-01-01\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/chage.test b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/chage.test
new file mode 100755
index 0000000..83b4ba2
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config.txt b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/group b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/gshadow b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/login.defs b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/passwd b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/shadow b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/run.exp b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/run.exp
new file mode 100755
index 0000000..9c3c5db
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "1970-01-01\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "1900-01-01\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/chage.test b/tests/tests/chage/31_chage_interactive_date_invalid/chage.test
new file mode 100755
index 0000000..1a8606a
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock /etc/shadow.lock' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config.txt b/tests/tests/chage/31_chage_interactive_date_invalid/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/group b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/gshadow b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/login.defs b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/passwd b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/shadow b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/run.exp b/tests/tests/chage/31_chage_interactive_date_invalid/run.exp
new file mode 100755
index 0000000..91551d4
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/run.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "2000-13-42\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/chage.test b/tests/tests/chage/32_chage_interactive_date_invalid2/chage.test
new file mode 100755
index 0000000..83b4ba2
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config.txt b/tests/tests/chage/32_chage_interactive_date_invalid2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/group b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/gshadow b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/login.defs b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/passwd b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/shadow b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/run.exp b/tests/tests/chage/32_chage_interactive_date_invalid2/run.exp
new file mode 100755
index 0000000..edc3f78
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/run.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "2000-mm-42\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/chage.test b/tests/tests/chage/33_chage_interactive-W_invalid1/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config.txt b/tests/tests/chage/33_chage_interactive-W_invalid1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/group b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/gshadow b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/login.defs b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/passwd b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/shadow b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/run.exp b/tests/tests/chage/33_chage_interactive-W_invalid1/run.exp
new file mode 100755
index 0000000..ac50231
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "0\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9a\r"
+#expect -re "Password Inactive .-1\]: "
+#send "35\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/chage.test b/tests/tests/chage/34_chage_interactive-W_invalid2/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config.txt b/tests/tests/chage/34_chage_interactive-W_invalid2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/group b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/gshadow b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/login.defs b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/passwd b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/shadow b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/run.exp b/tests/tests/chage/34_chage_interactive-W_invalid2/run.exp
new file mode 100755
index 0000000..04b6f57
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "0\r"
+expect -re "Password Expiration Warning .7\]: "
+send -- "-2\r"
+#expect -re "Password Inactive .-1\]: "
+#send "35\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/35_chage_interactive-W-1/chage.test b/tests/tests/chage/35_chage_interactive-W-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config.txt b/tests/tests/chage/35_chage_interactive-W-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/group b/tests/tests/chage/35_chage_interactive-W-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/gshadow b/tests/tests/chage/35_chage_interactive-W-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/login.defs b/tests/tests/chage/35_chage_interactive-W-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/passwd b/tests/tests/chage/35_chage_interactive-W-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/shadow b/tests/tests/chage/35_chage_interactive-W-1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/35_chage_interactive-W-1/data/shadow b/tests/tests/chage/35_chage_interactive-W-1/data/shadow
new file mode 100644
index 0000000..4b74f15
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999::::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/35_chage_interactive-W-1/run.exp b/tests/tests/chage/35_chage_interactive-W-1/run.exp
new file mode 100755
index 0000000..84fd749
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send -- "-1\r"
+expect -re "Password Inactive .-1\]: "
+send "\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/chage.test b/tests/tests/chage/36_chage_interactive-I_invalid1/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config.txt b/tests/tests/chage/36_chage_interactive-I_invalid1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/group b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/gshadow b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/login.defs b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/passwd b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/shadow b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/run.exp b/tests/tests/chage/36_chage_interactive-I_invalid1/run.exp
new file mode 100755
index 0000000..1e3087b
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .-1\]: "
+send "9a\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/chage.test b/tests/tests/chage/37_chage_interactive-I_invalid2/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config.txt b/tests/tests/chage/37_chage_interactive-I_invalid2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/group b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/gshadow b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/login.defs b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/passwd b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/shadow b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/run.exp b/tests/tests/chage/37_chage_interactive-I_invalid2/run.exp
new file mode 100755
index 0000000..b059117
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .-1\]: "
+send -- "-2\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/38_chage_interactive-I-1/chage.test b/tests/tests/chage/38_chage_interactive-I-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config.txt b/tests/tests/chage/38_chage_interactive-I-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/group b/tests/tests/chage/38_chage_interactive-I-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/gshadow b/tests/tests/chage/38_chage_interactive-I-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/login.defs b/tests/tests/chage/38_chage_interactive-I-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/passwd b/tests/tests/chage/38_chage_interactive-I-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/shadow b/tests/tests/chage/38_chage_interactive-I-1/config/etc/shadow
new file mode 100644
index 0000000..922d955
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:3::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/38_chage_interactive-I-1/data/shadow b/tests/tests/chage/38_chage_interactive-I-1/data/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/38_chage_interactive-I-1/run.exp b/tests/tests/chage/38_chage_interactive-I-1/run.exp
new file mode 100755
index 0000000..94eb463
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .3\]: "
+send -- "-1\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/39_chage_interactive-d-1/chage.test b/tests/tests/chage/39_chage_interactive-d-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config.txt b/tests/tests/chage/39_chage_interactive-d-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/group b/tests/tests/chage/39_chage_interactive-d-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/gshadow b/tests/tests/chage/39_chage_interactive-d-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/login.defs b/tests/tests/chage/39_chage_interactive-d-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/passwd b/tests/tests/chage/39_chage_interactive-d-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/shadow b/tests/tests/chage/39_chage_interactive-d-1/config/etc/shadow
new file mode 100644
index 0000000..a1afc12
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:3::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/39_chage_interactive-d-1/data/shadow b/tests/tests/chage/39_chage_interactive-d-1/data/shadow
new file mode 100644
index 0000000..a1afc12
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:3::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/39_chage_interactive-d-1/run.exp b/tests/tests/chage/39_chage_interactive-d-1/run.exp
new file mode 100755
index 0000000..362436b
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .-1\]: "
+send -- "-1\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .3\]: "
+send "\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chroot/chage/01_chage--root/chage.test b/tests/tests/chroot/chage/01_chage--root/chage.test
new file mode 100755
index 0000000..df9aad5
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/chage.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage can change user's data in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change root's last day in chroot (chage --root $PWD/tmp/root -d 2012-12-12 root)..."
+chage --root $PWD/tmp/root -d 2012-12-12 root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chage/01_chage--root/config.txt b/tests/tests/chroot/chage/01_chage--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/default/useradd b/tests/tests/chroot/chage/01_chage--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/group b/tests/tests/chroot/chage/01_chage--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/gshadow b/tests/tests/chroot/chage/01_chage--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/passwd b/tests/tests/chroot/chage/01_chage--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/shadow b/tests/tests/chroot/chage/01_chage--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/group b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/gshadow b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/login.defs b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/passwd b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/shadow b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chage/01_chage--root/data/shadow b/tests/tests/chroot/chage/01_chage--root/data/shadow
new file mode 100644
index 0000000..c9e698b
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:15686:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
new file mode 100755
index 0000000..afbdb4b
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change nobody and lp's password in chroot..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --root $PWD/tmp/root -c SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config.txt b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/default/useradd b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/group b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/gshadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/passwd b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/shadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/group b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/gshadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/login.defs b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/passwd b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/shadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/data/gshadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/data/gshadow
new file mode 100644
index 0000000..2ea5fca
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
new file mode 100755
index 0000000..17282f9
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change nobody and lp's password in chroot..."
+echo 'nobody:test
+lp:test2' | chpasswd --root $PWD/tmp/root -c SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/shadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config.txt b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/default/useradd b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/group b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/gshadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/passwd b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/shadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/group b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/gshadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/login.defs b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/passwd b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/shadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/data/shadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/data/shadow
new file mode 100644
index 0000000..8a67bed
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
new file mode 100755
index 0000000..2e2f895
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change nobody and lp's password in chroot..."
+echo 'nobody:test
+lp:test2' | chpasswd --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/shadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config.txt b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/default/useradd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/group b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/gshadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/passwd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/shadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/group b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/gshadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/login.defs b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/chpasswd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/chpasswd
new file mode 100644
index 0000000..da2adcc
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/chpasswd
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/common-password b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/passwd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/shadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/data/shadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/data/shadow
new file mode 100644
index 0000000..5839a29
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/chsh.test b/tests/tests/chroot/chsh/01_chsh--root/chsh.test
new file mode 100755
index 0000000..b99cbb4
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/chsh.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chsh can change a user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change user in chroot (chsh --root $PWD/tmp/root -s /bin/dash root)..."
+chsh --root $PWD/tmp/root -s /bin/dash root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config.txt b/tests/tests/chroot/chsh/01_chsh--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/default/useradd b/tests/tests/chroot/chsh/01_chsh--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/group b/tests/tests/chroot/chsh/01_chsh--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/gshadow b/tests/tests/chroot/chsh/01_chsh--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/passwd b/tests/tests/chroot/chsh/01_chsh--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/shadow b/tests/tests/chroot/chsh/01_chsh--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot.list b/tests/tests/chroot/chsh/01_chsh--root/config_chroot.list
new file mode 100644
index 0000000..166e521
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot.list
@@ -0,0 +1 @@
+/bin/dash
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/group b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/gshadow b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/login.defs b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/chsh b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-account b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-auth b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-session b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-session
new file mode 100644
index 0000000..4ad1729
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-session
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/passwd b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shadow b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shells b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shells
new file mode 100644
index 0000000..3cf5cc4
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shells
@@ -0,0 +1,3 @@
+# /etc/shells: valid login shells
+/bin/bash
+/bin/dash
diff --git a/tests/tests/chroot/chsh/01_chsh--root/data/passwd b/tests/tests/chroot/chsh/01_chsh--root/data/passwd
new file mode 100644
index 0000000..72c8a86
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/dash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config.txt b/tests/tests/chroot/gpasswd/01_gpasswd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/default/useradd b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/group b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/gshadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/passwd b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/shadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/group b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/gshadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/login.defs b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/passwd b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/shadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/data/group b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/group
new file mode 100644
index 0000000..5c28b63
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/data/gshadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/gshadow
new file mode 100644
index 0000000..7b869c2
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/gpasswd.test b/tests/tests/chroot/gpasswd/01_gpasswd--root/gpasswd.test
new file mode 100755
index 0000000..8e861aa
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/gpasswd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+ls tmp/root/lib
+
+echo -n "Chang group in chroot (gpasswd -a root users -Q $PWD/tmp/root)..."
+gpasswd -a root users -Q $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config.txt b/tests/tests/chroot/groupadd/01_groupadd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/default/useradd b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/group b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/gshadow b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/passwd b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/shadow b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/group b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/gshadow b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/login.defs b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/passwd b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/shadow b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/data/group b/tests/tests/chroot/groupadd/01_groupadd--root/data/group
new file mode 100644
index 0000000..ffc452f
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:1000:
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/data/gshadow b/tests/tests/chroot/groupadd/01_groupadd--root/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/groupadd.test b/tests/tests/chroot/groupadd/01_groupadd--root/groupadd.test
new file mode 100755
index 0000000..26f4c9b
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/groupadd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add group foo in chroot (groupadd --root $PWD/tmp/root foo)..."
+groupadd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config.txt b/tests/tests/chroot/groupdel/01_groupdel--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/default/useradd b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/group b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/gshadow b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/passwd b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/shadow b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/group b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/gshadow b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/login.defs b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/passwd b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/shadow b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/data/group b/tests/tests/chroot/groupdel/01_groupdel--root/data/group
new file mode 100644
index 0000000..9ee4d56
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/data/gshadow b/tests/tests/chroot/groupdel/01_groupdel--root/data/gshadow
new file mode 100644
index 0000000..b969cf2
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/groupdel.test b/tests/tests/chroot/groupdel/01_groupdel--root/groupdel.test
new file mode 100755
index 0000000..6361a12
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/groupdel.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can delete a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Delete group users in chroot (groupdel --root $PWD/tmp/root users)..."
+groupdel --root $PWD/tmp/root users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config.txt b/tests/tests/chroot/groupmod/01_groupmod--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/default/useradd b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/group b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/gshadow b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/passwd b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/shadow b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/group b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/gshadow b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/login.defs b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/passwd b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/shadow b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/data/group b/tests/tests/chroot/groupmod/01_groupmod--root/data/group
new file mode 100644
index 0000000..068bdf5
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+utilisateurs:x:100:
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/data/gshadow b/tests/tests/chroot/groupmod/01_groupmod--root/data/gshadow
new file mode 100644
index 0000000..249ec49
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+utilisateurs:*::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/groupmod.test b/tests/tests/chroot/groupmod/01_groupmod--root/groupmod.test
new file mode 100755
index 0000000..853df8f
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/groupmod.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change group in chroot (groupmod --root $PWD/tmp/root -n utilisateurs users)..."
+groupmod --root $PWD/tmp/root -n utilisateurs users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config.txt b/tests/tests/chroot/grpck/01_grpck--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/default/useradd b/tests/tests/chroot/grpck/01_grpck--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/group b/tests/tests/chroot/grpck/01_grpck--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/gshadow b/tests/tests/chroot/grpck/01_grpck--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/passwd b/tests/tests/chroot/grpck/01_grpck--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/shadow b/tests/tests/chroot/grpck/01_grpck--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/group b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/gshadow b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/login.defs b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/passwd b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/shadow b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/data/group b/tests/tests/chroot/grpck/01_grpck--root/data/group
new file mode 100644
index 0000000..dd74ea8
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+crontab:x:101:
+Debian-exim:x:102:
+nogroup:x:65534:
+myuser:x:424242:
diff --git a/tests/tests/chroot/grpck/01_grpck--root/data/gshadow b/tests/tests/chroot/grpck/01_grpck--root/data/gshadow
new file mode 100644
index 0000000..5b9b1d4
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+nogroup:*::
+myuser:x::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/grpck.test b/tests/tests/chroot/grpck/01_grpck--root/grpck.test
new file mode 100755
index 0000000..93867d0
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/grpck.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort groups in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Sort groups in chroot (grpck --sort --root $PWD/tmp/root)..."
+grpck --sort --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config.txt b/tests/tests/chroot/grpconv/01_grpconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/default/useradd b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/group b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/gshadow b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/passwd b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/shadow b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/group b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..27f1e9a
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:foo:100:
+nogroup::65534:
+crontab:*:101:
+Debian-exim:!:102:
+myuser:*:424242:
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/passwd b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/shadow b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/data/group b/tests/tests/chroot/grpconv/01_grpconv--root/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/data/gshadow b/tests/tests/chroot/grpconv/01_grpconv--root/data/gshadow
new file mode 100644
index 0000000..5f81b8f
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/data/gshadow
@@ -0,0 +1,42 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:foo::
+nogroup:::
+crontab:*::
+Debian-exim:!::
+myuser:*::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/grpconv.test b/tests/tests/chroot/grpconv/01_grpconv--root/grpconv.test
new file mode 100755
index 0000000..92e1bf0
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/grpconv.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "grpconv in a chroot (grpconv --root $PWD/tmp/root)..."
+grpconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/gshadow
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config.txt b/tests/tests/chroot/grpunconv/01_grpunconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/default/useradd b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/group b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/gshadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/gshadow
new file mode 100644
index 0000000..b21489b
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/passwd b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/shadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/group b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/gshadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..86f5654
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/passwd b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/shadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/data/group b/tests/tests/chroot/grpunconv/01_grpunconv--root/data/group
new file mode 100644
index 0000000..9a03703
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/grpunconv.test b/tests/tests/chroot/grpunconv/01_grpunconv--root/grpunconv.test
new file mode 100755
index 0000000..5d6edd5
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/grpunconv.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "grpunconv in a chroot (grpunconv --root $PWD/tmp/root)..."
+grpunconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+test ! -f tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config.txt b/tests/tests/chroot/lastlog/01_lastlog--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/default/useradd b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/group b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/gshadow b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/passwd b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/shadow b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/group b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/gshadow b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/login.defs b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/passwd b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/shadow b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/data/group b/tests/tests/chroot/lastlog/01_lastlog--root/data/group
new file mode 100644
index 0000000..5c28b63
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/data/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/data/gshadow b/tests/tests/chroot/lastlog/01_lastlog--root/data/gshadow
new file mode 100644
index 0000000..7b869c2
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/data/lastlog.list b/tests/tests/chroot/lastlog/01_lastlog--root/data/lastlog.list
new file mode 100644
index 0000000..e95b205
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/data/lastlog.list
@@ -0,0 +1,2 @@
+Username
+myuser
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/lastlog.test b/tests/tests/chroot/lastlog/01_lastlog--root/lastlog.test
new file mode 100755
index 0000000..d61d9a7
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/lastlog.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; rm -f tmp/root/var/log/lastlog; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Create an empty /var/log/lastlog in the chroot..."
+> tmp/root/var/log/lastlog
+echo "OK"
+
+echo -n "lastlog --root $PWD/tmp/root -u 424242..."
+lastlog --root $PWD/tmp/root -u 424242> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+rm -f tmp/root/var/log/lastlog
+
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/login/01_login_sublogin/config.txt b/tests/tests/chroot/login/01_login_sublogin/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/group b/tests/tests/chroot/login/01_login_sublogin/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/gshadow b/tests/tests/chroot/login/01_login_sublogin/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/login.defs b/tests/tests/chroot/login/01_login_sublogin/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/passwd b/tests/tests/chroot/login/01_login_sublogin/config/etc/passwd
new file mode 100644
index 0000000..7b82b88
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/nonexistent:*/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/shadow b/tests/tests/chroot/login/01_login_sublogin/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot.list b/tests/tests/chroot/login/01_login_sublogin/config_chroot.list
new file mode 100644
index 0000000..e22e8e8
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot.list
@@ -0,0 +1,3 @@
+/bin/dash
+/bin/sh
+/usr/bin/id
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/group b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/gshadow b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/login.defs b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-account b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-auth b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-password b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session
new file mode 100644
index 0000000..4ad1729
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session-noninteractive b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session-noninteractive
new file mode 100644
index 0000000..c9144d5
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session-noninteractive
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-session-noninteractive - session-related modules
+# common to all non-interactive services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of all non-interactive sessions.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/login b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/login
new file mode 100644
index 0000000..8acd533
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/login
@@ -0,0 +1,107 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/other b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/other
new file mode 100644
index 0000000..59d776c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/other
@@ -0,0 +1,16 @@
+#
+# /etc/pam.d/other - specify the PAM fallback behaviour
+#
+# Note that this file is used for any unspecified service; for example
+#if /etc/pam.d/cron  specifies no session modules but cron calls
+#pam_open_session, the session module out of /etc/pam.d/other is
+#used.  If you really want nothing to happen then use pam_permit.so or
+#pam_deny.so as appropriate.
+
+# We fall back to the system default in /etc/pam.d/common-*
+# 
+
+@include common-auth
+@include common-account
+@include common-password
+@include common-session
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/passwd b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/securetty b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/securetty
new file mode 100644
index 0000000..f65650f
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/securetty
@@ -0,0 +1,390 @@
+# /etc/securetty: list of terminals on which root is allowed to login.
+# See securetty(5) and login(1).
+
+console
+
+# Local X displays (allows empty passwords with pam_unix's nullok_secure)
+:0
+:0.0
+:0.1
+:1
+:1.0
+:1.1
+:2
+:2.0
+:2.1
+:3
+:3.0
+:3.1
+#...
+
+
+# ==========================================================
+#
+# TTYs sorted by major number according to Documentation/devices.txt
+#
+# ==========================================================
+
+# Virtual consoles
+tty1
+tty2
+tty3
+tty4
+tty5
+tty6
+tty7
+tty8
+tty9
+tty10
+tty11
+tty12
+tty13
+tty14
+tty15
+tty16
+tty17
+tty18
+tty19
+tty20
+tty21
+tty22
+tty23
+tty24
+tty25
+tty26
+tty27
+tty28
+tty29
+tty30
+tty31
+tty32
+tty33
+tty34
+tty35
+tty36
+tty37
+tty38
+tty39
+tty40
+tty41
+tty42
+tty43
+tty44
+tty45
+tty46
+tty47
+tty48
+tty49
+tty50
+tty51
+tty52
+tty53
+tty54
+tty55
+tty56
+tty57
+tty58
+tty59
+tty60
+tty61
+tty62
+tty63
+
+# UART serial ports
+ttyS0
+ttyS1
+ttyS2
+ttyS3
+ttyS4
+ttyS5
+#...ttyS191
+
+# Serial Mux devices	(Linux/PA-RISC only)
+ttyB0
+ttyB1
+#...
+
+# Chase serial card
+ttyH0
+ttyH1
+#...
+
+# Cyclades serial cards
+ttyC0
+ttyC1
+#...ttyC31
+
+# Digiboard serial cards
+ttyD0
+ttyD1
+#...
+
+# Stallion serial cards
+ttyE0
+ttyE1
+#...ttyE255
+
+# Specialix serial cards
+ttyX0
+ttyX1
+#...
+
+# Comtrol Rocketport serial cards
+ttyR0
+ttyR1
+#...
+
+# SDL RISCom serial cards
+ttyL0
+ttyL1
+#...
+
+# Hayes ESP serial card
+ttyP0
+ttyP1
+#...
+
+# Computone IntelliPort II serial card
+ttyF0
+ttyF1
+#...ttyF255
+
+# Specialix IO8+ serial card
+ttyW0
+ttyW1
+#...
+
+# Comtrol VS-1000 serial controller
+ttyV0
+ttyV1
+#...
+
+# ISI serial card
+ttyM0
+ttyM1
+#...
+
+# Technology Concepts serial card
+ttyT0
+ttyT1
+#...
+
+# Specialix RIO serial card
+ttySR0
+ttySR1
+#...ttySR511
+
+# Chase Research AT/PCI-Fast serial card
+ttyCH0
+ttyCH1
+#...ttyCH63
+
+# Moxa Intellio serial card
+ttyMX0
+ttyMX1
+#...ttyMX127
+
+# SmartIO serial card
+ttySI0
+ttySI1
+#...
+
+# USB dongles
+ttyUSB0
+ttyUSB1
+ttyUSB2
+#...
+
+# LinkUp Systems L72xx UARTs
+ttyLU0
+ttyLU1
+ttyLU2
+ttyLU3
+
+# StrongARM builtin serial ports
+ttySA0
+ttySA1
+ttySA2
+
+# SCI serial port (SuperH) ports and SC26xx serial ports
+ttySC0
+ttySC1
+ttySC2
+ttySC3
+
+# ARM "AMBA" serial ports
+ttyAM0
+ttyAM1
+ttyAM2
+ttyAM3
+ttyAM4
+ttyAM5
+ttyAM6
+ttyAM7
+ttyAM8
+ttyAM9
+ttyAM10
+ttyAM11
+ttyAM12
+ttyAM13
+ttyAM14
+ttyAM15
+
+# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU)
+ttyAMA0
+ttyAMA1
+ttyAMA2
+ttyAMA3
+
+# DataBooster serial ports
+ttyDB0
+ttyDB1
+ttyDB2
+ttyDB3
+ttyDB4
+ttyDB5
+ttyDB6
+ttyDB7
+
+# SGI Altix console ports
+ttySG0
+
+# Motorola i.MX ports
+ttySMX0
+ttySMX1
+ttySMX2
+
+# Marvell MPSC ports
+ttyMM0
+ttyMM1
+
+# PPC CPM (SCC or SMC) ports
+ttyCPM0
+ttyCPM1
+ttyCPM2
+ttyCPM3
+ttyCPM4
+ttyCPM5
+
+# Altix serial cards
+ttyIOC0
+ttyIOC1
+#...ttyIOC31
+
+# NEC VR4100 series SIU
+ttyVR0
+
+# NEC VR4100 series SSIU
+ttyVR1
+
+# Altix ioc4 serial cards
+ttyIOC84
+ttyIOC85
+#...ttyIOC115
+
+# Altix ioc3 serial cards
+ttySIOC0
+ttySIOC1
+#...ttySIOC31
+
+# PPC PSC ports
+ttyPSC0
+ttyPSC1
+ttyPSC2
+ttyPSC3
+ttyPSC4
+ttyPSC5
+
+# ATMEL serial ports
+ttyAT0
+ttyAT1
+#...ttyAT15
+
+# Hilscher netX serial port
+ttyNX0
+ttyNX1
+#...ttyNX15
+
+# Xilinx uartlite - port
+ttyUL0
+ttyUL1
+ttyUL2
+ttyUL3
+
+# Xen virtual console - port 0
+xvc0
+
+# pmac_zilog - port
+ttyPZ0
+ttyPZ1
+ttyPZ2
+ttyPZ3
+
+# TX39/49 serial port
+ttyTX0
+ttyTX1
+ttyTX2
+ttyTX3
+ttyTX4
+ttyTX5
+ttyTX6
+ttyTX7
+
+# SC26xx serial ports (see SCI serial ports (SuperH))
+
+# MAX3100 serial ports
+ttyMAX0
+ttyMAX1
+ttyMAX2
+ttyMAX3
+
+# OMAP serial ports
+ttyO0
+ttyO1
+ttyO2
+ttyO3
+
+# User space serial ports
+ttyU0
+ttyU1
+
+# A2232 serial card
+ttyY0
+ttyY1
+
+# IBM 3270 terminal Unix tty access
+3270/tty1
+3270/tty2
+#...
+
+# IBM iSeries/pSeries virtual console
+hvc0
+hvc1
+#...
+#IBM pSeries console ports
+hvsi0
+hvsi1
+hvsi2
+
+# Equinox SST multi-port serial boards
+ttyEQ0
+ttyEQ1
+#...ttyEQ1027
+
+# ==========================================================
+#
+# Not in Documentation/Devices.txt
+#
+# ==========================================================
+
+# Embedded Freescale i.MX ports
+ttymxc0
+ttymxc1
+ttymxc2
+ttymxc3
+ttymxc4
+ttymxc5
+
+# Serial Console for MIPS Swarm
+duart0
+duart1
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/security/limits.conf b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/security/limits.conf
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/security/limits.conf
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/shadow b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/login/01_login_sublogin/login.exp b/tests/tests/chroot/login/01_login_sublogin/login.exp
new file mode 100755
index 0000000..4523935
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/login.exp
@@ -0,0 +1,25 @@
+#!/usr/bin/expect
+
+set timeout 10
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "strace -s 1000 -o /tmp/login.strace login\r"
+expect " login: "
+send "myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "# expect uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "id\r"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "exit\r"
+
+exit 0
diff --git a/tests/tests/chroot/login/01_login_sublogin/login.test b/tests/tests/chroot/login/01_login_sublogin/login.test
new file mode 100755
index 0000000..f5d271b
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/login.test
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+usermod -d $PWD/tmp/root myuser 
+
+prepare_chroot
+
+./login.exp
+echo
+
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config.txt b/tests/tests/chroot/pwck/01_pwck--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/default/useradd b/tests/tests/chroot/pwck/01_pwck--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/group b/tests/tests/chroot/pwck/01_pwck--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/gshadow b/tests/tests/chroot/pwck/01_pwck--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/passwd b/tests/tests/chroot/pwck/01_pwck--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/shadow b/tests/tests/chroot/pwck/01_pwck--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/group b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/gshadow b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/login.defs b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/passwd b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..76c6fc3
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+testsuite::424244:424244::/home:/bin/bash
+testsuite1::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/shadow b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/data/pwck.out b/tests/tests/chroot/pwck/01_pwck--root/data/pwck.out
new file mode 100644
index 0000000..92a5670
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/data/pwck.out
@@ -0,0 +1,59 @@
+user 'root': program '/bin/bash' does not exist
+user 'daemon': directory '/usr/sbin' does not exist
+user 'daemon': program '/bin/sh' does not exist
+user 'bin': directory '/bin' does not exist
+user 'bin': program '/bin/sh' does not exist
+user 'sys': directory '/dev' does not exist
+user 'sys': program '/bin/sh' does not exist
+user 'sync': directory '/bin' does not exist
+user 'sync': program '/bin/sync' does not exist
+user 'games': directory '/usr/games' does not exist
+user 'games': program '/bin/sh' does not exist
+user 'man': directory '/var/cache/man' does not exist
+user 'man': program '/bin/sh' does not exist
+user 'lp': directory '/var/spool/lpd' does not exist
+user 'lp': program '/bin/sh' does not exist
+user 'mail': directory '/var/mail' does not exist
+user 'mail': program '/bin/sh' does not exist
+user 'news': directory '/var/spool/news' does not exist
+user 'news': program '/bin/sh' does not exist
+user 'uucp': directory '/var/spool/uucp' does not exist
+user 'uucp': program '/bin/sh' does not exist
+user 'proxy': directory '/bin' does not exist
+user 'proxy': program '/bin/sh' does not exist
+user 'www-data': directory '/var/www' does not exist
+user 'www-data': program '/bin/sh' does not exist
+user 'backup': directory '/var/backups' does not exist
+user 'backup': program '/bin/sh' does not exist
+user 'list': directory '/var/list' does not exist
+user 'list': program '/bin/sh' does not exist
+user 'irc': directory '/var/run/ircd' does not exist
+user 'irc': program '/bin/sh' does not exist
+user 'gnats': directory '/var/lib/gnats' does not exist
+user 'gnats': program '/bin/sh' does not exist
+user 'nobody': directory '/nonexistent' does not exist
+user 'nobody': program '/bin/sh' does not exist
+user 'Debian-exim': directory '/var/spool/exim4' does not exist
+user 'Debian-exim': program '/bin/false' does not exist
+user 'myuser': directory '/home/' does not exist
+user 'myuser': program '/bin/sh' does not exist
+duplicate password entry
+delete line 'testsuite::424243:424243::/home:/bin/bash'? No
+user 'testsuite': no group 424243
+user 'testsuite': directory '/home' does not exist
+user 'testsuite': program '/bin/bash' does not exist
+no matching password file entry in /etc/shadow
+add user 'testsuite' in /etc/shadow? No
+duplicate password entry
+delete line 'testsuite::424244:424244::/home:/bin/bash'? No
+user 'testsuite': no group 424244
+user 'testsuite': directory '/home' does not exist
+user 'testsuite': program '/bin/bash' does not exist
+no matching password file entry in /etc/shadow
+add user 'testsuite' in /etc/shadow? No
+user 'testsuite1': no group 424243
+user 'testsuite1': directory '/home' does not exist
+user 'testsuite1': program '/bin/bash' does not exist
+no matching password file entry in /etc/shadow
+add user 'testsuite1' in /etc/shadow? No
+pwck: no changes
diff --git a/tests/tests/chroot/pwck/01_pwck--root/pwck.test b/tests/tests/chroot/pwck/01_pwck--root/pwck.test
new file mode 100755
index 0000000..25cba9f
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/pwck.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "pwck in a chroot (pwck --read-only --root $PWD/tmp/root)..."
+pwck --read-only --root $PWD/tmp/root >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.out tmp/pwck.out
+echo "error message OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config.txt b/tests/tests/chroot/pwconv/01_pwconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/default/useradd b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/group b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/gshadow b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/passwd b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/shadow b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/group b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/gshadow b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/passwd b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..1a85284
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/data/passwd b/tests/tests/chroot/pwconv/01_pwconv--root/data/passwd
new file mode 100644
index 0000000..89b6962
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite:x:424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/data/shadow b/tests/tests/chroot/pwconv/01_pwconv--root/data/shadow
new file mode 100644
index 0000000..38bf30c
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:@TODAY@:0:99999:7:::
+daemon:*:@TODAY@:0:99999:7:::
+bin:*:@TODAY@:0:99999:7:::
+sys:*:@TODAY@:0:99999:7:::
+sync:*:@TODAY@:0:99999:7:::
+games:*:@TODAY@:0:99999:7:::
+man:*:@TODAY@:0:99999:7:::
+lp:*:@TODAY@:0:99999:7:::
+mail:*:@TODAY@:0:99999:7:::
+news:*:@TODAY@:0:99999:7:::
+uucp:*:@TODAY@:0:99999:7:::
+proxy:*:@TODAY@:0:99999:7:::
+www-data:*:@TODAY@:0:99999:7:::
+backup:*:@TODAY@:0:99999:7:::
+list:*:@TODAY@:0:99999:7:::
+irc:*:@TODAY@:0:99999:7:::
+gnats:*:@TODAY@:0:99999:7:::
+nobody:*:@TODAY@:0:99999:7:::
+Debian-exim:!:@TODAY@:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:@TODAY@:0:99999:7:::
+testsuite::@TODAY@:0:99999:7:::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/pwconv.test b/tests/tests/chroot/pwconv/01_pwconv--root/pwconv.test
new file mode 100755
index 0000000..3b92ab4
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/pwconv.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "pwconv in a chroot (pwconv --root $PWD/tmp/root)..."
+pwconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/shadow
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config.txt b/tests/tests/chroot/pwunconv/01_pwunconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/default/useradd b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/group b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/gshadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/passwd b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/shadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/group b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/gshadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/passwd b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/shadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/data/passwd b/tests/tests/chroot/pwunconv/01_pwunconv--root/data/passwd
new file mode 100644
index 0000000..1a85284
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/data/passwd
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/pwunconv.test b/tests/tests/chroot/pwunconv/01_pwunconv--root/pwunconv.test
new file mode 100755
index 0000000..60c2552
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/pwunconv.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "pwunconv in a chroot (pwunconv --root $PWD/tmp/root)..."
+pwunconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+test ! -f tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config.txt b/tests/tests/chroot/useradd/01_useradd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/default/useradd b/tests/tests/chroot/useradd/01_useradd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/group b/tests/tests/chroot/useradd/01_useradd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/gshadow b/tests/tests/chroot/useradd/01_useradd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/passwd b/tests/tests/chroot/useradd/01_useradd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/shadow b/tests/tests/chroot/useradd/01_useradd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/group b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/passwd b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/shadow b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/group b/tests/tests/chroot/useradd/01_useradd--root/data/group
new file mode 100644
index 0000000..ffc452f
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:1000:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/gshadow b/tests/tests/chroot/useradd/01_useradd--root/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/passwd b/tests/tests/chroot/useradd/01_useradd--root/data/passwd
new file mode 100644
index 0000000..102186a
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+foo:x:1000:1000::/home/foo:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/shadow b/tests/tests/chroot/useradd/01_useradd--root/data/shadow
new file mode 100644
index 0000000..258cf2b
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/useradd.test b/tests/tests/chroot/useradd/01_useradd--root/useradd.test
new file mode 100755
index 0000000..aa9dd35
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/useradd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can add an user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add user foo in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config.txt b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/default/useradd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/group b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/gshadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/passwd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/shadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/group b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/login.defs
new file mode 100644
index 0000000..825aae3
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 2000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1500
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/passwd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/shadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/group b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/group
new file mode 100644
index 0000000..eb04ced
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:2000:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/gshadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/passwd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/passwd
new file mode 100644
index 0000000..25d10d6
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+foo:x:2000:2000::/home/foo:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/shadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/shadow
new file mode 100644
index 0000000..258cf2b
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/useradd.test b/tests/tests/chroot/useradd/02_useradd--root_login.defs/useradd.test
new file mode 100755
index 0000000..aa9dd35
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/useradd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can add an user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add user foo in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config.txt b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/default/useradd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/group b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/gshadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/passwd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/shadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/default/useradd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/default/useradd
new file mode 100644
index 0000000..5051e1d
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/group b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/passwd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/shadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/group b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/group
new file mode 100644
index 0000000..ffc452f
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:1000:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/gshadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/passwd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/passwd
new file mode 100644
index 0000000..22fa744
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+foo:x:1000:1000::/tmp/foo:/bin/sh
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/shadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/shadow
new file mode 100644
index 0000000..f4c9dfb
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/useradd.test b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/useradd.test
new file mode 100755
index 0000000..aa9dd35
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/useradd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can add an user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add user foo in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config.txt b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/default/useradd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/group b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/gshadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/passwd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/shadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/default/useradd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/default/useradd
new file mode 100644
index 0000000..5051e1d
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/group b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/passwd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/shadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/data/useradd.out b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/data/useradd.out
new file mode 100644
index 0000000..581c055
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/data/useradd.out
@@ -0,0 +1,7 @@
+GROUP=10
+HOME=/tmp
+INACTIVE=12
+EXPIRE=2007-12-02
+SHELL=/bin/sh
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/useradd.test b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/useradd.test
new file mode 100755
index 0000000..069e704
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/useradd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can list defaults from a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "List defaults in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd -D --root $PWD/tmp/root > tmp/useradd.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.out tmp/useradd.out
+echo "OK."
+rm -f tmp/useradd.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc//group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config.txt b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/default/useradd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/group b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/gshadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/passwd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/shadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/default/useradd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/default/useradd
new file mode 100644
index 0000000..d1406e4
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/group b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/passwd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/shadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/data/useradd.default b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/data/useradd.default
new file mode 100644
index 0000000..aaca91a
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/data/useradd.default
@@ -0,0 +1,38 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=424242
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2012-12-12
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
new file mode 100755
index 0000000..97059da
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can list defaults from a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "List defaults in chroot (useradd -D --root $PWD/tmp/root -e 2012-12-12 -g 424242)..."
+useradd -D --root $PWD/tmp/root -e 2012-12-12 -g 424242
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc//group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+echo -n "Check the useradd's default file..."
+diff -au data/useradd.default tmp/root/etc/default/useradd
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+rm -f tmp/root/etc/default/useradd-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config.txt b/tests/tests/chroot/userdel/01_userdel--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/default/useradd b/tests/tests/chroot/userdel/01_userdel--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/group b/tests/tests/chroot/userdel/01_userdel--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/gshadow b/tests/tests/chroot/userdel/01_userdel--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/passwd b/tests/tests/chroot/userdel/01_userdel--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/shadow b/tests/tests/chroot/userdel/01_userdel--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/group b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/gshadow b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/login.defs b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/passwd b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/shadow b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/group b/tests/tests/chroot/userdel/01_userdel--root/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/gshadow b/tests/tests/chroot/userdel/01_userdel--root/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/passwd b/tests/tests/chroot/userdel/01_userdel--root/data/passwd
new file mode 100644
index 0000000..4736f1c
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/shadow b/tests/tests/chroot/userdel/01_userdel--root/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/userdel.test b/tests/tests/chroot/userdel/01_userdel--root/userdel.test
new file mode 100755
index 0000000..4ee203e
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/userdel.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel can change a user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Delete a user in chroot (userdel --root $PWD/tmp/root myuser)..."
+userdel --root $PWD/tmp/root myuser
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config.txt b/tests/tests/chroot/usermod/01_usermod--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/default/useradd b/tests/tests/chroot/usermod/01_usermod--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/group b/tests/tests/chroot/usermod/01_usermod--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/gshadow b/tests/tests/chroot/usermod/01_usermod--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/passwd b/tests/tests/chroot/usermod/01_usermod--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/shadow b/tests/tests/chroot/usermod/01_usermod--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/group b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/gshadow b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/login.defs b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/passwd b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/shadow b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/data/passwd b/tests/tests/chroot/usermod/01_usermod--root/data/passwd
new file mode 100644
index 0000000..1f47aaf
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:100:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/usermod/01_usermod--root/usermod.test b/tests/tests/chroot/usermod/01_usermod--root/usermod.test
new file mode 100755
index 0000000..14f7a08
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/usermod.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can change a user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change user in chroot (usermod --root $PWD/tmp/root -g users root)..."
+usermod --root $PWD/tmp/root -g users root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/01/data/chsh1 b/tests/tests/chsh/01/data/chsh1
new file mode 100644
index 0000000..01b3d53
--- /dev/null
+++ b/tests/tests/chsh/01/data/chsh1
@@ -0,0 +1 @@
+You may not change the shell for 'myuser'.
diff --git a/tests/tests/chsh/01/data/chsh2 b/tests/tests/chsh/01/data/chsh2
new file mode 100644
index 0000000..b017d6d
--- /dev/null
+++ b/tests/tests/chsh/01/data/chsh2
@@ -0,0 +1 @@
+You may not change the shell for 'myuser2'.
diff --git a/tests/tests/chsh/01/data/group b/tests/tests/chsh/01/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/01/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/01/data/gshadow b/tests/tests/chsh/01/data/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/01/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/01/data/passwd b/tests/tests/chsh/01/data/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/tests/chsh/01/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/01/data/shadow b/tests/tests/chsh/01/data/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/01/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/01/data/shells b/tests/tests/chsh/01/data/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/tests/chsh/01/data/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/01/run b/tests/tests/chsh/01/run
new file mode 100755
index 0000000..4d72eea
--- /dev/null
+++ b/tests/tests/chsh/01/run
@@ -0,0 +1,143 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test chage options
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow shells
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp /etc/$i- tmp/$i-
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow shells
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm -f tmp/out
+	rm -f tmp/shell tmp/sh:ell
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0
+
+for i in passwd group shadow gshadow shells
+do
+	cp data/$i /etc
+done
+
+echo -n "changing to a restricted shell, by root..."
+cp /bin/bash tmp/shell
+chsh -s $(pwd)/tmp/shell myuser
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:"$(pwd)"/tmp/shell" ] || exit 1
+echo "OK"
+
+echo -n "changing from a restricted shell, by myuser..."
+su myuser -c "chsh -s /bin/bash" 2> tmp/out && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:"$(pwd)"/tmp/shell" ] || exit 1
+diff -au data/chsh1 tmp/out
+echo "OK"
+
+echo -n "changing from a restricted shell, by root..."
+chsh -s /bin/bash myuser
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+echo "OK"
+
+# Need to be done by expect now (chage asks for a passwd if not root)
+#echo -n "changing to a restricted shell, by myuser..."
+#su myuser -c "chsh -s $(pwd)/tmp/shell" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+#echo -n "changing to a new valid shell, by myuser..."
+#echo $(pwd)/tmp/shell >> /tmp/shells
+#su myuser -c "chsh -s $(pwd)/tmp/shell" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+echo -n "changing another user's shell..."
+su myuser -c "chsh -s /bin/sh myuser2" 2> tmp/out && exit 1
+ent=$(getent passwd myuser2)
+[ "$ent" = "myuser2:x:424243:424242::/home:/bin/sh" ] || exit 1
+diff -au data/chsh2 tmp/out
+echo "OK"
+
+#echo -n "changing to a non-executable shell..."
+#chmod a-x tmp/shell
+#su myuser -c "chsh -s $(pwd)/tmp/shell myuser" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+echo -n "changing to an invalid shell name..."
+cp /bin/bash tmp/sh:ell
+echo $(pwd)/tmp/sh:ell >> /etc/shells
+chsh -s $(pwd)/tmp/sh:ell myuser 2> tmp/out && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+grep -E "chsh: Invalid entry: .*/tmp/sh:ell" tmp/out > /dev/null
+[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+echo "OK"
+
+echo "testing the interactive mode (1)..."
+rm -f tmp/out
+./run.exp /bin/bash myuser
+[ -f tmp/out ] && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+echo "OK"
+
+#echo "testing the interactive mode (2)..."
+#rm -f tmp/out
+#su myuser -c "./run.exp /bin/bash"
+#[ -f tmp/out ] && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#echo "OK"
+
+echo "testing the interactive mode (3)..."
+rm -f tmp/out
+./run.exp /bin/sh myuser
+[ -f tmp/out ] && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/sh" ] || exit 1
+echo "OK"
+
+echo "testing the interactive mode (4)..."
+rm -f tmp/out
+./run.exp $(pwd)/tmp/sh:ell myuser && exit 1
+grep -E "chsh: Invalid entry: .*/tmp/sh:ell" tmp/out > /dev/null
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/sh" ] || exit 1
+echo "OK"
+
diff --git a/tests/tests/chsh/01/run.exp b/tests/tests/chsh/01/run.exp
new file mode 100755
index 0000000..4890193
--- /dev/null
+++ b/tests/tests/chsh/01/run.exp
@@ -0,0 +1,38 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/02_chsh_usage/chsh.test b/tests/tests/chsh/02_chsh_usage/chsh.test
new file mode 100755
index 0000000..3a6e656
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/chsh.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chsh usage (chsh -h)..."
+chsh -h >tmp/usage.out
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/02_chsh_usage/config.txt b/tests/tests/chsh/02_chsh_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config.txt
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/group b/tests/tests/chsh/02_chsh_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/group
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/gshadow b/tests/tests/chsh/02_chsh_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/gshadow
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/passwd b/tests/tests/chsh/02_chsh_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/passwd
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/shadow b/tests/tests/chsh/02_chsh_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/shadow
diff --git a/tests/tests/chsh/02_chsh_usage/data/usage.out b/tests/tests/chsh/02_chsh_usage/data/usage.out
new file mode 100644
index 0000000..ef576ec
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/data/usage.out
@@ -0,0 +1,7 @@
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/chsh.test b/tests/tests/chsh/03_chsh_usage_invalid_option/chsh.test
new file mode 100755
index 0000000..4552cc3
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh displays its usage message is case of invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use wrong chsh option (chsh -Z)..."
+chsh -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config.txt b/tests/tests/chsh/03_chsh_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config.txt
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/group b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/group
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/data/usage.out b/tests/tests/chsh/03_chsh_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..e930bab
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/data/usage.out
@@ -0,0 +1,8 @@
+chsh: invalid option -- 'Z'
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/chsh.test b/tests/tests/chsh/04_chsh_usage_2_users/chsh.test
new file mode 100755
index 0000000..ef1c181
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh displays its usage message is case multiple users are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chsh with 2 users (chsh -s /bin/sh root bin)..."
+chsh -s /bin/sh root bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config.txt b/tests/tests/chsh/04_chsh_usage_2_users/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config.txt
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/group b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/group
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/passwd b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/passwd
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/shadow b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/shadow
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/data/usage.out b/tests/tests/chsh/04_chsh_usage_2_users/data/usage.out
new file mode 100644
index 0000000..ef576ec
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/data/usage.out
@@ -0,0 +1,7 @@
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test b/tests/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test
new file mode 100755
index 0000000..4844266
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/sh"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config.txt b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config.txt
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/run.exp b/tests/tests/chsh/05_chsh_myuser_restricted_shell/run.exp
new file mode 100755
index 0000000..1abf085
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/run.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "You may not change the shell for 'myuser'.\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test
new file mode 100755
index 0000000..d8d88ac
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/sh"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..d52a3bf
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp
new file mode 100755
index 0000000..0c0e023
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/chsh.test b/tests/tests/chsh/07_chsh_usage_invalid_user/chsh.test
new file mode 100755
index 0000000..5d76de2
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh checks that the user exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chsh for an invalid user (chsh wronguser)..."
+chsh wronguser 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config.txt b/tests/tests/chsh/07_chsh_usage_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config.txt
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/group b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/group
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/data/usage.out b/tests/tests/chsh/07_chsh_usage_invalid_user/data/usage.out
new file mode 100644
index 0000000..f57326c
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/data/usage.out
@@ -0,0 +1 @@
+chsh: user 'wronguser' does not exist
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test
new file mode 100755
index 0000000..611d1a6
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test
new file mode 100755
index 0000000..6248780
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo /tmp/bash >> /etc/shells
+echo -n "execute chsh..."
+su myuser -c "./run.exp /tmp/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
new file mode 100755
index 0000000..7dd4642
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /tmp/bash' 0
+
+change_config
+
+chmod a+w tmp
+
+echo /tmp/bash >> /etc/shells
+cp /bin/bash /tmp/bash
+chmod a-x /tmp/bash
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /tmp/bash"
+echo "OK"
+rm -f /tmp/bash
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/11_chsh_auth_failure/chsh.test b/tests/tests/chsh/11_chsh_auth_failure/chsh.test
new file mode 100755
index 0000000..dda9bc6
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh checks password for non root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config.txt b/tests/tests/chsh/11_chsh_auth_failure/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config.txt
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/group b/tests/tests/chsh/11_chsh_auth_failure/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/gshadow b/tests/tests/chsh/11_chsh_auth_failure/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/passwd b/tests/tests/chsh/11_chsh_auth_failure/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/shadow b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/shells b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/11_chsh_auth_failure/data/passwd b/tests/tests/chsh/11_chsh_auth_failure/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/11_chsh_auth_failure/run.exp b/tests/tests/chsh/11_chsh_auth_failure/run.exp
new file mode 100755
index 0000000..67e3455
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/run.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "wrong pass\r"
+expect "chsh: PAM: Authentication failure\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/chsh.test b/tests/tests/chsh/12_chsh_warning_missing_shell/chsh.test
new file mode 100755
index 0000000..de12b13
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/chsh.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change shell to a missing shell (chsh -s /tmp/bash bin)..."
+chsh -s /tmp/bash bin 2>tmp/chsh.err
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "usage message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config.txt b/tests/tests/chsh/12_chsh_warning_missing_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config.txt
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/group b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err b/tests/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err
new file mode 100644
index 0000000..7801a16
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err
@@ -0,0 +1 @@
+chsh: Warning: /tmp/bash does not exist
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/data/passwd b/tests/tests/chsh/12_chsh_warning_missing_shell/data/passwd
new file mode 100644
index 0000000..7e745d9
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/tmp/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/chsh.test b/tests/tests/chsh/13_chsh_warning_non_executable/chsh.test
new file mode 100755
index 0000000..c98bad7
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/chsh.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /tmp/bash' 0
+
+change_config
+
+cp /bin/bash /tmp/bash
+chmod a-x /tmp/bash
+
+echo -n "Change shell to a missing shell (chsh -s /tmp/bash bin)..."
+chsh -s /tmp/bash bin 2>tmp/chsh.err
+echo "OK"
+rm -f /tmp/bash
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "usage message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config.txt b/tests/tests/chsh/13_chsh_warning_non_executable/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config.txt
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/group b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shells b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/data/chsh.err b/tests/tests/chsh/13_chsh_warning_non_executable/data/chsh.err
new file mode 100644
index 0000000..4a87ec2
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/data/chsh.err
@@ -0,0 +1 @@
+chsh: Warning: /tmp/bash is not executable
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/data/passwd b/tests/tests/chsh/13_chsh_warning_non_executable/data/passwd
new file mode 100644
index 0000000..7e745d9
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/tmp/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/chsh.test b/tests/tests/chsh/14_chsh_locked_passwd/chsh.test
new file mode 100755
index 0000000..c41e1eb
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/chsh.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh warns when passwd is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change shell (chsh -s /bin/bash bin)..."
+chsh -s /bin/bash bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config.txt b/tests/tests/chsh/14_chsh_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config.txt
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/group b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/passwd b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/shadow b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/data/chsh.err b/tests/tests/chsh/14_chsh_locked_passwd/data/chsh.err
new file mode 100644
index 0000000..c5ebce9
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/data/chsh.err
@@ -0,0 +1,2 @@
+chsh: existing lock file /etc/passwd.lock without a PID
+chsh: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/chsh/15_chsh_PAM_error/chsh.test b/tests/tests/chsh/15_chsh_PAM_error/chsh.test
new file mode 100755
index 0000000..c900e0c
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/chsh.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh warns when the chsh PAM configuration is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the PAM configuration (/etc/pam.d/chsh /etc/pam.d/other)..."
+rm -f /etc/pam.d/chsh /etc/pam.d/other
+echo OK
+
+echo -n "Change shell (chsh -s /bin/bash bin)..."
+chsh -s /bin/bash bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config.txt b/tests/tests/chsh/15_chsh_PAM_error/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config.txt
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/group b/tests/tests/chsh/15_chsh_PAM_error/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/gshadow b/tests/tests/chsh/15_chsh_PAM_error/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/passwd b/tests/tests/chsh/15_chsh_PAM_error/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/shadow b/tests/tests/chsh/15_chsh_PAM_error/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chsh/15_chsh_PAM_error/data/chsh.err b/tests/tests/chsh/15_chsh_PAM_error/data/chsh.err
new file mode 100644
index 0000000..5c039d5
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/data/chsh.err
@@ -0,0 +1 @@
+chsh: PAM: Critical error - immediate abort
diff --git a/tests/tests/cktools/01/data/group b/tests/tests/cktools/01/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/01/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/01/data/gshadow b/tests/tests/cktools/01/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/01/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/01/data/passwd b/tests/tests/cktools/01/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/01/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/01/data/run2.err b/tests/tests/cktools/01/data/run2.err
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/01/data/run2.err
diff --git a/tests/tests/cktools/01/data/run2.out b/tests/tests/cktools/01/data/run2.out
new file mode 100644
index 0000000..00df312
--- /dev/null
+++ b/tests/tests/cktools/01/data/run2.out
@@ -0,0 +1,13 @@
+user 'lp': directory '/var/spool/lpd' does not exist
+user 'news': directory '/var/spool/news' does not exist
+user 'uucp': directory '/var/spool/uucp' does not exist
+user 'www-data': directory '/var/www' does not exist
+user 'list': directory '/var/list' does not exist
+user 'irc': directory '/var/run/ircd' does not exist
+user 'gnats': directory '/var/lib/gnats' does not exist
+user 'nobody': directory '/nonexistent' does not exist
+user 'Debian-exim': directory '/var/spool/exim4' does not exist
+user 'test': no group 10002
+no matching password file entry in /etc/shadow
+add user 'test' in /etc/shadow? No
+pwck: no changes
diff --git a/tests/tests/cktools/01/data/shadow b/tests/tests/cktools/01/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/01/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/01/run1 b/tests/tests/cktools/01/run1
new file mode 100755
index 0000000..04aa793
--- /dev/null
+++ b/tests/tests/cktools/01/run1
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo "pwck accepts valid password file "
+msg=$(pwck -r | grep -v "^user .*: directory .* does not exist$")
+echo msg: $msg
+test "$msg" = "pwck: no changes"
+echo "  OK"
+echo "grpck accepts valid password file "
+msg=$(grpck -r)
+test "$msg" = ""
+echo "  OK"
+
diff --git a/tests/tests/cktools/01/run2 b/tests/tests/cktools/01/run2
new file mode 100755
index 0000000..df1e277
--- /dev/null
+++ b/tests/tests/cktools/01/run2
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	rm -f tmp/err tmp/out
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Add an user without an entry in shadow "
+echo "test:x:10002:10002::/tmp:/bin/false" >> /etc/passwd
+echo "OK"
+
+echo "Check that pwck detects it "
+pwck -r > tmp/out 2> tmp/err || true
+diff -au data/run2.out tmp/out
+diff -au data/run2.err tmp/err
+echo "  OK"
+echo "grpck accepts valid password file "
+msg=$(grpck -r)
+test "$msg" = ""
+echo "  OK"
+
+#echo -n "Make sure pwck can fix it "
+#pwcd
+#echo "OK"
diff --git a/tests/tests/cktools/02_pwck_sort/config.txt b/tests/tests/cktools/02_pwck_sort/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/group b/tests/tests/cktools/02_pwck_sort/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/gshadow b/tests/tests/cktools/02_pwck_sort/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/passwd b/tests/tests/cktools/02_pwck_sort/config/etc/passwd
new file mode 100644
index 0000000..e69a810
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/passwd
@@ -0,0 +1,20 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/shadow b/tests/tests/cktools/02_pwck_sort/config/etc/shadow
new file mode 100644
index 0000000..42cf133
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/shadow
@@ -0,0 +1,20 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/02_pwck_sort/data/passwd b/tests/tests/cktools/02_pwck_sort/data/passwd
new file mode 100644
index 0000000..5b45b52
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/cktools/02_pwck_sort/data/shadow b/tests/tests/cktools/02_pwck_sort/data/shadow
new file mode 100644
index 0000000..8033f27
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/02_pwck_sort/pwck.test b/tests/tests/cktools/02_pwck_sort/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/03_grpck_sort/config.txt b/tests/tests/cktools/03_grpck_sort/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/group b/tests/tests/cktools/03_grpck_sort/config/etc/group
new file mode 100644
index 0000000..afbb01e
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/gshadow b/tests/tests/cktools/03_grpck_sort/config/etc/gshadow
new file mode 100644
index 0000000..8182ad7
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/gshadow
@@ -0,0 +1,42 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/passwd b/tests/tests/cktools/03_grpck_sort/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/shadow b/tests/tests/cktools/03_grpck_sort/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/03_grpck_sort/data/group b/tests/tests/cktools/03_grpck_sort/data/group
new file mode 100644
index 0000000..1265953
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
diff --git a/tests/tests/cktools/03_grpck_sort/data/gshadow b/tests/tests/cktools/03_grpck_sort/data/gshadow
new file mode 100644
index 0000000..f2209e3
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+nogroup:*::
diff --git a/tests/tests/cktools/03_grpck_sort/grpck.test b/tests/tests/cktools/03_grpck_sort/grpck.test
new file mode 100755
index 0000000..75e62cf
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/grpck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config.txt b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/group b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/gshadow b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/passwd b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/passwd
new file mode 100644
index 0000000..e69a810
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/passwd
@@ -0,0 +1,20 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/shadow b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/shadow
new file mode 100644
index 0000000..64573fa
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/shadow
@@ -0,0 +1,19 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/passwd b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/passwd
new file mode 100644
index 0000000..5b45b52
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/shadow b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/shadow
new file mode 100644
index 0000000..f1e4d80
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/pwck.test b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config.txt b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/group b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/group
new file mode 100644
index 0000000..afbb01e
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/gshadow b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..695bf8f
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+foo:*::
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/passwd b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/shadow b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/group b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/group
new file mode 100644
index 0000000..1265953
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/gshadow b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/gshadow
new file mode 100644
index 0000000..7dcb3e5
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+foo:*::
+nogroup:*::
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/grpck.test b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/grpck.test
new file mode 100755
index 0000000..75e62cf
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/grpck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config.txt b/tests/tests/cktools/06_pwck_sort_NIS_server/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/group b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/group
new file mode 100644
index 0000000..18eb6c2
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
++:::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/gshadow b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/gshadow
new file mode 100644
index 0000000..7a7ef3a
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
++:::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/passwd b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/passwd
new file mode 100644
index 0000000..365af62
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/passwd
@@ -0,0 +1,24 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
++miquels::::::
++:*:::::/etc/NoShell
+tester:*:299:10:Just a test account:/tmp:
+miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/shadow b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/shadow
new file mode 100644
index 0000000..5a24e78
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/shadow
@@ -0,0 +1,21 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
++::::::::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/data/passwd b/tests/tests/cktools/06_pwck_sort_NIS_server/data/passwd
new file mode 100644
index 0000000..c12f8a9
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/data/passwd
@@ -0,0 +1,24 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
++miquels::::::
++:*:::::/etc/NoShell
+tester:*:299:10:Just a test account:/tmp:
+miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/data/shadow b/tests/tests/cktools/06_pwck_sort_NIS_server/data/shadow
new file mode 100644
index 0000000..6a626df
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
++::::::::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/pwck.test b/tests/tests/cktools/06_pwck_sort_NIS_server/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config.txt b/tests/tests/cktools/07_pwck_sort_NIS_client/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/group b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/group
new file mode 100644
index 0000000..f914b38
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
++:::
++miquels:::
++foo:::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/gshadow b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/gshadow
new file mode 100644
index 0000000..7a7ef3a
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
++:::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/passwd b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/passwd
new file mode 100644
index 0000000..913d7fc
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/passwd
@@ -0,0 +1,22 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
++miquels::::::
++:*:::::/etc/NoShell
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/shadow b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/shadow
new file mode 100644
index 0000000..8f31dfb
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/shadow
@@ -0,0 +1,22 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
++::::::::
++foo2:!:::::::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/data/passwd b/tests/tests/cktools/07_pwck_sort_NIS_client/data/passwd
new file mode 100644
index 0000000..032bdd2
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
++miquels::::::
++:*:::::/etc/NoShell
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/data/shadow b/tests/tests/cktools/07_pwck_sort_NIS_client/data/shadow
new file mode 100644
index 0000000..5350e77
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
++::::::::
++foo2:!:::::::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/pwck.test b/tests/tests/cktools/07_pwck_sort_NIS_client/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config.txt b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/group b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/gshadow b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/passwd b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/shadow b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/group b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/gshadow b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.exp b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.exp
new file mode 100755
index 0000000..df3e04c
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "yes\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.test b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
new file mode 100755
index 0000000..906d629
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config.txt b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/group b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/gshadow b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/passwd b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/shadow b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/data/gshadow b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.exp b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.exp
new file mode 100755
index 0000000..08d3526
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "no\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.test b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config.txt b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/group b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.exp b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.exp
new file mode 100755
index 0000000..c0aea87
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "no\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config.txt b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/group b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/gshadow b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/passwd b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/shadow b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/data/gshadow b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.exp b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.exp
new file mode 100755
index 0000000..6bb26e4
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "no matching group file entry in /etc/gshadow"
+expect "add group 'foo' in /etc/gshadow? "
+send "yes\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config.txt b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/group b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/gshadow b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/passwd b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/shadow b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/data/gshadow b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.exp b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.exp
new file mode 100755
index 0000000..ed6ffca
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "no matching group file entry in /etc/gshadow"
+expect "add group 'foo' in /etc/gshadow? "
+send "no\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config.txt b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/group b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.exp b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.exp
new file mode 100755
index 0000000..a5f1817
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "no matching group file entry in /etc/gshadow"
+expect "add group 'foo' in /etc/gshadow? "
+send "no\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config.txt b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/group b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/gshadow b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/passwd b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/shadow b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/group b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/gshadow b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.exp b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.exp
new file mode 100755
index 0000000..8f5dc7b
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck tmp/group tmp/gshadow\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "yes\r"
+expect "no matching group file entry in tmp/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.test b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.test
new file mode 100755
index 0000000..666852e
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy group and gshadow locally..."
+cp /etc/group /etc/gshadow tmp/
+echo "OK"
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/gshadow
+echo "OK"
+
+rm -f tmp/group tmp/group- tmp/gshadow tmp/gshadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config.txt b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/group b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/gshadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/passwd b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/shadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/group b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/gshadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/shadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.exp b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.exp
new file mode 100755
index 0000000..63fe7db
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck tmp/group tmp/gshadow\r"
+expect "no matching group file entry in tmp/gshadow"
+expect "add group 'foo' in tmp/gshadow? "
+send "yes\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
new file mode 100755
index 0000000..666852e
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy group and gshadow locally..."
+cp /etc/group /etc/gshadow tmp/
+echo "OK"
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/gshadow
+echo "OK"
+
+rm -f tmp/group tmp/group- tmp/gshadow tmp/gshadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config.txt b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/group b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/group
new file mode 100644
index 0000000..757aef8
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/gshadow b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/passwd b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/shadow b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/data/group b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/data/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.exp b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.exp
new file mode 100755
index 0000000..39b700b
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.test b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config.txt b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/group b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..d2a1782
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/data/gshadow b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/data/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.exp b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.exp
new file mode 100755
index 0000000..05858b5
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "'foo2' is a member of the 'foo' group in /etc/gshadow but not in /etc/group"
+expect "shadow group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config.txt b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/group b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..a7d227e
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:foo3,foo4:foo3,daemon,bin,foo2
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/data/gshadow b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/data/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.exp b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.exp
new file mode 100755
index 0000000..b5a65b1
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "'foo3' is a member of the 'foo' group in /etc/gshadow but not in /etc/group"
+expect "'foo2' is a member of the 'foo' group in /etc/gshadow but not in /etc/group"
+expect "shadow group foo: no administrative user foo3"
+expect "delete administrative member 'foo3'? "
+send "yes\r"
+expect "shadow group foo: no administrative user foo4"
+expect "delete administrative member 'foo4'? "
+send "yes\r"
+expect "shadow group foo: no user foo3"
+expect "delete member 'foo3'? "
+send "yes\r"
+expect "shadow group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config.txt b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/group b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/group
new file mode 100644
index 0000000..4eeb1ff
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,foo2,foo2,bin
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/gshadow b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/passwd b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/shadow b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/data/group b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/data/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.exp b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.exp
new file mode 100755
index 0000000..4de3e21
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config.txt b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/group b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/group
new file mode 100644
index 0000000..7351800
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/gshadow b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/passwd b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/shadow b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/data/group b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/data/group
new file mode 100644
index 0000000..5c08ae1
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.exp b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.exp
new file mode 100755
index 0000000..8c08987
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:daemon'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.test b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config.txt b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/group b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/group
new file mode 100644
index 0000000..fda0a6d
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..124c805
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/data/gshadow b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/data/gshadow
new file mode 100644
index 0000000..bdd8388
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.exp b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.exp
new file mode 100755
index 0000000..2fd4ff1
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::daemon'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config.txt b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/group b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/group
new file mode 100644
index 0000000..7351800
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.exp b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.exp
new file mode 100755
index 0000000..51d64df
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.exp
@@ -0,0 +1,24 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:daemon'? "
+send "no\r"
+expect "'daemon' is a member of the 'foo' group in /etc/group but not in /etc/gshadow"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:bin'? "
+send "no \r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config.txt b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/group b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fda0a6d
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..124c805
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.exp b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.exp
new file mode 100755
index 0000000..57e9090
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::daemon'? "
+send "no\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::bin'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config.txt b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/group b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/group
new file mode 100644
index 0000000..fda0a6d
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/gshadow b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/gshadow
new file mode 100644
index 0000000..124c805
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/passwd b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/shadow b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/data/gshadow b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/data/gshadow
new file mode 100644
index 0000000..a1a4f31
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.exp b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.exp
new file mode 100755
index 0000000..7796948
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::daemon'? "
+send "no\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::bin'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config.txt b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/group b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/group
new file mode 100644
index 0000000..220f375
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+f o o:x:1000:
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/gshadow b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/gshadow
new file mode 100644
index 0000000..8337b65
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+f o o:*::
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/passwd b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/shadow b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.exp b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.exp
new file mode 100755
index 0000000..8312839
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group name 'f o o'"
+expect "grpck: no changes"
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.test b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config.txt b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/group b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/group
new file mode 100644
index 0000000..e9efa8b
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:-1:
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/gshadow b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/passwd b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/shadow b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/group b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/gshadow b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.exp b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.exp
new file mode 100755
index 0000000..af20b34
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x:-1:'? "
+send "yes\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
new file mode 100755
index 0000000..906d629
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config.txt b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/group b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/group
new file mode 100644
index 0000000..c6a2e19
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4294967295:
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/gshadow b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/passwd b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/shadow b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.exp b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.exp
new file mode 100755
index 0000000..29a5e9f
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group ID '4294967295'"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config.txt b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/group b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/group
new file mode 100644
index 0000000..cb278ce
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4294967296:
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/gshadow b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/passwd b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/shadow b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/group b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/gshadow b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.exp b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.exp
new file mode 100755
index 0000000..b4eaaa9
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x:4294967296:'? "
+send "yes\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
new file mode 100755
index 0000000..906d629
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config.txt b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/group b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/group
new file mode 100644
index 0000000..757aef8
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..d2a1782
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.exp b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.exp
new file mode 100755
index 0000000..15cd397
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "no\r"
+expect "shadow group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config.txt b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/group b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..9303fe2
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:bar
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/gshadow b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..695bf8f
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/passwd b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/shadow b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/data/grpck.out b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/data/grpck.out
new file mode 100644
index 0000000..929e0e8
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/data/grpck.out
@@ -0,0 +1,3 @@
+group foo: no user bar
+delete member 'bar'? No
+grpck: no changes
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/grpck.test b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/grpck.test
new file mode 100755
index 0000000..0ccd682
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/grpck.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can check the group entries when there are no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Check the group entries (grpck -r)..."
+grpck -r >tmp/grpck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.out tmp/grpck.out
+echo "error message OK."
+rm -f tmp/grpck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config.txt b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/group b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..afbb01e
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/gshadow b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..695bf8f
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/passwd b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/shadow b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/data/group b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/data/group
new file mode 100644
index 0000000..1265953
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
new file mode 100755
index 0000000..31a6e9e
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config.txt b/tests/tests/cktools/grpck/28_grpck_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/default/useradd b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/group b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/gshadow b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/passwd b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/shadow b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/data/usage.out b/tests/tests/cktools/grpck/28_grpck_usage/data/usage.out
new file mode 100644
index 0000000..899e2d7
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/data/usage.out
@@ -0,0 +1,9 @@
+Usage: grpck [options] [group [gshadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/grpck.test b/tests/tests/cktools/grpck/28_grpck_usage/grpck.test
new file mode 100755
index 0000000..e397aaf
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/grpck.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpck usage (grpck -h)..."
+grpck -h >tmp/usage.out
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config.txt b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/default/useradd b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/group b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/gshadow b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/passwd b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/shadow b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/data/usage.out b/tests/tests/cktools/grpck/29_grpck_sort_readonly/data/usage.out
new file mode 100644
index 0000000..cd278fa
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/data/usage.out
@@ -0,0 +1 @@
+grpck: -s and -r are incompatible
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/grpck.test b/tests/tests/cktools/grpck/29_grpck_sort_readonly/grpck.test
new file mode 100755
index 0000000..417584f
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failure when sorting and read only are enabled"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpck usage (grpck -r -s)..."
+grpck -r -s 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config.txt b/tests/tests/cktools/grpck/30_grpck_3_files/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/default/useradd b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/group b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/gshadow b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/passwd b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/shadow b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/data/usage.out b/tests/tests/cktools/grpck/30_grpck_3_files/data/usage.out
new file mode 100644
index 0000000..899e2d7
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/data/usage.out
@@ -0,0 +1,9 @@
+Usage: grpck [options] [group [gshadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/grpck.test b/tests/tests/cktools/grpck/30_grpck_3_files/grpck.test
new file mode 100755
index 0000000..e2614d9
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks its number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpck usage (grpck -r foo bar baz)..."
+grpck -r foo bar baz 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config.txt b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/group b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/data/group b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.exp b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.exp
new file mode 100755
index 0000000..8c53688
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck tmp/group\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
new file mode 100755
index 0000000..3c74960
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy group and gshadow locally..."
+cp /etc/group tmp/
+echo "OK"
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/group tmp/group- tmp/gshadow tmp/gshadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config.txt b/tests/tests/cktools/grpck/32_grpck_sort_nis/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/group b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/group
new file mode 100644
index 0000000..e644ed9
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/group
@@ -0,0 +1,45 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
++:::
++foo1:::
+-foo2:
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/gshadow b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/gshadow
new file mode 100644
index 0000000..8182ad7
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/gshadow
@@ -0,0 +1,42 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/passwd b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/shadow b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/data/group b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/group
new file mode 100644
index 0000000..23467d3
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
++:::
++foo1:::
+-foo2:
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/data/gshadow b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/gshadow
new file mode 100644
index 0000000..f2209e3
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+nogroup:*::
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/grpck.test b/tests/tests/cktools/grpck/32_grpck_sort_nis/grpck.test
new file mode 100755
index 0000000..d509689
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/grpck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config.txt b/tests/tests/cktools/grpck/33_grpck_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config.txt
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/default/useradd b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/group b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/gshadow b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/passwd b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/shadow b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/data/grpck.err b/tests/tests/cktools/grpck/33_grpck_locked_group/data/grpck.err
new file mode 100644
index 0000000..1f6325d
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/data/grpck.err
@@ -0,0 +1,2 @@
+grpck: existing lock file /etc/group.lock without a PID
+grpck: cannot lock /etc/group; try again later.
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/grpck.test b/tests/tests/cktools/grpck/33_grpck_locked_group/grpck.test
new file mode 100755
index 0000000..0aa139c
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/grpck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Check groups (grpck)..."
+grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config.txt b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config.txt
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/default/useradd b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/group b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/data/grpck.err b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/data/grpck.err
new file mode 100644
index 0000000..868dee1
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/data/grpck.err
@@ -0,0 +1,2 @@
+grpck: existing lock file /etc/gshadow.lock without a PID
+grpck: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/grpck.test b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/grpck.test
new file mode 100755
index 0000000..4c6ea0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/grpck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Check groups (grpck)..."
+grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config.txt b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/group b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/group
new file mode 100644
index 0000000..213b065
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
++:::
+-bar:::
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/gshadow b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/passwd b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/shadow b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/data/group b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/data/group
new file mode 100644
index 0000000..6c080ef
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
++:::
+-bar:::
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.exp b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.exp
new file mode 100755
index 0000000..8c08987
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:daemon'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config.txt b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/group b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/group
new file mode 100644
index 0000000..52cf2af
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:toto:1000:
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..817f174
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+foo:foo::
+Debian-exim:*::
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/data/grpck.out b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/data/grpck.out
new file mode 100644
index 0000000..476a798
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/data/grpck.out
@@ -0,0 +1,2 @@
+group foo has an entry in /etc/gshadow, but its password field in /etc/group is not set to 'x'
+grpck: no changes
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/grpck.test b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/grpck.test
new file mode 100755
index 0000000..d32ae67
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check the group entries (grpck -r)..."
+grpck -r >tmp/grpck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.out tmp/grpck.out
+echo "error message OK."
+rm -f tmp/grpck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config.txt b/tests/tests/cktools/grpck/37_grpck_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/group b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/gshadow b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/passwd b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/shadow b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/data/usage.out b/tests/tests/cktools/grpck/37_grpck_invalid_option/data/usage.out
new file mode 100644
index 0000000..1142051
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/data/usage.out
@@ -0,0 +1,10 @@
+grpck: unrecognized option '--invalid'
+Usage: grpck [options] [group [gshadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/grpck.test b/tests/tests/cktools/grpck/37_grpck_invalid_option/grpck.test
new file mode 100755
index 0000000..c13be5f
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck reports usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call grpck with an invalid option (grpck --invalid)..."
+grpck --invalid 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config.txt b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config.txt
new file mode 100644
index 0000000..b3c3e75
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config.txt
@@ -0,0 +1,2 @@
+group foo
+user foo with typo in passwd
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/group b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/gshadow b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/passwd b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/shadow b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/passwd b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/shadow b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.exp b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.exp
new file mode 100755
index 0000000..8ddfd2b
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "yes\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
new file mode 100755
index 0000000..9f8c33a
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config.txt b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/group b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/gshadow b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/passwd b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/shadow b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/data/shadow b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.exp b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.exp
new file mode 100755
index 0000000..ae0e8ea
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "no\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
new file mode 100755
index 0000000..688759d
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config.txt b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/group b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.exp b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.exp
new file mode 100755
index 0000000..086b25d
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "no\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
new file mode 100755
index 0000000..b9f4a13
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and does not change the system database if requested"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config.txt b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/group b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/gshadow b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/passwd b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/shadow b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/data/shadow b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/data/shadow
new file mode 100644
index 0000000..c9a0314
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/data/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:x:@TODAY@:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.exp b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.exp
new file mode 100755
index 0000000..819a5ea
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'foo' in /etc/shadow? "
+send "yes\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:!:12977:0:99999:7::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
new file mode 100755
index 0000000..688759d
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config.txt b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/group b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/gshadow b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/passwd b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/shadow b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/data/shadow b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.exp b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.exp
new file mode 100755
index 0000000..d72e00f
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'foo' in /etc/shadow? "
+send "no\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:!:12977:0:99999:7::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
new file mode 100755
index 0000000..688759d
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config.txt b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/group b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.exp b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.exp
new file mode 100755
index 0000000..30ca663
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'foo' in /etc/shadow? "
+send "no\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:!:12977:0:99999:7::'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
new file mode 100755
index 0000000..893ba6e
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config.txt b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/group b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/gshadow b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/passwd b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/shadow b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/passwd b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/shadow b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.exp b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.exp
new file mode 100755
index 0000000..4304cae
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck tmp/passwd tmp/shadow\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "yes\r"
+expect "no matching password file entry in tmp/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
new file mode 100755
index 0000000..b66eb34
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change local databases"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy passwd and shadow locally..."
+cp /etc/passwd /etc/shadow tmp/
+echo "OK"
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/passwd tmp/passwd- tmp/shadow tmp/shadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config.txt b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/group b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/gshadow b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/passwd b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/shadow b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/passwd b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/shadow b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/shadow
new file mode 100644
index 0000000..c9a0314
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:x:@TODAY@:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.exp b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.exp
new file mode 100755
index 0000000..b8ec619
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck tmp/passwd tmp/shadow\r"
+expect "no matching password file entry in tmp/shadow"
+expect "add user 'foo' in tmp/shadow? "
+send "yes\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
new file mode 100755
index 0000000..b7675e6
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change local databases"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy passwd and shadow locally..."
+cp /etc/passwd /etc/shadow tmp/
+echo "OK"
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/passwd tmp/passwd- tmp/shadow tmp/shadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config.txt b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/group b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/gshadow b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/passwd b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/passwd
new file mode 100644
index 0000000..58f2d75
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1001::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/shadow b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.exp b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.exp
new file mode 100755
index 0000000..1fb8c1d
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "user 'foo': no group 1001"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
new file mode 100755
index 0000000..8df5482
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check that the user's GID matches an existing group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config.txt b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/group b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/gshadow b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/passwd b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/passwd
new file mode 100644
index 0000000..33debc5
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+foo:x:1001:1001::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/shadow b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/data/passwd b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/data/passwd
new file mode 100644
index 0000000..a45f378
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/data/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1001:1001::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.exp b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.exp
new file mode 100755
index 0000000..825a111
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/sh'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
new file mode 100755
index 0000000..4d4b957
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check that user are uniq"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config.txt b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/group b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/gshadow b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/passwd b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/shadow b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/shadow
new file mode 100644
index 0000000..a5344f5
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/shadow
@@ -0,0 +1,12 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/data/shadow b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/data/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/data/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.exp b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.exp
new file mode 100755
index 0000000..4431322
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate shadow password entry"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
new file mode 100755
index 0000000..4430d1a
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check unicity of users in the shadow database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config.txt b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/group b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/passwd
new file mode 100644
index 0000000..69c72ff
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+foo:x:1000:1000::/home:/bin/bash
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.exp b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.exp
new file mode 100755
index 0000000..06dcc79
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/sh'? "
+send "no\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/bash'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
new file mode 100755
index 0000000..9ceb60e
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check unicity of users in passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config.txt b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/group b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..a5344f5
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/shadow
@@ -0,0 +1,12 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.exp b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.exp
new file mode 100755
index 0000000..8ee1246
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate shadow password entry"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "no\r"
+expect "duplicate shadow password entry"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
new file mode 100755
index 0000000..8eed716
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks unicity of users in shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config.txt b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/group b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/gshadow b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/passwd b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/passwd
new file mode 100644
index 0000000..69c72ff
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+foo:x:1000:1000::/home:/bin/bash
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/shadow b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/data/passwd b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/data/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/data/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.exp b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.exp
new file mode 100755
index 0000000..33accaf
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/sh'? "
+send "no\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/bash'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
new file mode 100755
index 0000000..d61a946
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks the unicity of users in passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config.txt b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/group b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/gshadow b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/passwd b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/passwd
new file mode 100644
index 0000000..a82dbf6
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+f o o:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/shadow b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/shadow
new file mode 100644
index 0000000..f771b66
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+f o o:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.exp b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.exp
new file mode 100755
index 0000000..3767009
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid user name 'f o o'"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.test b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.test
new file mode 100755
index 0000000..587f11c
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the validity of usernames"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config.txt b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/group b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/gshadow b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/passwd b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/passwd
new file mode 100644
index 0000000..850768a
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:-1:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/shadow b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/passwd b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/shadow b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.exp b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.exp
new file mode 100755
index 0000000..6c51256
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:-1:1000::/home:/bin/sh'? "
+send "yes\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
new file mode 100755
index 0000000..8b56894
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks the validity of UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config.txt b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/group b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/gshadow b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/passwd b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..e438734
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:4294967295:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/shadow b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.exp b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.exp
new file mode 100755
index 0000000..d69ab37
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid user ID '4294967295'"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
new file mode 100755
index 0000000..19d157f
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the validity of the UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config.txt b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/group b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/gshadow b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/passwd b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/passwd
new file mode 100644
index 0000000..de8dd66
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:4294967296:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/shadow b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/passwd b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/shadow b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.exp b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.exp
new file mode 100755
index 0000000..4dc35ce
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:4294967296:1000::/home:/bin/sh'? "
+send "yes\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
new file mode 100755
index 0000000..8b56894
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks the validity of UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config.txt b/tests/tests/cktools/pwck/22_pwck_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/group b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/gshadow b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/passwd b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/shadow b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/data/usage.out b/tests/tests/cktools/pwck/22_pwck_usage/data/usage.out
new file mode 100644
index 0000000..fa62941
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/data/usage.out
@@ -0,0 +1,10 @@
+Usage: pwck [options] [passwd [shadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -q, --quiet                   report errors only
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/pwck.test b/tests/tests/cktools/pwck/22_pwck_usage/pwck.test
new file mode 100755
index 0000000..ccca31a
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/pwck.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwck usage (pwck -h)..."
+pwck -h >tmp/usage.out
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config.txt b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config.txt
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/group b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/gshadow b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/passwd b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/shadow b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/data/pwck.err b/tests/tests/cktools/pwck/23_pwck_locked_passwd/data/pwck.err
new file mode 100644
index 0000000..798e427
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/data/pwck.err
@@ -0,0 +1,2 @@
+pwck: existing lock file /etc/passwd.lock without a PID
+pwck: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/pwck.test b/tests/tests/cktools/pwck/23_pwck_locked_passwd/pwck.test
new file mode 100755
index 0000000..8731b28
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/pwck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Check user database (pwck)..."
+pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config.txt b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config.txt
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/group b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/gshadow b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/passwd b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/shadow b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/data/pwck.err b/tests/tests/cktools/pwck/24_pwck_locked_shadow/data/pwck.err
new file mode 100644
index 0000000..f8112fb
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/data/pwck.err
@@ -0,0 +1,2 @@
+pwck: existing lock file /etc/shadow.lock without a PID
+pwck: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/pwck.test b/tests/tests/cktools/pwck/24_pwck_locked_shadow/pwck.test
new file mode 100755
index 0000000..61e2926
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/pwck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Check user database (pwck)..."
+pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config.txt b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config.txt
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/group b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/gshadow b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/passwd b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/shadow b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/data/pwck.err b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/data/pwck.err
new file mode 100644
index 0000000..b08f13f
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/data/pwck.err
@@ -0,0 +1,11 @@
+pwck: invalid option -- 'Z'
+Usage: pwck [options] [passwd [shadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -q, --quiet                   report errors only
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/pwck.test b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/pwck.test
new file mode 100755
index 0000000..a8d5941
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/pwck.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck displays its usage message when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwck with an invalid option (pwck -Z)..."
+pwck -Z 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config.txt b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config.txt
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/group b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/gshadow b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/passwd b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/shadow b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/data/pwck.err b/tests/tests/cktools/pwck/26_pwck_usage-s-r/data/pwck.err
new file mode 100644
index 0000000..e44d375
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/data/pwck.err
@@ -0,0 +1 @@
+pwck: -s and -r are incompatible
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/pwck.test b/tests/tests/cktools/pwck/26_pwck_usage-s-r/pwck.test
new file mode 100755
index 0000000..6f0a3b5
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/pwck.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck warns that -r and -s are exclusive"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwck with the -r and -s options (pwck -r -s)..."
+pwck -r -s 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config.txt b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config.txt
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/group b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/gshadow b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/passwd b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/shadow b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/data/pwck.err b/tests/tests/cktools/pwck/27_pwck_usage_3_files/data/pwck.err
new file mode 100644
index 0000000..fa62941
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/data/pwck.err
@@ -0,0 +1,10 @@
+Usage: pwck [options] [passwd [shadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -q, --quiet                   report errors only
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/pwck.test b/tests/tests/cktools/pwck/27_pwck_usage_3_files/pwck.test
new file mode 100755
index 0000000..9c8c81d
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/pwck.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck displays its usage message when called with 3 files"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwck with 3 files (pwck data/passwd data/shadow data/foo)..."
+pwck data/passwd data/shadow data/foo 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config.txt b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/group b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/gshadow b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/passwd b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..57434e6
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:pass:1000:1000::/home/foo:/bin/sh
+foo:pass:1001:1000::/tmp:/bin/sh
+foo2:pass:1000:1000::/tmp:/bin/shs
+foo3:x:1000:1000::/tmp:
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/shadow b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/data/pwck.out b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/data/pwck.out
new file mode 100644
index 0000000..e0cac3d
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/data/pwck.out
@@ -0,0 +1,7 @@
+duplicate password entry
+delete line 'foo:pass:1000:1000::/home/foo:/bin/sh'? No
+user 'foo': directory '/home/foo' does not exist
+duplicate password entry
+delete line 'foo:pass:1001:1000::/tmp:/bin/sh'? No
+user 'foo2': program '/bin/shs' does not exist
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/pwck.test b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/pwck.test
new file mode 100755
index 0000000..e792f78
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/pwck.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report issues when the shadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config.txt b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/group b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/gshadow b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/passwd b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/passwd
new file mode 100644
index 0000000..ded978d
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/shadow b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/shadow
new file mode 100644
index 0000000..3781988
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:99997:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/data/pwck.out b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/data/pwck.out
new file mode 100644
index 0000000..12d2fbf
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/data/pwck.out
@@ -0,0 +1,2 @@
+user foo: last password change in the future
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/pwck.test b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/pwck.test
new file mode 100755
index 0000000..6ccd810
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks that the password was set in the past"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config.txt b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/group b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/gshadow b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/passwd b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/passwd
new file mode 100644
index 0000000..e5bbc07
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:x:1000:1000::/home:/bin/sh
++::::::
+-bar::::::
+foo:x:1001:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/shadow b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/shadow
new file mode 100644
index 0000000..d3c0765
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:99997:0:99999:7:::
++::::::::
+-bar::::::::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/data/pwck.out b/tests/tests/cktools/pwck/30_pwck_NIS_entries/data/pwck.out
new file mode 100644
index 0000000..56dce35
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/data/pwck.out
@@ -0,0 +1,10 @@
+duplicate password entry
+delete line 'foo:x:1000:1000::/home:/bin/sh'? No
+duplicate password entry
+delete line 'foo:x:1001:1000::/home:/bin/sh'? No
+duplicate shadow password entry
+delete line 'Debian-exim:!:12977:0:99999:7:::'? No
+user foo: last password change in the future
+duplicate shadow password entry
+delete line 'Debian-exim:!:12977:0:99999:7:::'? No
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/pwck.test b/tests/tests/cktools/pwck/30_pwck_NIS_entries/pwck.test
new file mode 100755
index 0000000..733fa94
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck ignores NIS lines silently"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config.txt b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/group b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/gshadow b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/passwd b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/passwd
new file mode 100644
index 0000000..fbeb96c
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:pass:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/shadow b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/data/pwck.out b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/data/pwck.out
new file mode 100644
index 0000000..5cedc7c
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/data/pwck.out
@@ -0,0 +1,2 @@
+user foo has an entry in /etc/shadow, but its password field in /etc/passwd is not set to 'x'
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
new file mode 100755
index 0000000..4c5b1f5
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks that the password is set to x if there is a shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config.txt b/tests/tests/cktools/pwck/32_pwck_quiet/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/group b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/gshadow b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/passwd b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/passwd
new file mode 100644
index 0000000..4491abe
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+Debian-exim:x:103:102::/var/spool/exim4:/bin/false
+Debian-exim2:x:104:103::/var/spool/exim4:/bin/false
+Debian-exim3:x:102:103::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/shadow b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/data/pwck.out b/tests/tests/cktools/pwck/32_pwck_quiet/data/pwck.out
new file mode 100644
index 0000000..c9a8c2c
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/data/pwck.out
@@ -0,0 +1,9 @@
+duplicate password entry
+delete line 'Debian-exim:x:102:102::/var/spool/exim4:/bin/false'? No
+duplicate password entry
+delete line 'Debian-exim:x:103:102::/var/spool/exim4:/bin/false'? No
+no matching password file entry in /etc/shadow
+add user 'Debian-exim2' in /etc/shadow? No
+no matching password file entry in /etc/shadow
+add user 'Debian-exim3' in /etc/shadow? No
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/pwck.test b/tests/tests/cktools/pwck/32_pwck_quiet/pwck.test
new file mode 100755
index 0000000..c8a8b8e
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwck usage (pwck -q -r)..."
+pwck -q -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cleanup.sh b/tests/tests/cleanup.sh
new file mode 100755
index 0000000..26b1b27
--- /dev/null
+++ b/tests/tests/cleanup.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+for t in *
+do
+	if [ ! -d $t/data ]; then continue; fi
+	for i in passwd group shadow gshadow
+	do
+		if [ -f $t/data/$i ]
+		then
+			if cmp -s $t/config/etc/$i $t/data/$i
+			then
+				echo "# $t/data/$i identical to config"
+				svn rm "$t/data/$i"
+			fi
+		fi
+	done
+done
+
+for t in *
+do
+	cd $t
+	if [ ! -d data ]; then cd ..; continue; fi
+	for i in data/*
+	do
+		if [ ! -f $i ]; then continue; fi
+		if ! grep -q $i *.test
+		then
+			echo "# $t/$i not used"
+			svn rm "$i"
+		fi
+	done
+	cd ..
+done
diff --git a/tests/tests/common/Makefile b/tests/tests/common/Makefile
new file mode 100644
index 0000000..4ee04dd
--- /dev/null
+++ b/tests/tests/common/Makefile
@@ -0,0 +1,14 @@
+all: \
+	fopen_failure.so \
+	link_failure.so \
+	open_RDONLY_failure.so \
+	open_RDWR_failure.so \
+	rename_failure.so \
+	rmdir_failure.so \
+	time_0.so \
+	time_past.so \
+	unlink_failure.so \
+	unlinkat_failure.so
+
+%.so: %.c
+	gcc -W -Wall -pedantic -g $< -shared -ldl -o $@
diff --git a/tests/tests/common/compare_file.pl b/tests/tests/common/compare_file.pl
new file mode 100755
index 0000000..eb498d3
--- /dev/null
+++ b/tests/tests/common/compare_file.pl
@@ -0,0 +1,116 @@
+#!/usr/bin/perl
+
+open (TEMPLATE, $ARGV[0]) or die "Cannot open '".$ARGV[0]."': $!";
+my $template = join "", <TEMPLATE>;
+open (FILE, $ARGV[1]) or die "Cannot open '".$ARGV[1]."': $!";
+my $file = join "", <FILE>;
+
+my $today = int(time()/(24*3600));
+$template =~ s/\@TODAY\@/$today/g;
+
+my $tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_DES ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_DES $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $checkpass = qx|/usr/bin/openssl passwd -crypt -salt '$cryptpass' $pass 2>tmp/openssl.err|;
+		chomp $checkpass;
+
+		system "cat tmp/openssl.err"
+			if ($checkpass ne $cryptpass);
+		system "rm -f tmp/openssl.err";
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+$tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_MD5 ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_MD5 $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $salt = $cryptpass;
+		$salt =~ s/^\$1\$//;
+		$salt =~ s/\$.*$//;
+		my $checkpass = qx|/usr/bin/openssl passwd -1 -salt '$salt' '$pass'|;
+		chomp $checkpass;
+
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+$tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_SHA256 ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_SHA256 $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $salt = $cryptpass;
+		$salt =~ s/^\$5\$//;
+		my $rounds = "";
+		if ($salt =~ s/^rounds=([0-9]*)\$//) {
+			$rounds = "-R $1";
+		}
+
+		$salt =~ s/\$.*$//;
+		my $checkpass = qx!echo '$pass' | /usr/bin/mkpasswd -m sha-256 --salt '$salt' $rounds --stdin!;
+		chomp $checkpass;
+
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+$tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_SHA512 ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_SHA512 $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $salt = $cryptpass;
+		$salt =~ s/^\$6\$//;
+		my $rounds = "";
+		if ($salt =~ s/^rounds=([0-9]*)\$//) {
+			$rounds = "-R $1";
+		}
+
+		$salt =~ s/\$.*$//;
+		my $checkpass = qx!echo '$pass' | /usr/bin/mkpasswd -m sha-512 --salt '$salt' $rounds --stdin!;
+		chomp $checkpass;
+
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+
+exit 0 if ($file =~ m/^\Q$template\E$/s);
+
+print "Files differ.\n";
+
+system "diff", "-au", $ARGV[0], $ARGV[1];
+
+exit 1
diff --git a/tests/tests/common/config.sh b/tests/tests/common/config.sh
new file mode 100644
index 0000000..a2f8df0
--- /dev/null
+++ b/tests/tests/common/config.sh
@@ -0,0 +1,132 @@
+# Generic functions to save, change, and restore configuration files
+
+set -e
+
+build_path=$(pwd)
+while [ "${build_path}" != "/" -a ! -e "${build_path}/.git" ]; do
+	build_path=$(dirname ${build_path})
+done
+if [ ! -e "${build_path}/.git" ]; then
+	echo "Not inside git directory" 1>&2
+	exit 1
+fi
+
+# Save the configuration files in tmp.
+save_config ()
+{
+	[ ! -d tmp ] && mkdir tmp
+	find config -depth -type f -print | sed -e 's/config\///' |
+	while read file
+	do
+		mkdir -p "tmp/$(dirname "$file")"
+		[ -f "/$file" ] && cp -dp "/$file" "tmp/$file" || true
+	done
+	# remove some things which can mess up PATH for some of our tests
+	# on github runners
+	mkdir -p "tmp/root"
+	cp -dp /root/.bashrc tmp/root/.bashrc
+	cp -dp /root/.profile tmp/root/.profile
+	sed -i '/pipx/d' /root/.bashrc /root/.profile
+	sed -i '/etc\/skel\/.cargo\/env/d' /root/.bashrc /root/.profile
+}
+
+# Copy the config files from config to the system
+change_config ()
+{
+	find config -depth -type f -print | sed -e 's/config\///' |
+	while read file
+	do
+		cp -f "config/$file" "/$file"
+	done
+}
+
+# Restored the config files in the system.
+# The config files must be saved before with save_config ().
+restore_config ()
+{
+	find config -depth -type f -print | sed -e 's/config\///' |
+	while read file
+	do
+		if [ -f "tmp/$file" ]; then
+			cp -dp "tmp/$file" "/$file"
+			rm "tmp/$file"
+		else
+			rm -f "/$file"
+		fi
+		d="$(dirname "tmp/$file")"
+		while [ -n "$d" ] && [ "$d" != "." ]
+		do
+			rmdir "$d" 2>/dev/null || true
+			d="$(dirname "$d")"
+		done
+	done
+
+	rmdir tmp 2>/dev/null || true
+}
+
+prepare_chroot ()
+{
+	mkdir tmp/root
+	cp -rfdp config_chroot/* tmp/root/
+
+	lists=/root/tests/common/config_chroot.list
+	[ -f config_chroot.list ] && lists="$lists config_chroot.list"
+	cat $lists | grep -v "#" | while read f
+	do
+		# Create parent directory if needed
+		d=$(dirname tmp/root/$f)
+		[ -d $d ] || mkdir -p $d
+		# Create hard link
+		ln $f tmp/root/$f
+	done
+
+	# Copy existing gcda
+	mkdir -p tmp/root$build_path/lib
+	mkdir -p tmp/root$build_path/src
+	find "$build_path" -name "*.gcda" | while read f
+	do
+		ln $f tmp/root/$f
+	done
+}
+
+clean_chroot ()
+{
+	# Remove copied files
+	lists=/root/tests/common/config_chroot.list
+	[ -f config_chroot.list ] && lists="$lists config_chroot.list"
+	cat $lists | grep -v "#" | while read f
+	do
+		rm -f tmp/root/$f
+		# Remove parent directory if empty
+		d=$(dirname tmp/root/$f)
+		rmdir -p --ignore-fail-on-non-empty $d
+	done
+
+	find "$build_path" -name "*.gcda" | while read f
+	do
+		rm -f tmp/root/$f
+	done
+	find tmp/root -name "*.gcda" | while read f
+	do
+		g=${f#tmp/root}
+		mv "$f" "$g"
+	done
+	rmdir tmp/root$build_path/lib
+	rmdir tmp/root$build_path/src
+	rmdir tmp/root$build_path
+	rmdir tmp/root/root/build
+	rmdir tmp/root/root
+
+	find config_chroot -type f | while read f
+	do
+		f=${f#config_chroot/}
+		rm -f tmp/root/$f
+	done
+
+	find config_chroot -depth -type d | while read d
+	do
+		d=${d#config_chroot}
+		[ -d "tmp/root$d" ] && rmdir tmp/root$d
+	done
+}
+
diff --git a/tests/tests/common/config_chroot-i386.list b/tests/tests/common/config_chroot-i386.list
new file mode 100644
index 0000000..ba7bf8a
--- /dev/null
+++ b/tests/tests/common/config_chroot-i386.list
@@ -0,0 +1,25 @@
+/lib/i386-linux-gnu/ld-2.13.so
+/lib/i386-linux-gnu/ld-linux.so.2
+/lib/ld-linux.so.2
+/lib/i386-linux-gnu/libcrypt-2.13.so
+/lib/i386-linux-gnu/libcrypt.so.1
+/lib/i386-linux-gnu/libc-2.13.so
+/lib/i386-linux-gnu/libc.so.6
+/lib/i386-linux-gnu/libdl-2.13.so
+/lib/i386-linux-gnu/libdl.so.2
+/lib/i386-linux-gnu/libnsl-2.13.so
+/lib/i386-linux-gnu/libnsl.so.1
+/lib/i386-linux-gnu/libnss_compat-2.13.so
+/lib/i386-linux-gnu/libnss_compat.so.2
+/lib/i386-linux-gnu/libpamc.so.0
+/lib/i386-linux-gnu/libpamc.so.0.82.1
+/lib/i386-linux-gnu/libpam_misc.so.0
+/lib/i386-linux-gnu/libpam_misc.so.0.82.0
+/lib/i386-linux-gnu/libpam.so.0
+/lib/i386-linux-gnu/libpam.so.0.83.0
+/lib/i386-linux-gnu/libselinux.so.1
+/lib/i386-linux-gnu/security/pam_deny.so
+/lib/i386-linux-gnu/security/pam_permit.so
+/lib/i386-linux-gnu/security/pam_rootok.so
+/lib/i386-linux-gnu/security/pam_shells.so
+/lib/i386-linux-gnu/security/pam_unix.so
diff --git a/tests/tests/common/config_chroot-powerpc.list b/tests/tests/common/config_chroot-powerpc.list
new file mode 100644
index 0000000..e6c344e
--- /dev/null
+++ b/tests/tests/common/config_chroot-powerpc.list
@@ -0,0 +1,25 @@
+/lib/powerpc-linux-gnu/ld-2.13.so
+/lib/powerpc-linux-gnu/ld.so.1
+/lib/ld.so.1
+/lib/powerpc-linux-gnu/libcrypt-2.13.so
+/lib/powerpc-linux-gnu/libcrypt.so.1
+/lib/powerpc-linux-gnu/libc-2.13.so
+/lib/powerpc-linux-gnu/libc.so.6
+/lib/powerpc-linux-gnu/libdl-2.13.so
+/lib/powerpc-linux-gnu/libdl.so.2
+/lib/powerpc-linux-gnu/libnsl-2.13.so
+/lib/powerpc-linux-gnu/libnsl.so.1
+/lib/powerpc-linux-gnu/libnss_compat-2.13.so
+/lib/powerpc-linux-gnu/libnss_compat.so.2
+/lib/powerpc-linux-gnu/libpamc.so.0
+/lib/powerpc-linux-gnu/libpamc.so.0.82.1
+/lib/powerpc-linux-gnu/libpam_misc.so.0
+/lib/powerpc-linux-gnu/libpam_misc.so.0.82.0
+/lib/powerpc-linux-gnu/libpam.so.0
+/lib/powerpc-linux-gnu/libpam.so.0.83.0
+/lib/powerpc-linux-gnu/libselinux.so.1
+/lib/powerpc-linux-gnu/security/pam_deny.so
+/lib/powerpc-linux-gnu/security/pam_permit.so
+/lib/powerpc-linux-gnu/security/pam_rootok.so
+/lib/powerpc-linux-gnu/security/pam_shells.so
+/lib/powerpc-linux-gnu/security/pam_unix.so
diff --git a/tests/tests/common/fopen_failure.c b/tests/tests/common/fopen_failure.c
new file mode 100644
index 0000000..750cd66
--- /dev/null
+++ b/tests/tests/common/fopen_failure.c
@@ -0,0 +1,46 @@
+/* 
+ * gcc fopen_failure.c -o fopen_failure.so -shared -ldl 
+ * LD_PRELOAD=./fopen_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef FILE * (*fopen_type) (const char *path, const char *mode);
+static fopen_type next_fopen;
+
+static const char *failure_path = NULL;
+
+FILE *fopen64 (const char *path, const char *mode)
+{
+printf ("fopen64(%s, %s)\n", path, mode);
+	if (NULL == next_fopen)
+	{
+		next_fopen = dlsym (RTLD_NEXT, "fopen64");
+		assert (NULL != next_fopen);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != path)
+	    && (NULL != failure_path)
+	    && (strcmp (path, failure_path) == 0))
+	{
+		fprintf (stderr, "fopen64 FAILURE %s %s ...\n", path, mode);
+		errno = EIO;
+		return NULL;
+	}
+
+	return next_fopen (path, mode);
+}
+
diff --git a/tests/tests/common/link_failure.c b/tests/tests/common/link_failure.c
new file mode 100644
index 0000000..8cf460a
--- /dev/null
+++ b/tests/tests/common/link_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc link_failure.c -o link_failure.so -shared -ldl 
+ * LD_PRELOAD=./link_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*link_type) (const char *oldpath, const char *newpath);
+static link_type next_link;
+
+static const char *failure_path = NULL;
+
+int link (const char *oldpath, const char *newpath)
+{
+	if (NULL == next_link)
+	{
+		next_link = dlsym (RTLD_NEXT, "link");
+		assert (NULL != next_link);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != newpath)
+	    && (NULL != failure_path)
+	    && (strcmp (newpath, failure_path) == 0))
+	{
+		fprintf (stderr, "link FAILURE %s %s\n", oldpath, newpath);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_link (oldpath, newpath);
+}
+
diff --git a/tests/tests/common/log.sh b/tests/tests/common/log.sh
new file mode 100644
index 0000000..4887970
--- /dev/null
+++ b/tests/tests/common/log.sh
@@ -0,0 +1,46 @@
+# Helpers to log messages / status
+
+log_start ()
+{
+	test="$1"
+	rationale="$2"
+	cat << EOF
+
+###############################################################################
+#
+# Test: $test
+#
+###############################################################################
+#
+# Rationale: $rationale
+#
+###############################################################################
+EOF
+}
+
+log_end ()
+{
+	test="$1"
+	cat << EOF
+###############################################################################
+#
+# End of test $test
+#
+###############################################################################
+
+EOF
+}
+
+log_status ()
+{
+	test="$1"
+	status="$2"
+	cat << EOF
+###############################################################################
+#
+# Status of test $test: $status
+#
+###############################################################################
+EOF
+}
+
diff --git a/tests/tests/common/open_RDONLY_failure.c b/tests/tests/common/open_RDONLY_failure.c
new file mode 100644
index 0000000..e14859f
--- /dev/null
+++ b/tests/tests/common/open_RDONLY_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc open_RDONLY_failure.c -o open_RDONLY_failure.so -shared -ldl 
+ * LD_PRELOAD=./open_RDONLY_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef int (*open_type) (const char *pathname, int flag, ...);
+static open_type next_open64;
+
+static const char *failure_path = NULL;
+
+int open64 (const char *pathname, int flag, ...)
+{
+	if (NULL == next_open64)
+	{
+		next_open64 = dlsym (RTLD_NEXT, "open64");
+		assert (NULL != next_open64);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != pathname)
+	    && ((flag & O_ACCMODE) == O_RDONLY)
+	    && (NULL != failure_path)
+	    && (strcmp (pathname, failure_path) == 0))
+	{
+		fprintf (stderr, "open FAILURE %s %x ...\n", pathname, flag&O_ACCMODE);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_open64 (pathname, flag);
+}
+
diff --git a/tests/tests/common/open_RDWR_failure.c b/tests/tests/common/open_RDWR_failure.c
new file mode 100644
index 0000000..5bf1069
--- /dev/null
+++ b/tests/tests/common/open_RDWR_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc open_RDWR_failure.c -o open_RDWR_failure.so -shared -ldl 
+ * LD_PRELOAD=./open_RDWR_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef int (*open_type) (const char *pathname, int flag, ...);
+static open_type next_open64;
+
+static const char *failure_path = NULL;
+
+int open64 (const char *pathname, int flag, ...)
+{
+	if (NULL == next_open64)
+	{
+		next_open64 = dlsym (RTLD_NEXT, "open64");
+		assert (NULL != next_open64);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != pathname)
+	    && ((flag & O_ACCMODE) == O_RDWR)
+	    && (NULL != failure_path)
+	    && (strcmp (pathname, failure_path) == 0))
+	{
+		fprintf (stderr, "open FAILURE %s %x ...\n", pathname, flag&O_ACCMODE);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_open64 (pathname, flag);
+}
+
diff --git a/tests/tests/common/rename_failure.c b/tests/tests/common/rename_failure.c
new file mode 100644
index 0000000..dd02fe5
--- /dev/null
+++ b/tests/tests/common/rename_failure.c
@@ -0,0 +1,50 @@
+/* 
+ * gcc rename_failure.c -o rename_failure.so -shared -ldl 
+ * LD_PRELOAD=./rename_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef int (*rename_type) (const char *old, const char *new);
+static rename_type next_rename;
+
+static const char *failure_path = NULL;
+
+int rename (const char *old, const char *new)
+{
+	if (NULL == next_rename)
+	{
+		next_rename = dlsym (RTLD_NEXT, "rename");
+		assert (NULL != next_rename);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != new)
+	    && (NULL != failure_path)
+	    && (strcmp (new, failure_path) == 0))
+	{
+		fprintf (stderr, "rename FAILURE %s %s\n", old, new);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_rename (old, new);
+}
+
diff --git a/tests/tests/common/rmdir_failure.c b/tests/tests/common/rmdir_failure.c
new file mode 100644
index 0000000..9d775b1
--- /dev/null
+++ b/tests/tests/common/rmdir_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc rmdir_failure.c -o rmdir_failure.so -shared -ldl 
+ * LD_PRELOAD=./rmdir_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*rmdir_type) (const char *path);
+static rmdir_type next_rmdir;
+
+static const char *failure_path = NULL;
+
+int rmdir (const char *path)
+{
+	if (NULL == next_rmdir)
+	{
+		next_rmdir = dlsym (RTLD_NEXT, "rmdir");
+		assert (NULL != next_rmdir);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != path)
+	    && (NULL != failure_path)
+	    && (strcmp (path, failure_path) == 0))
+	{
+		fprintf (stderr, "rmdir FAILURE %s\n", path);
+		errno = EBUSY;
+		return -1;
+	}
+
+	return next_rmdir (path);
+}
+
diff --git a/tests/tests/common/time_0.c b/tests/tests/common/time_0.c
new file mode 100644
index 0000000..6937361
--- /dev/null
+++ b/tests/tests/common/time_0.c
@@ -0,0 +1,16 @@
+/* 
+ * gcc time_0.c -o time_0.so -shared
+ * LD_PRELOAD=./time_0.so ./test
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+
+time_t time (time_t *t)
+{
+	fprintf (stderr, "time 0\n");
+
+	return (time_t)0;
+}
+
diff --git a/tests/tests/common/time_past.c b/tests/tests/common/time_past.c
new file mode 100644
index 0000000..d0eb741
--- /dev/null
+++ b/tests/tests/common/time_past.c
@@ -0,0 +1,52 @@
+/* 
+ * gcc time_past.c -o time_past.so -shared -ldl 
+ * LD_PRELOAD=./time_past.so PAST_DAYS=2 ./test
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef time_t (*time_type) (time_t *t);
+static time_type next_time;
+
+static int time_past = 0;
+static char *past = NULL;
+
+time_t time (time_t *t)
+{
+	time_t res;
+
+	if (NULL == next_time)
+	{
+		next_time = dlsym (RTLD_NEXT, "time");
+		assert (NULL != next_time);
+	}
+	if (NULL == past) {
+		const char *past = getenv ("PAST_DAYS");
+		if (NULL == past) {
+			fputs ("No PAST_DAYS defined\n", stderr);
+		}
+		time_past = atoi (past);
+	}
+
+	res = next_time (t);
+	res -= 24*60*60*time_past;
+
+	if (NULL != t) {
+		*t = res;
+	}
+
+	return res;
+}
+
diff --git a/tests/tests/common/unlink_failure.c b/tests/tests/common/unlink_failure.c
new file mode 100644
index 0000000..2281c8a
--- /dev/null
+++ b/tests/tests/common/unlink_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc unlink_failure.c -o unlink_failure.so -shared -ldl 
+ * LD_PRELOAD=./unlink_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*unlink_type) (const char *path);
+static unlink_type next_unlink;
+
+static const char *failure_path = NULL;
+
+int unlink (const char *path)
+{
+	if (NULL == next_unlink)
+	{
+		next_unlink = dlsym (RTLD_NEXT, "unlink");
+		assert (NULL != next_unlink);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != path)
+	    && (NULL != failure_path)
+	    && (strcmp (path, failure_path) == 0))
+	{
+		fprintf (stderr, "unlink FAILURE %s\n", path);
+		errno = EBUSY;
+		return -1;
+	}
+
+	return next_unlink (path);
+}
+
diff --git a/tests/tests/common/unlinkat_failure.c b/tests/tests/common/unlinkat_failure.c
new file mode 100644
index 0000000..5b8bf95
--- /dev/null
+++ b/tests/tests/common/unlinkat_failure.c
@@ -0,0 +1,62 @@
+/* 
+ * gcc unlinkat_failure.c -o unlinkat_failure.so -shared -ldl 
+ * LD_PRELOAD=./unlinkat_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*unlinkat_type) (int dirfd, const char *pathname, int flags);
+static unlinkat_type next_unlinkat;
+
+static const char *failure_path = NULL;
+static dev_t failure_dev = -1;
+static ino_t failure_ino = -1;
+
+int unlinkat (int dirfd, const char *pathname, int flags)
+{
+	if (NULL == next_unlinkat)
+	{
+		next_unlinkat = dlsym (RTLD_NEXT, "unlinkat");
+		assert (NULL != next_unlinkat);
+	}
+	if (NULL == failure_path) {
+		struct stat sb;
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+		if (lstat (failure_path, &sb) != 0) {
+			fputs ("Can't lstat FAILURE_PATH\n", stderr);
+		}
+		failure_dev = sb.st_dev;
+		failure_ino = sb.st_ino;
+	}
+
+	if (   (NULL != pathname)
+	    && (NULL != failure_path)) {
+		struct stat sb;
+		if (   (fstatat (dirfd, pathname, &sb, flags) == 0)
+		    && (sb.st_dev == failure_dev)
+		    && (sb.st_ino == failure_ino)) {
+			fprintf (stderr, "unlinkat FAILURE %s\n", failure_path);
+			errno = EBUSY;
+			return -1;
+		}
+	}
+
+	return next_unlinkat (dirfd, pathname, flags);
+}
+
diff --git a/tests/tests/convtools/01/data/1/group b/tests/tests/convtools/01/data/1/group
new file mode 100644
index 0000000..a34689a
--- /dev/null
+++ b/tests/tests/convtools/01/data/1/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/convtools/01/data/1/passwd b/tests/tests/convtools/01/data/1/passwd
new file mode 100644
index 0000000..a9a08c8
--- /dev/null
+++ b/tests/tests/convtools/01/data/1/passwd
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/convtools/01/data/2/group b/tests/tests/convtools/01/data/2/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/convtools/01/data/2/gshadow b/tests/tests/convtools/01/data/2/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/convtools/01/data/2/passwd b/tests/tests/convtools/01/data/2/passwd
new file mode 100644
index 0000000..e8242fe
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite:x:424243:424243::/home:/bin/bash
diff --git a/tests/tests/convtools/01/data/2/shadow b/tests/tests/convtools/01/data/2/shadow
new file mode 100644
index 0000000..6689e4f
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+testsuite::12992:0:99999:7:::
diff --git a/tests/tests/convtools/01/run b/tests/tests/convtools/01/run
new file mode 100755
index 0000000..fadf7c8
--- /dev/null
+++ b/tests/tests/convtools/01/run
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that su can be used to switch to root and to a normal account
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp -dp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp -dp /etc/$i- tmp/$i-
+	done
+	DATE=$(date '+%s')
+	DATE=$(( DATE/3600/24 ))
+	WARN=$( grep -E "^PASS_WARN_AGE" /etc/login.defs | { read var val ; echo $val; } )
+	saveifs=$IFS
+	IFS=":"
+	cat data/2/shadow |
+		while read f1 f2 f3 f4 f5 f6 f7 f8 fres
+		do
+			echo "$f1:$f2:$DATE:$f4:$f5:$WARN:::"
+		done > tmp/shadow.2
+	IFS=$saveifs
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp -dp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp -dp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm tmp/shadow.2
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	rm -f /etc/$i
+done
+for i in passwd group
+do
+	cp -f data/1/$i /etc/
+done
+
+echo -n "pwconv "
+pwconv
+echo -n "checking..."
+diff -au /etc/passwd  data/2/passwd
+diff -au /etc/shadow  tmp/shadow.2
+diff -au /etc/group   data/1/group
+perms=$(stat -c "%a %u %G" /etc/shadow)
+if [ "$perms" != "440 0 shadow" ]
+then
+	echo "Wrong mode or owners on /etc/shadow."
+	exit 1
+fi
+if [ -f /etc/gshadow ]
+then
+	echo "/etc/gshadow should not exist."
+	exit 1
+fi
+echo "OK"
+
+echo -n "grpconv "
+grpconv
+echo -n "checking..."
+diff -au /etc/passwd  data/2/passwd
+diff -au /etc/shadow  tmp/shadow.2
+diff -au /etc/group   data/2/group
+diff -au /etc/gshadow data/2/gshadow
+echo "OK"
+
+echo -n "pwunconv "
+pwunconv
+echo -n "checking..."
+diff -au /etc/passwd  data/1/passwd
+if [ -f /etc/shadow ]
+then
+	echo "/etc/shadow should not exist. "
+	exit 1
+fi
+diff -au /etc/group   data/2/group
+diff -au /etc/gshadow data/2/gshadow
+echo "OK"
+
+echo -n "grpunconv "
+grpunconv
+echo -n "checking..."
+diff -au /etc/passwd  data/1/passwd
+if [ -f /etc/shadow ]
+then
+	echo "/etc/shadow should not exist. "
+	exit 1
+fi
+diff -au /etc/group   data/1/group
+if [ -f /etc/gshadow ]
+then
+	echo "/etc/gshadow should not exist. "
+	exit 1
+fi
+echo "OK"
+
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config.txt b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config.txt
new file mode 100644
index 0000000..8529433
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config.txt
@@ -0,0 +1,2 @@
+user foo, in group users
+group bar in gshadow, not group
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/group b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/gshadow b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/passwd b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/shadow b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/data/gshadow b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
new file mode 100755
index 0000000..8092d3a
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv removes the gshadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config.txt b/tests/tests/convtools/03_grpconv_copy_passwd/config.txt
new file mode 100644
index 0000000..e904dbe
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config.txt
@@ -0,0 +1,2 @@
+group foo with a password in /etc/group
+group foo not in gshadow
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/group b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/gshadow b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/passwd b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/shadow b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/data/group b/tests/tests/convtools/03_grpconv_copy_passwd/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/data/gshadow b/tests/tests/convtools/03_grpconv_copy_passwd/data/gshadow
new file mode 100644
index 0000000..fed75fc
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:$1$foogroupPassword::
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/grpconv.test b/tests/tests/convtools/03_grpconv_copy_passwd/grpconv.test
new file mode 100755
index 0000000..2cf4989
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv copies the password from group to gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/04_grpconv_no_password/config.txt b/tests/tests/convtools/04_grpconv_no_password/config.txt
new file mode 100644
index 0000000..71f8a48
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config.txt
@@ -0,0 +1,2 @@
+group foo with an empty password in group
+group foo not in gshadow
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/group b/tests/tests/convtools/04_grpconv_no_password/config/etc/group
new file mode 100644
index 0000000..52ece62
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo::1000:
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/gshadow b/tests/tests/convtools/04_grpconv_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/passwd b/tests/tests/convtools/04_grpconv_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/shadow b/tests/tests/convtools/04_grpconv_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/04_grpconv_no_password/data/group b/tests/tests/convtools/04_grpconv_no_password/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/04_grpconv_no_password/data/gshadow b/tests/tests/convtools/04_grpconv_no_password/data/gshadow
new file mode 100644
index 0000000..5c62cfd
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:::
diff --git a/tests/tests/convtools/04_grpconv_no_password/grpconv.test b/tests/tests/convtools/04_grpconv_no_password/grpconv.test
new file mode 100755
index 0000000..da0fb07
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv moves an empty password from group to gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config.txt b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config.txt
new file mode 100644
index 0000000..891174b
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config.txt
@@ -0,0 +1,3 @@
+group foo in group with a password
+group foo in gshadow without password
+group foo member of users in group, not in gshadow
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/group b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/gshadow b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/passwd b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/shadow b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/group b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/gshadow b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/gshadow
new file mode 100644
index 0000000..fed75fc
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:$1$foogroupPassword::
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
new file mode 100755
index 0000000..2d9f9f3
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv copies the password and membership from group to gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config.txt b/tests/tests/convtools/06_grpconv_error_group_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/group b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/gshadow b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/passwd b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/shadow b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/data/grpconv.err b/tests/tests/convtools/06_grpconv_error_group_locked/data/grpconv.err
new file mode 100644
index 0000000..4a63d73
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/data/grpconv.err
@@ -0,0 +1,2 @@
+grpconv: lock /etc/group.lock already used by PID <PID>
+grpconv: cannot lock /etc/group; try again later.
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/grpconv.test b/tests/tests/convtools/06_grpconv_error_group_locked/grpconv.test
new file mode 100755
index 0000000..0ed4ead
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/grpconv.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv tests if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+echo -n $$ > /etc/group.lock
+echo "done"
+
+echo -n "Convert the group files (grpconv)..."
+grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/group..."
+rm -f /etc/group.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+sed -i -e "s/$$/<PID>/" tmp/grpconv.err
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config.txt b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/group b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/gshadow b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/passwd b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/shadow b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/data/grpconv.err b/tests/tests/convtools/07_grpconv_error_gshadow_locked/data/grpconv.err
new file mode 100644
index 0000000..527ecae
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/data/grpconv.err
@@ -0,0 +1,2 @@
+grpconv: existing lock file /etc/gshadow.lock without a PID
+grpconv: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/grpconv.test b/tests/tests/convtools/07_grpconv_error_gshadow_locked/grpconv.test
new file mode 100755
index 0000000..52e03c9
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/grpconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv tests if gshadow is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Convert the group files (grpconv)..."
+grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/gshadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config.txt b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config.txt
new file mode 100644
index 0000000..48ac937
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user foo, in group users
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/group b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/gshadow b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/passwd b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/shadow b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/grpunconv.test b/tests/tests/convtools/08_grpunconv_no_gshadow_file/grpunconv.test
new file mode 100755
index 0000000..0be3ce8
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/grpunconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv exits successfully when the gshadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config.txt b/tests/tests/convtools/09_grpunconv_error_group_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/group b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/gshadow b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/passwd b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/shadow b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/data/grpunconv.err b/tests/tests/convtools/09_grpunconv_error_group_locked/data/grpunconv.err
new file mode 100644
index 0000000..ddfae6f
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/data/grpunconv.err
@@ -0,0 +1,2 @@
+grpunconv: existing lock file /etc/group.lock without a PID
+grpunconv: cannot lock /etc/group; try again later.
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/grpunconv.test b/tests/tests/convtools/09_grpunconv_error_group_locked/grpunconv.test
new file mode 100755
index 0000000..7503fe8
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/grpunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/group..."
+rm -f /etc/group.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config.txt b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/group b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/gshadow b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/passwd b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/shadow b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/data/grpunconv.err b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/data/grpunconv.err
new file mode 100644
index 0000000..5547097
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/data/grpunconv.err
@@ -0,0 +1,2 @@
+grpunconv: existing lock file /etc/gshadow.lock without a PID
+grpunconv: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/grpunconv.test b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
new file mode 100755
index 0000000..7b7490c
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/gshadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config.txt b/tests/tests/convtools/11_pwconv_error_passwd_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/group b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/gshadow b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/passwd b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/shadow b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/data/pwconv.err b/tests/tests/convtools/11_pwconv_error_passwd_locked/data/pwconv.err
new file mode 100644
index 0000000..bf83d74
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/data/pwconv.err
@@ -0,0 +1,2 @@
+pwconv: existing lock file /etc/passwd.lock without a PID
+pwconv: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/pwconv.test b/tests/tests/convtools/11_pwconv_error_passwd_locked/pwconv.test
new file mode 100755
index 0000000..4d292cb
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/pwconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv tests if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/passwd..."
+rm -f /etc/passwd.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config.txt b/tests/tests/convtools/12_pwconv_error_shadow_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/group b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/gshadow b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/passwd b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/shadow b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/data/pwconv.err b/tests/tests/convtools/12_pwconv_error_shadow_locked/data/pwconv.err
new file mode 100644
index 0000000..3ac9048
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/data/pwconv.err
@@ -0,0 +1,2 @@
+pwconv: existing lock file /etc/shadow.lock without a PID
+pwconv: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/pwconv.test b/tests/tests/convtools/12_pwconv_error_shadow_locked/pwconv.test
new file mode 100755
index 0000000..03bcf6b
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/pwconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv tests if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Convert the shadow files (pwconv)..."
+pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/shadow..."
+rm -f /etc/shadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config.txt b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/group b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/gshadow b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/passwd b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/shadow b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/data/pwunconv.err b/tests/tests/convtools/13_pwunconv_error_passwd_locked/data/pwunconv.err
new file mode 100644
index 0000000..40d2244
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/data/pwunconv.err
@@ -0,0 +1,2 @@
+pwunconv: existing lock file /etc/passwd.lock without a PID
+pwunconv: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/pwunconv.test b/tests/tests/convtools/13_pwunconv_error_passwd_locked/pwunconv.test
new file mode 100755
index 0000000..bfd7ed3
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/pwunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv tests if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Convert the passwd files (pwunconv)..."
+pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/passwd..."
+rm -f /etc/passwd.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config.txt b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/group b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/gshadow b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/passwd b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/shadow b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/data/pwunconv.err b/tests/tests/convtools/14_pwunconv_error_shadow_locked/data/pwunconv.err
new file mode 100644
index 0000000..20de665
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/data/pwunconv.err
@@ -0,0 +1,2 @@
+pwunconv: existing lock file /etc/shadow.lock without a PID
+pwunconv: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/pwunconv.test b/tests/tests/convtools/14_pwunconv_error_shadow_locked/pwunconv.test
new file mode 100755
index 0000000..79e6c4e
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/pwunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv tests if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Convert the shadow files (pwunconv)..."
+pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/shadow..."
+rm -f /etc/shadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config.txt b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config.txt
new file mode 100644
index 0000000..9f8a836
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config.txt
@@ -0,0 +1,2 @@
+user foo, in group users
+group bar is gshadow, not group
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/group b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/gshadow b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/passwd b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/shadow b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/data/shadow b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/data/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/pwconv.test b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
new file mode 100755
index 0000000..11abe4b
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv removes the shadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config.txt b/tests/tests/convtools/16_pwconv_copy_passwd/config.txt
new file mode 100644
index 0000000..a6d9ecd
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config.txt
@@ -0,0 +1 @@
+user foo with a password, not in shadow
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/group b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/gshadow b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/passwd b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/passwd
new file mode 100644
index 0000000..2a53add
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:$1$foogroupPassword:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/shadow b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/shadow
new file mode 100644
index 0000000..498ef86
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:*:12977:0:99999:7:::
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/data/passwd b/tests/tests/convtools/16_pwconv_copy_passwd/data/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/data/shadow b/tests/tests/convtools/16_pwconv_copy_passwd/data/shadow
new file mode 100644
index 0000000..54d97a4
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$foogroupPassword:@TODAY@:0:99999:7:::
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/pwconv.test b/tests/tests/convtools/16_pwconv_copy_passwd/pwconv.test
new file mode 100755
index 0000000..d25ceb2
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/pwconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv removes the shadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config.txt b/tests/tests/convtools/17_pwunconv_no_shadow_file/config.txt
new file mode 100644
index 0000000..4d66ec7
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config.txt
@@ -0,0 +1,6 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
+group bar is gshadow, not group
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/group b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/gshadow b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/passwd b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/shadow b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/pwunconv.test b/tests/tests/convtools/17_pwunconv_no_shadow_file/pwunconv.test
new file mode 100755
index 0000000..afcd2d7
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/pwunconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv exits successfully when the shadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Convert the passwd files (pwunconv)..."
+pwunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config.txt b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config.txt
new file mode 100644
index 0000000..a6d9ecd
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config.txt
@@ -0,0 +1 @@
+user foo with a password, not in shadow
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/group b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/gshadow b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/passwd b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/shadow b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/data/passwd b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/data/passwd
new file mode 100644
index 0000000..28f6d45
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/data/passwd
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/pwunconv.test b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
new file mode 100755
index 0000000..44c5e5d
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv does not fail when a user is not in the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unconvert the shadow file (pwunconv)..."
+pwunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/19_pwconv_NIS/config.txt b/tests/tests/convtools/19_pwconv_NIS/config.txt
new file mode 100644
index 0000000..a6d9ecd
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config.txt
@@ -0,0 +1 @@
+user foo with a password, not in shadow
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/group b/tests/tests/convtools/19_pwconv_NIS/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/gshadow b/tests/tests/convtools/19_pwconv_NIS/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/passwd b/tests/tests/convtools/19_pwconv_NIS/config/etc/passwd
new file mode 100644
index 0000000..8be0d7b
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:$1$foogroupPassword:1000:1000:::/bin/false
++::::::::
+-bar::::::::
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/shadow b/tests/tests/convtools/19_pwconv_NIS/config/etc/shadow
new file mode 100644
index 0000000..498ef86
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:*:12977:0:99999:7:::
diff --git a/tests/tests/convtools/19_pwconv_NIS/data/passwd b/tests/tests/convtools/19_pwconv_NIS/data/passwd
new file mode 100644
index 0000000..f474274
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
++::::::::
+-bar::::::::
diff --git a/tests/tests/convtools/19_pwconv_NIS/data/shadow b/tests/tests/convtools/19_pwconv_NIS/data/shadow
new file mode 100644
index 0000000..68bbd02
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/data/shadow
@@ -0,0 +1,20 @@
+root:x:@TODAY@:0:99999:7:::
+daemon:x:@TODAY@:0:99999:7:::
+bin:x:@TODAY@:0:99999:7:::
+sys:x:@TODAY@:0:99999:7:::
+sync:x:@TODAY@:0:99999:7:::
+games:x:@TODAY@:0:99999:7:::
+man:x:@TODAY@:0:99999:7:::
+lp:x:@TODAY@:0:99999:7:::
+mail:x:@TODAY@:0:99999:7:::
+news:x:@TODAY@:0:99999:7:::
+uucp:x:@TODAY@:0:99999:7:::
+proxy:x:@TODAY@:0:99999:7:::
+www-data:x:@TODAY@:0:99999:7:::
+backup:x:@TODAY@:0:99999:7:::
+list:x:@TODAY@:0:99999:7:::
+irc:x:@TODAY@:0:99999:7:::
+gnats:x:@TODAY@:0:99999:7:::
+nobody:x:@TODAY@:0:99999:7:::
+Debian-exim:!:@TODAY@:0:99999:7:::
+foo:$1$foogroupPassword:@TODAY@:0:99999:7:::
diff --git a/tests/tests/convtools/19_pwconv_NIS/pwconv.test b/tests/tests/convtools/19_pwconv_NIS/pwconv.test
new file mode 100755
index 0000000..62bd4db
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/pwconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv removes the shadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config.txt b/tests/tests/convtools/20_pwunconv_usage_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/group b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/gshadow b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/passwd b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/shadow b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/data/usage.out b/tests/tests/convtools/20_pwunconv_usage_option/data/usage.out
new file mode 100644
index 0000000..30fff4d
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+pwunconv: invalid option -- 'Z'
+Usage: pwunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/pwunconv.test b/tests/tests/convtools/20_pwunconv_usage_option/pwunconv.test
new file mode 100755
index 0000000..fa2a9d7
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwunconv usage (pwunconv -Z)..."
+pwunconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config.txt b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config.txt
new file mode 100644
index 0000000..cda229c
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config.txt
@@ -0,0 +1 @@
+user foo with a password in passwd (and shadow)
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/group b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/gshadow b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/passwd b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/passwd
new file mode 100644
index 0000000..b58a62b
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/shadow b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/shadow
new file mode 100644
index 0000000..7e164e0
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooshadowpasswd:12977:0:99999:7:::
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/data/passwd b/tests/tests/convtools/21_pwunconv_keep_passwd_password/data/passwd
new file mode 100644
index 0000000..56eb83b
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/data/passwd
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/pwunconv.test b/tests/tests/convtools/21_pwunconv_keep_passwd_password/pwunconv.test
new file mode 100755
index 0000000..c795f1f
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/pwunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv keeps the password from /etc/passwd (if not 'x'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unconvert the shadow file (pwunconv)..."
+pwunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config.txt b/tests/tests/convtools/22_grpunconv_usage_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/group b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/gshadow b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/passwd b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/shadow b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/data/usage.out b/tests/tests/convtools/22_grpunconv_usage_option/data/usage.out
new file mode 100644
index 0000000..7528279
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+grpunconv: invalid option -- 'Z'
+Usage: grpunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/grpunconv.test b/tests/tests/convtools/22_grpunconv_usage_option/grpunconv.test
new file mode 100755
index 0000000..5c3bc82
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpunconv usage (grpunconv -Z)..."
+grpunconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config.txt b/tests/tests/convtools/23_grpunconv_keep_group_password/config.txt
new file mode 100644
index 0000000..cda229c
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config.txt
@@ -0,0 +1 @@
+user foo with a password in passwd (and shadow)
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/group b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/gshadow b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/gshadow
new file mode 100644
index 0000000..51a7bdb
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:fooshadowpass::
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/passwd b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/passwd
new file mode 100644
index 0000000..b58a62b
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/shadow b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/shadow
new file mode 100644
index 0000000..7e164e0
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooshadowpasswd:12977:0:99999:7:::
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/data/group b/tests/tests/convtools/23_grpunconv_keep_group_password/data/group
new file mode 100644
index 0000000..2a9e59e
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:foo
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/grpunconv.test b/tests/tests/convtools/23_grpunconv_keep_group_password/grpunconv.test
new file mode 100755
index 0000000..e3e0127
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/grpunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv keeps the password from /etc/group (if not 'x'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unconvert the shadow file (grpunconv)..."
+grpunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config.txt b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config.txt
new file mode 100644
index 0000000..48ac937
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config.txt
@@ -0,0 +1 @@
+user foo, in group users
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/group b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/gshadow b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..671ebfe
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/passwd b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/shadow b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/data/group b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/data/group
new file mode 100644
index 0000000..6111866
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:x:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:x:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:foo
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:*:1000:
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/grpunconv.test b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
new file mode 100755
index 0000000..716d97a
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv succeeds even if some entries are no in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config.txt b/tests/tests/convtools/25_pwconv_usage_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config.txt
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/group b/tests/tests/convtools/25_pwconv_usage_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/group
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/gshadow b/tests/tests/convtools/25_pwconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/gshadow
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/passwd b/tests/tests/convtools/25_pwconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/passwd
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/shadow b/tests/tests/convtools/25_pwconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/shadow
diff --git a/tests/tests/convtools/25_pwconv_usage_option/data/usage.out b/tests/tests/convtools/25_pwconv_usage_option/data/usage.out
new file mode 100644
index 0000000..8ecc6af
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+pwconv: invalid option -- 'Z'
+Usage: pwconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/25_pwconv_usage_option/pwconv.test b/tests/tests/convtools/25_pwconv_usage_option/pwconv.test
new file mode 100755
index 0000000..7e6ccaf
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/pwconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwconv usage (pwconv -Z)..."
+pwconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config.txt b/tests/tests/convtools/26_grpconv_usage_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config.txt
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/group b/tests/tests/convtools/26_grpconv_usage_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/group
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/gshadow b/tests/tests/convtools/26_grpconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/gshadow
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/passwd b/tests/tests/convtools/26_grpconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/passwd
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/shadow b/tests/tests/convtools/26_grpconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/shadow
diff --git a/tests/tests/convtools/26_grpconv_usage_option/data/usage.out b/tests/tests/convtools/26_grpconv_usage_option/data/usage.out
new file mode 100644
index 0000000..5da31b4
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+grpconv: invalid option -- 'Z'
+Usage: grpconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/26_grpconv_usage_option/grpconv.test b/tests/tests/convtools/26_grpconv_usage_option/grpconv.test
new file mode 100755
index 0000000..18c033c
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/grpconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpconv usage (grpconv -Z)..."
+grpconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/27_pwunconv_usage/config.txt b/tests/tests/convtools/27_pwunconv_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/group b/tests/tests/convtools/27_pwunconv_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/gshadow b/tests/tests/convtools/27_pwunconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/passwd b/tests/tests/convtools/27_pwunconv_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/shadow b/tests/tests/convtools/27_pwunconv_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/27_pwunconv_usage/data/usage.out b/tests/tests/convtools/27_pwunconv_usage/data/usage.out
new file mode 100644
index 0000000..71f04d9
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/27_pwunconv_usage/pwunconv.test b/tests/tests/convtools/27_pwunconv_usage/pwunconv.test
new file mode 100755
index 0000000..4103eca
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/pwunconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwunconv usage (pwunconv -Z)..."
+pwunconv -h >tmp/usage.out
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config.txt b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/28_pwunconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..71f04d9
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/pwunconv.test b/tests/tests/convtools/28_pwunconv_usage_extra_arg/pwunconv.test
new file mode 100755
index 0000000..d9a3808
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwunconv with an argument (pwunconv foo)..."
+pwunconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/29_grpconv_usage/config.txt b/tests/tests/convtools/29_grpconv_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config.txt
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/group b/tests/tests/convtools/29_grpconv_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/group
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/gshadow b/tests/tests/convtools/29_grpconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/gshadow
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/passwd b/tests/tests/convtools/29_grpconv_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/passwd
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/shadow b/tests/tests/convtools/29_grpconv_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/shadow
diff --git a/tests/tests/convtools/29_grpconv_usage/data/usage.out b/tests/tests/convtools/29_grpconv_usage/data/usage.out
new file mode 100644
index 0000000..80f0fd5
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/29_grpconv_usage/grpconv.test b/tests/tests/convtools/29_grpconv_usage/grpconv.test
new file mode 100755
index 0000000..a6fbd9e
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/grpconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpconv usage (grpconv -Z)..."
+grpconv -h >tmp/usage.out
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config.txt b/tests/tests/convtools/30_grpconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config.txt
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/group
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/gshadow
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/passwd
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/shadow
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/30_grpconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..80f0fd5
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/grpconv.test b/tests/tests/convtools/30_grpconv_usage_extra_arg/grpconv.test
new file mode 100755
index 0000000..a321a05
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/grpconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call grpconv with an extra argument (grpconv foo)..."
+grpconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/31_pwconv_usage/config.txt b/tests/tests/convtools/31_pwconv_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config.txt
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/group b/tests/tests/convtools/31_pwconv_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/group
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/gshadow b/tests/tests/convtools/31_pwconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/gshadow
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/passwd b/tests/tests/convtools/31_pwconv_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/passwd
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/shadow b/tests/tests/convtools/31_pwconv_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/shadow
diff --git a/tests/tests/convtools/31_pwconv_usage/data/usage.out b/tests/tests/convtools/31_pwconv_usage/data/usage.out
new file mode 100644
index 0000000..61b53c5
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/31_pwconv_usage/pwconv.test b/tests/tests/convtools/31_pwconv_usage/pwconv.test
new file mode 100755
index 0000000..dd86723
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/pwconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwconv usage (pwconv -Z)..."
+pwconv -h >tmp/usage.out
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config.txt b/tests/tests/convtools/32_pwconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config.txt
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/group
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/gshadow
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/passwd
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/shadow
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/32_pwconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..61b53c5
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/pwconv.test b/tests/tests/convtools/32_pwconv_usage_extra_arg/pwconv.test
new file mode 100755
index 0000000..1ae4ffe
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/pwconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwconv with an extra argument (pwconv foo)..."
+pwconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/33_grpunconv_usage/config.txt b/tests/tests/convtools/33_grpunconv_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/group b/tests/tests/convtools/33_grpunconv_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/gshadow b/tests/tests/convtools/33_grpunconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/passwd b/tests/tests/convtools/33_grpunconv_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/shadow b/tests/tests/convtools/33_grpunconv_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/33_grpunconv_usage/data/usage.out b/tests/tests/convtools/33_grpunconv_usage/data/usage.out
new file mode 100644
index 0000000..274b58d
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/33_grpunconv_usage/grpunconv.test b/tests/tests/convtools/33_grpunconv_usage/grpunconv.test
new file mode 100755
index 0000000..d6f6539
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/grpunconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpunconv usage (grpunconv -Z)..."
+grpunconv -h >tmp/usage.out
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config.txt b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/34_grpunconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..274b58d
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/grpunconv.test b/tests/tests/convtools/34_grpunconv_usage_extra_arg/grpunconv.test
new file mode 100755
index 0000000..12a0d21
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call grpunconv with an extra argument (grpunconv foo)..."
+grpunconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/coverage.sh b/tests/tests/coverage.sh
new file mode 100755
index 0000000..6deae84
--- /dev/null
+++ b/tests/tests/coverage.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# This script builds the code coverage of the testsuite.
+# The shadow utils must have been compiled with -fprofile-arcs -ftest-coverage
+
+cd ../build/shadow-4.1.3.1/
+rm -rf ../coverage
+mkdir ../coverage
+lcov --directory . --capture --output-file=lcov.data
+
+genhtml --frames --output-directory ../coverage/ --show-details lcov.data
diff --git a/tests/tests/cptools/01/data/group b/tests/tests/cptools/01/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cptools/01/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cptools/01/data/group.new b/tests/tests/cptools/01/data/group.new
new file mode 100644
index 0000000..db5f134
--- /dev/null
+++ b/tests/tests/cptools/01/data/group.new
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test:x:10000:
diff --git a/tests/tests/cptools/01/data/gshadow b/tests/tests/cptools/01/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cptools/01/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cptools/01/data/gshadow.new b/tests/tests/cptools/01/data/gshadow.new
new file mode 100644
index 0000000..3c9bae9
--- /dev/null
+++ b/tests/tests/cptools/01/data/gshadow.new
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test:x::
diff --git a/tests/tests/cptools/01/data/passwd b/tests/tests/cptools/01/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cptools/01/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cptools/01/data/passwd.new b/tests/tests/cptools/01/data/passwd.new
new file mode 100644
index 0000000..148b794
--- /dev/null
+++ b/tests/tests/cptools/01/data/passwd.new
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test:x:10002:10002::/tmp:/bin/false
diff --git a/tests/tests/cptools/01/data/shadow b/tests/tests/cptools/01/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cptools/01/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/01/data/shadow.new b/tests/tests/cptools/01/data/shadow.new
new file mode 100644
index 0000000..c6e351e
--- /dev/null
+++ b/tests/tests/cptools/01/data/shadow.new
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test:!:10:0:99999:7:::
diff --git a/tests/tests/cptools/01/run1 b/tests/tests/cptools/01/run1
new file mode 100755
index 0000000..26fc044
--- /dev/null
+++ b/tests/tests/cptools/01/run1
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy passwd.new "
+cppw data/passwd.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/passwd data/passwd.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/group data/group
+diff -au /etc/gshadow data/gshadow
+diff -au /etc/shadow data/shadow
+echo "  OK"
diff --git a/tests/tests/cptools/01/run2 b/tests/tests/cptools/01/run2
new file mode 100755
index 0000000..c42238e
--- /dev/null
+++ b/tests/tests/cptools/01/run2
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy group.new "
+cpgr data/group.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/group data/group.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/gshadow data/gshadow
+diff -au /etc/passwd data/passwd
+diff -au /etc/shadow data/shadow
+echo "  OK"
diff --git a/tests/tests/cptools/01/run3 b/tests/tests/cptools/01/run3
new file mode 100755
index 0000000..d213e47
--- /dev/null
+++ b/tests/tests/cptools/01/run3
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy shadow.new "
+cppw -s data/shadow.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/shadow data/shadow.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/group data/group
+diff -au /etc/gshadow data/gshadow
+diff -au /etc/passwd data/passwd
+echo "  OK"
diff --git a/tests/tests/cptools/01/run4 b/tests/tests/cptools/01/run4
new file mode 100755
index 0000000..7cc3fb8
--- /dev/null
+++ b/tests/tests/cptools/01/run4
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy gshadow.new "
+cpgr -s data/gshadow.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/gshadow data/gshadow.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/group data/group
+diff -au /etc/passwd data/passwd
+diff -au /etc/shadow data/shadow
+echo "  OK"
diff --git a/tests/tests/cptools/02_cppw_usage/config.txt b/tests/tests/cptools/02_cppw_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config.txt
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/group b/tests/tests/cptools/02_cppw_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/group
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/gshadow b/tests/tests/cptools/02_cppw_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/gshadow
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/passwd b/tests/tests/cptools/02_cppw_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/passwd
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/shadow b/tests/tests/cptools/02_cppw_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/shadow
diff --git a/tests/tests/cptools/02_cppw_usage/cppw.test b/tests/tests/cptools/02_cppw_usage/cppw.test
new file mode 100755
index 0000000..ef3b77f
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/cppw.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get cppw usage (cppw -h)..."
+cppw -h >tmp/usage.out
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/02_cppw_usage/data/usage.out b/tests/tests/cptools/02_cppw_usage/data/usage.out
new file mode 100644
index 0000000..9efb2a7
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/data/usage.out
@@ -0,0 +1,3 @@
+Usage:
+`cppw <file>' copys over /etc/passwd   `cppw -s <file>' copys over /etc/shadow
+`cpgr <file>' copys over /etc/group    `cpgr -s <file>' copys over /etc/gshadow
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config.txt b/tests/tests/cptools/03_cppw_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config.txt
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/group b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/group
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/gshadow b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/gshadow
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/passwd b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/passwd
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/shadow b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/shadow
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/cppw.test b/tests/tests/cptools/03_cppw_usage_invalid_option/cppw.test
new file mode 100755
index 0000000..c6d41e9
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports usage of invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use wrong cppw option (cppw -Z)..."
+/usr/sbin/cppw -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/data/usage.out b/tests/tests/cptools/03_cppw_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..633ff23
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/data/usage.out
@@ -0,0 +1,4 @@
+/usr/sbin/cppw: invalid option -- 'Z'
+Usage:
+`cppw <file>' copys over /etc/passwd   `cppw -s <file>' copys over /etc/shadow
+`cpgr <file>' copys over /etc/group    `cpgr -s <file>' copys over /etc/gshadow
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config.txt b/tests/tests/cptools/04_cppw_no_file_argument/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config.txt
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/group b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/group
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/gshadow b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/gshadow
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/passwd b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/passwd
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/shadow b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/shadow
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/cppw.test b/tests/tests/cptools/04_cppw_no_file_argument/cppw.test
new file mode 100755
index 0000000..7ccef73
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports an error if no files are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw without a file argument (cppw)..."
+cppw 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/data/usage.out b/tests/tests/cptools/04_cppw_no_file_argument/data/usage.out
new file mode 100644
index 0000000..808df39
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/data/usage.out
@@ -0,0 +1,2 @@
+cppw: wrong number of arguments, -h for usage
+cppw: no changes
diff --git a/tests/tests/cptools/05_cppw_2_files/config.txt b/tests/tests/cptools/05_cppw_2_files/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config.txt
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/group b/tests/tests/cptools/05_cppw_2_files/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/gshadow b/tests/tests/cptools/05_cppw_2_files/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/passwd b/tests/tests/cptools/05_cppw_2_files/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/shadow b/tests/tests/cptools/05_cppw_2_files/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/cptools/05_cppw_2_files/cppw.test b/tests/tests/cptools/05_cppw_2_files/cppw.test
new file mode 100755
index 0000000..49ca1d5
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports an error if 2 files are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw with 2 files (cppw data/passwd data/passwd)..."
+cppw data/passwd data/passwd 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/05_cppw_2_files/data/passwd b/tests/tests/cptools/05_cppw_2_files/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/cptools/05_cppw_2_files/data/usage.out b/tests/tests/cptools/05_cppw_2_files/data/usage.out
new file mode 100644
index 0000000..808df39
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/data/usage.out
@@ -0,0 +1,2 @@
+cppw: wrong number of arguments, -h for usage
+cppw: no changes
diff --git a/tests/tests/cptools/06_cppw_no_file/config.txt b/tests/tests/cptools/06_cppw_no_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config.txt
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/group b/tests/tests/cptools/06_cppw_no_file/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/group
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/gshadow b/tests/tests/cptools/06_cppw_no_file/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/gshadow
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/passwd b/tests/tests/cptools/06_cppw_no_file/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/passwd
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/shadow b/tests/tests/cptools/06_cppw_no_file/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/shadow
diff --git a/tests/tests/cptools/06_cppw_no_file/cppw.test b/tests/tests/cptools/06_cppw_no_file/cppw.test
new file mode 100755
index 0000000..f4adb89
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports an error if no files are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw with a nonexistent file (cppw data/passwd)..."
+cppw data/passwd 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/06_cppw_no_file/data/usage.out b/tests/tests/cptools/06_cppw_no_file/data/usage.out
new file mode 100644
index 0000000..133dea3
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/data/usage.out
@@ -0,0 +1,2 @@
+cppw: data/passwd: No such file or directory
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config.txt b/tests/tests/cptools/07_cppw_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config.txt
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/group b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/group
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/gshadow b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/gshadow
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/passwd b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/passwd
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/shadow b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/shadow
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/cppw.test b/tests/tests/cptools/07_cppw_locked_passwd/cppw.test
new file mode 100755
index 0000000..366618e
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/cppw.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw checks if the password file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Use cppw (cppw data/passwd)..."
+cppw data/passwd 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/data/passwd b/tests/tests/cptools/07_cppw_locked_passwd/data/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/data/passwd
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/data/usage.out b/tests/tests/cptools/07_cppw_locked_passwd/data/usage.out
new file mode 100644
index 0000000..c99e46a
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/data/usage.out
@@ -0,0 +1,3 @@
+cppw: existing lock file /etc/passwd.lock without a PID
+cppw: Couldn't lock file
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/cptools/08_cppw-p/config.txt b/tests/tests/cptools/08_cppw-p/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config.txt
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/group b/tests/tests/cptools/08_cppw-p/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/group
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/gshadow b/tests/tests/cptools/08_cppw-p/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/gshadow
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/passwd b/tests/tests/cptools/08_cppw-p/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/passwd
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/shadow b/tests/tests/cptools/08_cppw-p/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/shadow
diff --git a/tests/tests/cptools/08_cppw-p/cppw.test b/tests/tests/cptools/08_cppw-p/cppw.test
new file mode 100755
index 0000000..d4ee864
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw -p option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -p (cppw -p data/passwd)..."
+cppw -p data/passwd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/08_cppw-p/data/passwd b/tests/tests/cptools/08_cppw-p/data/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/data/passwd
diff --git a/tests/tests/cptools/09_cppw-g/config.txt b/tests/tests/cptools/09_cppw-g/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config.txt
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/group b/tests/tests/cptools/09_cppw-g/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/gshadow b/tests/tests/cptools/09_cppw-g/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/passwd b/tests/tests/cptools/09_cppw-g/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/shadow b/tests/tests/cptools/09_cppw-g/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/09_cppw-g/cppw.test b/tests/tests/cptools/09_cppw-g/cppw.test
new file mode 100755
index 0000000..7ac6d16
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -g (cppw -g data/group)..."
+cppw -g data/group
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/09_cppw-g/data/group b/tests/tests/cptools/09_cppw-g/data/group
new file mode 100644
index 0000000..11b5c11
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/data/group
@@ -0,0 +1,39 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
diff --git a/tests/tests/cptools/10_cppw-g-s/config.txt b/tests/tests/cptools/10_cppw-g-s/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config.txt
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/group b/tests/tests/cptools/10_cppw-g-s/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/gshadow b/tests/tests/cptools/10_cppw-g-s/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/passwd b/tests/tests/cptools/10_cppw-g-s/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/shadow b/tests/tests/cptools/10_cppw-g-s/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/10_cppw-g-s/cppw.test b/tests/tests/cptools/10_cppw-g-s/cppw.test
new file mode 100755
index 0000000..602c34a
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -g -s (cppw -g -s data/gshadow)..."
+cppw -g -s data/gshadow
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/10_cppw-g-s/data/gshadow b/tests/tests/cptools/10_cppw-g-s/data/gshadow
new file mode 100644
index 0000000..93fc055
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/data/gshadow
@@ -0,0 +1,39 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
diff --git a/tests/tests/cptools/11_cppw-p-s/config.txt b/tests/tests/cptools/11_cppw-p-s/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config.txt
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/group b/tests/tests/cptools/11_cppw-p-s/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/gshadow b/tests/tests/cptools/11_cppw-p-s/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/passwd b/tests/tests/cptools/11_cppw-p-s/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/shadow b/tests/tests/cptools/11_cppw-p-s/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/11_cppw-p-s/cppw.test b/tests/tests/cptools/11_cppw-p-s/cppw.test
new file mode 100755
index 0000000..3c68f05
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -p -s (cppw -p -s data/shadow)..."
+cppw -p -s data/shadow
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/11_cppw-p-s/data/shadow b/tests/tests/cptools/11_cppw-p-s/data/shadow
new file mode 100644
index 0000000..6214423
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/data/shadow
@@ -0,0 +1,16 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config.txt b/tests/tests/cptools/12_cppw-s_no_shadow_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config.txt
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/group b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/group
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/gshadow b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/gshadow
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/passwd b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/passwd
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/shadow b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/shadow
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/cppw.test b/tests/tests/cptools/12_cppw-s_no_shadow_file/cppw.test
new file mode 100755
index 0000000..a0c2095
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/cppw.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy a shadow file even if there were no shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Use cppw (cppw -s data/shadow)..."
+cppw -s data/shadow 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "usage message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/data/cppw.err b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/cppw.err
new file mode 100644
index 0000000..0c7d649
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/cppw.err
@@ -0,0 +1,2 @@
+cppw: /etc/shadow: No such file or directory
+cppw: /etc/shadow is unchanged
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/data/shadow b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/shadow
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
new file mode 100755
index 0000000..d583517
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_chpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_chpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_chpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/group b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/gshadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/passwd b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/shadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/group b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/gshadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/login.defs b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/login.defs
new file mode 100644
index 0000000..e9df880
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+MD5_CRYPT_ENAB	yes
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/passwd b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/shadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd.test b/tests/tests/crypt/login.defs_DES/01_chpasswd.test
new file mode 100755
index 0000000..d583517
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_chpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_chpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_chpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/group b/tests/tests/crypt/login.defs_DES/01_chpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/gshadow b/tests/tests/crypt/login.defs_DES/01_chpasswd/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/passwd b/tests/tests/crypt/login.defs_DES/01_chpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/shadow b/tests/tests/crypt/login.defs_DES/01_chpasswd/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
new file mode 100755
index 0000000..2ae3f3b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/group b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/gshadow b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd.new b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd.new
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd.new
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/shadow b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
new file mode 100755
index 0000000..9848828
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/group b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/gshadow b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/passwd b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/shadow b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
new file mode 100755
index 0000000..4c4f18a
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd --crypt-method NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/group b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/gshadow b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/passwd b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/shadow b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/shadow
new file mode 100644
index 0000000..d2bde3b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e.test b/tests/tests/crypt/login.defs_DES/05_chpasswd-e.test
new file mode 100755
index 0000000..fdac6ae
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 05_chpasswd-e/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 05_chpasswd-e/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 05_chpasswd-e/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 05_chpasswd-e/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/group b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/gshadow b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/passwd b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/shadow b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/shadow
new file mode 100644
index 0000000..d2bde3b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m.test b/tests/tests/crypt/login.defs_DES/06_chpasswd-m.test
new file mode 100755
index 0000000..3428d89
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd -m
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 06_chpasswd-m/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 06_chpasswd-m/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 06_chpasswd-m/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 06_chpasswd-m/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/group b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/gshadow b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/passwd b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/shadow b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd.test b/tests/tests/crypt/login.defs_DES/07_chgpasswd.test
new file mode 100755
index 0000000..5b7a073
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 07_chgpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 07_chgpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 07_chgpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 07_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/group b/tests/tests/crypt/login.defs_DES/07_chgpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/gshadow b/tests/tests/crypt/login.defs_DES/07_chgpasswd/gshadow
new file mode 100644
index 0000000..53dba5e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/passwd b/tests/tests/crypt/login.defs_DES/07_chgpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/shadow b/tests/tests/crypt/login.defs_DES/07_chgpasswd/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
new file mode 100755
index 0000000..405e8b2
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/group b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/gshadow b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/passwd b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/shadow b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
new file mode 100755
index 0000000..1553e00
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/group b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/gshadow b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/gshadow
new file mode 100644
index 0000000..53dba5e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/passwd b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/shadow b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
new file mode 100755
index 0000000..a010de2
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd --crypt-method NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/group b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/gshadow b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/gshadow
new file mode 100644
index 0000000..a8f0af9
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/passwd b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/shadow b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e.test b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e.test
new file mode 100755
index 0000000..6b801c1
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nogroup:test | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_chgpasswd-e/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_chgpasswd-e/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_chgpasswd-e/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_chgpasswd-e/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/group b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/gshadow b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/gshadow
new file mode 100644
index 0000000..a8f0af9
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/passwd b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/shadow b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m.test b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m.test
new file mode 100755
index 0000000..f271cb0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nogroup:test | chgpasswd -m
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 12_chgpasswd-m/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 12_chgpasswd-m/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 12_chgpasswd-m/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 12_chgpasswd-m/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/group b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/gshadow b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/passwd b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/shadow b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/group b/tests/tests/crypt/login.defs_DES/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/gshadow b/tests/tests/crypt/login.defs_DES/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/login.defs b/tests/tests/crypt/login.defs_DES/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/passwd b/tests/tests/crypt/login.defs_DES/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/shadow b/tests/tests/crypt/login.defs_DES/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd.test b/tests/tests/crypt/login.defs_MD5/01_chpasswd.test
new file mode 100755
index 0000000..d583517
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_chpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_chpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_chpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/group b/tests/tests/crypt/login.defs_MD5/01_chpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/gshadow b/tests/tests/crypt/login.defs_MD5/01_chpasswd/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/passwd b/tests/tests/crypt/login.defs_MD5/01_chpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/shadow b/tests/tests/crypt/login.defs_MD5/01_chpasswd/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd.test b/tests/tests/crypt/login.defs_MD5/02_chgpasswd.test
new file mode 100755
index 0000000..c102e89
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 02_chgpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 02_chgpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 02_chgpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/group b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/passwd b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/shadow b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/group b/tests/tests/crypt/login.defs_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/gshadow b/tests/tests/crypt/login.defs_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/login.defs b/tests/tests/crypt/login.defs_MD5/config/etc/login.defs
new file mode 100644
index 0000000..11ea6c6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD MD5
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/passwd b/tests/tests/crypt/login.defs_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/shadow b/tests/tests/crypt/login.defs_MD5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd/shadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
new file mode 100755
index 0000000..a38a669
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/group b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/gshadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/login.defs b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/login.defs
new file mode 100644
index 0000000..49ccae8
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+MD5_CRYPT_ENAB	yes
+#ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/passwd b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/shadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd.test
new file mode 100755
index 0000000..3c04e67
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nobody:\$5\$rounds=7000\$' /etc/shadow || {
+	grep "^nobody:" /etc/shadow
+	exit 1
+}
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd.test
new file mode 100755
index 0000000..51adcbe
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nogroup:\$5\$rounds=7000\$' /etc/gshadow || {
+	grep "^nogroup:" /etc/gshadow
+	exit 1
+}
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/group b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/login.defs
new file mode 100644
index 0000000..cb87cef
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+#SHA_CRYPT_MIN_ROUNDS 2000
+SHA_CRYPT_MAX_ROUNDS 7000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
new file mode 100755
index 0000000..ba6d6f2
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change an user's password with chpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user nobody's password (echo nobody:test | chpasswd)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds1=$(sed -n 's/^nobody:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds1)..."
+if [ "$rounds1" -lt 3000 ] || [ "$rounds1" -gt 10000 ]; then
+	echo "Wrong rounds: $rounds1"
+	grep "^nobody:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+echo ""
+echo "Make sure the number of rounds is not constant"
+
+echo -n "  Change user nobody's password (echo nobody:test | chpasswd)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+rounds2=$(sed -n 's/^nobody:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+if [ "$rounds1" = "$rounds2" ]; then
+	echo "The number of rounds did not change."
+	echo "It may not be a error, please re-run this test."
+	exit 1
+fi
+echo -n "($rounds2)..."
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
new file mode 100755
index 0000000..f730d51
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password with chgpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group nogroup's password (echo nogroup:test | chgpasswd)..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds1=$(sed -n 's/^nogroup:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/gshadow)
+echo -n "($rounds1)..."
+if [ "$rounds1" -lt 3000 ] || [ "$rounds1" -gt 10000 ]; then
+	echo "Wrong rounds: $rounds1"
+	grep "^nogroup:" /etc/gshadow
+	exit 1
+fi
+echo "OK"
+
+echo ""
+echo "Make sure the number of rounds is not constant"
+
+echo -n "  Change group nogroup's password (echo nogroup:test | chgpasswd)..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+rounds2=$(sed -n 's/^nogroup:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/gshadow)
+if [ "$rounds1" = "$rounds2" ]; then
+	echo "The number of rounds did not change."
+	echo "It may not be a error, please re-run this test."
+	exit 1
+fi
+echo -n "($rounds2)..."
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/group b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/login.defs
new file mode 100644
index 0000000..9897cc0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+SHA_CRYPT_MIN_ROUNDS 3000
+SHA_CRYPT_MAX_ROUNDS 10000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd.test
new file mode 100755
index 0000000..8a445e7
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nobody:\$5\$rounds=2000\$' /etc/shadow || {
+	grep "^nobody:" /etc/shadow
+	exit 1
+}
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd.test
new file mode 100755
index 0000000..1142c26
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nogroup:\$5\$rounds=2000\$' /etc/gshadow || {
+	grep "^nogroup:" /etc/gshadow
+	exit 1
+}
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/group b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/login.defs
new file mode 100644
index 0000000..5dc8994
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+SHA_CRYPT_MIN_ROUNDS 2000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd.test
new file mode 100755
index 0000000..a38a669
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/group b/tests/tests/crypt/login.defs_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256/config/etc/login.defs
new file mode 100644
index 0000000..f52dcd7
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA512/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA512/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA512/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA512/01_chpasswd/shadow
new file mode 100644
index 0000000..5822203
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA512/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd.test
new file mode 100755
index 0000000..b7ac288
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password with chgpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA512/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd/gshadow
new file mode 100644
index 0000000..5c8c33a
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/group b/tests/tests/crypt/login.defs_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA512/config/etc/login.defs
new file mode 100644
index 0000000..5c9efa3
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA512
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/passwd b/tests/tests/crypt/login.defs_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/shadow b/tests/tests/crypt/login.defs_SHA512/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_none/01_chpasswd.test b/tests/tests/crypt/login.defs_none/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_none/01_chpasswd/shadow b/tests/tests/crypt/login.defs_none/01_chpasswd/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_none/02_chgpasswd.test b/tests/tests/crypt/login.defs_none/02_chgpasswd.test
new file mode 100755
index 0000000..b7ac288
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password with chgpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_none/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_none/02_chgpasswd/gshadow
new file mode 100644
index 0000000..53dba5e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_none/config/etc/group b/tests/tests/crypt/login.defs_none/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_none/config/etc/gshadow b/tests/tests/crypt/login.defs_none/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_none/config/etc/login.defs b/tests/tests/crypt/login.defs_none/config/etc/login.defs
new file mode 100644
index 0000000..4432229
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+#ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_none/config/etc/passwd b/tests/tests/crypt/login.defs_none/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_none/config/etc/shadow b/tests/tests/crypt/login.defs_none/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/debian/01/data/login_files b/tests/tests/debian/01/data/login_files
new file mode 100644
index 0000000..04f4974
--- /dev/null
+++ b/tests/tests/debian/01/data/login_files
@@ -0,0 +1,296 @@
+/.
+/bin
+/bin/login
+/bin/su
+/etc
+/etc/login.defs
+/etc/pam.d
+/etc/pam.d/login
+/etc/pam.d/su
+/etc/securetty
+/usr
+/usr/bin
+/usr/bin/faillog
+/usr/bin/lastlog
+/usr/bin/newgrp
+/usr/bin/sg
+/usr/sbin
+/usr/sbin/nologin
+/usr/share
+/usr/share/doc
+/usr/share/doc/login
+/usr/share/doc/login/NEWS.Debian.gz
+/usr/share/doc/login/NEWS.gz
+/usr/share/doc/login/README
+/usr/share/doc/login/TODO.gz
+/usr/share/doc/login/changelog.Debian.gz
+/usr/share/doc/login/changelog.gz
+/usr/share/doc/login/copyright
+/usr/share/lintian
+/usr/share/lintian/overrides
+/usr/share/lintian/overrides/login
+/usr/share/locale
+/usr/share/locale/bs
+/usr/share/locale/bs/LC_MESSAGES
+/usr/share/locale/bs/LC_MESSAGES/shadow.mo
+/usr/share/locale/ca
+/usr/share/locale/ca/LC_MESSAGES
+/usr/share/locale/ca/LC_MESSAGES/shadow.mo
+/usr/share/locale/cs
+/usr/share/locale/cs/LC_MESSAGES
+/usr/share/locale/cs/LC_MESSAGES/shadow.mo
+/usr/share/locale/da
+/usr/share/locale/da/LC_MESSAGES
+/usr/share/locale/da/LC_MESSAGES/shadow.mo
+/usr/share/locale/de
+/usr/share/locale/de/LC_MESSAGES
+/usr/share/locale/de/LC_MESSAGES/shadow.mo
+/usr/share/locale/dz
+/usr/share/locale/dz/LC_MESSAGES
+/usr/share/locale/dz/LC_MESSAGES/shadow.mo
+/usr/share/locale/el
+/usr/share/locale/el/LC_MESSAGES
+/usr/share/locale/el/LC_MESSAGES/shadow.mo
+/usr/share/locale/es
+/usr/share/locale/es/LC_MESSAGES
+/usr/share/locale/es/LC_MESSAGES/shadow.mo
+/usr/share/locale/eu
+/usr/share/locale/eu/LC_MESSAGES
+/usr/share/locale/eu/LC_MESSAGES/shadow.mo
+/usr/share/locale/fi
+/usr/share/locale/fi/LC_MESSAGES
+/usr/share/locale/fi/LC_MESSAGES/shadow.mo
+/usr/share/locale/fr
+/usr/share/locale/fr/LC_MESSAGES
+/usr/share/locale/fr/LC_MESSAGES/shadow.mo
+/usr/share/locale/gl
+/usr/share/locale/gl/LC_MESSAGES
+/usr/share/locale/gl/LC_MESSAGES/shadow.mo
+/usr/share/locale/he
+/usr/share/locale/he/LC_MESSAGES
+/usr/share/locale/he/LC_MESSAGES/shadow.mo
+/usr/share/locale/hu
+/usr/share/locale/hu/LC_MESSAGES
+/usr/share/locale/hu/LC_MESSAGES/shadow.mo
+/usr/share/locale/id
+/usr/share/locale/id/LC_MESSAGES
+/usr/share/locale/id/LC_MESSAGES/shadow.mo
+/usr/share/locale/it
+/usr/share/locale/it/LC_MESSAGES
+/usr/share/locale/it/LC_MESSAGES/shadow.mo
+/usr/share/locale/ja
+/usr/share/locale/ja/LC_MESSAGES
+/usr/share/locale/ja/LC_MESSAGES/shadow.mo
+/usr/share/locale/kk
+/usr/share/locale/kk/LC_MESSAGES
+/usr/share/locale/kk/LC_MESSAGES/shadow.mo
+/usr/share/locale/km
+/usr/share/locale/km/LC_MESSAGES
+/usr/share/locale/km/LC_MESSAGES/shadow.mo
+/usr/share/locale/ko
+/usr/share/locale/ko/LC_MESSAGES
+/usr/share/locale/ko/LC_MESSAGES/shadow.mo
+/usr/share/locale/nb
+/usr/share/locale/nb/LC_MESSAGES
+/usr/share/locale/nb/LC_MESSAGES/shadow.mo
+/usr/share/locale/ne
+/usr/share/locale/ne/LC_MESSAGES
+/usr/share/locale/ne/LC_MESSAGES/shadow.mo
+/usr/share/locale/nl
+/usr/share/locale/nl/LC_MESSAGES
+/usr/share/locale/nl/LC_MESSAGES/shadow.mo
+/usr/share/locale/nn
+/usr/share/locale/nn/LC_MESSAGES
+/usr/share/locale/nn/LC_MESSAGES/shadow.mo
+/usr/share/locale/pl
+/usr/share/locale/pl/LC_MESSAGES
+/usr/share/locale/pl/LC_MESSAGES/shadow.mo
+/usr/share/locale/pt
+/usr/share/locale/pt/LC_MESSAGES
+/usr/share/locale/pt/LC_MESSAGES/shadow.mo
+/usr/share/locale/pt_BR
+/usr/share/locale/pt_BR/LC_MESSAGES
+/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo
+/usr/share/locale/ro
+/usr/share/locale/ro/LC_MESSAGES
+/usr/share/locale/ro/LC_MESSAGES/shadow.mo
+/usr/share/locale/ru
+/usr/share/locale/ru/LC_MESSAGES
+/usr/share/locale/ru/LC_MESSAGES/shadow.mo
+/usr/share/locale/sk
+/usr/share/locale/sk/LC_MESSAGES
+/usr/share/locale/sk/LC_MESSAGES/shadow.mo
+/usr/share/locale/sq
+/usr/share/locale/sq/LC_MESSAGES
+/usr/share/locale/sq/LC_MESSAGES/shadow.mo
+/usr/share/locale/sv
+/usr/share/locale/sv/LC_MESSAGES
+/usr/share/locale/sv/LC_MESSAGES/shadow.mo
+/usr/share/locale/tl
+/usr/share/locale/tl/LC_MESSAGES
+/usr/share/locale/tl/LC_MESSAGES/shadow.mo
+/usr/share/locale/tr
+/usr/share/locale/tr/LC_MESSAGES
+/usr/share/locale/tr/LC_MESSAGES/shadow.mo
+/usr/share/locale/uk
+/usr/share/locale/uk/LC_MESSAGES
+/usr/share/locale/uk/LC_MESSAGES/shadow.mo
+/usr/share/locale/vi
+/usr/share/locale/vi/LC_MESSAGES
+/usr/share/locale/vi/LC_MESSAGES/shadow.mo
+/usr/share/locale/zh_CN
+/usr/share/locale/zh_CN/LC_MESSAGES
+/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo
+/usr/share/locale/zh_TW
+/usr/share/locale/zh_TW/LC_MESSAGES
+/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo
+/usr/share/man
+/usr/share/man/cs
+/usr/share/man/cs/man1
+/usr/share/man/cs/man1/su.1.gz
+/usr/share/man/cs/man5
+/usr/share/man/cs/man5/faillog.5.gz
+/usr/share/man/cs/man8
+/usr/share/man/cs/man8/faillog.8.gz
+/usr/share/man/cs/man8/lastlog.8.gz
+/usr/share/man/cs/man8/nologin.8.gz
+/usr/share/man/da
+/usr/share/man/da/man1
+/usr/share/man/da/man1/newgrp.1.gz
+/usr/share/man/da/man1/sg.1.gz
+/usr/share/man/da/man8
+/usr/share/man/da/man8/nologin.8.gz
+/usr/share/man/de
+/usr/share/man/de/man1
+/usr/share/man/de/man1/login.1.gz
+/usr/share/man/de/man1/newgrp.1.gz
+/usr/share/man/de/man1/sg.1.gz
+/usr/share/man/de/man1/su.1.gz
+/usr/share/man/de/man5
+/usr/share/man/de/man5/faillog.5.gz
+/usr/share/man/de/man5/login.defs.5.gz
+/usr/share/man/de/man8
+/usr/share/man/de/man8/faillog.8.gz
+/usr/share/man/de/man8/lastlog.8.gz
+/usr/share/man/de/man8/nologin.8.gz
+/usr/share/man/fi
+/usr/share/man/fi/man1
+/usr/share/man/fi/man1/su.1.gz
+/usr/share/man/fr
+/usr/share/man/fr/man1
+/usr/share/man/fr/man1/login.1.gz
+/usr/share/man/fr/man1/newgrp.1.gz
+/usr/share/man/fr/man1/sg.1.gz
+/usr/share/man/fr/man1/su.1.gz
+/usr/share/man/fr/man5
+/usr/share/man/fr/man5/faillog.5.gz
+/usr/share/man/fr/man5/login.defs.5.gz
+/usr/share/man/fr/man8
+/usr/share/man/fr/man8/faillog.8.gz
+/usr/share/man/fr/man8/lastlog.8.gz
+/usr/share/man/fr/man8/nologin.8.gz
+/usr/share/man/hu
+/usr/share/man/hu/man1
+/usr/share/man/hu/man1/login.1.gz
+/usr/share/man/hu/man1/newgrp.1.gz
+/usr/share/man/hu/man1/sg.1.gz
+/usr/share/man/hu/man1/su.1.gz
+/usr/share/man/hu/man8
+/usr/share/man/hu/man8/lastlog.8.gz
+/usr/share/man/id
+/usr/share/man/id/man1
+/usr/share/man/id/man1/login.1.gz
+/usr/share/man/it
+/usr/share/man/it/man1
+/usr/share/man/it/man1/login.1.gz
+/usr/share/man/it/man1/newgrp.1.gz
+/usr/share/man/it/man1/sg.1.gz
+/usr/share/man/it/man1/su.1.gz
+/usr/share/man/it/man5
+/usr/share/man/it/man5/faillog.5.gz
+/usr/share/man/it/man5/login.defs.5.gz
+/usr/share/man/it/man8
+/usr/share/man/it/man8/faillog.8.gz
+/usr/share/man/it/man8/lastlog.8.gz
+/usr/share/man/it/man8/nologin.8.gz
+/usr/share/man/ja
+/usr/share/man/ja/man1
+/usr/share/man/ja/man1/login.1.gz
+/usr/share/man/ja/man1/newgrp.1.gz
+/usr/share/man/ja/man1/sg.1.gz
+/usr/share/man/ja/man1/su.1.gz
+/usr/share/man/ja/man5
+/usr/share/man/ja/man5/faillog.5.gz
+/usr/share/man/ja/man5/login.defs.5.gz
+/usr/share/man/ja/man8
+/usr/share/man/ja/man8/faillog.8.gz
+/usr/share/man/ja/man8/lastlog.8.gz
+/usr/share/man/ko
+/usr/share/man/ko/man1
+/usr/share/man/ko/man1/login.1.gz
+/usr/share/man/ko/man1/su.1.gz
+/usr/share/man/man1
+/usr/share/man/man1/login.1.gz
+/usr/share/man/man1/newgrp.1.gz
+/usr/share/man/man1/sg.1.gz
+/usr/share/man/man1/su.1.gz
+/usr/share/man/man5
+/usr/share/man/man5/faillog.5.gz
+/usr/share/man/man5/login.defs.5.gz
+/usr/share/man/man8
+/usr/share/man/man8/faillog.8.gz
+/usr/share/man/man8/lastlog.8.gz
+/usr/share/man/man8/nologin.8.gz
+/usr/share/man/pl
+/usr/share/man/pl/man1
+/usr/share/man/pl/man1/newgrp.1.gz
+/usr/share/man/pl/man1/sg.1.gz
+/usr/share/man/pl/man5
+/usr/share/man/pl/man5/faillog.5.gz
+/usr/share/man/pl/man8
+/usr/share/man/pl/man8/faillog.8.gz
+/usr/share/man/pl/man8/lastlog.8.gz
+/usr/share/man/ru
+/usr/share/man/ru/man1
+/usr/share/man/ru/man1/login.1.gz
+/usr/share/man/ru/man1/newgrp.1.gz
+/usr/share/man/ru/man1/sg.1.gz
+/usr/share/man/ru/man1/su.1.gz
+/usr/share/man/ru/man5
+/usr/share/man/ru/man5/faillog.5.gz
+/usr/share/man/ru/man5/login.defs.5.gz
+/usr/share/man/ru/man8
+/usr/share/man/ru/man8/faillog.8.gz
+/usr/share/man/ru/man8/lastlog.8.gz
+/usr/share/man/ru/man8/nologin.8.gz
+/usr/share/man/sv
+/usr/share/man/sv/man1
+/usr/share/man/sv/man1/newgrp.1.gz
+/usr/share/man/sv/man1/sg.1.gz
+/usr/share/man/sv/man5
+/usr/share/man/sv/man5/faillog.5.gz
+/usr/share/man/sv/man8
+/usr/share/man/sv/man8/faillog.8.gz
+/usr/share/man/sv/man8/lastlog.8.gz
+/usr/share/man/sv/man8/nologin.8.gz
+/usr/share/man/tr
+/usr/share/man/tr/man1
+/usr/share/man/tr/man1/login.1.gz
+/usr/share/man/tr/man1/su.1.gz
+/usr/share/man/zh_CN
+/usr/share/man/zh_CN/man1
+/usr/share/man/zh_CN/man1/login.1.gz
+/usr/share/man/zh_CN/man1/newgrp.1.gz
+/usr/share/man/zh_CN/man1/sg.1.gz
+/usr/share/man/zh_CN/man1/su.1.gz
+/usr/share/man/zh_CN/man5
+/usr/share/man/zh_CN/man5/faillog.5.gz
+/usr/share/man/zh_CN/man5/login.defs.5.gz
+/usr/share/man/zh_CN/man8
+/usr/share/man/zh_CN/man8/faillog.8.gz
+/usr/share/man/zh_CN/man8/lastlog.8.gz
+/usr/share/man/zh_CN/man8/nologin.8.gz
+/usr/share/man/zh_TW
+/usr/share/man/zh_TW/man1
+/usr/share/man/zh_TW/man1/newgrp.1.gz
+/usr/share/man/zh_TW/man1/su.1.gz
diff --git a/tests/tests/debian/01/data/passwd_files b/tests/tests/debian/01/data/passwd_files
new file mode 100644
index 0000000..78380f4
--- /dev/null
+++ b/tests/tests/debian/01/data/passwd_files
@@ -0,0 +1,400 @@
+/.
+/etc
+/etc/cron.daily
+/etc/cron.daily/passwd
+/etc/default
+/etc/default/useradd
+/etc/pam.d
+/etc/pam.d/chfn
+/etc/pam.d/chpasswd
+/etc/pam.d/chsh
+/etc/pam.d/groupmems
+/etc/pam.d/newusers
+/etc/pam.d/passwd
+/sbin
+/sbin/shadowconfig
+/usr
+/usr/bin
+/usr/bin/chage
+/usr/bin/chfn
+/usr/bin/chsh
+/usr/bin/expiry
+/usr/bin/gpasswd
+/usr/bin/passwd
+/usr/sbin
+/usr/sbin/chgpasswd
+/usr/sbin/chpasswd
+/usr/sbin/cpgr
+/usr/sbin/cppw
+/usr/sbin/groupadd
+/usr/sbin/groupdel
+/usr/sbin/groupmems
+/usr/sbin/groupmod
+/usr/sbin/grpck
+/usr/sbin/grpconv
+/usr/sbin/grpunconv
+/usr/sbin/newusers
+/usr/sbin/pwck
+/usr/sbin/pwconv
+/usr/sbin/pwunconv
+/usr/sbin/useradd
+/usr/sbin/userdel
+/usr/sbin/usermod
+/usr/sbin/vigr
+/usr/sbin/vipw
+/usr/share
+/usr/share/doc
+/usr/share/doc/passwd
+/usr/share/doc/passwd/NEWS.Debian.gz
+/usr/share/doc/passwd/NEWS.gz
+/usr/share/doc/passwd/README
+/usr/share/doc/passwd/README.Debian
+/usr/share/doc/passwd/TODO.gz
+/usr/share/doc/passwd/changelog.Debian.gz
+/usr/share/doc/passwd/changelog.gz
+/usr/share/doc/passwd/copyright
+/usr/share/doc/passwd/examples
+/usr/share/doc/passwd/examples/passwd.expire.cron
+/usr/share/lintian
+/usr/share/lintian/overrides
+/usr/share/lintian/overrides/passwd
+/usr/share/man
+/usr/share/man/cs
+/usr/share/man/cs/man1
+/usr/share/man/cs/man1/expiry.1.gz
+/usr/share/man/cs/man1/gpasswd.1.gz
+/usr/share/man/cs/man5
+/usr/share/man/cs/man5/gshadow.5.gz
+/usr/share/man/cs/man5/passwd.5.gz
+/usr/share/man/cs/man5/shadow.5.gz
+/usr/share/man/cs/man8
+/usr/share/man/cs/man8/groupadd.8.gz
+/usr/share/man/cs/man8/groupdel.8.gz
+/usr/share/man/cs/man8/groupmod.8.gz
+/usr/share/man/cs/man8/grpck.8.gz
+/usr/share/man/cs/man8/vipw.8.gz
+/usr/share/man/da
+/usr/share/man/da/man1
+/usr/share/man/da/man1/chfn.1.gz
+/usr/share/man/da/man5
+/usr/share/man/da/man5/gshadow.5.gz
+/usr/share/man/da/man8
+/usr/share/man/da/man8/groupdel.8.gz
+/usr/share/man/da/man8/vigr.8.gz
+/usr/share/man/da/man8/vipw.8.gz
+/usr/share/man/de
+/usr/share/man/de/man1
+/usr/share/man/de/man1/chage.1.gz
+/usr/share/man/de/man1/chfn.1.gz
+/usr/share/man/de/man1/chsh.1.gz
+/usr/share/man/de/man1/expiry.1.gz
+/usr/share/man/de/man1/gpasswd.1.gz
+/usr/share/man/de/man1/passwd.1.gz
+/usr/share/man/de/man5
+/usr/share/man/de/man5/gshadow.5.gz
+/usr/share/man/de/man5/passwd.5.gz
+/usr/share/man/de/man5/shadow.5.gz
+/usr/share/man/de/man8
+/usr/share/man/de/man8/chpasswd.8.gz
+/usr/share/man/de/man8/groupadd.8.gz
+/usr/share/man/de/man8/groupdel.8.gz
+/usr/share/man/de/man8/groupmems.8.gz
+/usr/share/man/de/man8/groupmod.8.gz
+/usr/share/man/de/man8/grpck.8.gz
+/usr/share/man/de/man8/grpconv.8.gz
+/usr/share/man/de/man8/grpunconv.8.gz
+/usr/share/man/de/man8/newusers.8.gz
+/usr/share/man/de/man8/pwck.8.gz
+/usr/share/man/de/man8/pwconv.8.gz
+/usr/share/man/de/man8/pwunconv.8.gz
+/usr/share/man/de/man8/useradd.8.gz
+/usr/share/man/de/man8/userdel.8.gz
+/usr/share/man/de/man8/usermod.8.gz
+/usr/share/man/de/man8/vigr.8.gz
+/usr/share/man/de/man8/vipw.8.gz
+/usr/share/man/fi
+/usr/share/man/fi/man1
+/usr/share/man/fi/man1/chfn.1.gz
+/usr/share/man/fi/man1/chsh.1.gz
+/usr/share/man/fr
+/usr/share/man/fr/man1
+/usr/share/man/fr/man1/chage.1.gz
+/usr/share/man/fr/man1/chfn.1.gz
+/usr/share/man/fr/man1/chsh.1.gz
+/usr/share/man/fr/man1/expiry.1.gz
+/usr/share/man/fr/man1/gpasswd.1.gz
+/usr/share/man/fr/man1/passwd.1.gz
+/usr/share/man/fr/man5
+/usr/share/man/fr/man5/gshadow.5.gz
+/usr/share/man/fr/man5/passwd.5.gz
+/usr/share/man/fr/man5/shadow.5.gz
+/usr/share/man/fr/man5/subgid.5.gz
+/usr/share/man/fr/man5/subuid.5.gz
+/usr/share/man/fr/man8
+/usr/share/man/fr/man8/chpasswd.8.gz
+/usr/share/man/fr/man8/groupadd.8.gz
+/usr/share/man/fr/man8/groupdel.8.gz
+/usr/share/man/fr/man8/groupmems.8.gz
+/usr/share/man/fr/man8/groupmod.8.gz
+/usr/share/man/fr/man8/grpck.8.gz
+/usr/share/man/fr/man8/grpconv.8.gz
+/usr/share/man/fr/man8/grpunconv.8.gz
+/usr/share/man/fr/man8/newusers.8.gz
+/usr/share/man/fr/man8/pwck.8.gz
+/usr/share/man/fr/man8/pwconv.8.gz
+/usr/share/man/fr/man8/pwunconv.8.gz
+/usr/share/man/fr/man8/shadowconfig.8.gz
+/usr/share/man/fr/man8/useradd.8.gz
+/usr/share/man/fr/man8/userdel.8.gz
+/usr/share/man/fr/man8/usermod.8.gz
+/usr/share/man/fr/man8/vigr.8.gz
+/usr/share/man/fr/man8/vipw.8.gz
+/usr/share/man/hu
+/usr/share/man/hu/man1
+/usr/share/man/hu/man1/chsh.1.gz
+/usr/share/man/hu/man1/gpasswd.1.gz
+/usr/share/man/hu/man1/passwd.1.gz
+/usr/share/man/hu/man5
+/usr/share/man/hu/man5/passwd.5.gz
+/usr/share/man/id
+/usr/share/man/id/man1
+/usr/share/man/id/man1/chsh.1.gz
+/usr/share/man/id/man8
+/usr/share/man/id/man8/useradd.8.gz
+/usr/share/man/it
+/usr/share/man/it/man1
+/usr/share/man/it/man1/chage.1.gz
+/usr/share/man/it/man1/chfn.1.gz
+/usr/share/man/it/man1/chsh.1.gz
+/usr/share/man/it/man1/expiry.1.gz
+/usr/share/man/it/man1/gpasswd.1.gz
+/usr/share/man/it/man1/passwd.1.gz
+/usr/share/man/it/man5
+/usr/share/man/it/man5/gshadow.5.gz
+/usr/share/man/it/man5/passwd.5.gz
+/usr/share/man/it/man5/shadow.5.gz
+/usr/share/man/it/man8
+/usr/share/man/it/man8/chpasswd.8.gz
+/usr/share/man/it/man8/groupadd.8.gz
+/usr/share/man/it/man8/groupdel.8.gz
+/usr/share/man/it/man8/groupmems.8.gz
+/usr/share/man/it/man8/groupmod.8.gz
+/usr/share/man/it/man8/grpck.8.gz
+/usr/share/man/it/man8/grpconv.8.gz
+/usr/share/man/it/man8/grpunconv.8.gz
+/usr/share/man/it/man8/newusers.8.gz
+/usr/share/man/it/man8/pwck.8.gz
+/usr/share/man/it/man8/pwconv.8.gz
+/usr/share/man/it/man8/pwunconv.8.gz
+/usr/share/man/it/man8/useradd.8.gz
+/usr/share/man/it/man8/userdel.8.gz
+/usr/share/man/it/man8/usermod.8.gz
+/usr/share/man/it/man8/vigr.8.gz
+/usr/share/man/it/man8/vipw.8.gz
+/usr/share/man/ja
+/usr/share/man/ja/man1
+/usr/share/man/ja/man1/chage.1.gz
+/usr/share/man/ja/man1/chfn.1.gz
+/usr/share/man/ja/man1/chsh.1.gz
+/usr/share/man/ja/man1/expiry.1.gz
+/usr/share/man/ja/man1/gpasswd.1.gz
+/usr/share/man/ja/man1/passwd.1.gz
+/usr/share/man/ja/man5
+/usr/share/man/ja/man5/passwd.5.gz
+/usr/share/man/ja/man5/shadow.5.gz
+/usr/share/man/ja/man8
+/usr/share/man/ja/man8/chpasswd.8.gz
+/usr/share/man/ja/man8/groupadd.8.gz
+/usr/share/man/ja/man8/groupdel.8.gz
+/usr/share/man/ja/man8/groupmod.8.gz
+/usr/share/man/ja/man8/grpck.8.gz
+/usr/share/man/ja/man8/grpconv.8.gz
+/usr/share/man/ja/man8/grpunconv.8.gz
+/usr/share/man/ja/man8/newusers.8.gz
+/usr/share/man/ja/man8/pwck.8.gz
+/usr/share/man/ja/man8/pwconv.8.gz
+/usr/share/man/ja/man8/pwunconv.8.gz
+/usr/share/man/ja/man8/shadowconfig.8.gz
+/usr/share/man/ja/man8/useradd.8.gz
+/usr/share/man/ja/man8/userdel.8.gz
+/usr/share/man/ja/man8/usermod.8.gz
+/usr/share/man/ja/man8/vigr.8.gz
+/usr/share/man/ja/man8/vipw.8.gz
+/usr/share/man/ko
+/usr/share/man/ko/man1
+/usr/share/man/ko/man1/chfn.1.gz
+/usr/share/man/ko/man1/chsh.1.gz
+/usr/share/man/ko/man5
+/usr/share/man/ko/man5/passwd.5.gz
+/usr/share/man/ko/man8
+/usr/share/man/ko/man8/vigr.8.gz
+/usr/share/man/ko/man8/vipw.8.gz
+/usr/share/man/man1
+/usr/share/man/man1/chage.1.gz
+/usr/share/man/man1/chfn.1.gz
+/usr/share/man/man1/chsh.1.gz
+/usr/share/man/man1/expiry.1.gz
+/usr/share/man/man1/gpasswd.1.gz
+/usr/share/man/man1/passwd.1.gz
+/usr/share/man/man5
+/usr/share/man/man5/gshadow.5.gz
+/usr/share/man/man5/passwd.5.gz
+/usr/share/man/man5/shadow.5.gz
+/usr/share/man/man5/subgid.5.gz
+/usr/share/man/man5/subuid.5.gz
+/usr/share/man/man8
+/usr/share/man/man8/chgpasswd.8.gz
+/usr/share/man/man8/chpasswd.8.gz
+/usr/share/man/man8/cpgr.8.gz
+/usr/share/man/man8/cppw.8.gz
+/usr/share/man/man8/groupadd.8.gz
+/usr/share/man/man8/groupdel.8.gz
+/usr/share/man/man8/groupmems.8.gz
+/usr/share/man/man8/groupmod.8.gz
+/usr/share/man/man8/grpck.8.gz
+/usr/share/man/man8/grpconv.8.gz
+/usr/share/man/man8/grpunconv.8.gz
+/usr/share/man/man8/newusers.8.gz
+/usr/share/man/man8/pwck.8.gz
+/usr/share/man/man8/pwconv.8.gz
+/usr/share/man/man8/pwunconv.8.gz
+/usr/share/man/man8/shadowconfig.8.gz
+/usr/share/man/man8/useradd.8.gz
+/usr/share/man/man8/userdel.8.gz
+/usr/share/man/man8/usermod.8.gz
+/usr/share/man/man8/vigr.8.gz
+/usr/share/man/man8/vipw.8.gz
+/usr/share/man/pl
+/usr/share/man/pl/man1
+/usr/share/man/pl/man1/chage.1.gz
+/usr/share/man/pl/man1/chsh.1.gz
+/usr/share/man/pl/man1/expiry.1.gz
+/usr/share/man/pl/man8
+/usr/share/man/pl/man8/groupadd.8.gz
+/usr/share/man/pl/man8/groupdel.8.gz
+/usr/share/man/pl/man8/groupmems.8.gz
+/usr/share/man/pl/man8/groupmod.8.gz
+/usr/share/man/pl/man8/grpck.8.gz
+/usr/share/man/pl/man8/shadowconfig.8.gz
+/usr/share/man/pl/man8/userdel.8.gz
+/usr/share/man/pl/man8/usermod.8.gz
+/usr/share/man/pl/man8/vigr.8.gz
+/usr/share/man/pl/man8/vipw.8.gz
+/usr/share/man/pt_BR
+/usr/share/man/pt_BR/man1
+/usr/share/man/pt_BR/man1/gpasswd.1.gz
+/usr/share/man/pt_BR/man5
+/usr/share/man/pt_BR/man5/passwd.5.gz
+/usr/share/man/pt_BR/man5/shadow.5.gz
+/usr/share/man/pt_BR/man8
+/usr/share/man/pt_BR/man8/groupadd.8.gz
+/usr/share/man/pt_BR/man8/groupdel.8.gz
+/usr/share/man/pt_BR/man8/groupmod.8.gz
+/usr/share/man/ru
+/usr/share/man/ru/man1
+/usr/share/man/ru/man1/chage.1.gz
+/usr/share/man/ru/man1/chfn.1.gz
+/usr/share/man/ru/man1/chsh.1.gz
+/usr/share/man/ru/man1/expiry.1.gz
+/usr/share/man/ru/man1/gpasswd.1.gz
+/usr/share/man/ru/man1/passwd.1.gz
+/usr/share/man/ru/man5
+/usr/share/man/ru/man5/gshadow.5.gz
+/usr/share/man/ru/man5/passwd.5.gz
+/usr/share/man/ru/man5/shadow.5.gz
+/usr/share/man/ru/man8
+/usr/share/man/ru/man8/chpasswd.8.gz
+/usr/share/man/ru/man8/groupadd.8.gz
+/usr/share/man/ru/man8/groupdel.8.gz
+/usr/share/man/ru/man8/groupmems.8.gz
+/usr/share/man/ru/man8/groupmod.8.gz
+/usr/share/man/ru/man8/grpck.8.gz
+/usr/share/man/ru/man8/grpconv.8.gz
+/usr/share/man/ru/man8/grpunconv.8.gz
+/usr/share/man/ru/man8/newusers.8.gz
+/usr/share/man/ru/man8/pwck.8.gz
+/usr/share/man/ru/man8/pwconv.8.gz
+/usr/share/man/ru/man8/pwunconv.8.gz
+/usr/share/man/ru/man8/useradd.8.gz
+/usr/share/man/ru/man8/userdel.8.gz
+/usr/share/man/ru/man8/usermod.8.gz
+/usr/share/man/ru/man8/vigr.8.gz
+/usr/share/man/ru/man8/vipw.8.gz
+/usr/share/man/sv
+/usr/share/man/sv/man1
+/usr/share/man/sv/man1/chage.1.gz
+/usr/share/man/sv/man1/chsh.1.gz
+/usr/share/man/sv/man1/expiry.1.gz
+/usr/share/man/sv/man1/passwd.1.gz
+/usr/share/man/sv/man5
+/usr/share/man/sv/man5/gshadow.5.gz
+/usr/share/man/sv/man5/passwd.5.gz
+/usr/share/man/sv/man8
+/usr/share/man/sv/man8/groupadd.8.gz
+/usr/share/man/sv/man8/groupdel.8.gz
+/usr/share/man/sv/man8/groupmems.8.gz
+/usr/share/man/sv/man8/groupmod.8.gz
+/usr/share/man/sv/man8/grpck.8.gz
+/usr/share/man/sv/man8/pwck.8.gz
+/usr/share/man/sv/man8/userdel.8.gz
+/usr/share/man/sv/man8/vigr.8.gz
+/usr/share/man/sv/man8/vipw.8.gz
+/usr/share/man/tr
+/usr/share/man/tr/man1
+/usr/share/man/tr/man1/chage.1.gz
+/usr/share/man/tr/man1/chfn.1.gz
+/usr/share/man/tr/man1/passwd.1.gz
+/usr/share/man/tr/man5
+/usr/share/man/tr/man5/passwd.5.gz
+/usr/share/man/tr/man5/shadow.5.gz
+/usr/share/man/tr/man8
+/usr/share/man/tr/man8/groupadd.8.gz
+/usr/share/man/tr/man8/groupdel.8.gz
+/usr/share/man/tr/man8/groupmod.8.gz
+/usr/share/man/tr/man8/useradd.8.gz
+/usr/share/man/tr/man8/userdel.8.gz
+/usr/share/man/tr/man8/usermod.8.gz
+/usr/share/man/zh_CN
+/usr/share/man/zh_CN/man1
+/usr/share/man/zh_CN/man1/chage.1.gz
+/usr/share/man/zh_CN/man1/chfn.1.gz
+/usr/share/man/zh_CN/man1/chsh.1.gz
+/usr/share/man/zh_CN/man1/expiry.1.gz
+/usr/share/man/zh_CN/man1/gpasswd.1.gz
+/usr/share/man/zh_CN/man1/passwd.1.gz
+/usr/share/man/zh_CN/man5
+/usr/share/man/zh_CN/man5/gshadow.5.gz
+/usr/share/man/zh_CN/man5/passwd.5.gz
+/usr/share/man/zh_CN/man5/shadow.5.gz
+/usr/share/man/zh_CN/man8
+/usr/share/man/zh_CN/man8/chpasswd.8.gz
+/usr/share/man/zh_CN/man8/groupadd.8.gz
+/usr/share/man/zh_CN/man8/groupdel.8.gz
+/usr/share/man/zh_CN/man8/groupmems.8.gz
+/usr/share/man/zh_CN/man8/groupmod.8.gz
+/usr/share/man/zh_CN/man8/grpck.8.gz
+/usr/share/man/zh_CN/man8/grpconv.8.gz
+/usr/share/man/zh_CN/man8/grpunconv.8.gz
+/usr/share/man/zh_CN/man8/newusers.8.gz
+/usr/share/man/zh_CN/man8/pwck.8.gz
+/usr/share/man/zh_CN/man8/pwconv.8.gz
+/usr/share/man/zh_CN/man8/pwunconv.8.gz
+/usr/share/man/zh_CN/man8/useradd.8.gz
+/usr/share/man/zh_CN/man8/userdel.8.gz
+/usr/share/man/zh_CN/man8/usermod.8.gz
+/usr/share/man/zh_CN/man8/vigr.8.gz
+/usr/share/man/zh_CN/man8/vipw.8.gz
+/usr/share/man/zh_TW
+/usr/share/man/zh_TW/man1
+/usr/share/man/zh_TW/man1/chfn.1.gz
+/usr/share/man/zh_TW/man1/chsh.1.gz
+/usr/share/man/zh_TW/man5
+/usr/share/man/zh_TW/man5/passwd.5.gz
+/usr/share/man/zh_TW/man8
+/usr/share/man/zh_TW/man8/chpasswd.8.gz
+/usr/share/man/zh_TW/man8/groupadd.8.gz
+/usr/share/man/zh_TW/man8/groupdel.8.gz
+/usr/share/man/zh_TW/man8/groupmod.8.gz
+/usr/share/man/zh_TW/man8/useradd.8.gz
+/usr/share/man/zh_TW/man8/userdel.8.gz
+/usr/share/man/zh_TW/man8/usermod.8.gz
diff --git a/tests/tests/debian/01/run b/tests/tests/debian/01/run
new file mode 100755
index 0000000..6db7cf0
--- /dev/null
+++ b/tests/tests/debian/01/run
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# The goal of this test is to check the distributed files (as debdiff)
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+}
+
+restore()
+{
+	rm tmp/login_files tmp/passwd_files
+	rmdir tmp
+}
+
+save
+
+trap 'restore' 0
+
+dpkg -L login | sort > tmp/login_files
+dpkg -L passwd | sort > tmp/passwd_files
+
+echo -n "Checking the login files..."
+diff -u data/login_files tmp/login_files
+echo "OK"
+echo -n "Checking the passwd files..."
+diff -u data/passwd_files tmp/passwd_files
+echo OK
+
diff --git a/tests/tests/debian/02/run b/tests/tests/debian/02/run
new file mode 100755
index 0000000..a305c37
--- /dev/null
+++ b/tests/tests/debian/02/run
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# This test check if passwd or login provide files also distributed by
+# another package.
+# The goal is to detect new package for the Replaces or Conflicts fields,
+# or to tighten these relationships.
+#
+# It supposes that we will at least Replaces/Conflicts on the i386
+# architecture.
+
+wget -c http://ftp2.fr.debian.org/debian/dists/unstable/Contents-i386.gz
+
+for pkg in login passwd
+    do
+    dpkg -L $pkg | sed -e 's/^\///' |
+    {
+        while read file
+        do
+            [ -f "/$file" ] && echo "^$file	"
+        done
+    } > files
+
+    echo "List of files that the $pkg package currently replaces:"
+    zgrep -E -f files Contents-i386.gz | grep -Ev " admin/(login|passwd)$"
+done
+
+rm -f files Contents-i386.gz
+
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/group b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/gshadow b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/passwd b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/shadow b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.exp b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.test b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/group b/tests/tests/expiry/02_expiry_-c_expired/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/gshadow b/tests/tests/expiry/02_expiry_-c_expired/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/passwd b/tests/tests/expiry/02_expiry_-c_expired/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/shadow b/tests/tests/expiry/02_expiry_-c_expired/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/02_expiry_-c_expired/expiry.exp b/tests/tests/expiry/02_expiry_-c_expired/expiry.exp
new file mode 100755
index 0000000..92ae409
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "1"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/02_expiry_-c_expired/expiry.test b/tests/tests/expiry/02_expiry_-c_expired/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/group b/tests/tests/expiry/03_expiry_-f_expired/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/gshadow b/tests/tests/expiry/03_expiry_-f_expired/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/pam.d/common-password b/tests/tests/expiry/03_expiry_-f_expired/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/passwd b/tests/tests/expiry/03_expiry_-f_expired/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/shadow b/tests/tests/expiry/03_expiry_-f_expired/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/03_expiry_-f_expired/data/shadow b/tests/tests/expiry/03_expiry_-f_expired/data/shadow
new file mode 100644
index 0000000..83da315
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/data/shadow
@@ -0,0 +1,20 @@
+root:@PASS_SHA512 password@:@TODAY@:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/03_expiry_-f_expired/expiry.exp b/tests/tests/expiry/03_expiry_-f_expired/expiry.exp
new file mode 100755
index 0000000..ada61c9
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/expiry.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -f\r"
+expect "Your password has expired.  Choose a new password."
+expect "Enter new UNIX password: "
+send "password\r"
+expect "Retype new UNIX password: "
+send "password\r"
+expect "passwd: password updated successfully"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/03_expiry_-f_expired/expiry.test b/tests/tests/expiry/03_expiry_-f_expired/expiry.test
new file mode 100755
index 0000000..252afb1
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/group b/tests/tests/expiry/04_expiry_no_options/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/gshadow b/tests/tests/expiry/04_expiry_no_options/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/passwd b/tests/tests/expiry/04_expiry_no_options/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/shadow b/tests/tests/expiry/04_expiry_no_options/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/04_expiry_no_options/data/usage.out b/tests/tests/expiry/04_expiry_no_options/data/usage.out
new file mode 100644
index 0000000..ab67c87
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/data/usage.out
@@ -0,0 +1,8 @@
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/04_expiry_no_options/expiry.test b/tests/tests/expiry/04_expiry_no_options/expiry.test
new file mode 100755
index 0000000..02c6cbb
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/expiry.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry provides an Usage message if no options are given"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry without any option (expiry)..."
+expiry 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/group b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/gshadow b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/passwd b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/shadow b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.exp b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.test b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.test
new file mode 100755
index 0000000..0251edd
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that there are no shadow files..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/group b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/gshadow b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/passwd b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/shadow b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..3789b9f
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.exp b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.test b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/group b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/gshadow b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/passwd b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/shadow b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/shadow
new file mode 100644
index 0000000..319082d
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7::13000:
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/expiry.exp b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.exp
new file mode 100755
index 0000000..18dce25
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "3"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/expiry.test b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/group b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/gshadow b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/passwd b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/shadow b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/shadow
new file mode 100644
index 0000000..65489e7
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:10:7:10::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.exp b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.exp
new file mode 100755
index 0000000..fc0bf4f
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "2"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.test b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/group b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/gshadow b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/passwd b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/shadow b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/shadow
new file mode 100644
index 0000000..bf371c0
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:9000:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.exp b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.test b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/group b/tests/tests/expiry/10_expiry_bad_option/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/gshadow b/tests/tests/expiry/10_expiry_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/passwd b/tests/tests/expiry/10_expiry_bad_option/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/shadow b/tests/tests/expiry/10_expiry_bad_option/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/10_expiry_bad_option/data/usage.out b/tests/tests/expiry/10_expiry_bad_option/data/usage.out
new file mode 100644
index 0000000..c2d9716
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/data/usage.out
@@ -0,0 +1,9 @@
+expiry: invalid option -- 'Z'
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/10_expiry_bad_option/expiry.test b/tests/tests/expiry/10_expiry_bad_option/expiry.test
new file mode 100755
index 0000000..bcbbb60
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/expiry.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry provides an Usage message if an invalid option is given"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry with an invalid option (expiry -Z)..."
+expiry -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/group b/tests/tests/expiry/11_expiry_usage/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/gshadow b/tests/tests/expiry/11_expiry_usage/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/passwd b/tests/tests/expiry/11_expiry_usage/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/shadow b/tests/tests/expiry/11_expiry_usage/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/11_expiry_usage/data/usage.out b/tests/tests/expiry/11_expiry_usage/data/usage.out
new file mode 100644
index 0000000..ab67c87
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/data/usage.out
@@ -0,0 +1,8 @@
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/11_expiry_usage/expiry.test b/tests/tests/expiry/11_expiry_usage/expiry.test
new file mode 100755
index 0000000..93c455c
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/expiry.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get expiry usage message (expiry --help)..."
+expiry --help >tmp/usage.out
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/group b/tests/tests/expiry/12_expiry_extra_arg/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/gshadow b/tests/tests/expiry/12_expiry_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/passwd b/tests/tests/expiry/12_expiry_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/shadow b/tests/tests/expiry/12_expiry_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/12_expiry_extra_arg/data/usage.out b/tests/tests/expiry/12_expiry_extra_arg/data/usage.out
new file mode 100644
index 0000000..f250f48
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/data/usage.out
@@ -0,0 +1,9 @@
+expiry: unexpected argument: foo
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/12_expiry_extra_arg/expiry.test b/tests/tests/expiry/12_expiry_extra_arg/expiry.test
new file mode 100755
index 0000000..ea6fa08
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/expiry.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry check that no argument remain onthecommand line"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry with an extra argument (expiry -f foo)..."
+expiry -f foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/group b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/gshadow b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/passwd b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/shadow b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/data/usage.out b/tests/tests/expiry/13_expiry_usage-c-f/data/usage.out
new file mode 100644
index 0000000..d0305e3
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/data/usage.out
@@ -0,0 +1,9 @@
+expiry: options -c and -f conflict
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/expiry.test b/tests/tests/expiry/13_expiry_usage-c-f/expiry.test
new file mode 100755
index 0000000..8a6a14a
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/expiry.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry check that the -c and -f flags are not used at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry with the -c and -f flags (expiry -f -c)..."
+expiry -f -c 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/chage.test b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/chage.test
new file mode 100755
index 0000000..9ae1ff7
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config.txt b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/group b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/gshadow b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/login.defs b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/passwd b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/shadow b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/data/chage.err b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/data/chage.err
new file mode 100644
index 0000000..bdfd8e2
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+chage: cannot open /etc/passwd
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/chage.test b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/chage.test
new file mode 100755
index 0000000..23df6c6
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -l bin)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/passwd chage -l bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config.txt b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/group b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/gshadow b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/login.defs b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/passwd b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/shadow b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/data/chage.err b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/data/chage.err
new file mode 100644
index 0000000..38f6955
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 0 ...
+chage: cannot open /etc/passwd
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/chage.test b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/chage.test
new file mode 100755
index 0000000..1469b78
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config.txt b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/group b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/gshadow b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/login.defs b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/passwd b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/shadow b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/data/chage.err b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/data/chage.err
new file mode 100644
index 0000000..a814928
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+chage: cannot open /etc/shadow
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/chage.test b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/chage.test
new file mode 100755
index 0000000..55a0a94
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -l bin)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/shadow chage -l bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config.txt b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/group b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/gshadow b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/login.defs b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/passwd b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/shadow b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/data/chage.err b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/data/chage.err
new file mode 100644
index 0000000..38aeca7
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 0 ...
+chage: cannot open /etc/shadow
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/chage.test b/tests/tests/failures/chage/05_chage_rename_shadow_failure/chage.test
new file mode 100755
index 0000000..e5e406a
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's inactivity period (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config.txt b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/group b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/data/chage.err b/tests/tests/failures/chage/05_chage_rename_shadow_failure/data/chage.err
new file mode 100644
index 0000000..963f430
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/data/chage.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+chage: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/chage.test b/tests/tests/failures/chage/06_chage_rename_passwd_failure/chage.test
new file mode 100755
index 0000000..bd27260
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's inactivity period (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config.txt b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/group b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/chage.err b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/chage.err
new file mode 100644
index 0000000..188d7dd
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/chage.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+chage: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/shadow b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..d32d937
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:::::12::
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
new file mode 100755
index 0000000..e0cedc9
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config.txt b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/group b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/data/chgpasswd.err
new file mode 100644
index 0000000..572aa4a
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+chgpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
new file mode 100755
index 0000000..784ed0a
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config.txt b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/group b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/data/chgpasswd.err
new file mode 100644
index 0000000..9db820b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+chgpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
new file mode 100755
index 0000000..7e8894a
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config.txt b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/group b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..aa30237
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:foo:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..1b92e48
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/chgpasswd.err
new file mode 100644
index 0000000..0fb48ad
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+chgpasswd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/gshadow b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/gshadow
new file mode 100644
index 0000000..03d3b45
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:test2::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
new file mode 100755
index 0000000..135f912
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config.txt b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/group b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..ae5682b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/data/chgpasswd.err
new file mode 100644
index 0000000..187a8eb
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+chgpasswd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
new file mode 100755
index 0000000..e161ecf
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config.txt b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/data/chpasswd.err
new file mode 100644
index 0000000..e9e6282
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+chpasswd: cannot open /etc/passwd
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
new file mode 100755
index 0000000..90060b9
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config.txt b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/data/chpasswd.err
new file mode 100644
index 0000000..11554c1
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+chpasswd: cannot open /etc/shadow
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
new file mode 100755
index 0000000..6bd8f60
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config.txt b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..ae5682b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/chpasswd.err
new file mode 100644
index 0000000..0d71e50
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+chpasswd: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/shadow b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..08fa354
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
new file mode 100755
index 0000000..53fc373
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config.txt b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..ae5682b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/data/chpasswd.err
new file mode 100644
index 0000000..dbe7aea
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+chpasswd: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
new file mode 100755
index 0000000..049ebb9
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/time_0.so chpasswd -e 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config.txt b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/group b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/data/shadow b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/data/shadow
new file mode 100644
index 0000000..f7aa7c0
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2::0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test::0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/chsh.test b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/chsh.test
new file mode 100755
index 0000000..3e0e4a1
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chsh report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's shell (chsh -s /bin/sh bin)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd chsh -s /bin/sh bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config.txt b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/group b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/passwd b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/shadow b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/data/chsh.err b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/data/chsh.err
new file mode 100644
index 0000000..0bf9b92
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/data/chsh.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+chsh: cannot open /etc/passwd
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/chsh.test b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/chsh.test
new file mode 100755
index 0000000..e2c5ecd
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chsh report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's shell (chsh -s /bin/sh bin)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd chsh -s /bin/sh bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config.txt b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/group b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/chsh.err b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/chsh.err
new file mode 100644
index 0000000..958bf31
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/chsh.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+chsh: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/shadow b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..b678d83
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/shadow
@@ -0,0 +1,20 @@
+root:*:@TODAY@:0:99999:7:::
+daemon:*:@TODAY@:0:99999:7:::
+bin:*:@TODAY@:0:99999:7:::
+sys:*:@TODAY@:0:99999:7:::
+sync:*:@TODAY@:0:99999:7:::
+games:*:@TODAY@:0:99999:7:::
+man:*:@TODAY@:0:99999:7:::
+lp:*:@TODAY@:0:99999:7:::
+mail:*:@TODAY@:0:99999:7:::
+news:*:@TODAY@:0:99999:7:::
+uucp:*:@TODAY@:0:99999:7:::
+proxy:*:@TODAY@:0:99999:7:::
+www-data:*:@TODAY@:0:99999:7:::
+backup:*:@TODAY@:0:99999:7:::
+list:*:@TODAY@:0:99999:7:::
+irc:*:@TODAY@:0:99999:7:::
+gnats:*:@TODAY@:0:99999:7:::
+nobody:*:@TODAY@:0:99999:7:::
+Debian-exim:*:@TODAY@:0:99999:7:::
+foo:abc:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config.txt b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/group b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/gshadow b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/login.defs b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/passwd b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/shadow b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/cppw.test b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
new file mode 100755
index 0000000..57aa57b
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "cppw report failures when it cannot open the input passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy data/passwd (cppw data/passwd)..."
+LD_PRELOAD=../../../common/fopen_failure.so FAILURE_PATH=data/passwd /usr/sbin/cppw data/passwd 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "error message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/cppw.err b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/cppw.err
new file mode 100644
index 0000000..3816592
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/cppw.err
@@ -0,0 +1,3 @@
+fopen64 FAILURE data/passwd r ...
+cppw: data/passwd: Input/output error
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/passwd b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config.txt b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/group b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/gshadow b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/login.defs b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/passwd b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/shadow b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
new file mode 100755
index 0000000..5ae4ef0
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "cppw report failures when it cannot open the input passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy data/passwd (cppw data/passwd)..."
+LD_PRELOAD=../../../common/fopen_failure.so FAILURE_PATH=/etc/passwd.new cppw data/passwd 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "error message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/cppw.err b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/cppw.err
new file mode 100644
index 0000000..78606fd
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/cppw.err
@@ -0,0 +1,3 @@
+fopen64 FAILURE /etc/passwd.new w ...
+cppw: Couldn't make copy: Input/output error
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/passwd b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config.txt b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/group b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/cppw.test b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/cppw.test
new file mode 100755
index 0000000..2e809a7
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "cppw report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy data/passwd (cppw data/passwd)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd cppw data/passwd 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "error message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/cppw.err b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/cppw.err
new file mode 100644
index 0000000..7e27e3e
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/cppw.err
@@ -0,0 +1,3 @@
+rename FAILURE /etc/passwd.new /etc/passwd
+cppw: can't copy /etc/passwd.new: Input/output error)
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/passwd b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config.txt b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..a338a97
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config.txt b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/group b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..7d0a31a
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
new file mode 100755
index 0000000..253afcf
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config.txt b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..2b2e663
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -a root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -a root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config.txt b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..b52772e
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -d foo users)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -d foo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config.txt b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..2c34af4
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -r foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -r foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config.txt b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/group b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..7d0a31a
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
new file mode 100755
index 0000000..47c08e9
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -R foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow gpasswd -R foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config.txt b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/group b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..7d0a31a
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
new file mode 100755
index 0000000..84e92c1
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -A root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow gpasswd -A root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config.txt b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/group b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/passwd b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/shadow b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/data/gpasswd.err
new file mode 100644
index 0000000..448b6b3
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 0 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
new file mode 100755
index 0000000..c4fc2a8
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/group gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config.txt b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/group b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/passwd b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/shadow b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/data/gpasswd.err
new file mode 100644
index 0000000..b407c77
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 0 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
new file mode 100755
index 0000000..3093af9
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/gshadow gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config.txt b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/group b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/passwd b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/shadow b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/data/gpasswd.err
new file mode 100644
index 0000000..ad9669b
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+gpasswd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
new file mode 100755
index 0000000..7b654ad
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot commit the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -a root foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group gpasswd -a root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config.txt b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/group b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/gpasswd.err
new file mode 100644
index 0000000..75f3e72
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+gpasswd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/group b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..f7ef7ea
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:root
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
new file mode 100755
index 0000000..a7658f5
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot commit the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -a root foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow gpasswd -a root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config.txt b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/group b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/group b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/groupadd.err b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/groupadd.err
new file mode 100644
index 0000000..add9af0
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+groupadd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
new file mode 100755
index 0000000..9114782
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures to save a new gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config.txt b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/group b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/gshadow b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/login.defs b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/passwd b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/shadow b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/data/groupadd.err b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/data/groupadd.err
new file mode 100644
index 0000000..62e2205
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+groupadd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/groupadd.test b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
new file mode 100755
index 0000000..6cfac74
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures to save a new group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config.txt b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/data/groupadd.err b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/data/groupadd.err
new file mode 100644
index 0000000..820b124
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupadd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
new file mode 100755
index 0000000..c00a1e3
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config.txt b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/group b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/login.defs b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/passwd b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/shadow b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/data/groupadd.err b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/data/groupadd.err
new file mode 100644
index 0000000..ec69296
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupadd: cannot open /etc/group
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/groupadd.test b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/groupadd.test
new file mode 100755
index 0000000..a07a86a
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config.txt b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/group b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/group b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/groupdel.err b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/groupdel.err
new file mode 100644
index 0000000..569464f
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+groupdel: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
new file mode 100755
index 0000000..5e4d8ad
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures to save a new gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config.txt b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/group b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/gshadow b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/login.defs b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/passwd b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/shadow b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/data/groupdel.err b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/data/groupdel.err
new file mode 100644
index 0000000..b68ca55
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+groupdel: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/groupdel.test b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
new file mode 100755
index 0000000..0be68eb
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures to save a new group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config.txt b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/data/groupdel.err b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/data/groupdel.err
new file mode 100644
index 0000000..448878e
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupdel: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
new file mode 100755
index 0000000..664ce9f
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config.txt b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/group b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/login.defs b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/passwd b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/shadow b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/data/groupdel.err b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/data/groupdel.err
new file mode 100644
index 0000000..212e9a1
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupdel: cannot open /etc/group
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/groupdel.test b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/groupdel.test
new file mode 100755
index 0000000..8a05da7
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config.txt b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/group b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/passwd b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/shadow b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/data/groupmems.err b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/data/groupmems.err
new file mode 100644
index 0000000..1d13747
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/data/groupmems.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupmems: cannot open /etc/group
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/groupmems.test b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/groupmems.test
new file mode 100755
index 0000000..7b772cf
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group 1001 (groupmems -g 1001 -a nobody)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupmems -g 1001 -a nobody 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config.txt b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/data/groupmems.err b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/data/groupmems.err
new file mode 100644
index 0000000..3e01ee1
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/data/groupmems.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupmems: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
new file mode 100755
index 0000000..8be4d6e
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group 1001 (groupmems -g 1001 -a nobody)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupmems -g 1001 -a nobody 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config.txt b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/group b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/group b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/groupmod.err b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/groupmod.err
new file mode 100644
index 0000000..652104e
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+groupmod: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
new file mode 100755
index 0000000..4b19ee8
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow groupmod -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config.txt b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/group b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/group b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/groupmod.err b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/groupmod.err
new file mode 100644
index 0000000..ee51312
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+groupmod: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
new file mode 100755
index 0000000..7b38a60
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod changes the primary group of users when it changes the GID of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config.txt b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/group b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/gshadow b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/login.defs b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/passwd b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/shadow b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/data/groupmod.err b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/data/groupmod.err
new file mode 100644
index 0000000..505d2d4
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+groupmod: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
new file mode 100755
index 0000000..966ec7c
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group groupmod -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config.txt b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/group b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/data/groupmod.err b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/data/groupmod.err
new file mode 100644
index 0000000..f892b68
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupmod: cannot open /etc/group
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/groupmod.test b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/groupmod.test
new file mode 100755
index 0000000..ec94d5e
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config.txt b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/data/groupmod.err b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/data/groupmod.err
new file mode 100644
index 0000000..0aca92f
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupmod: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
new file mode 100755
index 0000000..acf3248
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupmod -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config.txt b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/data/group b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
new file mode 100755
index 0000000..c4d41de
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod does not need to open gshadow to change a gid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config.txt b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/group b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..e396cfd
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+baz:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..8f6ebbd
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/data/groupmod.err b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/data/groupmod.err
new file mode 100644
index 0000000..f8a82d0
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+groupmod: cannot open /etc/passwd
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
new file mode 100755
index 0000000..2bcc782
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config.txt b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/group b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..e396cfd
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+baz:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..8f6ebbd
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
new file mode 100755
index 0000000..b801985
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod does not open the passwd file if not needed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo with same gid (groupmod -g 1000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd groupmod -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config.txt b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/group b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..e396cfd
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+baz:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..8f6ebbd
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/group b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/gshadow b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
new file mode 100755
index 0000000..7480cf2
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod does not open the passwd file if not needed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config.txt b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/group b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/passwd b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/shadow b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/data/grpck.err b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/data/grpck.err
new file mode 100644
index 0000000..378a519
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+grpck: cannot open /etc/group
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/grpck.test b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/grpck.test
new file mode 100755
index 0000000..288099e
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check groups (grpck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config.txt b/tests/tests/failures/grpck/02_grpck_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/group b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/passwd b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/shadow b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/data/grpck.err b/tests/tests/failures/grpck/02_grpck_group_open_failure/data/grpck.err
new file mode 100644
index 0000000..c51c8a3
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE data/group 2 ...
+grpck: cannot open data/group
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/grpck.test b/tests/tests/failures/grpck/02_grpck_group_open_failure/grpck.test
new file mode 100755
index 0000000..41fe2a2
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check groups (grpck data/group)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/group grpck data/group 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config.txt b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/group b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/data/grpck.err b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/data/grpck.err
new file mode 100644
index 0000000..d15a190
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+grpck: cannot open /etc/gshadow
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
new file mode 100755
index 0000000..1016fc5
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the system gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check system groups (grpck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config.txt b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/group b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/group b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/grpck.err b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/grpck.err
new file mode 100644
index 0000000..61aff8a
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE data/gshadow 2 ...
+grpck: cannot open data/gshadow
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/gshadow b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/grpck.test b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/grpck.test
new file mode 100755
index 0000000..2510878
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the local gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check local groups (grpck data/group data/gshadow)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/gshadow grpck data/group data/gshadow 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config.txt b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/group b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/gshadow b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/login.defs b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/passwd b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/shadow b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/data/grpck.err b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/data/grpck.err
new file mode 100644
index 0000000..5eecbfd
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/data/grpck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+grpck: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/grpck.test b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
new file mode 100755
index 0000000..40f3ebc
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort group (grpck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group grpck -s 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config.txt b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/group b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/group b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..a9a2e4c
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
+nogroup:x:65534:
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/grpck.err b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/grpck.err
new file mode 100644
index 0000000..275d87f
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/grpck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+grpck: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
new file mode 100755
index 0000000..18f6979
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort group (grpck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow grpck -s 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config.txt b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/group b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/gshadow b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/login.defs b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/passwd b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/shadow b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/data/grpconv.err b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/data/grpconv.err
new file mode 100644
index 0000000..e02074e
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+grpconv: cannot open /etc/group
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/grpconv.test b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/grpconv.test
new file mode 100755
index 0000000..3398314
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Disable shadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config.txt b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/group b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/data/grpconv.err b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/data/grpconv.err
new file mode 100644
index 0000000..101f3d5
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+grpconv: cannot open /etc/gshadow
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
new file mode 100755
index 0000000..77d4161
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Enable gshadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config.txt b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/group b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..5d68f69
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:*:101:
+Debian-exim:*:102:
+foo:abc:1000:
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/gshadow b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/login.defs b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/passwd b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/shadow b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/grpconv.err b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/grpconv.err
new file mode 100644
index 0000000..c1a1171
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+grpconv: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/gshadow b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/gshadow
new file mode 100644
index 0000000..372fb9b
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:*::
+Debian-exim:*::
+foo:abc::
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/grpconv.test b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
new file mode 100755
index 0000000..2d22d15
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures to write the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Enable gshadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config.txt b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/group b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/data/grpconv.err b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/data/grpconv.err
new file mode 100644
index 0000000..f4eee43
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+grpconv: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
new file mode 100755
index 0000000..0537ca4
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures to write the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Enable gshadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config.txt b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/group b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/passwd b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/shadow b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/data/grpunconv.err
new file mode 100644
index 0000000..33ea6f3
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+grpunconv: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
new file mode 100755
index 0000000..8b4e014
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config.txt b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/group b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/passwd b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/shadow b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/data/grpunconv.err
new file mode 100644
index 0000000..fd1f2de
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+grpunconv: cannot open /etc/group
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
new file mode 100755
index 0000000..014788e
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config.txt b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/group b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/data/grpunconv.err
new file mode 100644
index 0000000..cb80cfd
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 0 ...
+grpunconv: cannot open /etc/gshadow
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
new file mode 100755
index 0000000..4516e06
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable gshadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/gshadow grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config.txt b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/group b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/group b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/group
new file mode 100644
index 0000000..54d3da4
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:*:1000:
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/grpunconv.err
new file mode 100644
index 0000000..84fa124
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+unlink FAILURE /etc/gshadow
+grpunconv: cannot delete /etc/gshadow
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
new file mode 100755
index 0000000..4102719
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv report failures when it cannot remove the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/etc/gshadow grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config.txt b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/group b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/passwd b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/shadow b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.err b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.err
new file mode 100644
index 0000000..b9a24a2
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+newusers: cannot open /etc/passwd
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.list b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/newusers.test b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/newusers.test
new file mode 100755
index 0000000..25462a8
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config.txt b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/group b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/passwd b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/shadow b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.err b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.err
new file mode 100644
index 0000000..f46f22d
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+newusers: cannot open /etc/shadow
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.list b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/newusers.test b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/newusers.test
new file mode 100755
index 0000000..b7fc584
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config.txt b/tests/tests/failures/newusers/03_newusers_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/default/useradd b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/group b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/gshadow b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/login.defs b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/passwd b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/shadow b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.err b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.err
new file mode 100644
index 0000000..3ec4f2f
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+newusers: cannot open /etc/group
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.list b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/newusers.test b/tests/tests/failures/newusers/03_newusers_open_group_failure/newusers.test
new file mode 100755
index 0000000..95e075d
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config.txt b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/group b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.err b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.err
new file mode 100644
index 0000000..e2a9ca0
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+newusers: cannot open /etc/gshadow
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.list b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/newusers.test b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/newusers.test
new file mode 100755
index 0000000..6383079
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config.txt b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/default/useradd b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/group b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.err b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.err
new file mode 100644
index 0000000..160bad7
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+newusers: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.list b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/newusers.test b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/newusers.test
new file mode 100755
index 0000000..3fc3097
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config.txt b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/group b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.err b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.err
new file mode 100644
index 0000000..593b9ae
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+newusers: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.list b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/passwd b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/newusers.test b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/newusers.test
new file mode 100755
index 0000000..aad005f
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config.txt b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/group b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/gshadow b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/login.defs b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/passwd b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/shadow b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.err b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.err
new file mode 100644
index 0000000..2ac5e86
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+newusers: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.list b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/passwd b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/shadow b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/shadow
new file mode 100644
index 0000000..602bef5
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/newusers.test b/tests/tests/failures/newusers/07_newusers_rename_group_failure/newusers.test
new file mode 100755
index 0000000..20a8771
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config.txt b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/group b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/group b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.err b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.err
new file mode 100644
index 0000000..ca0738a
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+newusers: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.list b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/passwd b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/shadow b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/shadow
new file mode 100644
index 0000000..602bef5
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/newusers.test b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
new file mode 100755
index 0000000..8a8560f
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config.txt b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/group b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/gshadow b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/login.defs b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/passwd b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/shadow b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/group b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/gshadow b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.err b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.err
new file mode 100644
index 0000000..70bfcb5
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.err
@@ -0,0 +1,4 @@
+rename FAILURE /etc/nshadow /etc/shadow
+newusers: (user foo) pam_chauthtok() failed, error:
+Authentication token manipulation error
+newusers: (line 1, user foo) password not changed
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.list b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/passwd b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
new file mode 100755
index 0000000..3ce542e
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config.txt b/tests/tests/failures/newusers/10_newusers_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/default/useradd b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/group b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/group
new file mode 100644
index 0000000..beb7c87
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/gshadow b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/gshadow
new file mode 100644
index 0000000..55b8e95
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/pam.d/common-password b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/passwd b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/shadow b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/group b/tests/tests/failures/newusers/10_newusers_time_0/data/group
new file mode 100644
index 0000000..dcabb32
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/gshadow b/tests/tests/failures/newusers/10_newusers_time_0/data/gshadow
new file mode 100644
index 0000000..dc9f7f6
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/newusers.list b/tests/tests/failures/newusers/10_newusers_time_0/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/passwd b/tests/tests/failures/newusers/10_newusers_time_0/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/shadow b/tests/tests/failures/newusers/10_newusers_time_0/data/shadow
new file mode 100644
index 0000000..37df8e5
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 fooPass@::0:99999:7:::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/newusers.test b/tests/tests/failures/newusers/10_newusers_time_0/newusers.test
new file mode 100755
index 0000000..27d5ce9
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/newusers.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/time_0.so newusers data/newusers.list 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config.txt b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/group b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/passwd b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/shadow b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/data/pwck.err b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/data/pwck.err
new file mode 100644
index 0000000..9839b9e
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+pwck: cannot open /etc/passwd
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/pwck.test b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
new file mode 100755
index 0000000..f28c481
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user db (pwck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config.txt b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/group b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/passwd b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/shadow b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/data/pwck.err b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/data/pwck.err
new file mode 100644
index 0000000..7ffd649
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE data/passwd 2 ...
+pwck: cannot open data/passwd
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/pwck.test b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/pwck.test
new file mode 100755
index 0000000..e9dcc9b
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check users (pwck data/passwd)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/passwd pwck data/passwd 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config.txt b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/group b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/passwd b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/shadow b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/data/pwck.err b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/data/pwck.err
new file mode 100644
index 0000000..ee7dde0
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+pwck: cannot open /etc/shadow
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/pwck.test b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
new file mode 100755
index 0000000..5033612
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the system shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check system groups (pwck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config.txt b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/group b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/passwd b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/shadow b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/passwd b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/pwck.err b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/pwck.err
new file mode 100644
index 0000000..bac9260
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE data/shadow 2 ...
+pwck: cannot open data/shadow
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/pwck.test b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/pwck.test
new file mode 100755
index 0000000..ef2b899
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the local shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check local groups (pwck data/group data/shadow)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/shadow pwck data/passwd data/shadow 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config.txt b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/group b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/data/pwck.err b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/data/pwck.err
new file mode 100644
index 0000000..3b474db
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+pwck: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
new file mode 100755
index 0000000..b02853e
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort passwd (pwck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd pwck -s 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config.txt b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/group b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/passwd b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..2be1ed6
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/pwck.err b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/pwck.err
new file mode 100644
index 0000000..3d6e8cb
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+pwck: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
new file mode 100755
index 0000000..0b780e4
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort group (pwck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow pwck -s 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config.txt b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/group b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/passwd b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/pwck.err b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/pwck.err
new file mode 100644
index 0000000..c66b0e3
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE tmp/passwd+ tmp/passwd
+pwck: failure while writing changes to tmp/passwd
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
new file mode 100755
index 0000000..721734e
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write a passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+cp data/passwd tmp/
+
+echo -n "Sort passwd (pwck -s tmp/passwd)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=tmp/passwd pwck -s tmp/passwd 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+diff -au data/passwd tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/passwd tmp/passwd+ tmp/passwd-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config.txt b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/group b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd.out b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd.out
new file mode 100644
index 0000000..2be1ed6
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd.out
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/pwck.err b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/pwck.err
new file mode 100644
index 0000000..4b1415b
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE tmp/shadow+ tmp/shadow
+pwck: failure while writing changes to tmp/shadow
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/shadow b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
new file mode 100755
index 0000000..435aa53
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write a shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+cp data/passwd data/shadow tmp/
+
+echo -n "Sort group (pwck -s tmp/passwd tmp/shadow)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=tmp/shadow pwck -s tmp/passwd tmp/shadow 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+diff -au data/passwd.out tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+diff -au data/shadow tmp/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+rm -f tmp/passwd tmp/passwd- tmp/shadow tmp/shadow+ tmp/shadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config.txt b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/group b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/gshadow b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/passwd b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/passwd
new file mode 100644
index 0000000..3030f9e
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+bar:x:1001:1000::/home:/bin/sh
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/shadow b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/data/shadow b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/data/shadow
new file mode 100644
index 0000000..053ac3f
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/data/shadow
@@ -0,0 +1,12 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:x::0:99999:7:::
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.exp b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.exp
new file mode 100755
index 0000000..b379fd4
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "LD_PRELOAD=../../../common/time_0.so pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'bar' in /etc/shadow? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
new file mode 100755
index 0000000..e473196
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "If time is 0, pwck creates shadow entry with no last password change date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config.txt b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/group b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/passwd b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/shadow b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/data/pwconv.err b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/data/pwconv.err
new file mode 100644
index 0000000..d26864f
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+pwconv: cannot open /etc/passwd
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
new file mode 100755
index 0000000..cb14e0b
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config.txt b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/group b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/passwd b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/shadow b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/data/pwconv.err b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/data/pwconv.err
new file mode 100644
index 0000000..7727450
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+pwconv: cannot open /etc/shadow
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
new file mode 100755
index 0000000..031a72c
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config.txt b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/group b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/pwconv.err b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/pwconv.err
new file mode 100644
index 0000000..b8177df
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+pwconv: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/shadow b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..b678d83
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/shadow
@@ -0,0 +1,20 @@
+root:*:@TODAY@:0:99999:7:::
+daemon:*:@TODAY@:0:99999:7:::
+bin:*:@TODAY@:0:99999:7:::
+sys:*:@TODAY@:0:99999:7:::
+sync:*:@TODAY@:0:99999:7:::
+games:*:@TODAY@:0:99999:7:::
+man:*:@TODAY@:0:99999:7:::
+lp:*:@TODAY@:0:99999:7:::
+mail:*:@TODAY@:0:99999:7:::
+news:*:@TODAY@:0:99999:7:::
+uucp:*:@TODAY@:0:99999:7:::
+proxy:*:@TODAY@:0:99999:7:::
+www-data:*:@TODAY@:0:99999:7:::
+backup:*:@TODAY@:0:99999:7:::
+list:*:@TODAY@:0:99999:7:::
+irc:*:@TODAY@:0:99999:7:::
+gnats:*:@TODAY@:0:99999:7:::
+nobody:*:@TODAY@:0:99999:7:::
+Debian-exim:*:@TODAY@:0:99999:7:::
+foo:abc:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
new file mode 100755
index 0000000..44f2307
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config.txt b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/group b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/data/pwconv.err b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/data/pwconv.err
new file mode 100644
index 0000000..cf5ddf3
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+pwconv: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
new file mode 100755
index 0000000..589ed3e
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config.txt b/tests/tests/failures/pwconv/05_pwconv_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/group b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/gshadow b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/passwd b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/shadow b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/data/passwd b/tests/tests/failures/pwconv/05_pwconv_time_0/data/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/data/shadow b/tests/tests/failures/pwconv/05_pwconv_time_0/data/shadow
new file mode 100644
index 0000000..a3b7cff
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:*::0:99999:7:::
+daemon:*::0:99999:7:::
+bin:*::0:99999:7:::
+sys:*::0:99999:7:::
+sync:*::0:99999:7:::
+games:*::0:99999:7:::
+man:*::0:99999:7:::
+lp:*::0:99999:7:::
+mail:*::0:99999:7:::
+news:*::0:99999:7:::
+uucp:*::0:99999:7:::
+proxy:*::0:99999:7:::
+www-data:*::0:99999:7:::
+backup:*::0:99999:7:::
+list:*::0:99999:7:::
+irc:*::0:99999:7:::
+gnats:*::0:99999:7:::
+nobody:*::0:99999:7:::
+Debian-exim:*::0:99999:7:::
+foo:abc::0:99999:7:::
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/pwconv.test b/tests/tests/failures/pwconv/05_pwconv_time_0/pwconv.test
new file mode 100755
index 0000000..5c9a650
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/pwconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Convert to shadow (pwconv)..."
+LD_PRELOAD=../../../common/time_0.so pwconv 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config.txt b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/group b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/data/pwunconv.err
new file mode 100644
index 0000000..a1368c9
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+pwunconv: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
new file mode 100755
index 0000000..3f1d312
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config.txt b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/group b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/passwd b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/shadow b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/data/pwunconv.err
new file mode 100644
index 0000000..44cd4fa
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+pwunconv: cannot open /etc/passwd
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
new file mode 100755
index 0000000..8212cf2
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config.txt b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/group b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/passwd b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/shadow b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/data/pwunconv.err
new file mode 100644
index 0000000..a61ba35
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 0 ...
+pwunconv: cannot open /etc/shadow
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
new file mode 100755
index 0000000..0c8f79f
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/shadow pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config.txt b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/group b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/passwd b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/shadow b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/passwd b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/passwd
new file mode 100644
index 0000000..3416c55
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/pwunconv.err
new file mode 100644
index 0000000..a8ecf49
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+unlink FAILURE /etc/shadow
+pwunconv: cannot delete /etc/shadow
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
new file mode 100755
index 0000000..045719f
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv report failures when it cannot remove the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/etc/shadow pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config.txt b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/group b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/passwd b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/shadow b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/data/useradd.err b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/data/useradd.err
new file mode 100644
index 0000000..0a3ce8c
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+useradd: cannot open /etc/passwd
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/useradd.test b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/useradd.test
new file mode 100755
index 0000000..930d565
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config.txt b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/group b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/passwd b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/shadow b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/data/useradd.err b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/data/useradd.err
new file mode 100644
index 0000000..8d691d1
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+useradd: cannot open /etc/shadow
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/useradd.test b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/useradd.test
new file mode 100755
index 0000000..0c3d7fc
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config.txt b/tests/tests/failures/useradd/03_useradd_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/default/useradd b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/group b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/gshadow b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/login.defs b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/passwd b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/shadow b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/data/useradd.err b/tests/tests/failures/useradd/03_useradd_open_group_failure/data/useradd.err
new file mode 100644
index 0000000..59a33be
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+useradd: cannot open /etc/group
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/useradd.test b/tests/tests/failures/useradd/03_useradd_open_group_failure/useradd.test
new file mode 100755
index 0000000..b99d914
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config.txt b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/group b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/data/useradd.err b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/data/useradd.err
new file mode 100644
index 0000000..3e64279
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+useradd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/useradd.test b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/useradd.test
new file mode 100755
index 0000000..5ab5eac
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config.txt b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/default/useradd b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/group b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/data/useradd.err b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/data/useradd.err
new file mode 100644
index 0000000..6d25d1d
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+useradd: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/useradd.test b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/useradd.test
new file mode 100755
index 0000000..2428ed0
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config.txt b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/group b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/passwd b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/useradd.err b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/useradd.err
new file mode 100644
index 0000000..49e06ab
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+useradd: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/useradd.test b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/useradd.test
new file mode 100755
index 0000000..50ec15f
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config.txt b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/default/useradd b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/group b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/gshadow b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/login.defs b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/passwd b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/shadow b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/passwd b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/shadow b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/useradd.err b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/useradd.err
new file mode 100644
index 0000000..75a035e
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+useradd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/useradd.test b/tests/tests/failures/useradd/07_useradd_rename_group_failure/useradd.test
new file mode 100755
index 0000000..ed64725
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config.txt b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/group b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/group b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/passwd b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/shadow b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/useradd.err b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/useradd.err
new file mode 100644
index 0000000..a355259
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+useradd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/useradd.test b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
new file mode 100755
index 0000000..11f7f68
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config.txt b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/default/useradd b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/group b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/gshadow b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/login.defs b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/passwd b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/shadow b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/data/useradd.err b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/data/useradd.err
new file mode 100644
index 0000000..956521a
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/default/nuaddXXXXXX /etc/default/useradd
+useradd: rename: /etc/default/nuaddXXXXXX: Input/output error
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/useradd.test b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/useradd.test
new file mode 100755
index 0000000..f845652
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set default value (useradd -D -g 10)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/default/useradd useradd -D -g 10 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+sed -e 's/nuadd....../nuaddXXXXXX/' -i tmp/useradd.err
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config.txt b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/default/useradd b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/group b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/gshadow b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/login.defs b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/passwd b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/shadow b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/data/useradd.err b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/data/useradd.err
new file mode 100644
index 0000000..7ec53ac
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/data/useradd.err
@@ -0,0 +1,2 @@
+link FAILURE /etc/default/useradd /etc/default/useradd-
+useradd: Cannot create backup file (/etc/default/useradd-): Input/output error
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
new file mode 100755
index 0000000..241f727
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to create backup /etc/default/useradd-"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set default value (useradd -D -g 10)..."
+LD_PRELOAD=../../../common/link_failure.so FAILURE_PATH=/etc/default/useradd- useradd -D -g 10 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config.txt b/tests/tests/failures/useradd/11_useradd_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/default/useradd b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/group b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/group
new file mode 100644
index 0000000..beb7c87
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/gshadow b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/gshadow
new file mode 100644
index 0000000..55b8e95
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/pam.d/common-password b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/passwd b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/shadow b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/group b/tests/tests/failures/useradd/11_useradd_time_0/data/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/gshadow b/tests/tests/failures/useradd/11_useradd_time_0/data/gshadow
new file mode 100644
index 0000000..ed9618e
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/newusers.list b/tests/tests/failures/useradd/11_useradd_time_0/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/passwd b/tests/tests/failures/useradd/11_useradd_time_0/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/shadow b/tests/tests/failures/useradd/11_useradd_time_0/data/shadow
new file mode 100644
index 0000000..d295f85
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!::0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/useradd.test b/tests/tests/failures/useradd/11_useradd_time_0/useradd.test
new file mode 100755
index 0000000..1c61138
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (useradd foo)..."
+LD_PRELOAD=../../../common/time_0.so useradd foo 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config.txt b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/group b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/passwd b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/shadow b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subgid b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subuid b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/data/useradd.err b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/data/useradd.err
new file mode 100644
index 0000000..6d84972
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+useradd: cannot open /etc/subuid
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/useradd.test b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/useradd.test
new file mode 100755
index 0000000..0263300
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config.txt b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/group b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/passwd b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/shadow b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subgid b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subuid b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/data/useradd.err b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/data/useradd.err
new file mode 100644
index 0000000..594f4d6
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+useradd: cannot open /etc/subgid
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/useradd.test b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/useradd.test
new file mode 100755
index 0000000..eff1bc9
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config.txt b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/group b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/gshadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/login.defs b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/passwd b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/shadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subgid b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subuid b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/group b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/gshadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/passwd b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/shadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/useradd.err b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/useradd.err
new file mode 100644
index 0000000..1798df6
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subuid+ /etc/subuid
+useradd: failure while writing changes to /etc/subuid
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/useradd.test b/tests/tests/failures/useradd/14_username_rename_subuid_failure/useradd.test
new file mode 100755
index 0000000..5b007b9
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subuid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config.txt b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/group b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/gshadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/login.defs b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/passwd b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/shadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subgid b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subuid b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/group b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/gshadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/passwd b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/shadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/subuid b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/useradd.err b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/useradd.err
new file mode 100644
index 0000000..0d1b654
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subgid+ /etc/subgid
+useradd: failure while writing changes to /etc/subgid
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/useradd.test b/tests/tests/failures/useradd/15_username_rename_subgid_failure/useradd.test
new file mode 100755
index 0000000..db47258
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subgid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config.txt b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/group b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/group b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/passwd b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/shadow b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/userdel.err b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/userdel.err
new file mode 100644
index 0000000..e84c8f8
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+userdel: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/userdel.test b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
new file mode 100755
index 0000000..3b7c17c
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config.txt b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/group b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/passwd b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/shadow b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/userdel.err b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/userdel.err
new file mode 100644
index 0000000..21962cd
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+userdel: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/userdel.test b/tests/tests/failures/userdel/02_userdel_group_rename_failure/userdel.test
new file mode 100755
index 0000000..da9b693
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config.txt b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/group b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/passwd b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/userdel.err b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/userdel.err
new file mode 100644
index 0000000..a241b55
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+userdel: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/userdel.test b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/userdel.test
new file mode 100755
index 0000000..6ad2516
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config.txt b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/group b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/data/userdel.err b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/data/userdel.err
new file mode 100644
index 0000000..7058c90
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+userdel: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/userdel.test b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/userdel.test
new file mode 100755
index 0000000..945bf5b
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config.txt b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/default/useradd b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/group b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/gshadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/login.defs b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/passwd b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/shadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/var/mail/foo b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/var/mail/foo
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/var/mail/foo
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/group b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/gshadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/passwd b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/shadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/userdel.err b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/userdel.err
new file mode 100644
index 0000000..0ed73cf
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/userdel.err
@@ -0,0 +1,3 @@
+unlink FAILURE /var/mail/foo
+userdel: warning: can't remove /var/mail/foo: Device or resource busy
+userdel: foo home directory (/home/foo) not found
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/userdel.test b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
new file mode 100755
index 0000000..cd0b356
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel -r reports failure to remove the mailbox"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Changing ownership of /var/mail/foo..."
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "delete user foo with its mail spool (userdel -r foo)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/var/mail/foo userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+ 
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config.txt b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/default/useradd b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/group b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/gshadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/login.defs b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/passwd b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/shadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/group b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/gshadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/passwd b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/shadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/userdel.err b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/userdel.err
new file mode 100644
index 0000000..d46d879
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/userdel.err
@@ -0,0 +1,3 @@
+userdel: foo mail spool (/var/mail/foo) not found
+unlink FAILURE /home/foo/bar/baz
+userdel: error removing directory /home/foo
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
new file mode 100755
index 0000000..d41d189
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel -r reports failure to remove a file in the home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an home directory for foo..."
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+mkdir /home/foo/bar
+touch /home/foo/bar/baz
+chown -R foo:foo /home/foo
+echo "OK"
+
+echo -n "delete user foo with its mail spool (userdel -r foo)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/home/foo/bar/baz userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+ 
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+rm -rf /home/foo
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config.txt b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/default/useradd b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/group b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/gshadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/login.defs b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/passwd b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/shadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/group b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/gshadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/passwd b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/shadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/userdel.err b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/userdel.err
new file mode 100644
index 0000000..f874083
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/userdel.err
@@ -0,0 +1,3 @@
+userdel: foo mail spool (/var/mail/foo) not found
+rmdir FAILURE /home/foo
+userdel: error removing directory /home/foo
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/userdel.test b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/userdel.test
new file mode 100755
index 0000000..deca402
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/userdel.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel -r reports failure to remove the home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an home directory for foo..."
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+mkdir /home/foo/bar
+touch /home/foo/bar/baz
+chown -R foo:foo /home/foo
+echo "OK"
+
+echo -n "delete user foo with its mail spool (userdel -r foo)..."
+LD_PRELOAD=../../../common/rmdir_failure.so FAILURE_PATH=/home/foo userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+ 
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+rm -rf /home/foo
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config.txt b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/group b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/passwd b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/shadow b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/data/userdel.err b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/data/userdel.err
new file mode 100644
index 0000000..5329f8a
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+userdel: cannot open /etc/passwd
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/userdel.test b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/userdel.test
new file mode 100755
index 0000000..dfa5bc6
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config.txt b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/group b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/passwd b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/shadow b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/data/userdel.err b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/data/userdel.err
new file mode 100644
index 0000000..b15cf95
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+userdel: cannot open /etc/shadow
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/userdel.test b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/userdel.test
new file mode 100755
index 0000000..434cf32
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config.txt b/tests/tests/failures/userdel/10_userdel_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/default/useradd b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/group b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/gshadow b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/login.defs b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/passwd b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/shadow b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/data/userdel.err b/tests/tests/failures/userdel/10_userdel_open_group_failure/data/userdel.err
new file mode 100644
index 0000000..e671f64
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+userdel: cannot open /etc/group
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/userdel.test b/tests/tests/failures/userdel/10_userdel_open_group_failure/userdel.test
new file mode 100755
index 0000000..2e3ad62
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config.txt b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/group b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/data/userdel.err b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/data/userdel.err
new file mode 100644
index 0000000..e24e7f4
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+userdel: cannot open /etc/gshadow
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/userdel.test b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/userdel.test
new file mode 100755
index 0000000..4a75f66
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config.txt b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/group b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/passwd b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/shadow b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subgid b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subuid b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/data/userdel.err b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/data/userdel.err
new file mode 100644
index 0000000..cd0d1c4
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+userdel: cannot open /etc/subuid
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/userdel.test b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/userdel.test
new file mode 100755
index 0000000..844f04f
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config.txt b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/group b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/passwd b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/shadow b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subgid b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subuid b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/data/userdel.err b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/data/userdel.err
new file mode 100644
index 0000000..bcc53e2
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+userdel: cannot open /etc/subgid
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/userdel.test b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/userdel.test
new file mode 100755
index 0000000..2a67bcb
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config.txt b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/group b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/gshadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/login.defs b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/passwd b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/shadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subgid b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subuid b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/group b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/gshadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/passwd b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/shadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/userdel.err b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/userdel.err
new file mode 100644
index 0000000..ae0d56e
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subuid+ /etc/subuid
+userdel: failure while writing changes to /etc/subuid
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/usedel.test b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/usedel.test
new file mode 100755
index 0000000..a6e7d43
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/usedel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subuid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config.txt b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/group b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/gshadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/login.defs b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/passwd b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/shadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subgid b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subuid b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..a0bb603
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+root:200000:10000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/group b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/gshadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/passwd b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/shadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/subuid b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/subuid
new file mode 100644
index 0000000..83a5781
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/subuid
@@ -0,0 +1 @@
+root:200000:10000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/userdel.err b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/userdel.err
new file mode 100644
index 0000000..35e206c
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subgid+ /etc/subgid
+userdel: failure while writing changes to /etc/subgid
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/usedel.test b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/usedel.test
new file mode 100755
index 0000000..5312e8b
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/usedel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subgid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config.txt b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/group b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/group b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..41fb326
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:bar
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/passwd b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/shadow b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/usermod.err b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/usermod.err
new file mode 100644
index 0000000..449003a
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+usermod: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
new file mode 100755
index 0000000..e7d1c2d
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config.txt b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/group b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/data/usermod.err b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/data/usermod.err
new file mode 100644
index 0000000..a5fd4c3
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+usermod: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
new file mode 100755
index 0000000..119d76a
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change UID of foo to 1001 (usermod -u 1001 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd usermod -u 1001 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config.txt b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/group b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/passwd b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/shadow b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/usermod.err b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/usermod.err
new file mode 100644
index 0000000..69a5e8b
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+usermod: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
new file mode 100755
index 0000000..c5d69bb
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename user foo to bar (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config.txt b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/default/useradd b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/group b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/gshadow b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/login.defs b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/passwd b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/shadow b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/passwd b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/shadow b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
new file mode 100755
index 0000000..2e64fd3
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not try to rewrite gshadow if not changed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow usermod -l bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config.txt b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/group b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/passwd b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..09a6642
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/usermod.err b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/usermod.err
new file mode 100644
index 0000000..43c186a
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+usermod: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
new file mode 100755
index 0000000..df94b43
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change name of foo to bar (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config.txt b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/group b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/passwd b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/shadow b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/data/usermod.err b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/data/usermod.err
new file mode 100644
index 0000000..e060976
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+usermod: cannot open /etc/passwd
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
new file mode 100755
index 0000000..5e069f6
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config.txt b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/group b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/passwd b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/shadow b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/data/usermod.err b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/data/usermod.err
new file mode 100644
index 0000000..40e3a5b
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+usermod: cannot open /etc/shadow
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
new file mode 100755
index 0000000..c5ac414
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config.txt b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/default/useradd b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/group b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/gshadow b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/login.defs b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/passwd b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/shadow b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/data/usermod.err b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/data/usermod.err
new file mode 100644
index 0000000..5329b28
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+usermod: cannot open /etc/group
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
new file mode 100755
index 0000000..fbca278
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config.txt b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/group b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/data/usermod.err b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/data/usermod.err
new file mode 100644
index 0000000..e398343
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+usermod: cannot open /etc/gshadow
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
new file mode 100755
index 0000000..6e7ba24
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config.txt b/tests/tests/failures/usermod/10_usermod_-p_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/default/useradd b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/group b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/gshadow b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/passwd b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/shadow b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/data/passwd b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/passwd
new file mode 100644
index 0000000..d9798a6
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/data/shadow b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/shadow
new file mode 100644
index 0000000..13fca93
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:foopass::0:99999:7:::
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/usermod.test b/tests/tests/failures/usermod/10_usermod_-p_time_0/usermod.test
new file mode 100755
index 0000000..f54c918
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+LD_PRELOAD=../../../common/time_0.so usermod -p foopass foo 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config.txt b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/default/useradd b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/group b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/gshadow b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/passwd b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/shadow b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/data/shadow b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/data/shadow
new file mode 100644
index 0000000..6faa0c5
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblahblah::0:99999:7:12::
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
new file mode 100755
index 0000000..56e9c83
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -f 12 foo)..."
+LD_PRELOAD=../../../common/time_0.so usermod -f 12 foo 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config.txt b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/default/useradd b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/group b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/gshadow b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/login.defs b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/passwd b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/shadow b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/data/usermod.err b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/data/usermod.err
new file mode 100644
index 0000000..a5fd4c3
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+usermod: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
new file mode 100755
index 0000000..d7c95b7
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports failure to unlock /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change UID of foo to 1001 (usermod -u 1001 foo)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/etc/passwd.lock usermod -u 1001 foo 2>tmp/usermod.err
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config.txt b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/group b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/passwd b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/shadow b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subgid b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subuid b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/data/usermod.err b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/data/usermod.err
new file mode 100644
index 0000000..a83d4bf
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+usermod: cannot open /etc/subuid
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
new file mode 100755
index 0000000..fdff7e1
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -v 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config.txt b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/group b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/passwd b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/shadow b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subgid b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subuid b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/data/usermod.err b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/data/usermod.err
new file mode 100644
index 0000000..a83d4bf
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+usermod: cannot open /etc/subuid
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
new file mode 100755
index 0000000..47ff348
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -V 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid usermod -V 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config.txt b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/group b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/passwd b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/shadow b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subgid b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subuid b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/data/usermod.err b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/data/usermod.err
new file mode 100644
index 0000000..7cb1df5
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+usermod: cannot open /etc/subgid
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
new file mode 100755
index 0000000..3469d93
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -w 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config.txt b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/group b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/passwd b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/shadow b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subgid b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subuid b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/data/usermod.err b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/data/usermod.err
new file mode 100644
index 0000000..7cb1df5
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+usermod: cannot open /etc/subgid
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
new file mode 100755
index 0000000..a03c2c5
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -W 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid usermod -W 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config.txt b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/group b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/gshadow b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/login.defs b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/passwd b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/shadow b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subgid b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subuid b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/data/usermod.err b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/data/usermod.err
new file mode 100644
index 0000000..d498ae9
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subuid+ /etc/subuid
+usermod: failure while writing changes to /etc/subuid
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
new file mode 100755
index 0000000..0e39b61
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add subordinate uid for user foo (usermod -v 100000-100000 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subuid usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config.txt b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/group b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/gshadow b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/login.defs b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/passwd b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/shadow b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subgid b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subuid b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/data/usermod.err b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/data/usermod.err
new file mode 100644
index 0000000..ee968b8
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subgid+ /etc/subgid
+usermod: failure while writing changes to /etc/subgid
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
new file mode 100755
index 0000000..c14e5c1
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add subordinate uid for user foo (usermod -w 100000-100000 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subgid usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
new file mode 100755
index 0000000..c62fc54
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd fails if a group does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's, disk's, and foooo's password..."
+echo 'nogroup:test
+disk:test2
+foooo:test3' | chgpasswd 2>tmp/chgpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/group b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/data/chgpasswd.err
new file mode 100644
index 0000000..38413df
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: line 3: group 'foooo' does not exist
+chgpasswd: error detected, changes ignored
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
new file mode 100755
index 0000000..27754dd
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can change multiple groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's and disk's password..."
+echo 'nogroup:test
+disk:test2' | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/group b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/passwd b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/shadow b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/data/gshadow b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/data/gshadow
new file mode 100644
index 0000000..10d3a52
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:@PASS_DES test2@::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
new file mode 100755
index 0000000..1e765f8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the password in group if gshadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Change nogroup's and disk's password..."
+echo 'nogroup:test
+disk:test2' | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check that gshadow does not exist..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/group b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/data/group b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/data/group
new file mode 100644
index 0000000..7f5e536
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:@PASS_DES test2@:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:@PASS_DES test@:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
new file mode 100755
index 0000000..8def840
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group entry if there are no entries in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's and disk's password..."
+echo 'nogroup:test
+disk:test2' | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/group b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/passwd b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/shadow b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/group b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/gshadow b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/gshadow
new file mode 100644
index 0000000..544e0d1
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:@PASS_DES test2@::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+nogroup:@PASS_DES test@::
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
new file mode 100755
index 0000000..53ffbf2
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd fails if no password are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo 'nogroup:test
+disk' | chgpasswd 2>tmp/chgpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/group b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/passwd b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/shadow b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/data/chgpasswd.err
new file mode 100644
index 0000000..86c0803
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: line 2: missing new password
+chgpasswd: error detected, changes ignored
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
new file mode 100755
index 0000000..1075f0f
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chgpasswd usage (chgpasswd -h)..."
+chgpasswd -h >tmp/usage.out
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config.txt b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/group b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/passwd b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/shadow b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/data/usage.out b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/data/usage.out
new file mode 100644
index 0000000..46b49c3
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/data/usage.out
@@ -0,0 +1,12 @@
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
new file mode 100755
index 0000000..56de5cb
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd displays its usage message in case on non recognized option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chgpasswd usage (chgpasswd --foo)..."
+chgpasswd --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config.txt b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/group b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/passwd b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/shadow b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/data/usage.out b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..e96d97c
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: unrecognized option '--foo'
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
new file mode 100755
index 0000000..f6b96d5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -e and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use md5 (chgpasswd -m -e)..."
+echo 'nobody:test' | chgpasswd -m -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config.txt b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/group b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/passwd b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/shadow b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/data/usage.out b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/data/usage.out
new file mode 100644
index 0000000..d3a57b6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: the -c, -e, and -m flags are exclusive
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
new file mode 100755
index 0000000..9da58d6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -e and -c are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use another method (chgpasswd -c SHA512 -e)..."
+echo 'nobody:test' | chgpasswd -c SHA512 -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config.txt b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/group b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/passwd b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/shadow b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/data/usage.out b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/data/usage.out
new file mode 100644
index 0000000..d3a57b6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: the -c, -e, and -m flags are exclusive
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
new file mode 100755
index 0000000..e83338f
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -c and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd -m -c SHA256)..."
+echo 'nobody:test' | chgpasswd -m -c SHA256 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config.txt b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/group b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/passwd b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/shadow b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/data/usage.out b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/data/usage.out
new file mode 100644
index 0000000..d3a57b6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: the -c, -e, and -m flags are exclusive
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
new file mode 100755
index 0000000..293e932
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -c is provided if -s is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd --sha-rounds 12)..."
+echo 'nobody:test' | chgpasswd --sha-rounds 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config.txt b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/group b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/passwd b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/shadow b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/data/usage.out b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/data/usage.out
new file mode 100644
index 0000000..4bd98d4
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: -s flag is only allowed with the -c flag
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
new file mode 100755
index 0000000..ebfcde6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks the -s argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd --sha-rounds 12foo -c SHA512)..."
+echo 'nobody:test' | chgpasswd --sha-rounds 12foo -c SHA512 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config.txt b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/group b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/passwd b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/shadow b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/data/usage.out b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/data/usage.out
new file mode 100644
index 0000000..690a502
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: invalid numeric argument '12foo'
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
new file mode 100755
index 0000000..8cff29b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks the -c argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd --crypt-method SHA513)..."
+echo 'nobody:test' | chgpasswd --crypt-method SHA513 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config.txt b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/group b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/passwd b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/shadow b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/data/usage.out b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/data/usage.out
new file mode 100644
index 0000000..a103cd5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: unsupported crypt method: SHA513
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
new file mode 100755
index 0000000..c622581
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/group b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/passwd b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/shadow b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/data/gshadow b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/data/gshadow
new file mode 100644
index 0000000..71489d5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:test2::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
new file mode 100755
index 0000000..964d193
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create md5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --md5)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --md5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/group b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/passwd b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/shadow b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/data/gshadow b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/data/gshadow
new file mode 100644
index 0000000..eea258e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_MD5 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
new file mode 100755
index 0000000..98cf6d0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use encrypted passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd -c NONE)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -c NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/group b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/passwd b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/shadow b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/data/gshadow b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/data/gshadow
new file mode 100644
index 0000000..71489d5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:test2::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
new file mode 100755
index 0000000..920589b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create MD5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method MD5)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/group b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/passwd b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/shadow b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/data/gshadow b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/data/gshadow
new file mode 100644
index 0000000..eea258e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_MD5 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
new file mode 100755
index 0000000..bf504af
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create DES passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method DES)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/group b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/passwd b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/shadow b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/data/gshadow b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/data/gshadow
new file mode 100644
index 0000000..dcf1749
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_DES test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
new file mode 100755
index 0000000..07770c4
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA256 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA256)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/group b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/passwd b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/shadow b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/data/gshadow b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/data/gshadow
new file mode 100644
index 0000000..e22ddf5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
new file mode 100755
index 0000000..e269270
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA256 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA256 -s 900)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA256 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$5\$rounds=1000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/group b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/passwd b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/shadow b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/data/gshadow b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/data/gshadow
new file mode 100644
index 0000000..e22ddf5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
new file mode 100755
index 0000000..7d33204
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA256 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA256 -s 9000)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA256 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$5\$rounds=9000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/group b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/passwd b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/shadow b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/data/gshadow b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/data/gshadow
new file mode 100644
index 0000000..e22ddf5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
new file mode 100755
index 0000000..1a560dc
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA512 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA512)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA512
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/group b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/passwd b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/shadow b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/data/gshadow b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/data/gshadow
new file mode 100644
index 0000000..f4f8034
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA512 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
new file mode 100755
index 0000000..5af55f8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA512 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA512 -s 900)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA512 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$6\$rounds=1000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/group b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/passwd b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/shadow b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/data/gshadow b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/data/gshadow
new file mode 100644
index 0000000..f4f8034
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA512 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
new file mode 100755
index 0000000..2e85531
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA512 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA512 -s 9000)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA512 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$6\$rounds=9000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/group b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/passwd b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/shadow b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/data/gshadow b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/data/gshadow
new file mode 100644
index 0000000..f4f8034
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA512 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
new file mode 100755
index 0000000..17f6f95
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group file if gshadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Change nogroup's and lp's password..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check that gshadow does not exist..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/group b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..d5d9eb7
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:foo:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:bar:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/data/group b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/data/group
new file mode 100644
index 0000000..575c221
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:test2:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:test:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
new file mode 100755
index 0000000..17f6f95
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group file if gshadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Change nogroup's and lp's password..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check that gshadow does not exist..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/group b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/data/group b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/data/group
new file mode 100644
index 0000000..575c221
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:test2:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:test:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
new file mode 100755
index 0000000..1d9af4b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group entry if there are no gshadow entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's and lp's password..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/group b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..aecd9b9
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/passwd b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/shadow b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/group b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/gshadow b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/gshadow
new file mode 100644
index 0000000..3652f6f
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
+lp:test2::
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
new file mode 100755
index 0000000..c0be3c9
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config.txt b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config.txt
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/group b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/data/chgpasswd.err
new file mode 100644
index 0000000..5c91d93
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: existing lock file /etc/group.lock without a PID
+chgpasswd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
new file mode 100755
index 0000000..368e4b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config.txt b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config.txt
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/group b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/data/chgpasswd.err
new file mode 100644
index 0000000..dcef785
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: existing lock file /etc/gshadow.lock without a PID
+chgpasswd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
new file mode 100755
index 0000000..1dede9e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that users exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd)..."
+echo 'nogroup:test
+bar:bar2
+lp:test2' | chgpasswd 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config.txt b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config.txt
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/group b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/data/chgpasswd.err
new file mode 100644
index 0000000..bf4249e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: line 2: group 'bar' does not exist
+chgpasswd: error detected, changes ignored
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..3084f76
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..75a8abe
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..08ee996
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (0 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..8b3971e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..5054bf7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..f9879d9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..965a4d6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..1e2ca45
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root,daemon
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..dfbd793
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 2 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon users)..."
+gpasswd -M root,daemon users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..afcbd74
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x::
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..3084f76
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..bbe0311
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..9abbd26
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..75a8abe
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..0404aba
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..cda0d0a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::foo
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..08ee996
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (0 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..e2d8b14
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..86fa988
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:password::foo
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..f9879d9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..bbe0311
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..cda0d0a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::foo
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..965a4d6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..bbe0311
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..692d0f7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::root,daemon
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..dfbd793
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 2 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon users)..."
+gpasswd -M root,daemon users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..b1450c9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..bd95302
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..e6e6ab0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (0 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..8b3971e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5054bf7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..e5b40b4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..8b92888
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..2b2b2ac
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 2 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon users)..."
+gpasswd -M root,daemon users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config.txt b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/group b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/gshadow b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/login.defs b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/passwd b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/shadow b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/data/gshadow b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/data/gshadow
new file mode 100644
index 0000000..6b880f5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.exp b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
new file mode 100755
index 0000000..5d316e2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp root users usersPAS '# '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/login.defs b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..4bce8b4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:@PASS_DES usersPAS@::foo
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.exp b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..5d316e2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp root users usersPAS '# '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/data/group
new file mode 100644
index 0000000..76ead96
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:@PASS_DES usersPAS@:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.exp b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..9f90aaf
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+./gpasswd.exp root users usersPAS '# '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config.txt b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/group b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/gshadow b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/login.defs b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/passwd b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/shadow b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/data/gshadow b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/data/gshadow
new file mode 100644
index 0000000..048d86a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.exp b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
new file mode 100755
index 0000000..9ae0cd8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config.txt b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/group b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/gshadow b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/passwd b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/shadow b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.exp b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.exp
new file mode 100755
index 0000000..e2eb450
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.exp
@@ -0,0 +1,60 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "\n"
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
new file mode 100755
index 0000000..d75576e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.exp b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.exp
new file mode 100755
index 0000000..8fb13a0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..c61fa9b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config.txt b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/group b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/gshadow b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/passwd b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/shadow b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/group b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/gshadow b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/gshadow
new file mode 100644
index 0000000..ef584f0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
new file mode 100755
index 0000000..dcdb819
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..10880c6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:::foo
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..dcdb819
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/data/group
new file mode 100644
index 0000000..cc8c43e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users::100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..c68d225
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config.txt b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/group b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/gshadow b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/passwd b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/shadow b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/group b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/gshadow b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/gshadow
new file mode 100644
index 0000000..ef7c9e5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:!::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
new file mode 100755
index 0000000..e6d263e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can lock the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock the password of group users (gpasswd -R users)..."
+gpasswd -R users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..761abe1
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:!::foo
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..e6d263e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can lock the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock the password of group users (gpasswd -R users)..."
+gpasswd -R users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/data/group
new file mode 100644
index 0000000..cc423f5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:!:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..de4f26c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can lock the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Lock the password of group users (gpasswd -R users)..."
+gpasswd -R users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config.txt b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/group b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/group b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/gshadow b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/gshadow
new file mode 100644
index 0000000..f590939
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
new file mode 100755
index 0000000..81b50c9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..a3846bc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..33b3bb4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bin:x::foo
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..81b50c9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..b257fe8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config.txt b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/group b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/group b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/gshadow b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
new file mode 100755
index 0000000..fef6ba0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config.txt b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/group b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/group
new file mode 100644
index 0000000..b7bf0a4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/gshadow
new file mode 100644
index 0000000..71ef67c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/group b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/group
new file mode 100644
index 0000000..85a95f2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/gshadow b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/gshadow
new file mode 100644
index 0000000..f704a9d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
new file mode 100755
index 0000000..0a34349
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (don't touch other usrs/groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config.txt b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/group b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/group
new file mode 100644
index 0000000..2cfa18e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin,foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/gshadow
new file mode 100644
index 0000000..7207bd2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:bin,foo,root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/group b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/group
new file mode 100644
index 0000000..38d5cf2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/gshadow b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/gshadow
new file mode 100644
index 0000000..83e5365
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:bin,root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
new file mode 100755
index 0000000..e279235
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+# TODO: maybe this is wrong
+log_start "$0" "gpasswd can remove an user to a group (don't touch administrative users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..afcbd74
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x::
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..fef6ba0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..db1fe5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..1c18211
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:password::
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..fef6ba0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..b7bf0a4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..bc29364
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/group
new file mode 100644
index 0000000..85a95f2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..3e0af1e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x::root
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..0a34349
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (don't touch other usrs/groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..20985d5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..db1fe5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..ff80f13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..20985d5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..b7bf0a4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..bc29364
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..85a95f2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..6ec2ebc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (don't touch other usrs/groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config.txt b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/group b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/data/gpasswd.err b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/data/gpasswd.err
new file mode 100644
index 0000000..dec0fe7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/data/gpasswd.err
@@ -0,0 +1,2 @@
+gpasswd: existing lock file /etc/group.lock without a PID
+gpasswd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
new file mode 100755
index 0000000..55cd038
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -r checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config.txt b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/group b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/data/gpasswd.err b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/data/gpasswd.err
new file mode 100644
index 0000000..4c5a872
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/data/gpasswd.err
@@ -0,0 +1,2 @@
+gpasswd: existing lock file /etc/gshadow.lock without a PID
+gpasswd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
new file mode 100755
index 0000000..0c7a649
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -r checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config.txt b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/group b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/data/gpasswd.err b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/data/gpasswd.err
new file mode 100644
index 0000000..1cba130
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: group 'usersss' does not exist in /etc/group
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
new file mode 100755
index 0000000..b9ec058
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -r fails if the group does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the password of unknown group usersss (gpasswd -r usersss)..."
+gpasswd -r usersss 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"  # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config.txt b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/group b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/gshadow b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/passwd b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/shadow b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/data/gpasswd.err b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/data/gpasswd.err
new file mode 100644
index 0000000..1ae3559
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foooo' does not exist
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
new file mode 100755
index 0000000..0c7175b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -a fails if the user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foooo to group users (gpasswd -a foooo users)..."
+gpasswd -a foooo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config.txt b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/group b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/gshadow b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/passwd b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/shadow b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/data/gpasswd.err b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/data/gpasswd.err
new file mode 100644
index 0000000..1ae3559
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foooo' does not exist
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
new file mode 100755
index 0000000..bb3ab61
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -M fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set members of users to root,foooo,bin (gpasswd -M root,foooo,bin users)..."
+gpasswd -M root,foooo,bin users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..6f73977
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..4cc3100
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -A \"\" users)..."
+gpasswd -A "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..37489ea
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,bin:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..6ed3642
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -A \"\" users)..."
+gpasswd -A "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..6f73977
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..ca37b35
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (0 -> 1 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..38c2da7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..f74646e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:bin:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..59e5042
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..2d64aaa
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (1 -> 1 users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..38c2da7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..77f563e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,bin:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..59e5042
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..2701d17
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (2 -> 1 users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..38c2da7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..77f563e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,bin:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..651998f
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:daemon,foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..5964aa9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (2 -> 2 users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A daemon,foo users)..."
+gpasswd -A daemon,foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..e3aaaf8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..8c7367f
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..77a3300
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x:foo:
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..bbd88af
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can set the list of admins if there is no shadow group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set the admin list of users to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/data/gpasswd.err b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/data/gpasswd.err
new file mode 100644
index 0000000..55bd0cc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: shadow group passwords required for -A
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..6074c46
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -A checks if the gshadow file exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Set the lists of admins to foo (gpasswd -A foo users)..."
+gpasswd -A foo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "17" # E_GSHADOW_NOTFOUND
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config.txt b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/group b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/gshadow
new file mode 100644
index 0000000..f590939
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
new file mode 100755
index 0000000..488c921
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group (already member)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config.txt b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/group b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/gshadow b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/gshadow
new file mode 100644
index 0000000..ea4d4ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/passwd b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/shadow b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/data/gpasswd.err b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/data/gpasswd.err
new file mode 100644
index 0000000..e6582d4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foo' is not a member of 'users'
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
new file mode 100755
index 0000000..80b24c7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (not in the group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config.txt b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/group b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/gshadow b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/gshadow
new file mode 100644
index 0000000..ea4d4ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/passwd b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/shadow b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/data/group b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
new file mode 100755
index 0000000..3bc2038
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (not in the group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config.txt b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/group b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/gshadow b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/passwd b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/shadow b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/data/gshadow b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
new file mode 100755
index 0000000..5d49520
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (not in the group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config.txt b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config.txt
new file mode 100644
index 0000000..ffddf4e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user useruseruseruseruseruseruseruser, 32 chars
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/group b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/group
new file mode 100644
index 0000000..bee1474
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+useruseruseruseruseruseruseruser:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/gshadow
new file mode 100644
index 0000000..a8d50cc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+useruseruseruseruseruseruseruser:*::
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/passwd
new file mode 100644
index 0000000..aff85eb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+useruseruseruseruseruseruseruser:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/shadow
new file mode 100644
index 0000000..ae1c044
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+useruseruseruseruseruseruseruser:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/group b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/group
new file mode 100644
index 0000000..7835fe7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:useruseruseruseruseruseruseruser
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+useruseruseruseruseruseruseruser:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/gshadow b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/gshadow
new file mode 100644
index 0000000..f8e3924
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::useruseruseruseruseruseruseruser
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+useruseruseruseruseruseruseruser:*::
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
new file mode 100755
index 0000000..594b8c3
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user with 32 characters to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user useruseruseruseruseruseruseruser to group bin (gpasswd -a useruseruseruseruseruseruseruser bin)..."
+gpasswd -a useruseruseruseruseruseruseruser bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config.txt b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/group b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/gshadow b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/passwd b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/shadow b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/data/usage.out b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/gpasswd.test b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
new file mode 100755
index 0000000..50732c6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get gpasswd usage (gpasswd -h)..."
+gpasswd -h >tmp/usage.out
+
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config.txt b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/group b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/gshadow b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/passwd b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/shadow b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/data/gpasswd.err b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/data/gpasswd.err
new file mode 100644
index 0000000..1ae3559
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foooo' does not exist
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
new file mode 100755
index 0000000..2be948c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -A fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set admins of users to root,foooo,bin (gpasswd -A root,foooo,bin users)..."
+gpasswd -A root,foooo,bin users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config.txt b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/group b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/gshadow b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/passwd b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/shadow b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/data/usage.out b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..587d234
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/data/usage.out
@@ -0,0 +1,14 @@
+gpasswd: invalid option -- 'Z'
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
new file mode 100755
index 0000000..aca4873
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case of bad option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd invalid option (gpasswd -Z)..."
+gpasswd -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config.txt b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/group b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/gshadow b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/passwd b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/shadow b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/data/usage.out b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
new file mode 100755
index 0000000..009f5a3
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case of multiple exclusive options"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd option (gpasswd -a root -d root users)..."
+gpasswd -a root -d root users 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config.txt b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/group b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/gshadow b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/passwd b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/shadow b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/data/usage.out b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
new file mode 100755
index 0000000..871c264
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case the group is not specified"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd option (gpasswd -a root)..."
+gpasswd -a root 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config.txt b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/group b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/gshadow b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/passwd b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/shadow b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/data/usage.out b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
new file mode 100755
index 0000000..67827b6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case multiple groups are specified"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd option (gpasswd -a root root users)..."
+gpasswd -a root root users 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config.txt b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/group b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/gshadow b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/passwd b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/shadow b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.exp b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.exp
new file mode 100755
index 0000000..bb13360
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: gpasswd.exp <run_user> <group> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's admins to 'root'\n"
+send_user "# and expect a permission denied"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd -A root $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "\n"
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
new file mode 100755
index 0000000..95d557d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config.txt b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/group b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/gshadow b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/passwd b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/shadow b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.exp b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.exp
new file mode 100755
index 0000000..f75069a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.exp
@@ -0,0 +1,60 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: gpasswd.exp <run_user> <group> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's members to root\n"
+send_user "# and expect a permission denied"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd -M root $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "\n"
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
new file mode 100755
index 0000000..95d557d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config.txt b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/group b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/gshadow b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/login.defs b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/passwd b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/shadow b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/data/gshadow b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/data/gshadow
new file mode 100644
index 0000000..048d86a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.exp b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.exp
new file mode 100755
index 0000000..cbb9b81
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.exp
@@ -0,0 +1,87 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+
+send_user "# expect failure an retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
new file mode 100755
index 0000000..9ae0cd8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config.txt b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/group b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/gshadow b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/login.defs b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/login.defs
new file mode 100644
index 0000000..7e0063c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		4
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/passwd b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/shadow b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/data/gshadow b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/data/gshadow
new file mode 100644
index 0000000..048d86a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.exp b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.exp
new file mode 100755
index 0000000..daa8cc7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.exp
@@ -0,0 +1,96 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 1 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 2 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent for the last try\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
new file mode 100755
index 0000000..9ae0cd8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config.txt b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/group b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/gshadow b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/login.defs b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/login.defs
new file mode 100644
index 0000000..7e0063c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		4
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/passwd b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/shadow b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.exp b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.exp
new file mode 100755
index 0000000..c8c780c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.exp
@@ -0,0 +1,96 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 1 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 2 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 3 and retry"
+expect "gpasswd: Try again later"
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
new file mode 100755
index 0000000..d75576e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config.txt b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/group b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/gshadow b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/passwd b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/shadow b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/group b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/gshadow b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/gshadow
new file mode 100644
index 0000000..de77657
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:root,bin:root,daemon
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
new file mode 100755
index 0000000..1a77cee
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members and admins"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon -A root,bin users)..."
+gpasswd -M root,daemon -A root,bin users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config.txt b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/group b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/login.defs b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/passwd b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/shadow b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/group b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/gshadow b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/groupadd.test b/tests/tests/grouptools/groupadd/01_groupadd_add_group/groupadd.test
new file mode 100755
index 0000000..c48da8e
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group (GID_MIN set to 100 in /etc/login.defs)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config.txt b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/default/useradd b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/group b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/gshadow b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/login.defs b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/login.defs
new file mode 100644
index 0000000..923caa6
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/passwd b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/shadow b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/group b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/gshadow b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
new file mode 100755
index 0000000..05c1038
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group (GID_MIN set to 1000 in /etc/login.defs)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config.txt b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/default/useradd b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/group b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/gshadow b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/login.defs b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/passwd b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/shadow b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/group b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/group
new file mode 100644
index 0000000..f3d8204
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:2000:
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/gshadow b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
new file mode 100755
index 0000000..bad185a
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group, respect -K GID_MIN"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd -K GID_MIN=2000 foo)..."
+groupadd -K GID_MIN=2000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config.txt b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/default/useradd b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/group b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/gshadow b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/login.defs b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/passwd b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/shadow b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/group b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/gshadow b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/gshadow
new file mode 100644
index 0000000..57a72a7
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:password::
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/groupadd.test b/tests/tests/grouptools/groupadd/04_groupadd_set_password/groupadd.test
new file mode 100755
index 0000000..01ce95e
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group and set the password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo with a password (groupadd -p password foo)..."
+groupadd -p password foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config.txt b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/group b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/group b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/group
new file mode 100644
index 0000000..3bd92e7
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1500:
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/gshadow b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/groupadd.test b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/groupadd.test
new file mode 100755
index 0000000..306767b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group and set the GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo with GID 1500 (groupadd -p 1500 foo)..."
+groupadd -g 1500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config.txt b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/group b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/login.defs b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/passwd b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/shadow b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
new file mode 100755
index 0000000..25546eb
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -f exits with succes if the user already exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd -f foo)..."
+groupadd -f foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config.txt b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/group b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/group
new file mode 100644
index 0000000..5c3fef9
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/group b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/group
new file mode 100644
index 0000000..66c892a
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
+bar:x:1004:
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/gshadow b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/gshadow
new file mode 100644
index 0000000..e718821
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:!::
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
new file mode 100755
index 0000000..3f3f32f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -f uses another GID if an user already exists with this GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group bar, GID 1003 (groupadd -g 1003 -f bar)..."
+groupadd -g 1003 -f bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config.txt b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/group b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/passwd b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/shadow b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/data/groupadd.err b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/data/groupadd.err
new file mode 100644
index 0000000..33604e5
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/data/groupadd.err
@@ -0,0 +1,2 @@
+groupadd: existing lock file /etc/group.lock without a PID
+groupadd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/groupadd.test b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/groupadd.test
new file mode 100755
index 0000000..aa3250e
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/groupadd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config.txt b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/data/groupadd.err b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/data/groupadd.err
new file mode 100644
index 0000000..c64e0a9
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/data/groupadd.err
@@ -0,0 +1,2 @@
+groupadd: existing lock file /etc/gshadow.lock without a PID
+groupadd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
new file mode 100755
index 0000000..ac6645c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config.txt b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/group b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/group
new file mode 100644
index 0000000..5c3fef9
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/group b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/group
new file mode 100644
index 0000000..64cb8f1
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
+bar:x:1003:
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/gshadow b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/gshadow
new file mode 100644
index 0000000..e718821
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:!::
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
new file mode 100755
index 0000000..3597a31
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -o accepts to add a group with an already used GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group bar, GID 1003 (groupadd -g 1003 -o bar)..."
+groupadd -g 1003 -o bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config.txt b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/group b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/data/groupadd.err
new file mode 100644
index 0000000..1b0872b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: invalid group ID '1002a'
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
new file mode 100755
index 0000000..9a1d542
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is a valid numeric ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 1002a (groupadd -g 1002a foo)..."
+groupadd -g 1002a foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config.txt b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/group b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/data/groupadd.err
new file mode 100644
index 0000000..26012b6
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: invalid group ID '-1002'
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/groupadd.test b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
new file mode 100755
index 0000000..b46434c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is a valid numeric ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID -1002 (groupadd -g -1002 foo)..."
+groupadd -g -1002 foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config.txt b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/default/useradd b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/group b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/gshadow b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/passwd b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/shadow b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/data/groupadd.err b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/data/groupadd.err
new file mode 100644
index 0000000..e7ca762
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: 'foo:bar' is not a valid group name
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/groupadd.test b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
new file mode 100755
index 0000000..fab3011
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given name is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo:bar (groupadd foo:bar)..."
+groupadd foo:bar 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config.txt b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/default/useradd b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/group b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/gshadow b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/passwd b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/shadow b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/data/groupadd.err b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/data/groupadd.err
new file mode 100644
index 0000000..f2685c5
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/data/groupadd.err
@@ -0,0 +1 @@
+configuration error - unknown item 'FOO' (notify administrator)
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
new file mode 100755
index 0000000..7e28a7f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the option provided with -K is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group -K FOO=100 foo (groupadd -K FOO=100 foo)..."
+groupadd -K FOO=100 foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config.txt b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/default/useradd b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/group b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/gshadow b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/passwd b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/shadow b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/data/groupadd.err b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/data/groupadd.err
new file mode 100644
index 0000000..8661719
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: -K requires KEY=VALUE
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
new file mode 100755
index 0000000..affd681
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the option provided with -K has a value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group -K GID_MAX foo (groupadd -K GID_MAX foo)..."
+groupadd -K GID_MAX foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config.txt b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/group b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/passwd b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/shadow b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/data/groupadd.err b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/data/groupadd.err
new file mode 100644
index 0000000..be5ec5f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: group 'foo' already exists
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/groupadd.test b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/groupadd.test
new file mode 100755
index 0000000..7136dfa
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the group already exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config.txt b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/default/useradd b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/group b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/gshadow b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/login.defs b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/login.defs
new file mode 100644
index 0000000..6080471
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/login.defs
@@ -0,0 +1,315 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+SYS_GID_MIN		  500
+GID_MIN			 1000
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/passwd b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/shadow b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/group b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/group
new file mode 100644
index 0000000..b5b6ce2
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/gshadow b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
new file mode 100755
index 0000000..1d5c9a8
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a system group (GID_MIN set to 1000, and SYS_GID_MIN set to 500 in /etc/login.defs)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add system group foo (groupadd --system foo)..."
+groupadd --system foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config.txt b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/group b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/group
new file mode 100644
index 0000000..15f4c27
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/login.defs
new file mode 100644
index 0000000..9b1a3c4
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			 1001
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/data/groupadd.err
new file mode 100644
index 0000000..b3fd5c1
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: Can't get unique GID (no more available GIDs)
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
new file mode 100755
index 0000000..d4aeec4
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the a GID is still available (GID_MIN=1000, GID_MAX=1001)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config.txt b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/group b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/group
new file mode 100644
index 0000000..db0f483
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:300:
+foo2:x:301:
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/login.defs
new file mode 100644
index 0000000..7c33f41
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+SYS_GID_MIN		  300
+SYS_GID_MAX		  301
+GID_MIN			 1000
+GID_MAX			 1001
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/data/groupadd.err
new file mode 100644
index 0000000..2809cdd
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: Can't get unique system GID (no more available GIDs)
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
new file mode 100755
index 0000000..728cdbc
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the a GID is still available (GID_MIN=300, GID_MAX=301)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add system group foo (groupadd -r foo)..."
+groupadd -r foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config.txt b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/group b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/data/groupadd.err
new file mode 100644
index 0000000..2ab5ee7
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: GID '1000' already exists
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
new file mode 100755
index 0000000..c65be1b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group bar, GID 1000 (groupadd -g 1000 bar)..."
+groupadd -g 1000 bar 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config.txt b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/default/useradd b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/group b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/gshadow b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/passwd b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/shadow b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/data/groupadd.err b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/data/groupadd.err
new file mode 100644
index 0000000..686e195
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: invalid group ID '4294967295'
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
new file mode 100755
index 0000000..ce73d7f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is a valid numeric ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd -g 4294967295 foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config.txt b/tests/tests/grouptools/groupadd/22_groupadd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/default/useradd b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/group b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/gshadow b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/passwd b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/shadow b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/data/usage.out b/tests/tests/grouptools/groupadd/22_groupadd_usage/data/usage.out
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/data/usage.out
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/groupadd.test b/tests/tests/grouptools/groupadd/22_groupadd_usage/groupadd.test
new file mode 100755
index 0000000..e273408
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/groupadd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupadd usage (groupadd -h)..."
+groupadd -h >tmp/usage.out
+
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config.txt b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/default/useradd b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/group b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/gshadow b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/passwd b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/shadow b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/data/groupadd.err b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/data/groupadd.err
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/data/groupadd.err
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/groupadd.test b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/groupadd.test
new file mode 100755
index 0000000..bb38d63
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd requires the group to create"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config.txt b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/default/useradd b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/group b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/gshadow b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/passwd b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/shadow b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/data/groupadd.err b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/data/groupadd.err
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/data/groupadd.err
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/groupadd.test b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/groupadd.test
new file mode 100755
index 0000000..0f12ae2
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can only create a single group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd group1 group2 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config.txt b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/group b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/passwd b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/shadow b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/data/group b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
new file mode 100755
index 0000000..87f80fb
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group without /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config.txt b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/default/useradd b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/group b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/gshadow b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/passwd b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/shadow b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/data/groupadd.err b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/data/groupadd.err
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/data/groupadd.err
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
new file mode 100755
index 0000000..826a47a
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -o require -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd -o group1 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config.txt b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/group b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/data/groupadd.err b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/data/groupadd.err
new file mode 100644
index 0000000..d3cae91
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/data/groupadd.err
@@ -0,0 +1,15 @@
+groupadd: unrecognized option '--zzinvalid'
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/groupadd.test b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
new file mode 100755
index 0000000..c8c0e9b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd provide usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupadd with invalid options (groupadd --zzinvalid foo)..."
+groupadd --zzinvalid foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config.txt b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/group b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/passwd b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/shadow b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/group b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/gshadow b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/groupdel.test b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/groupdel.test
new file mode 100755
index 0000000..b590f9d
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/groupdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can delete a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config.txt b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/data/group b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
new file mode 100755
index 0000000..0ab4f19
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can delete a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config.txt b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/data/group b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
new file mode 100755
index 0000000..b0c0793
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can delete a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config.txt b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/group b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/passwd b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/shadow b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/data/groupdel.err b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/data/groupdel.err
new file mode 100644
index 0000000..f33297a
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/data/groupdel.err
@@ -0,0 +1 @@
+groupdel: cannot remove the primary group of user 'bar'
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
new file mode 100755
index 0000000..cab95ca
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel doesn't delete a group used as a primary group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "8"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config.txt b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/group b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/group
new file mode 100644
index 0000000..3196692
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..3a02ae8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/passwd b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/shadow b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/data/groupdel.err b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/data/groupdel.err
new file mode 100644
index 0000000..21d6add
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/data/groupdel.err
@@ -0,0 +1 @@
+groupdel: group 'foo' does not exist
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
new file mode 100755
index 0000000..76b6bfa
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel fails if the group is not valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config.txt b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/group b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/passwd b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/shadow b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/data/groupdel.err b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/data/groupdel.err
new file mode 100644
index 0000000..ed52317
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/data/groupdel.err
@@ -0,0 +1,2 @@
+groupdel: existing lock file /etc/group.lock without a PID
+groupdel: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
new file mode 100755
index 0000000..d2f54c9
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config.txt b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/data/groupdel.err b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/data/groupdel.err
new file mode 100644
index 0000000..66f2eaf
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/data/groupdel.err
@@ -0,0 +1,2 @@
+groupdel: existing lock file /etc/gshadow.lock without a PID
+groupdel: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
new file mode 100755
index 0000000..ea7a4cc
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config.txt b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/default/useradd b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/group b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/group
new file mode 100644
index 0000000..3196692
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/gshadow b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/gshadow
new file mode 100644
index 0000000..3a02ae8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/login.defs b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/passwd b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/shadow b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/data/groupdel.err b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/data/groupdel.err
new file mode 100644
index 0000000..e1d7f41
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/data/groupdel.err
@@ -0,0 +1,6 @@
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
new file mode 100755
index 0000000..2cdc0d5
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel checks if a group is provided in parameter"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete a group (groupdel)..."
+groupdel 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config.txt b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/default/useradd b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/group b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/group
new file mode 100644
index 0000000..3196692
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/gshadow b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/gshadow
new file mode 100644
index 0000000..3a02ae8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/login.defs b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/passwd b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/shadow b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/data/groupdel.err b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/data/groupdel.err
new file mode 100644
index 0000000..e1d7f41
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/data/groupdel.err
@@ -0,0 +1,6 @@
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
new file mode 100755
index 0000000..d833deb
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel does not delete two groups at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete two groups (groupdel foo bar)..."
+groupdel foo bar 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config.txt b/tests/tests/grouptools/groupdel/10_groupdel_usage/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/default/useradd b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/group b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/gshadow b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/login.defs b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/passwd b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/shadow b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/data/usage.out b/tests/tests/grouptools/groupdel/10_groupdel_usage/data/usage.out
new file mode 100644
index 0000000..e1d7f41
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/groupdel.test b/tests/tests/grouptools/groupdel/10_groupdel_usage/groupdel.test
new file mode 100755
index 0000000..4a696a1
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/groupdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupdel usage message (groupdel --help)..."
+groupdel --help >tmp/usage.out
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usage.out tmp/usage.out
+echo "error message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config.txt b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/default/useradd b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/group b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/login.defs b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/data/groupdel.err b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/data/groupdel.err
new file mode 100644
index 0000000..7502ba5
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/data/groupdel.err
@@ -0,0 +1,7 @@
+groupdel: invalid option -- 'Z'
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/groupdel.test b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
new file mode 100755
index 0000000..8072a4f
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel displays its usage message when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupdel with an invalid option (groupdel -Z foo)..."
+groupdel -Z foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config.txt b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/group b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/passwd b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/shadow b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/group b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/gshadow b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/gshadow
new file mode 100644
index 0000000..563a8ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/groupmems.test b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
new file mode 100755
index 0000000..74c7420
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user utest1 to group gtest1..."
+groupmems -a utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config.txt b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/group b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/gshadow
new file mode 100644
index 0000000..563a8ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/passwd b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/shadow b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/group b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/gshadow b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/groupmems.test b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
new file mode 100755
index 0000000..fca4fdb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config.txt b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/group b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/gshadow
new file mode 100644
index 0000000..a559a9a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:utest1:
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/group b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/gshadow b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
new file mode 100755
index 0000000..6e5de89
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group (only admin in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config.txt b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/group b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/gshadow
new file mode 100644
index 0000000..793955f
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:utest1:utest1
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/passwd b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/shadow b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/group b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/gshadow b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
new file mode 100755
index 0000000..e4d9d07
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group (both from the admins and members in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..fbc5ea6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..63f3a76
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/group
new file mode 100644
index 0000000..f4d05d0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..567fc66
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..3fbfac2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can add an user to a group with multipleusers (even admins according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user utest1 to group gtest1..."
+groupmems -a utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..ce188f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..27eb919
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..6080f7c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..e6f9902
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..74c7420
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user utest1 to group gtest1..."
+groupmems -a utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..f1b2832
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1,sasl
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..567fc66
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/group
new file mode 100644
index 0000000..fbc5ea6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..63f3a76
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..8c1576b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group with multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..9c4e2c0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:tape,utest1,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..b5e0c75
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,utest1,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..2e57cf6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:tape,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..411f209
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..d340e3d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group with multiple users (even admins according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config.txt b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/group b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/gshadow
new file mode 100644
index 0000000..563a8ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/passwd b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/shadow b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/group b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/gshadow b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
new file mode 100755
index 0000000..c8cf32d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can purge all users from a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Purge group gtest1..."
+groupmems -p -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..8d6f75b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..ea0fc85
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..9728b15
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can purge all users from a group (multiple users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Purge group gtest1..."
+groupmems -p -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..8d6f75b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..3677f64
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:plugdev,daemon,backup:utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..3bc1068
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can purge all users from a group (multiple users and admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Purge group gtest1..."
+groupmems -p -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config.txt b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/group b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/passwd b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/shadow b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/group b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/gshadow b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/groupmems.test b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
new file mode 100755
index 0000000..fc9360b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config.txt b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/group b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/passwd b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/shadow b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/group b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/gshadow b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/groupmems.test b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
new file mode 100755
index 0000000..6edd279
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config.txt b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/group b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/gshadow
new file mode 100644
index 0000000..7bc44c5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:utest1:
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/group b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/gshadow b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
new file mode 100755
index 0000000..38d0dcd
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group (only member according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config.txt b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/group b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/gshadow
new file mode 100644
index 0000000..c824f7b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:utest1:utest1
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/passwd b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/shadow b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/group b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/gshadow b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
new file mode 100755
index 0000000..9377a02
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group (both gshadow members and admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..f1718b3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..e4953ce
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/group
new file mode 100644
index 0000000..b79c5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..b5681f7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..39acbdb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group with multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..d28c3ef
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..a8221cb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..9ab6baf
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..599f28b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..7b63ddc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group with multiple users (even gshadow admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..dfa09d4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,sasl
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..b5681f7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/group
new file mode 100644
index 0000000..f1718b3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..e4953ce
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..9bd46b6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can remove an user from a group with multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..5ebdeca
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:tape,utest1,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..934d2af
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,utest1,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..406d078
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:tape,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..8fe2213
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..68ebb2f
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can remove an user from a group with multiple users (even gshadow admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config.txt b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/group b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/passwd b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/shadow b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/group b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/gshadow b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
new file mode 100755
index 0000000..2398841
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..d0009e5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..dfce137
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..e63fc92
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users when multiple users were already in the group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..d0009e5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..2f63428
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:plugdev,daemon,backup:utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..bbcd7d6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users when multiple users were already in the group (even gshadow admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config.txt b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/group b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/group
new file mode 100644
index 0000000..0b80d30
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/gshadow b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/gshadow
new file mode 100644
index 0000000..750ecea
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/passwd b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/shadow b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
new file mode 100755
index 0000000..f287ade
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) fails for users not in the groups group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/run_groupmems.exp b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/run_groupmems.exp
new file mode 100755
index 0000000..084bb12
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/run_groupmems.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "groupmems: Permission denied"
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "126\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config.txt b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/group b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
new file mode 100755
index 0000000..3a78eff
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if a regular user tries to change (-a) another group with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/run_groupmems.exp
new file mode 100755
index 0000000..ac12a16
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1 -g gmyuser\r"		;#
+expect "groupmems: only root can use the -g/--group option"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "3\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config.txt b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/group b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/passwd b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/passwd
new file mode 100644
index 0000000..9e07aa1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424243::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/shadow b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
new file mode 100755
index 0000000..2a65f7b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if the name of the user's primary group differ from the user's name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/run_groupmems.exp
new file mode 100755
index 0000000..3de3fab
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424243(gmyuser) groups=424243(gmyuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424243(gmyuser) groups=424243(gmyuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "groupmems: your groupname does not match your username"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "5\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config.txt b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/group b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/gshadow b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/passwd b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/shadow b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
new file mode 100755
index 0000000..d2b3383
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if the user is already a member of the group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/run_groupmems.exp b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/run_groupmems.exp
new file mode 100755
index 0000000..a7442aa
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: user 'utest1' is already a member of 'myuser'"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "7\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config.txt b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/group b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/passwd b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/shadow b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
new file mode 100755
index 0000000..1a5666a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if the user is already a member of the group (even if it is not according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/run_groupmems.exp
new file mode 100755
index 0000000..a7442aa
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: user 'utest1' is already a member of 'myuser'"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "7\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config.txt b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/group b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/data/group b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/data/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
new file mode 100755
index 0000000..23b224a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems adds the user if it does not exist in group (but exists in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/run_groupmems.exp b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/run_groupmems.exp
new file mode 100755
index 0000000..4c40ef1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/run_groupmems.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config.txt b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/group b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/gshadow b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/passwd b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/shadow b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
new file mode 100755
index 0000000..201bb9a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails when the user to be added does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/run_groupmems.exp b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/run_groupmems.exp
new file mode 100755
index 0000000..6864f5c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest2\r"		;#
+expect "groupmems: user 'utest2' does not exist"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "8\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config.txt b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..9ceded0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/group b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/group
new file mode 100644
index 0000000..6249a8a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin,utest1
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..3748fc5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl,root,bin,utest1
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
new file mode 100755
index 0000000..783876a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group, and creates the gshadow entry if it did not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config.txt b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..9ceded0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/data/group b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/data/group
new file mode 100644
index 0000000..6249a8a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin,utest1
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
new file mode 100755
index 0000000..31983b6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group, even if the gshadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/run_groupmems.exp b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config.txt b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/group b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/group
new file mode 100644
index 0000000..248e7b7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:bin,daemon
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/gshadow b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/gshadow
new file mode 100644
index 0000000..d2f4c7b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:bin,daemon:
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/passwd b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/shadow b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
new file mode 100755
index 0000000..243d830
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems -d fails if the user is not a member of the group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/run_groupmems.exp b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/run_groupmems.exp
new file mode 100755
index 0000000..bc66529
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: user 'utest1' is not a member of 'myuser'"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "6\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config.txt b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/group b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/group
new file mode 100644
index 0000000..2ef69bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,utest1,bin
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..eefaca8
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:daemon:bin
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/data/group b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/data/group
new file mode 100644
index 0000000..d1fae98
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,bin
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
new file mode 100755
index 0000000..b42c8f7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems removes the user if it exists in group (but does not exist in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/run_groupmems.exp b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/run_groupmems.exp
new file mode 100755
index 0000000..7c6de70
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/run_groupmems.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config.txt b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/group b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/group
new file mode 100644
index 0000000..0a4716b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,utest2
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/gshadow b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/gshadow
new file mode 100644
index 0000000..0a1cb18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:utest2:utest1
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/passwd b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/shadow b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/group b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/gshadow b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
new file mode 100755
index 0000000..da1ebc5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems accepts to remove the user if this user does not (no more) exist)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/run_groupmems.exp b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/run_groupmems.exp
new file mode 100755
index 0000000..8c18c94
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/run_groupmems.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest2\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config.txt b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..0f4bff9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,utest1,utest2,bin
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/group b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/group
new file mode 100644
index 0000000..497eed7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,utest2,bin
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..487ecb3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::daemon,utest2,bin
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
new file mode 100755
index 0000000..43f2e5d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems -d will copy the group entry to gshadow if there were no entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config.txt b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/data/group b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
new file mode 100755
index 0000000..22a83e5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group if there are no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/run_groupmems.exp b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config.txt b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/group b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/gshadow
new file mode 100644
index 0000000..288d6c3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::<
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/passwd b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/shadow b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/data/gshadow b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
new file mode 100755
index 0000000..d97b904
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users even if the group is empty"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config.txt b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/group b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
new file mode 100755
index 0000000..f9d58f6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users even if there are no gshadow group (and a gshadow group is created)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config.txt b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/data/group b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
new file mode 100755
index 0000000..e6e8e9c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users, even if there are no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/run_groupmems.exp b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config.txt b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/group b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
new file mode 100755
index 0000000..a2976d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if a regular user tries to change (-d) another group with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/run_groupmems.exp
new file mode 100755
index 0000000..0c57633
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1 -g gmyuser\r"		;#
+expect "groupmems: only root can use the -g/--group option"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "3\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config.txt b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/group b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
new file mode 100755
index 0000000..f70f12a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if a regular user tries to change (-p) another group with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/run_groupmems.exp
new file mode 100755
index 0000000..39cd9f8
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p -g gmyuser\r"		;#
+expect "groupmems: only root can use the -g/--group option"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "3\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config.txt b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/group b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/gshadow
new file mode 100644
index 0000000..02b9401
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/passwd b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/shadow b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/groupmems.test b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
new file mode 100755
index 0000000..cb6bff4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config.txt b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/group b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/gshadow b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/gshadow
new file mode 100644
index 0000000..74f0e82
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:nouser,root:
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/passwd b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/shadow b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
new file mode 100755
index 0000000..9d2388b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group, and gshadow is not taken into account"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/run_groupmems.exp b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config.txt b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/group b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/passwd b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/shadow b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
new file mode 100755
index 0000000..33e4fc4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of another group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/run_groupmems.exp
new file mode 100755
index 0000000..43c335c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l -g gtest1\r"		;#
+expect -re "\nutest1  bin  utmp \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config.txt b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..02b9401
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
new file mode 100755
index 0000000..58f09cd
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group, even if group is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..02b9401
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..a01a10e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group, even if gshadow is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config.txt b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
new file mode 100755
index 0000000..302b689
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-a) fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..8d5e55e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/group; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..38ac7a2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-a) fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..ba0ae56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/gshadow; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config.txt b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
new file mode 100755
index 0000000..cfb8699
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-d) fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..d28b18c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/group; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..c2b5626
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-d) fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..bf66b10
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/gshadow; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config.txt b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
new file mode 100755
index 0000000..75272b3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-p) fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..8f47464
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/group; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..ecff63f
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-p) fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..3913f7a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/gshadow; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config.txt b/tests/tests/grouptools/groupmems/53_groupmems_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/group b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/gshadow b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/passwd b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/shadow b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/data/usage.out b/tests/tests/grouptools/groupmems/53_groupmems_usage/data/usage.out
new file mode 100644
index 0000000..584313c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/data/usage.out
@@ -0,0 +1,13 @@
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/groupmems.test b/tests/tests/grouptools/groupmems/53_groupmems_usage/groupmems.test
new file mode 100755
index 0000000..7b3784a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/groupmems.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupmems usage (groupmems -h)..."
+groupmems -h >tmp/usage.out
+
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config.txt b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/group b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/login.defs b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/data/groupmems.err b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/data/groupmems.err
new file mode 100644
index 0000000..a6ac1f6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/data/groupmems.err
@@ -0,0 +1,14 @@
+groupmems: invalid option -- 'Z'
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
new file mode 100755
index 0000000..d0e1fa7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems reports usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmems with an invalid option (groupmems -Z bar -g 1000 foo)..."
+groupmems -Z bar -g 1000 -a foo 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config.txt b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/group b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/gshadow b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/login.defs b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/passwd b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/shadow b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/data/groupmems.err b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/data/groupmems.err
new file mode 100644
index 0000000..584313c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/data/groupmems.err
@@ -0,0 +1,13 @@
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
new file mode 100755
index 0000000..4b82e0d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems reports usage if the -a and -d options are used at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmems with the -a and -d options (groupmems -a root -d nobody -g foo)..."
+groupmems -a root -d nobody -g foo 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config.txt b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/group b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/gshadow b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/login.defs b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/passwd b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/shadow b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/data/groupmems.err b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/data/groupmems.err
new file mode 100644
index 0000000..584313c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/data/groupmems.err
@@ -0,0 +1,13 @@
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
new file mode 100755
index 0000000..bdd0632
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems reports usage if extra arguments are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmems with an extra argument (groupmems -a root -g foo foo)..."
+groupmems -a root -g foo foo 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config.txt b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/group b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/gshadow b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-account b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-auth b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..2b65f34
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/groupmems
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+@include common-auth
+@include common-account
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/passwd b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/shadow b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/group b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/group
new file mode 100644
index 0000000..7214940
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon,nobody
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/gshadow b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/gshadow
new file mode 100644
index 0000000..b79987c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon,nobody
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/groupmems.test b/tests/tests/grouptools/groupmems/57_groupmems_authentication/groupmems.test
new file mode 100755
index 0000000..4abad1b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticate the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/run_groupmems.exp b/tests/tests/grouptools/groupmems/57_groupmems_authentication/run_groupmems.exp
new file mode 100755
index 0000000..5689cd5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/run_groupmems.exp
@@ -0,0 +1,43 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config.txt b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/group b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/gshadow b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-account b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-auth b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..2b65f34
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/groupmems
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+@include common-auth
+@include common-account
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/passwd b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/shadow b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
new file mode 100755
index 0000000..bf741c9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticates the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/run_groupmems.exp b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/run_groupmems.exp
new file mode 100755
index 0000000..b42b92e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/run_groupmems.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect
+
+set timeout 3
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect "Password: "
+send "!myuserF00barbaz\r"
+expect -re "groupmems: PAM: Authentication failure\r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "1\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config.txt b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/group b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/gshadow b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-account b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-account
new file mode 100644
index 0000000..c175a14
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-account
@@ -0,0 +1 @@
+account	requisite			pam_deny.so
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-auth b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..2b65f34
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/groupmems
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+@include common-auth
+@include common-account
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/passwd b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/shadow b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
new file mode 100755
index 0000000..bf741c9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticates the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/run_groupmems.exp b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/run_groupmems.exp
new file mode 100755
index 0000000..0da4b22
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/run_groupmems.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect
+
+set timeout 3
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect -re "groupmems: PAM: Authentication failure\r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "1\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config.txt b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/group b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/gshadow b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/groupmems
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/other b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/other
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/other
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/passwd b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/shadow b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
new file mode 100755
index 0000000..fb5129d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticates the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove PAM configuration (/etc/pam.d/other /etc/pam.d/groupmems)..."
+rm -f /etc/pam.d/other /etc/pam.d/groupmems
+echo "OK"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/run_groupmems.exp b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/run_groupmems.exp
new file mode 100755
index 0000000..76c1b76
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 3
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect -re "groupmems: PAM: Critical error . immediate abort"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "1\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config.txt b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/default/useradd b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/group b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/gshadow b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/login.defs b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/passwd b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/shadow b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/data/group b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/groupmod.test b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/groupmod.test
new file mode 100755
index 0000000..5c32e0b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config.txt b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/group b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/group b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/passwd b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/passwd
new file mode 100644
index 0000000..9fd396a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
new file mode 100755
index 0000000..f92fc52
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod changes the primary group of users when it changes the GID of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/data/group b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..4b327c5
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group (no gshadow group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config.txt b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/data/group b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
new file mode 100755
index 0000000..6ba1e5e
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config.txt b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/group b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/data/group b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/data/group
new file mode 100644
index 0000000..2c24807
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
new file mode 100755
index 0000000..51f92a7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group to an already used GID, with -o"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 -o foo)..."
+groupmod -g 1001 -o foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config.txt b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/group b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/passwd b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/shadow b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/group b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/gshadow b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/groupmod.test b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
new file mode 100755
index 0000000..cb567a8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/data/group b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..65391ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group (no gshadow group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config.txt b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/data/group b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
new file mode 100755
index 0000000..dee0d5b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config.txt b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/default/useradd b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/group b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/gshadow b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/login.defs b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/passwd b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/shadow b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/data/gshadow b/tests/tests/grouptools/groupmod/09_groupmod_set_password/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/groupmod.test b/tests/tests/grouptools/groupmod/09_groupmod_set_password/groupmod.test
new file mode 100755
index 0000000..dd2b400
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..01a7d46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config.txt b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..7c2b4e8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:oldpass:1000:
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/data/group b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
new file mode 100755
index 0000000..44597ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config.txt b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/group b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/passwd b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/shadow b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/data/groupmod.err b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/data/groupmod.err
new file mode 100644
index 0000000..35720f8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: group 'bar' does not exist
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
new file mode 100755
index 0000000..4c7f477
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the group exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to 1001 (groupmod -g 1001 bar)..."
+groupmod -g 1001 bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config.txt b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/group b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/data/groupmod.err b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/data/groupmod.err
new file mode 100644
index 0000000..796f655
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: GID '1001' already exists
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
new file mode 100755
index 0000000..9ce5bfe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the new GID is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config.txt b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/group b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/passwd b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/shadow b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/data/groupmod.err b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/data/groupmod.err
new file mode 100644
index 0000000..97ea6f6
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: group 'bar' already exists
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
new file mode 100755
index 0000000..1245a9d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the new group name is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod --new-name bar foo)..."
+groupmod --new-name bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config.txt b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/group b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/passwd b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/shadow b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/data/groupmod.err b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/data/groupmod.err
new file mode 100644
index 0000000..1a0e537
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group name 'to:to'
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
new file mode 100755
index 0000000..f326d1d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the new group name is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to to:to (groupmod --new-name to:to foo)..."
+groupmod --new-name to:to foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config.txt b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/default/useradd b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/group b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/gshadow b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/login.defs b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/passwd b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/shadow b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
new file mode 100755
index 0000000..f9a3519
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can rename a group to its name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to foo (groupmod -n foo foo)..."
+groupmod -n foo foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config.txt b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/group b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/passwd b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/shadow b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/data/groupmod.err b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/data/groupmod.err
new file mode 100644
index 0000000..e399ec7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/data/groupmod.err
@@ -0,0 +1,2 @@
+groupmod: existing lock file /etc/group.lock without a PID
+groupmod: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
new file mode 100755
index 0000000..21a0a1b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config.txt b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/data/group b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
new file mode 100755
index 0000000..60b4c4f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the gshadow file is locked only if gshadow is changed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/gshadow.lock
+echo "done"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config.txt b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/group b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/data/groupmod.err b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/data/groupmod.err
new file mode 100644
index 0000000..c8745ef
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group ID '1001a'
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
new file mode 100755
index 0000000..d3ae0a1
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the specified GID is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to 1001a (groupmod -g 1001a bar)..."
+groupmod -g 1001a bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config.txt b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/group b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/data/groupmod.err b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/data/groupmod.err
new file mode 100644
index 0000000..824372f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group ID '-1001'
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
new file mode 100755
index 0000000..cc583b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the specified GID is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to -1001 (groupmod -g -1001 bar)..."
+groupmod -g -1001 bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config.txt b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/group b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/passwd b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/shadow b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/data/groupmod.err b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/data/groupmod.err
new file mode 100644
index 0000000..c9b28d7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/data/groupmod.err
@@ -0,0 +1,11 @@
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
new file mode 100755
index 0000000..bcfbb64
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks a group parameter was given"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change GID to 1001 (groupmod -g 1001)..."
+groupmod -g 1001 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/group b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/passwd b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/shadow b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/group b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/gshadow b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
new file mode 100755
index 0000000..612ac24
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group and the group's name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID and name of foo to 1001/foo2 (groupmod -g 1001 -n foo2 foo)..."
+groupmod -g 1001 -n foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/group b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/gshadow b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/login.defs b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/passwd b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/shadow b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/group b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/group
new file mode 100644
index 0000000..e898b8d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo3:x:1001:
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/gshadow b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/gshadow
new file mode 100644
index 0000000..3c65dec
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo3:toto::
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/passwd b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/passwd
new file mode 100644
index 0000000..9fd396a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
new file mode 100755
index 0000000..5f1c0f8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID, the name, and the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID, name and password of foo (groupmod -n foo3 -g 1001 -p toto foo)..."
+groupmod -n foo3 -g 1001 -p toto foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/data/groupmod.err b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/data/groupmod.err
new file mode 100644
index 0000000..3b3400f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/data/groupmod.err
@@ -0,0 +1,2 @@
+groupmod: existing lock file /etc/gshadow.lock without a PID
+groupmod: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
new file mode 100755
index 0000000..a07c6a1
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change GID and name of foo to 1001 (groupmod -g 1001 -n bar foo)..."
+groupmod -g 1001 -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/group b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/gshadow b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/login.defs b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/passwd b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/shadow b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/data/groupmod.err b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/data/groupmod.err
new file mode 100644
index 0000000..5d391a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/data/groupmod.err
@@ -0,0 +1,2 @@
+groupmod: existing lock file /etc/passwd.lock without a PID
+groupmod: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
new file mode 100755
index 0000000..b56d14c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/group b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/gshadow b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/login.defs b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/passwd b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/shadow b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/group b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/gshadow b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
new file mode 100755
index 0000000..d0831fd
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the passwd file is locked only if passwd is changed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change name of foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/passwd.lock
+echo "done"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config.txt b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/default/useradd b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/group b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/gshadow b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/login.defs b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/passwd b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/shadow b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/data/groupmod.err b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/data/groupmod.err
new file mode 100644
index 0000000..70d741a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group ID '4294967295'
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
new file mode 100755
index 0000000..6dc895f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the specified GID is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to 4294967295 (groupmod -g 4294967295 bar)..."
+groupmod -g 4294967295 bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config.txt b/tests/tests/grouptools/groupmod/28_groupmod_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/default/useradd b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/group b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/gshadow b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/passwd b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/shadow b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/data/usage.out b/tests/tests/grouptools/groupmod/28_groupmod_usage/data/usage.out
new file mode 100644
index 0000000..c9b28d7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/data/usage.out
@@ -0,0 +1,11 @@
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/groupmod.test b/tests/tests/grouptools/groupmod/28_groupmod_usage/groupmod.test
new file mode 100755
index 0000000..29fe545
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/groupmod.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupmod usage (groupmod -h)..."
+groupmod -h >tmp/usage.out
+
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config.txt b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/group b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/passwd b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/shadow b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/group b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/gshadow b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
new file mode 100755
index 0000000..f899420
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group and keep the same gid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar and keep the same gid (groupmod -n bar -g 1000 foo)..."
+groupmod -n bar -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config.txt b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/group b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/passwd b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/shadow b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
new file mode 100755
index 0000000..976476c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can keep the name and gid for a group and does not complain"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar and keep the same gid (groupmod -n foo -g 1000 foo)..."
+groupmod -n foo -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config.txt b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/default/useradd b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/group b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/gshadow b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/login.defs b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/passwd b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/shadow b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
new file mode 100755
index 0000000..95262ef
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod keeps the same gid and does not complain if there are no other changes"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Keep the same gid and no other changes (groupmod -g 1000 foo)..."
+groupmod -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config.txt b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/default/useradd b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/group b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/gshadow b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/passwd b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/shadow b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/data/groupmod.err b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/data/groupmod.err
new file mode 100644
index 0000000..c9b28d7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/data/groupmod.err
@@ -0,0 +1,11 @@
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
new file mode 100755
index 0000000..13d13ee
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod -o requires -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "groupmod -o -n bar foo..."
+groupmod -o -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config.txt b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/default/useradd b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/group b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/gshadow b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/login.defs b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/passwd b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/shadow b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/data/group b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
new file mode 100755
index 0000000..44597ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config.txt b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/default/useradd b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/group b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/group
new file mode 100644
index 0000000..7c2b4e8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:oldpass:1000:
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/gshadow b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/login.defs b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/passwd b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/shadow b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/group b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/gshadow b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
new file mode 100755
index 0000000..a765f4d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change password of foo (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..7c2b4e8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:oldpass:1000:
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/data/group b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..1e2303c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change password of foo (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..c2a0b6b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change password of foo (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config.txt b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/group b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/login.defs b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/data/groupmod.err b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/data/groupmod.err
new file mode 100644
index 0000000..6bec2e0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/data/groupmod.err
@@ -0,0 +1,12 @@
+groupmod: invalid option -- 'Z'
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/groupmod.test b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
new file mode 100755
index 0000000..23c394f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmod with an invalid option (groupmod -Z bar -g 1000 foo)..."
+groupmod -Z bar -g 1000 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/01_list_ranges/config.txt b/tests/tests/libsubid/01_list_ranges/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/config.txt
diff --git a/tests/tests/libsubid/01_list_ranges/config/etc/subgid b/tests/tests/libsubid/01_list_ranges/config/etc/subgid
new file mode 100644
index 0000000..b9495cf
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/01_list_ranges/config/etc/subuid b/tests/tests/libsubid/01_list_ranges/config/etc/subuid
new file mode 100644
index 0000000..e5c537b
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/config/etc/subuid
@@ -0,0 +1,3 @@
+foo:300000:10000
+foo:400000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/01_list_ranges/list_ranges.test b/tests/tests/libsubid/01_list_ranges/list_ranges.test
new file mode 100755
index 0000000..37af125
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/list_ranges.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "list_ranges shows subid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "list foo's ranges..."
+${build_path}/src/getsubids foo > /tmp/subuidlistout
+${build_path}/src/getsubids -g foo > /tmp/subgidlistout
+echo "OK"
+
+echo -n "Check the subuid ranges..."
+[ $(wc -l /tmp/subuidlistout | awk '{ print $1 }') -eq 2 ]
+grep "0: foo 300000 10000" /tmp/subuidlistout
+grep "1: foo 400000 10000" /tmp/subuidlistout
+echo "OK"
+
+echo -n "Check the subgid ranges..."
+[ $(wc -l /tmp/subgidlistout | awk '{ print $1 }') -eq 1 ]
+grep "0: foo 200000 10000" /tmp/subgidlistout
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/02_get_subid_owners/config.txt b/tests/tests/libsubid/02_get_subid_owners/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config.txt
diff --git a/tests/tests/libsubid/02_get_subid_owners/config/etc/passwd b/tests/tests/libsubid/02_get_subid_owners/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/libsubid/02_get_subid_owners/config/etc/subgid b/tests/tests/libsubid/02_get_subid_owners/config/etc/subgid
new file mode 100644
index 0000000..b9495cf
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/02_get_subid_owners/config/etc/subuid b/tests/tests/libsubid/02_get_subid_owners/config/etc/subuid
new file mode 100644
index 0000000..dd11875
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config/etc/subuid
@@ -0,0 +1,4 @@
+foo:300000:10000
+foo:400000:10000
+foo:500000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/02_get_subid_owners/get_subid_owners.test b/tests/tests/libsubid/02_get_subid_owners/get_subid_owners.test
new file mode 100755
index 0000000..145477c
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/get_subid_owners.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "get subid owners"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Noone owns 0 as a subid..."
+[ -z "$(${build_path}/src/get_subid_owners 0)" ]
+echo "OK"
+
+echo -n "foo owns subuid 300000..."
+[ "$(${build_path}/src/get_subid_owners 300000)" = "1000" ]
+echo "OK"
+
+echo -n "foo owns subgid 200000..."
+[ "$(${build_path}/src/get_subid_owners -g 200000)" = "1000" ]
+echo "OK"
+
+echo -n "Noone owns subuid 200000..."
+[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
+echo "OK"
+
+echo -n "Noone owns subgid 300000..."
+[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
+echo "OK"
+
+echo -n "Both foo and root own subuid 500000..."
+cat > /tmp/expected << EOF
+1000
+0
+EOF
+${build_path}/src/get_subid_owners 500000 > /tmp/actual
+diff /tmp/expected /tmp/actual
+
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/03_add_remove/add_remove_subids.test b/tests/tests/libsubid/03_add_remove/add_remove_subids.test
new file mode 100755
index 0000000..a24a975
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/add_remove_subids.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "add and remove subid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Existing ranges returned when possible..."
+res=$(${build_path}/src/new_subid_range foo 500)
+echo "debug"
+echo "res is $res"
+echo "wanted Subuid range 300000:10000"
+echo "end debug"
+[ "$res" = "Subuid range 300000:10000" ]
+[ $(grep -c foo /etc/subuid) -eq 1 ]
+echo "OK"
+
+echo -n "New range returned if requested..."
+res=$(${build_path}/src/new_subid_range foo 500 -n)
+[ "$res" = "Subuid range 310000:500" ]
+[ $(grep -c foo /etc/subuid) -eq 2 ]
+echo "OK"
+
+echo -n "Free works..."
+res=$(${build_path}/src/free_subid_range foo 310000 500)
+[ $(grep -c foo /etc/subuid) -eq 1 ]
+echo "OK"
+
+echo -n "Subgids work too..."
+res=$(${build_path}/src/new_subid_range -g foo 100000)
+echo "DEBUG: res is ${res}"
+[ "$res" = "Subuid range 501000:100000" ]
+echo "DEBUG: subgid is:"
+cat /etc/subgid
+[ $(grep -c foo /etc/subgid) -eq 2 ]
+
+echo -n "Subgid free works..."
+res=$(${build_path}/src/free_subid_range -g foo 501000 100000)
+echo "DEBUG: res is ${res}"
+echo "DEBUG: subgid is:"
+cat /etc/subgid
+[ $(grep -c foo /etc/subgid) -eq 1 ]
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/03_add_remove/config.txt b/tests/tests/libsubid/03_add_remove/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config.txt
diff --git a/tests/tests/libsubid/03_add_remove/config/etc/passwd b/tests/tests/libsubid/03_add_remove/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/libsubid/03_add_remove/config/etc/subgid b/tests/tests/libsubid/03_add_remove/config/etc/subgid
new file mode 100644
index 0000000..b9495cf
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/03_add_remove/config/etc/subuid b/tests/tests/libsubid/03_add_remove/config/etc/subuid
new file mode 100644
index 0000000..cf80c2f
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config/etc/subuid
@@ -0,0 +1 @@
+foo:300000:10000
diff --git a/tests/tests/libsubid/04_nss/Makefile b/tests/tests/libsubid/04_nss/Makefile
new file mode 100644
index 0000000..dd5acf7
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/Makefile
@@ -0,0 +1,12 @@
+all: test_nss libsubid_zzz.so
+
+test_nss: test_nss.c ../../../lib/nss.c
+	gcc -c -I../../../lib/ -I../../.. -o test_nss.o test_nss.c
+	gcc -o test_nss test_nss.o ../../../lib/.libs/libshadow.a -ldl
+
+libsubid_zzz.so: libsubid_zzz.c
+	gcc -c -I../../../lib/ -I../../.. -I../../../libsubid libsubid_zzz.c
+	gcc -L../../../libsubid -shared -o libsubid_zzz.so libsubid_zzz.o ../../../lib/.libs/libshadow.a -ldl
+
+clean:
+	rm -f *.o *.so test_nss
diff --git a/tests/tests/libsubid/04_nss/empty b/tests/tests/libsubid/04_nss/empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/empty
diff --git a/tests/tests/libsubid/04_nss/libsubid_zzz.c b/tests/tests/libsubid/04_nss/libsubid_zzz.c
new file mode 100644
index 0000000..1a9de23
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/libsubid_zzz.c
@@ -0,0 +1,140 @@
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <subid.h>
+#include <string.h>
+#include "alloc.h"
+
+enum subid_status shadow_subid_has_any_range(const char *owner, enum subid_type t, bool *result)
+{
+	if (strcmp(owner, "ubuntu") == 0) {
+		*result = true;
+		return SUBID_STATUS_SUCCESS;
+	}
+	if (strcmp(owner, "error") == 0) {
+		*result = false;
+		return SUBID_STATUS_ERROR;
+	}
+	if (strcmp(owner, "unknown") == 0) {
+		*result = false;
+		return SUBID_STATUS_UNKNOWN_USER;
+	}
+	if (strcmp(owner, "conn") == 0) {
+		*result = false;
+		return SUBID_STATUS_ERROR_CONN;
+	}
+	if (t == ID_TYPE_UID) {
+		*result = strcmp(owner, "user1") == 0;
+		return SUBID_STATUS_SUCCESS;
+	}
+
+	*result = strcmp(owner, "group1") == 0;
+	return SUBID_STATUS_SUCCESS;
+}
+
+enum subid_status shadow_subid_has_range(const char *owner, unsigned long start, unsigned long count, enum subid_type t, bool *result)
+{
+	if (strcmp(owner, "ubuntu") == 0 &&
+	    start >= 200000 &&
+	    count <= 100000) {
+		*result = true;
+		return SUBID_STATUS_SUCCESS;
+	}
+	*result = false;
+	if (strcmp(owner, "error") == 0)
+		return SUBID_STATUS_ERROR;
+	if (strcmp(owner, "unknown") == 0)
+		return SUBID_STATUS_UNKNOWN_USER;
+	if (strcmp(owner, "conn") == 0)
+		return SUBID_STATUS_ERROR_CONN;
+
+	if (t == ID_TYPE_UID && strcmp(owner, "user1") != 0)
+		return SUBID_STATUS_SUCCESS;
+	if (t == ID_TYPE_GID && strcmp(owner, "group1") != 0)
+		return SUBID_STATUS_SUCCESS;
+
+	if (start < 100000)
+		return SUBID_STATUS_SUCCESS;
+	if (count >= 65536)
+		return SUBID_STATUS_SUCCESS;
+	*result = true;
+	return SUBID_STATUS_SUCCESS;
+}
+
+// So if 'user1' or 'ubuntu' is defined in passwd, we'll return those values,
+// to ease manual testing.  For automated testing, if you return those values,
+// we'll return 1000 for ubuntu and 1001 otherwise.
+static uid_t getnamuid(const char *name) {
+	struct passwd *pw;
+
+	pw = getpwnam(name);
+	if (pw)
+		return pw->pw_uid;
+
+	// For testing purposes
+	return strcmp(name, "ubuntu") == 0 ? (uid_t)1000 : (uid_t)1001;
+}
+
+static int alloc_uid(uid_t **uids, uid_t id) {
+	*uids = MALLOC(1, uid_t);
+	if (!*uids)
+		return -1;
+	*uids[0] = id;
+	return 1;
+}
+
+enum subid_status shadow_subid_find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids, int *count)
+{
+	if (id >= 100000 && id < 165536) {
+		*count = alloc_uid(uids, getnamuid("user1"));
+		if (*count == 1)
+			return SUBID_STATUS_SUCCESS;
+		return SUBID_STATUS_ERROR; // out of memory
+	}
+	if (id >= 200000 && id < 300000) {
+		*count = alloc_uid(uids, getnamuid("ubuntu"));
+		if (*count == 1)
+			return SUBID_STATUS_SUCCESS;
+		return SUBID_STATUS_ERROR; // out of memory
+	}
+	*count = 0; // nothing found
+	return SUBID_STATUS_SUCCESS;
+}
+
+enum subid_status shadow_subid_list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **in_ranges, int *count)
+{
+	struct subid_range *ranges;
+
+	*count = 0;
+	if (strcmp(owner, "error") == 0)
+		return SUBID_STATUS_ERROR;
+	if (strcmp(owner, "unknown") == 0)
+		return SUBID_STATUS_UNKNOWN_USER;
+	if (strcmp(owner, "conn") == 0)
+		return SUBID_STATUS_ERROR_CONN;
+
+	*in_ranges = NULL;
+	if (strcmp(owner, "user1") != 0 && strcmp(owner, "ubuntu") != 0 &&
+	    strcmp(owner, "group1") != 0)
+		return SUBID_STATUS_SUCCESS;
+	if (id_type == ID_TYPE_GID && strcmp(owner, "user1") == 0)
+		return SUBID_STATUS_SUCCESS;
+	if (id_type == ID_TYPE_UID && strcmp(owner, "group1") == 0)
+		return SUBID_STATUS_SUCCESS;
+	ranges = MALLOC(1, struct subid_range);
+	if (!ranges)
+		return SUBID_STATUS_ERROR;
+	if (strcmp(owner, "user1") == 0 || strcmp(owner, "group1") == 0) {
+		ranges[0].start = 100000;
+		ranges[0].count = 65536;
+	} else {
+		ranges[0].start = 200000;
+		ranges[0].count = 100000;
+	}
+
+	*count = 1;
+	*in_ranges = ranges;
+
+	return SUBID_STATUS_SUCCESS;
+}
diff --git a/tests/tests/libsubid/04_nss/nsswitch1.conf b/tests/tests/libsubid/04_nss/nsswitch1.conf
new file mode 100644
index 0000000..43764a3
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/nsswitch1.conf
@@ -0,0 +1,20 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd:         files systemd
+group:          files systemd
+shadow:         files
+gshadow:        files
+
+hosts:          files mdns4_minimal [NOTFOUND=return] dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
diff --git a/tests/tests/libsubid/04_nss/nsswitch2.conf b/tests/tests/libsubid/04_nss/nsswitch2.conf
new file mode 100644
index 0000000..d371a36
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/nsswitch2.conf
@@ -0,0 +1,22 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd:         files systemd
+group:          files systemd
+shadow:         files
+gshadow:        files
+
+hosts:          files mdns4_minimal [NOTFOUND=return] dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+
+subid:          files
diff --git a/tests/tests/libsubid/04_nss/nsswitch3.conf b/tests/tests/libsubid/04_nss/nsswitch3.conf
new file mode 100644
index 0000000..19f2d93
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/nsswitch3.conf
@@ -0,0 +1,22 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd:         files systemd
+group:          files systemd
+shadow:         files
+gshadow:        files
+
+hosts:          files mdns4_minimal [NOTFOUND=return] dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+
+subid:          zzz
diff --git a/tests/tests/libsubid/04_nss/subidnss.test b/tests/tests/libsubid/04_nss/subidnss.test
new file mode 100755
index 0000000..3d40dc8
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/subidnss.test
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+make
+
+export LD_LIBRARY_PATH=.:../../../lib/.libs:$LD_LIBRARY_PATH
+
+./test_nss 1
+./test_nss 2
+./test_nss 3
+
+unshare -Urm ./test_range
+
+log_status "$0" "SUCCESS"
+
+trap '' 0
diff --git a/tests/tests/libsubid/04_nss/test_nss.c b/tests/tests/libsubid/04_nss/test_nss.c
new file mode 100644
index 0000000..5d903ab
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/test_nss.c
@@ -0,0 +1,72 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <prototypes.h>
+#include <stdbool.h>
+#include <dlfcn.h>
+
+extern bool nss_is_initialized();
+extern struct subid_nss_ops *get_subid_nss_handle();
+
+void test1() {
+	// nsswitch1 has no subid: entry
+	setenv("LD_LIBRARY_PATH", ".", 1);
+	printf("Test with no subid entry\n");
+	nss_init("./nsswitch1.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+	// second run should change nothing
+	printf("Test with no subid entry, second run\n");
+	nss_init("./nsswitch1.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+}
+
+void test2() {
+	// nsswitch2 has a subid: files entry
+	printf("test with 'files' subid entry\n");
+	nss_init("./nsswitch2.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+	// second run should change nothing
+	printf("test with 'files' subid entry, second run\n");
+	nss_init("./nsswitch2.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+}
+
+void test3() {
+	// nsswitch3 has a subid: testnss entry
+	printf("test with 'test' subid entry\n");
+	nss_init("./nsswitch3.conf");
+	if (!nss_is_initialized() || !get_subid_nss_handle())
+		exit(1);
+	// second run should change nothing
+	printf("test with 'test' subid entry, second run\n");
+	nss_init("./nsswitch3.conf");
+	if (!nss_is_initialized() || !get_subid_nss_handle())
+		exit(1);
+}
+
+const char *Prog;
+
+int main(int argc, char *argv[])
+{
+	int which;
+
+	Prog = Basename(argv[0]);
+
+	if (argc < 1)
+		exit(1);
+
+	which = atoi(argv[1]);
+	switch(which) {
+	case 1: test1(); break;
+	case 2: test2(); break;
+	case 3: test3(); break;
+	default: exit(1);
+	}
+
+	printf("nss parsing tests done\n");
+	exit(0);
+}
diff --git a/tests/tests/libsubid/04_nss/test_range b/tests/tests/libsubid/04_nss/test_range
new file mode 100755
index 0000000..ee25080
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/test_range
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -x
+
+echo "starting check_range tests"
+
+export LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH
+touch /etc/nsswitch.conf
+mount --bind ./nsswitch3.conf /etc/nsswitch.conf
+cleanup1() {
+    umount /etc/nsswitch.conf
+}
+trap cleanup1 EXIT HUP INT TERM
+../../../src/check_subid_range user1 u 100000 65535
+if [ $? -ne 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range user2 u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range unknown u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range error u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range user1 u 1000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+
+umount /etc/nsswitch.conf
+
+mount --bind ./nsswitch1.conf /etc/nsswitch.conf
+touch /etc/subuid /etc/subgid
+mount --bind ./empty /etc/subuid
+
+cleanup2() {
+    umount /etc/subuid
+    umount /etc/nsswitch.conf
+}
+trap cleanup2 EXIT HUP INT TERM
+../../../src/check_subid_range user1 u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+
+echo "check_range tests complete"
+exit 0
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config.txt b/tests/tests/log/faillog/01_faillog_no_faillog/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/group b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/passwd b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/shadow b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/data/faillog.err b/tests/tests/log/faillog/01_faillog_no_faillog/data/faillog.err
new file mode 100644
index 0000000..501b7cd
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/data/faillog.err
@@ -0,0 +1 @@
+faillog: Cannot open /var/log/faillog: No such file or directory
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/faillog.test b/tests/tests/log/faillog/01_faillog_no_faillog/faillog.test
new file mode 100755
index 0000000..716bbf1
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/faillog.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog detects missing /var/log/faillog and does not create it"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/faillog' 0
+
+change_config
+
+echo -n "Remove /var/log/faillog (it will not be restored)..."
+rm -f /var/log/faillog
+echo "OK"
+
+echo -n "Execute faillog (faillog)..."
+faillog 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "usage message OK."
+rm -f tmp/faillog.err
+
+echo -n "Check that the /var/log/faillog file was not created"...
+test ! -f /var/log/faillog
+echo "OK"
+
+touch /var/log/faillog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/02_faillog_usage/config.txt b/tests/tests/log/faillog/02_faillog_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/group b/tests/tests/log/faillog/02_faillog_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/gshadow b/tests/tests/log/faillog/02_faillog_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/passwd b/tests/tests/log/faillog/02_faillog_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/shadow b/tests/tests/log/faillog/02_faillog_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/02_faillog_usage/data/usage.out b/tests/tests/log/faillog/02_faillog_usage/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/02_faillog_usage/faillog.test b/tests/tests/log/faillog/02_faillog_usage/faillog.test
new file mode 100755
index 0000000..b9a0b9c
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get faillog usage (faillog -h)..."
+faillog -h >tmp/usage.out
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/03_faillog_format/config.txt b/tests/tests/log/faillog/03_faillog_format/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/group b/tests/tests/log/faillog/03_faillog_format/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/gshadow b/tests/tests/log/faillog/03_faillog_format/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/pam.d/login b/tests/tests/log/faillog/03_faillog_format/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/passwd b/tests/tests/log/faillog/03_faillog_format/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/shadow b/tests/tests/log/faillog/03_faillog_format/config/etc/shadow
new file mode 100644
index 0000000..3b8a1ed
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:pass:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/03_faillog_format/data/faillog.out b/tests/tests/log/faillog/03_faillog_format/data/faillog.out
new file mode 100644
index 0000000..5855881
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/data/faillog.out
@@ -0,0 +1,2 @@
+Login       Failures Maximum Latest                   On
+
diff --git a/tests/tests/log/faillog/03_faillog_format/data/lastlog.out b/tests/tests/log/faillog/03_faillog_format/data/lastlog.out
new file mode 100644
index 0000000..280e1ab
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/data/lastlog.out
@@ -0,0 +1,20 @@
+Username         Port     From             Latest
+root                                       **Never logged in**
+daemon                                     **Never logged in**
+bin                                        **Never logged in**
+sys                                        **Never logged in**
+sync                                       **Never logged in**
+games                                      **Never logged in**
+man                                        **Never logged in**
+lp                                         **Never logged in**
+mail                                       **Never logged in**
+news                                       **Never logged in**
+uucp                                       **Never logged in**
+proxy                                      **Never logged in**
+www-data                                   **Never logged in**
+backup                                     **Never logged in**
+list                                       **Never logged in**
+irc                                        **Never logged in**
+gnats                                      **Never logged in**
+nobody                                     **Never logged in**
+Debian-exim                                **Never logged in**
diff --git a/tests/tests/log/faillog/03_faillog_format/faillog.test b/tests/tests/log/faillog/03_faillog_format/faillog.test
new file mode 100755
index 0000000..489776e
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+cp data/faillog.out tmp/faillog.out1
+cp data/faillog.out tmp/faillog.out2
+TTY=$(ls /dev/pts | sort -n|tail -1)
+TTY=$((TTY+1))
+
+DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
+# pam_tally do not report the line of failure ?
+printf "%-9s   %5d    %5d   %s  %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out1
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
+# pam_tally do not report the line of failure ?
+printf "%-9s   %5d    %5d   %s  %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out2
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the faillog message..."
+diff -au tmp/faillog.out tmp/faillog.out1 || diff -au tmp/faillog.out tmp/faillog.out2
+echo "faillog message OK."
+rm -f tmp/faillog.out tmp/faillog.out1 tmp/faillog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/03_faillog_format/login.exp b/tests/tests/log/faillog/03_faillog_format/login.exp
new file mode 100755
index 0000000..4226743
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/login.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login foo\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config.txt b/tests/tests/log/faillog/04_faillog_multiple/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/group b/tests/tests/log/faillog/04_faillog_multiple/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/gshadow b/tests/tests/log/faillog/04_faillog_multiple/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/pam.d/login b/tests/tests/log/faillog/04_faillog_multiple/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/passwd b/tests/tests/log/faillog/04_faillog_multiple/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/shadow b/tests/tests/log/faillog/04_faillog_multiple/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/04_faillog_multiple/data/faillog.list b/tests/tests/log/faillog/04_faillog_multiple/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/04_faillog_multiple/faillog.test b/tests/tests/log/faillog/04_faillog_multiple/faillog.test
new file mode 100755
index 0000000..2184ee8
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/faillog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/04_faillog_multiple/login.exp b/tests/tests/log/faillog/04_faillog_multiple/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config.txt b/tests/tests/log/faillog/05_faillog-u_ID/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/group b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/gshadow b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/passwd b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/shadow b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/data/faillog.list b/tests/tests/log/faillog/05_faillog-u_ID/data/faillog.list
new file mode 100644
index 0000000..3a1241d
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/data/faillog.list
@@ -0,0 +1,3 @@
+Login       Failures Maximum
+
+bar             0        0  
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/faillog.test b/tests/tests/log/faillog/05_faillog-u_ID/faillog.test
new file mode 100755
index 0000000..42382d0
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 1001..."
+faillog -u 1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config.txt b/tests/tests/log/faillog/06_faillog-u_name/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/group b/tests/tests/log/faillog/06_faillog-u_name/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/gshadow b/tests/tests/log/faillog/06_faillog-u_name/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/passwd b/tests/tests/log/faillog/06_faillog-u_name/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/shadow b/tests/tests/log/faillog/06_faillog-u_name/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/06_faillog-u_name/data/faillog.list b/tests/tests/log/faillog/06_faillog-u_name/data/faillog.list
new file mode 100644
index 0000000..a635b62
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/data/faillog.list
@@ -0,0 +1,3 @@
+Login
+
+baz
diff --git a/tests/tests/log/faillog/06_faillog-u_name/faillog.test b/tests/tests/log/faillog/06_faillog-u_name/faillog.test
new file mode 100755
index 0000000..1061e20
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u baz..."
+faillog -u baz> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/faillog.out | cut -d" " -f1 > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config.txt b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/data/faillog.list b/tests/tests/log/faillog/07_faillog-u_ID_invalid/data/faillog.list
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/data/faillog.list
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/faillog.test b/tests/tests/log/faillog/07_faillog-u_ID_invalid/faillog.test
new file mode 100755
index 0000000..7f8bd7b
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 1003..."
+faillog -u 1003> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+diff -au data/faillog.list tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config.txt b/tests/tests/log/faillog/08_faillog-u_name_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/group b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err b/tests/tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err
new file mode 100644
index 0000000..402e2c6
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: me
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/faillog.test b/tests/tests/log/faillog/08_faillog-u_name_invalid/faillog.test
new file mode 100755
index 0000000..8b2348c
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u me..."
+faillog -u me 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config.txt b/tests/tests/log/faillog/09_faillog-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/group b/tests/tests/log/faillog/09_faillog-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/gshadow b/tests/tests/log/faillog/09_faillog-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/passwd b/tests/tests/log/faillog/09_faillog-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/shadow b/tests/tests/log/faillog/09_faillog-u_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/09_faillog-u_range/data/faillog.list b/tests/tests/log/faillog/09_faillog-u_range/data/faillog.list
new file mode 100644
index 0000000..c4984b9
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/data/faillog.list
@@ -0,0 +1,4 @@
+Login       Failures Maximum
+
+irc             1        0  
+foo             1        0  
diff --git a/tests/tests/log/faillog/09_faillog-u_range/faillog.test b/tests/tests/log/faillog/09_faillog-u_range/faillog.test
new file mode 100755
index 0000000..53ef9f6
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/faillog.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as irc..."
+./login.exp irc
+echo "OK"
+
+echo -n "faillog -u 38-1001..."
+faillog -u 38-1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/09_faillog-u_range/login.exp b/tests/tests/log/faillog/09_faillog-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config.txt b/tests/tests/log/faillog/10_faillog-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/group b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/passwd b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/shadow b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/data/faillog.list b/tests/tests/log/faillog/10_faillog-u_open_range/data/faillog.list
new file mode 100644
index 0000000..a6afb8c
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/data/faillog.list
@@ -0,0 +1,22 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+Debian-exim       0        0
+foo             0        0  
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/faillog.test b/tests/tests/log/faillog/10_faillog-u_open_range/faillog.test
new file mode 100755
index 0000000..9587bb9
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog supports open ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u -1001..."
+faillog -a -u -1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config.txt b/tests/tests/log/faillog/11_faillog-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/group b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/passwd b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/shadow b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/data/faillog.list b/tests/tests/log/faillog/11_faillog-u_range_open/data/faillog.list
new file mode 100644
index 0000000..555ada5
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/data/faillog.list
@@ -0,0 +1,10 @@
+Login       Failures Maximum
+
+bar             0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/faillog.test b/tests/tests/log/faillog/11_faillog-u_range_open/faillog.test
new file mode 100755
index 0000000..30c7728
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog supports open ranges (2)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 38-..."
+faillog -a -u 38-> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config.txt b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err b/tests/tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err
new file mode 100644
index 0000000..56b4173
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: foo-bar
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/faillog.test b/tests/tests/log/faillog/12_faillog-u_range_invalid1/faillog.test
new file mode 100755
index 0000000..9a73394
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u foo-bar..."
+faillog -u foo-bar 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config.txt b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err b/tests/tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err
new file mode 100644
index 0000000..e9f6720
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: foo-
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/faillog.test b/tests/tests/log/faillog/13_faillog-u_range_invalid2/faillog.test
new file mode 100755
index 0000000..14f7170
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u foo-..."
+faillog -u foo- 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config.txt b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/gshadow b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/passwd b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/shadow b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/data/faillog.err b/tests/tests/log/faillog/14_faillog-u_range_invalid3/data/faillog.err
new file mode 100644
index 0000000..33c3b8c
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: -foo
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/faillog.test b/tests/tests/log/faillog/14_faillog-u_range_invalid3/faillog.test
new file mode 100755
index 0000000..fdd0027
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u -foo..."
+faillog -u -foo 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config.txt b/tests/tests/log/faillog/15_faillog_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/group b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/gshadow b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/passwd b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/shadow b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/data/usage.out b/tests/tests/log/faillog/15_faillog_bad_option/data/usage.out
new file mode 100644
index 0000000..0644274
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/data/usage.out
@@ -0,0 +1,15 @@
+faillog: invalid option -- 'Z'
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/faillog.test b/tests/tests/log/faillog/15_faillog_bad_option/faillog.test
new file mode 100755
index 0000000..3e566cd
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get faillog usage (faillog -Z)..."
+faillog -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config.txt b/tests/tests/log/faillog/16_faillog_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/group b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/gshadow b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/passwd b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/shadow b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/data/usage.out b/tests/tests/log/faillog/16_faillog_extra_arg/data/usage.out
new file mode 100644
index 0000000..1ec1fa2
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/data/usage.out
@@ -0,0 +1,15 @@
+faillog: unexpected argument: foo
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/faillog.test b/tests/tests/log/faillog/16_faillog_extra_arg/faillog.test
new file mode 100755
index 0000000..09770ca
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog checks if there are extra arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get faillog usage (faillog foo)..."
+faillog foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/17_faillog-t/config.txt b/tests/tests/log/faillog/17_faillog-t/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/group b/tests/tests/log/faillog/17_faillog-t/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/gshadow b/tests/tests/log/faillog/17_faillog-t/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/pam.d/login b/tests/tests/log/faillog/17_faillog-t/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/passwd b/tests/tests/log/faillog/17_faillog-t/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/shadow b/tests/tests/log/faillog/17_faillog-t/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/17_faillog-t/data/faillog.list b/tests/tests/log/faillog/17_faillog-t/data/faillog.list
new file mode 100644
index 0000000..f5d3d8c
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/data/faillog.list
@@ -0,0 +1,4 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
diff --git a/tests/tests/log/faillog/17_faillog-t/faillog.test b/tests/tests/log/faillog/17_faillog-t/faillog.test
new file mode 100755
index 0000000..217a63b
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/faillog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=2 ./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=4 ./login.exp baz
+echo "OK"
+
+echo -n "faillog..."
+faillog -t 3 > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/17_faillog-t/login.exp b/tests/tests/log/faillog/17_faillog-t/login.exp
new file mode 100755
index 0000000..45c2ea7
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -p $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config.txt b/tests/tests/log/faillog/18_faillog-t_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/group b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/gshadow b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/passwd b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/shadow b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/data/faillog.err b/tests/tests/log/faillog/18_faillog-t_invalid/data/faillog.err
new file mode 100644
index 0000000..009c0f6
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: invalid numeric argument 'bad'
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/faillog.test b/tests/tests/log/faillog/18_faillog-t_invalid/faillog.test
new file mode 100755
index 0000000..0405bca
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -t bad..."
+faillog -t bad 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config.txt b/tests/tests/log/faillog/19_faillog_multiple_same_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/group b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/gshadow b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/pam.d/login b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/passwd b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/shadow b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/data/faillog.list b/tests/tests/log/faillog/19_faillog_multiple_same_user/data/faillog.list
new file mode 100644
index 0000000..935d843
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             2        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/faillog.test b/tests/tests/log/faillog/19_faillog_multiple_same_user/faillog.test
new file mode 100755
index 0000000..21a6fff
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/faillog.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/login.exp b/tests/tests/log/faillog/19_faillog_multiple_same_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config.txt b/tests/tests/log/faillog/20_faillog-r-u/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/group b/tests/tests/log/faillog/20_faillog-r-u/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/gshadow b/tests/tests/log/faillog/20_faillog-r-u/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/pam.d/login b/tests/tests/log/faillog/20_faillog-r-u/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/passwd b/tests/tests/log/faillog/20_faillog-r-u/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/shadow b/tests/tests/log/faillog/20_faillog-r-u/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/20_faillog-r-u/data/faillog.list b/tests/tests/log/faillog/20_faillog-r-u/data/faillog.list
new file mode 100644
index 0000000..12c3f70
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/20_faillog-r-u/faillog.test b/tests/tests/log/faillog/20_faillog-r-u/faillog.test
new file mode 100755
index 0000000..4aa3d90
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -r -u baz)..."
+faillog -r -u baz
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/20_faillog-r-u/login.exp b/tests/tests/log/faillog/20_faillog-r-u/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config.txt b/tests/tests/log/faillog/21_faillog-r-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/group b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/gshadow b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/passwd b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/shadow b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/data/faillog.list b/tests/tests/log/faillog/21_faillog-r-u_range/data/faillog.list
new file mode 100644
index 0000000..fd0df36
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             0        0  
+foo             0        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/faillog.test b/tests/tests/log/faillog/21_faillog-r-u_range/faillog.test
new file mode 100755
index 0000000..1b89358
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset users (faillog -r -u 1000-1001)..."
+faillog -r -u 1000-1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/login.exp b/tests/tests/log/faillog/21_faillog-r-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config.txt b/tests/tests/log/faillog/22_faillog_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/group b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/gshadow b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/passwd b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/shadow b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/data/faillog.list b/tests/tests/log/faillog/22_faillog_removed_user/data/faillog.list
new file mode 100644
index 0000000..09f68d0
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/data/faillog.list
@@ -0,0 +1,4 @@
+Login       Failures Maximum
+
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/faillog.test b/tests/tests/log/faillog/22_faillog_removed_user/faillog.test
new file mode 100755
index 0000000..d72ee5b
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/login.exp b/tests/tests/log/faillog/22_faillog_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config.txt b/tests/tests/log/faillog/23_faillog-a_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/group b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/gshadow b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/passwd b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/shadow b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/data/faillog.list b/tests/tests/log/faillog/23_faillog-a_removed_user/data/faillog.list
new file mode 100644
index 0000000..1eb072b
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/data/faillog.list
@@ -0,0 +1,23 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/faillog.test b/tests/tests/log/faillog/23_faillog-a_removed_user/faillog.test
new file mode 100755
index 0000000..c440672
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/login.exp b/tests/tests/log/faillog/23_faillog-a_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config.txt b/tests/tests/log/faillog/24_faillog-u_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/group b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/gshadow b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/passwd b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/shadow b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/data/faillog.list b/tests/tests/log/faillog/24_faillog-u_removed_user/data/faillog.list
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/data/faillog.list
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/faillog.test b/tests/tests/log/faillog/24_faillog-u_removed_user/faillog.test
new file mode 100755
index 0000000..d1fff47
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -a -u 1001..."
+faillog -a -u 1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/login.exp b/tests/tests/log/faillog/24_faillog-u_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config.txt b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/group b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/gshadow b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/passwd b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/shadow b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/data/faillog.list b/tests/tests/log/faillog/25_faillog-r-u_removed_user/data/faillog.list
new file mode 100644
index 0000000..1ad3edf
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/faillog.test b/tests/tests/log/faillog/25_faillog-r-u_removed_user/faillog.test
new file mode 100755
index 0000000..f48435a
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/faillog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 1000..."
+faillog -r -u 1000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/login.exp b/tests/tests/log/faillog/25_faillog-r-u_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config.txt b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/group b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/gshadow b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/passwd b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/shadow b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/data/faillog.list b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/data/faillog.list
new file mode 100644
index 0000000..0f9aacf
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             1        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/faillog.test b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/faillog.test
new file mode 100755
index 0000000..5c140b9
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/faillog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 40-2000..."
+faillog -r -u 40-2000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/login.exp b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config.txt b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/group b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/gshadow b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/passwd b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/shadow b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/data/faillog.list b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/data/faillog.list
new file mode 100644
index 0000000..1ad3edf
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
new file mode 100755
index 0000000..ecf1f97
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp bar
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 40-2000..."
+faillog -a -r -u 40-2000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/login.exp b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config.txt b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/group b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/gshadow b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/passwd b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/shadow b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/data/faillog.list b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/data/faillog.list
new file mode 100644
index 0000000..3544ec4
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             1        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
new file mode 100755
index 0000000..5790ad9
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp bar
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u -1000..."
+faillog -a -r -u -1000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/login.exp b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config.txt b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/group b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/gshadow b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/passwd b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/shadow b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/data/faillog.list b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/data/faillog.list
new file mode 100644
index 0000000..0f9aacf
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             1        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
new file mode 100755
index 0000000..9579ca6
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp bar
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 1001-..."
+faillog -a -r -u 1001-
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/login.exp b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/30_faillog-r/config.txt b/tests/tests/log/faillog/30_faillog-r/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/group b/tests/tests/log/faillog/30_faillog-r/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/gshadow b/tests/tests/log/faillog/30_faillog-r/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/pam.d/login b/tests/tests/log/faillog/30_faillog-r/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/passwd b/tests/tests/log/faillog/30_faillog-r/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/shadow b/tests/tests/log/faillog/30_faillog-r/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/30_faillog-r/data/faillog.list b/tests/tests/log/faillog/30_faillog-r/data/faillog.list
new file mode 100644
index 0000000..d96a936
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             0        0  
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/30_faillog-r/faillog.test b/tests/tests/log/faillog/30_faillog-r/faillog.test
new file mode 100755
index 0000000..cfb441f
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -r)..."
+faillog -r
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/30_faillog-r/login.exp b/tests/tests/log/faillog/30_faillog-r/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config.txt b/tests/tests/log/faillog/31_faillog-r-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/group b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/passwd b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/shadow b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/data/faillog.list b/tests/tests/log/faillog/31_faillog-r-u_open_range/data/faillog.list
new file mode 100644
index 0000000..fd0df36
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             0        0  
+foo             0        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/faillog.test b/tests/tests/log/faillog/31_faillog-r-u_open_range/faillog.test
new file mode 100755
index 0000000..9eb7beb
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset users count (faillog -r -u -1001)..."
+faillog -r -u -1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/login.exp b/tests/tests/log/faillog/31_faillog-r-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/32_faillog-l/config.txt b/tests/tests/log/faillog/32_faillog-l/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/group b/tests/tests/log/faillog/32_faillog-l/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/gshadow b/tests/tests/log/faillog/32_faillog-l/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/pam.d/login b/tests/tests/log/faillog/32_faillog-l/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/passwd b/tests/tests/log/faillog/32_faillog-l/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/shadow b/tests/tests/log/faillog/32_faillog-l/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/32_faillog-l/data/faillog.list b/tests/tests/log/faillog/32_faillog-l/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/32_faillog-l/faillog.test b/tests/tests/log/faillog/32_faillog-l/faillog.test
new file mode 100755
index 0000000..1e6360e
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10)..."
+faillog -l 10
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should between 6 and 8 secondes remaining for baz..."
+grep "^baz .* \[[678]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/32_faillog-l/login.exp b/tests/tests/log/faillog/32_faillog-l/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config.txt b/tests/tests/log/faillog/33_faillog-l-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/group b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/gshadow b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/passwd b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/shadow b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/data/faillog.list b/tests/tests/log/faillog/33_faillog-l-u_user/data/faillog.list
new file mode 100644
index 0000000..817ff45
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/data/faillog.list
@@ -0,0 +1 @@
+foo             1        0  
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/faillog.test b/tests/tests/log/faillog/33_faillog-l-u_user/faillog.test
new file mode 100755
index 0000000..f9ccf53
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/faillog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u foo)..."
+faillog -l 10 -u foo
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+grep "left\|lock" tmp/faillog.out | cut -c-28 > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/login.exp b/tests/tests/log/faillog/33_faillog-l-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config.txt b/tests/tests/log/faillog/34_faillog-l-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/group b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/gshadow b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/passwd b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/shadow b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/data/faillog.list b/tests/tests/log/faillog/34_faillog-l-u_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/faillog.test b/tests/tests/log/faillog/34_faillog-l-u_range/faillog.test
new file mode 100755
index 0000000..980b95e
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u 1000-1001)..."
+faillog -l 10 -u 1000-1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 3 and 5 secondes remaining for bar..."
+grep "^bar .* \[[345]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/login.exp b/tests/tests/log/faillog/34_faillog-l-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config.txt b/tests/tests/log/faillog/35_faillog-l-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/group b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/passwd b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/shadow b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/data/faillog.list b/tests/tests/log/faillog/35_faillog-l-u_open_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/faillog.test b/tests/tests/log/faillog/35_faillog-l-u_open_range/faillog.test
new file mode 100755
index 0000000..3cc9655
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u -1001)..."
+faillog -l 10 -u -1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 2 and 5 secondes remaining for bar..."
+grep "^bar .* \[[2345]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/login.exp b/tests/tests/log/faillog/35_faillog-l-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config.txt b/tests/tests/log/faillog/36_faillog-l-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/group b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/passwd b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/shadow b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/data/faillog.list b/tests/tests/log/faillog/36_faillog-l-u_range_open/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/faillog.test b/tests/tests/log/faillog/36_faillog-l-u_range_open/faillog.test
new file mode 100755
index 0000000..caf0742
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u 1000-1001)..."
+faillog -l 10 -u 1001-
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be 6 or 7 secondes remaining for baz..."
+grep "^baz .* \[[67]s left\]$" tmp/faillog.out
+echo "OK"
+echo "There should be 3 or 4 secondes remaining for bar..."
+grep "^bar .* \[[34]s left\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/login.exp b/tests/tests/log/faillog/36_faillog-l-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config.txt b/tests/tests/log/faillog/37_faillog-l-a-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/group b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/gshadow b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/passwd b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/shadow b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/data/faillog.list b/tests/tests/log/faillog/37_faillog-l-a-u_user/data/faillog.list
new file mode 100644
index 0000000..817ff45
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/data/faillog.list
@@ -0,0 +1 @@
+foo             1        0  
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/faillog.test b/tests/tests/log/faillog/37_faillog-l-a-u_user/faillog.test
new file mode 100755
index 0000000..9128abc
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/faillog.test
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user foo from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset old foo (faillog -l 10 -u 1000)..."
+faillog -l 10 -a -u 1000
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+grep "left\|lock" tmp/faillog.out | cut -c-28 > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/login.exp b/tests/tests/log/faillog/37_faillog-l-a-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config.txt b/tests/tests/log/faillog/38_faillog-l-a-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/group b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/gshadow b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/passwd b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/shadow b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/data/faillog.list b/tests/tests/log/faillog/38_faillog-l-a-u_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/faillog.test b/tests/tests/log/faillog/38_faillog-l-a-u_range/faillog.test
new file mode 100755
index 0000000..a585e17
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/faillog.test
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -a -u 1000-1001)..."
+faillog -l 10 -a -u 1000-1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 2 and 4 secondes remaining for bar..."
+grep "^bar .* \[[2-4]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/login.exp b/tests/tests/log/faillog/38_faillog-l-a-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config.txt b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/group b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/passwd b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/shadow b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/data/faillog.list b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/faillog.test b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/faillog.test
new file mode 100755
index 0000000..b81b396
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/faillog.test
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -a -u -1001)..."
+faillog -l 10 -a -u -1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 2 and 4 secondes remaining for bar..."
+grep "^bar .* \[[234]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/login.exp b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config.txt b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/group b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/passwd b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/shadow b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/data/faillog.list b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/faillog.test b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/faillog.test
new file mode 100755
index 0000000..3f25fc5
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/faillog.test
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -a -l 10 -u 1001-)..."
+faillog -a -l 10 -u 1001-
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 6 and 8 secondes remaining for baz..."
+grep "^baz .* \[[6-8]s left\]$" tmp/faillog.out
+echo "OK"
+echo "There should be between 2 and 4 secondes remaining for bar..."
+grep "^bar .* \[[2-4]s left\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/login.exp b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config.txt b/tests/tests/log/faillog/41_faillog-l_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/group b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/gshadow b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/passwd b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/shadow b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/data/faillog.err b/tests/tests/log/faillog/41_faillog-l_invalid/data/faillog.err
new file mode 100644
index 0000000..009c0f6
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: invalid numeric argument 'bad'
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/faillog.test b/tests/tests/log/faillog/41_faillog-l_invalid/faillog.test
new file mode 100755
index 0000000..3907eee
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -l bad..."
+faillog -l bad 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/42_faillog-m/config.txt b/tests/tests/log/faillog/42_faillog-m/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/group b/tests/tests/log/faillog/42_faillog-m/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/gshadow b/tests/tests/log/faillog/42_faillog-m/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/pam.d/login b/tests/tests/log/faillog/42_faillog-m/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/passwd b/tests/tests/log/faillog/42_faillog-m/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/shadow b/tests/tests/log/faillog/42_faillog-m/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/42_faillog-m/data/faillog.list b/tests/tests/log/faillog/42_faillog-m/data/faillog.list
new file mode 100644
index 0000000..29b7516
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1       10  
diff --git a/tests/tests/log/faillog/42_faillog-m/faillog.test b/tests/tests/log/faillog/42_faillog-m/faillog.test
new file mode 100755
index 0000000..867d41c
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10)..."
+faillog -m 10
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/42_faillog-m/login.exp b/tests/tests/log/faillog/42_faillog-m/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config.txt b/tests/tests/log/faillog/43_faillog-m-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/group b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/gshadow b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/passwd b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/shadow b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/data/faillog.list b/tests/tests/log/faillog/43_faillog-m-u_user/data/faillog.list
new file mode 100644
index 0000000..5ec2414
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/faillog.test b/tests/tests/log/faillog/43_faillog-m-u_user/faillog.test
new file mode 100755
index 0000000..d86c6ea
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u foo)..."
+faillog -m 10 -u foo
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/login.exp b/tests/tests/log/faillog/43_faillog-m-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config.txt b/tests/tests/log/faillog/44_faillog-m-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/group b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/gshadow b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/passwd b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/shadow b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/data/faillog.list b/tests/tests/log/faillog/44_faillog-m-u_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/faillog.test b/tests/tests/log/faillog/44_faillog-m-u_range/faillog.test
new file mode 100755
index 0000000..f410ac3
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u 1000-1001)..."
+faillog -m 10 -u 1000-1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/login.exp b/tests/tests/log/faillog/44_faillog-m-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config.txt b/tests/tests/log/faillog/45_faillog-m-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/group b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/passwd b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/shadow b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/data/faillog.list b/tests/tests/log/faillog/45_faillog-m-u_open_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/faillog.test b/tests/tests/log/faillog/45_faillog-m-u_open_range/faillog.test
new file mode 100755
index 0000000..77d9202
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can set the maximum number of fail logins for a range of users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u -1001)..."
+faillog -m 10 -u -1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/login.exp b/tests/tests/log/faillog/45_faillog-m-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config.txt b/tests/tests/log/faillog/46_faillog-m-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/group b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/passwd b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/shadow b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/data/faillog.list b/tests/tests/log/faillog/46_faillog-m-u_range_open/data/faillog.list
new file mode 100644
index 0000000..ea0845d
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1        0  
+baz             1       10  
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/faillog.test b/tests/tests/log/faillog/46_faillog-m-u_range_open/faillog.test
new file mode 100755
index 0000000..0bed617
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can set the maximum number of fail logins for a range of users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u 1000-1001)..."
+faillog -m 10 -u 1001-
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/login.exp b/tests/tests/log/faillog/46_faillog-m-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config.txt b/tests/tests/log/faillog/47_faillog-m-a-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/group b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/gshadow b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/passwd b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/shadow b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/data/faillog.list b/tests/tests/log/faillog/47_faillog-m-a-u_user/data/faillog.list
new file mode 100644
index 0000000..5ec2414
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/faillog.test b/tests/tests/log/faillog/47_faillog-m-a-u_user/faillog.test
new file mode 100755
index 0000000..64d7f6c
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can set the maximum number an removed user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user foo from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset old foo (faillog -m 10 -a -u 1000)..."
+faillog -m 10 -a -u 1000
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/login.exp b/tests/tests/log/faillog/47_faillog-m-a-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config.txt b/tests/tests/log/faillog/48_faillog-m-a-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/group b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/gshadow b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/passwd b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/shadow b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/data/faillog.list b/tests/tests/log/faillog/48_faillog-m-a-u_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/faillog.test b/tests/tests/log/faillog/48_faillog-m-a-u_range/faillog.test
new file mode 100755
index 0000000..cd35f27
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -a -u 1000-1001)..."
+faillog -m 10 -a -u 1000-1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/login.exp b/tests/tests/log/faillog/48_faillog-m-a-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config.txt b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/group b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/passwd b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/shadow b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/data/faillog.list b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/faillog.test b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/faillog.test
new file mode 100755
index 0000000..8b865b3
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -a -u -1001)..."
+faillog -m 10 -a -u -1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/login.exp b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config.txt b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/group b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/passwd b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/shadow b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/data/faillog.list b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/data/faillog.list
new file mode 100644
index 0000000..ea0845d
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1        0  
+baz             1       10  
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/faillog.test b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/faillog.test
new file mode 100755
index 0000000..c315f7c
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -a -u 1001-)..."
+faillog -m 10 -a -u 1001-
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/login.exp b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config.txt b/tests/tests/log/faillog/51_faillog-m_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/group b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/gshadow b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/passwd b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/shadow b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/data/faillog.err b/tests/tests/log/faillog/51_faillog-m_invalid/data/faillog.err
new file mode 100644
index 0000000..009c0f6
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: invalid numeric argument 'bad'
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/faillog.test b/tests/tests/log/faillog/51_faillog-m_invalid/faillog.test
new file mode 100755
index 0000000..9e49dbc
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -m bad..."
+faillog -m bad 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config.txt b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/group b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/gshadow b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/passwd b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/shadow b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/data/usage.out b/tests/tests/log/faillog/52_faillog-t-l_exclusive/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/faillog.test b/tests/tests/log/faillog/52_faillog-t-l_exclusive/faillog.test
new file mode 100755
index 0000000..2730e58
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog does not accept -l and -t at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Bad faillog usage (faillog -t 10 -l 10)..."
+faillog -t 10 -l 10 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config.txt b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/group b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/gshadow b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/passwd b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/shadow b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/data/usage.out b/tests/tests/log/faillog/53_faillog-t-m_exclusive/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/faillog.test b/tests/tests/log/faillog/53_faillog-t-m_exclusive/faillog.test
new file mode 100755
index 0000000..2e6161e
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog does not accept -m and -t at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Bad faillog usage (faillog -t 1 -m 1)..."
+faillog -t 1 -m 1 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config.txt b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/group b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/gshadow b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/passwd b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/shadow b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/data/usage.out b/tests/tests/log/faillog/54_faillog-t-r_exclusive/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/faillog.test b/tests/tests/log/faillog/54_faillog-t-r_exclusive/faillog.test
new file mode 100755
index 0000000..6e917d3
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog does not accept -r and -t at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Bad faillog usage (faillog -t -r)..."
+faillog -t 1 -r 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config.txt b/tests/tests/log/faillog/55_faillog_no_changes/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/group b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/gshadow b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/pam.d/login b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/passwd b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/shadow b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/data/faillog.stat b/tests/tests/log/faillog/55_faillog_no_changes/data/faillog.stat
new file mode 100644
index 0000000..fb96c4d
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/data/faillog.stat
@@ -0,0 +1 @@
+0 root:root `/var/log/faillog'
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/faillog.test b/tests/tests/log/faillog/55_faillog_no_changes/faillog.test
new file mode 100755
index 0000000..6be6fb7
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "reset baz (faillog -l 0 -m 0 -u baz)..."
+faillog -l 0 -m 0 -u baz
+echo "OK"
+
+echo -n "Check permissions and size of the faillog..."
+stat --printf "%s %U:%G %N\n" /var/log/faillog | sort > tmp/faillog.stat
+diff -rauN data/faillog.stat tmp/faillog.stat
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/login.exp b/tests/tests/log/faillog/55_faillog_no_changes/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config.txt b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/group b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/gshadow b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/pam.d/login b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/passwd b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/shadow b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/data/faillog.stat b/tests/tests/log/faillog/56_faillog-l-m_empty_file/data/faillog.stat
new file mode 100644
index 0000000..66b0df0
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/data/faillog.stat
@@ -0,0 +1 @@
+24072 root:root `/var/log/faillog'
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/faillog.test b/tests/tests/log/faillog/56_faillog-l-m_empty_file/faillog.test
new file mode 100755
index 0000000..bb0ef15
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "reset baz (faillog -l 0 -m 0 -u baz)..."
+faillog -a -l 1 -m 1 -u 1000-1002
+echo "OK"
+
+echo -n "Check size of the faillog..."
+stat --printf "%s %U:%G %N\n" /var/log/faillog | sort > tmp/faillog.stat
+diff -rauN data/faillog.stat tmp/faillog.stat
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config.txt b/tests/tests/log/faillog/57_faillog-r_empty_file/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/group b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/gshadow b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/pam.d/login b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/passwd b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/shadow b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/data/faillog.stat b/tests/tests/log/faillog/57_faillog-r_empty_file/data/faillog.stat
new file mode 100644
index 0000000..fb96c4d
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/data/faillog.stat
@@ -0,0 +1 @@
+0 root:root `/var/log/faillog'
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/faillog.test b/tests/tests/log/faillog/57_faillog-r_empty_file/faillog.test
new file mode 100755
index 0000000..f52f470
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "reset baz (faillog -l 0 -m 0 -u baz)..."
+faillog -a -r -u 1000-1002
+echo "OK"
+
+echo -n "Check size of the faillog..."
+stat --printf "%s %U:%G %N\n" /var/log/faillog | sort > tmp/faillog.stat
+diff -rauN data/faillog.stat tmp/faillog.stat
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config.txt b/tests/tests/log/faillog/58_faillog-l_no_failcount/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/group b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/gshadow b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/pam.d/login b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/passwd b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/shadow b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/data/faillog.list b/tests/tests/log/faillog/58_faillog-l_no_failcount/data/faillog.list
new file mode 100644
index 0000000..405c169
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/data/faillog.list
@@ -0,0 +1,3 @@
+Login       Failures Maximum
+
+foo             0        0  
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/faillog.test b/tests/tests/log/faillog/58_faillog-l_no_failcount/faillog.test
new file mode 100755
index 0000000..41e951f
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports the locktime even if timeout is not passwed when there are no failures"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "set locktime for foo (faillog -l 10 -u foo)..."
+faillog -l 10 -u foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Reset failure counter for foo..."
+faillog -r -u foo
+echo "OK"
+
+echo -n "faillog..."
+faillog -u foo> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/login.exp b/tests/tests/log/faillog/58_faillog-l_no_failcount/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config.txt b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/group b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/gshadow b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/passwd b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/shadow b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/data/lastlog.err b/tests/tests/log/lastlog/01_lastlog_no_lastlog/data/lastlog.err
new file mode 100644
index 0000000..935fdb5
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/data/lastlog.err
@@ -0,0 +1 @@
+/var/log/lastlog: No such file or directory
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/lastlog.test b/tests/tests/log/lastlog/01_lastlog_no_lastlog/lastlog.test
new file mode 100755
index 0000000..d903f88
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/lastlog.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog detects missing /var/log/lastlog and does not create it"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/lastlog' 0
+
+change_config
+
+echo -n "Remove /var/log/lastlog (it will not be restored)..."
+rm -f /var/log/lastlog
+echo "OK"
+
+echo -n "Execute lastlog (lastlog)..."
+lastlog 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "usage message OK."
+rm -f tmp/lastlog.err
+
+echo -n "Check that the /var/log/lastlog file was not created"...
+test ! -f /var/log/lastlog
+echo "OK"
+
+touch /var/log/lastlog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config.txt b/tests/tests/log/lastlog/02_lastlog_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/group b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/gshadow b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/passwd b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/shadow b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/data/usage.out b/tests/tests/log/lastlog/02_lastlog_usage/data/usage.out
new file mode 100644
index 0000000..410197e
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/data/usage.out
@@ -0,0 +1,9 @@
+Usage: lastlog [options]
+
+Options:
+  -b, --before DAYS             print only lastlog records older than DAYS
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               print only lastlog records more recent than DAYS
+  -u, --user LOGIN              print lastlog record of the specified LOGIN
+
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/lastlog.test b/tests/tests/log/lastlog/02_lastlog_usage/lastlog.test
new file mode 100755
index 0000000..344a104
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/lastlog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get lastlog usage (lastlog -h)..."
+lastlog -h >tmp/usage.out
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config.txt b/tests/tests/log/lastlog/03_lastlog_format/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/group b/tests/tests/log/lastlog/03_lastlog_format/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/gshadow b/tests/tests/log/lastlog/03_lastlog_format/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/passwd b/tests/tests/log/lastlog/03_lastlog_format/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/shadow b/tests/tests/log/lastlog/03_lastlog_format/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/03_lastlog_format/data/lastlog.out b/tests/tests/log/lastlog/03_lastlog_format/data/lastlog.out
new file mode 100644
index 0000000..280e1ab
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/data/lastlog.out
@@ -0,0 +1,20 @@
+Username         Port     From             Latest
+root                                       **Never logged in**
+daemon                                     **Never logged in**
+bin                                        **Never logged in**
+sys                                        **Never logged in**
+sync                                       **Never logged in**
+games                                      **Never logged in**
+man                                        **Never logged in**
+lp                                         **Never logged in**
+mail                                       **Never logged in**
+news                                       **Never logged in**
+uucp                                       **Never logged in**
+proxy                                      **Never logged in**
+www-data                                   **Never logged in**
+backup                                     **Never logged in**
+list                                       **Never logged in**
+irc                                        **Never logged in**
+gnats                                      **Never logged in**
+nobody                                     **Never logged in**
+Debian-exim                                **Never logged in**
diff --git a/tests/tests/log/lastlog/03_lastlog_format/lastlog.test b/tests/tests/log/lastlog/03_lastlog_format/lastlog.test
new file mode 100755
index 0000000..b59c19b
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/lastlog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+cp data/lastlog.out tmp/lastlog.out1
+cp data/lastlog.out tmp/lastlog.out2
+TTY=0
+while true
+do
+	[ ! -e /dev/pts/$TTY ] && break
+	TTY=$((TTY+1))
+done
+	
+
+DATE=$(LC_ALL=C date +"%a %b %e %H:%M:%S %z %Y")
+printf "%-16s %-8.8s %-16.16s %s\n" foo "pts/$TTY" "" "$DATE" >> tmp/lastlog.out1
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+DATE=$(LC_ALL=C date +"%a %b %e %H:%M:%S %z %Y")
+printf "%-16s %-8.8s %-16.16s %s\n" foo "pts/$TTY" "" "$DATE" >> tmp/lastlog.out2
+
+echo -n "lastlog..."
+lastlog > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the lastlog message..."
+diff -au tmp/lastlog.out tmp/lastlog.out1 || diff -au tmp/lastlog.out tmp/lastlog.out2
+echo "lastlog message OK."
+rm -f tmp/lastlog.out tmp/lastlog.out1 tmp/lastlog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/03_lastlog_format/login.exp b/tests/tests/log/lastlog/03_lastlog_format/login.exp
new file mode 100755
index 0000000..e534fe5
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/login.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f foo\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config.txt b/tests/tests/log/lastlog/04_lastlog_multiple/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/group b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/gshadow b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/passwd b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/shadow b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/data/lastlog.list b/tests/tests/log/lastlog/04_lastlog_multiple/data/lastlog.list
new file mode 100644
index 0000000..ae27a13
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/data/lastlog.list
@@ -0,0 +1,4 @@
+Username
+bar
+foo
+baz
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/lastlog.test b/tests/tests/log/lastlog/04_lastlog_multiple/lastlog.test
new file mode 100755
index 0000000..630c7f5
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/lastlog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "lastlog..."
+lastlog > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | grep -v "Never logged in" | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/login.exp b/tests/tests/log/lastlog/04_lastlog_multiple/login.exp
new file mode 100755
index 0000000..e6a4345
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/login.exp
@@ -0,0 +1,19 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f $user\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config.txt b/tests/tests/log/lastlog/05_lastlog-u_ID/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/group b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/gshadow b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/passwd b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/shadow b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/data/lastlog.list b/tests/tests/log/lastlog/05_lastlog-u_ID/data/lastlog.list
new file mode 100644
index 0000000..aa542b8
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/data/lastlog.list
@@ -0,0 +1,2 @@
+Username
+bar
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/lastlog.test b/tests/tests/log/lastlog/05_lastlog-u_ID/lastlog.test
new file mode 100755
index 0000000..b1de502
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 1001..."
+lastlog -u 1001> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config.txt b/tests/tests/log/lastlog/06_lastlog-u_name/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/group b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/gshadow b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/passwd b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/shadow b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/data/lastlog.list b/tests/tests/log/lastlog/06_lastlog-u_name/data/lastlog.list
new file mode 100644
index 0000000..f886a83
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/data/lastlog.list
@@ -0,0 +1,2 @@
+Username
+baz
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/lastlog.test b/tests/tests/log/lastlog/06_lastlog-u_name/lastlog.test
new file mode 100755
index 0000000..b17312a
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u baz..."
+lastlog -u baz> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config.txt b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/group b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/gshadow b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/passwd b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/shadow b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/data/lastlog.list b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/data/lastlog.list
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/data/lastlog.list
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/lastlog.test b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
new file mode 100755
index 0000000..36d1a2a
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 1003..."
+lastlog -u 1003> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+diff -au data/lastlog.list tmp/lastlog.out
+echo "OK."
+
+rm -f tmp/lastlog.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config.txt b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/group b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/gshadow b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/passwd b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/shadow b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/data/lastlog.err b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/data/lastlog.err
new file mode 100644
index 0000000..c604c0e
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: me
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/lastlog.test b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/lastlog.test
new file mode 100755
index 0000000..66fdad0
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u me..."
+lastlog -u me 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config.txt b/tests/tests/log/lastlog/09_lastlog-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/group b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/gshadow b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/passwd b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/shadow b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/data/lastlog.list b/tests/tests/log/lastlog/09_lastlog-u_range/data/lastlog.list
new file mode 100644
index 0000000..0d06c77
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/data/lastlog.list
@@ -0,0 +1,7 @@
+Username
+bar
+list
+irc
+gnats
+Debian-exim
+foo
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/lastlog.test b/tests/tests/log/lastlog/09_lastlog-u_range/lastlog.test
new file mode 100755
index 0000000..232d088
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 38-1001..."
+lastlog -u 38-1001> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config.txt b/tests/tests/log/lastlog/10_lastlog-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/group b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/gshadow b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/passwd b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/shadow b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/data/lastlog.list b/tests/tests/log/lastlog/10_lastlog-u_open_range/data/lastlog.list
new file mode 100644
index 0000000..692874a
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/data/lastlog.list
@@ -0,0 +1,21 @@
+Username
+root
+daemon
+bin
+bar
+sys
+sync
+games
+man
+lp
+mail
+news
+uucp
+proxy
+www-data
+backup
+list
+irc
+gnats
+Debian-exim
+foo
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/lastlog.test b/tests/tests/log/lastlog/10_lastlog-u_open_range/lastlog.test
new file mode 100755
index 0000000..5bc3d6b
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog supports open ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u -1001..."
+lastlog -u -1001> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config.txt b/tests/tests/log/lastlog/11_lastlog-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/group b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/gshadow b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/passwd b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/shadow b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/data/lastlog.list b/tests/tests/log/lastlog/11_lastlog-u_range_open/data/lastlog.list
new file mode 100644
index 0000000..4ad4379
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/data/lastlog.list
@@ -0,0 +1,9 @@
+Username
+bar
+list
+irc
+gnats
+nobody
+Debian-exim
+foo
+baz
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/lastlog.test b/tests/tests/log/lastlog/11_lastlog-u_range_open/lastlog.test
new file mode 100755
index 0000000..ab36308
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog supports open ranges (2)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 38-..."
+lastlog -u 38-> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config.txt b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/group b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/gshadow b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/passwd b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/shadow b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/data/lastlog.err b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/data/lastlog.err
new file mode 100644
index 0000000..1341607
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: foo-bar
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/lastlog.test b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
new file mode 100755
index 0000000..85879b2
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u foo-bar..."
+lastlog -u foo-bar 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config.txt b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/group b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/gshadow b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/passwd b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/shadow b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/data/lastlog.err b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/data/lastlog.err
new file mode 100644
index 0000000..cff222b
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: foo-
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/lastlog.test b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
new file mode 100755
index 0000000..6d6d09b
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u foo-..."
+lastlog -u foo- 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config.txt b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/group b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/gshadow b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/passwd b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/shadow b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/data/lastlog.err b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/data/lastlog.err
new file mode 100644
index 0000000..999f9a2
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: -foo
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/lastlog.test b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
new file mode 100755
index 0000000..6cd61ef
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u -foo..."
+lastlog -u -foo 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config.txt b/tests/tests/log/lastlog/15_lastlog_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/group b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/gshadow b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/passwd b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/shadow b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/data/usage.out b/tests/tests/log/lastlog/15_lastlog_bad_option/data/usage.out
new file mode 100644
index 0000000..fe1385a
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/data/usage.out
@@ -0,0 +1,10 @@
+lastlog: invalid option -- 'Z'
+Usage: lastlog [options]
+
+Options:
+  -b, --before DAYS             print only lastlog records older than DAYS
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               print only lastlog records more recent than DAYS
+  -u, --user LOGIN              print lastlog record of the specified LOGIN
+
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/lastlog.test b/tests/tests/log/lastlog/15_lastlog_bad_option/lastlog.test
new file mode 100755
index 0000000..9e56fe2
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/lastlog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get lastlog usage (lastlog -Z)..."
+lastlog -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config.txt b/tests/tests/log/lastlog/16_lastlog_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/group b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/gshadow b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/passwd b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/shadow b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/data/usage.out b/tests/tests/log/lastlog/16_lastlog_extra_arg/data/usage.out
new file mode 100644
index 0000000..ab3455b
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/data/usage.out
@@ -0,0 +1,10 @@
+lastlog: unexpected argument: foo
+Usage: lastlog [options]
+
+Options:
+  -b, --before DAYS             print only lastlog records older than DAYS
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               print only lastlog records more recent than DAYS
+  -u, --user LOGIN              print lastlog record of the specified LOGIN
+
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/lastlog.test b/tests/tests/log/lastlog/16_lastlog_extra_arg/lastlog.test
new file mode 100755
index 0000000..387c292
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/lastlog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog checks if there are extra arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get lastlog usage (lastlog foo)..."
+lastlog foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config.txt b/tests/tests/log/lastlog/17_lastlog-t/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/group b/tests/tests/log/lastlog/17_lastlog-t/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/gshadow b/tests/tests/log/lastlog/17_lastlog-t/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/passwd b/tests/tests/log/lastlog/17_lastlog-t/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/shadow b/tests/tests/log/lastlog/17_lastlog-t/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/17_lastlog-t/data/lastlog.list b/tests/tests/log/lastlog/17_lastlog-t/data/lastlog.list
new file mode 100644
index 0000000..f81812d
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/data/lastlog.list
@@ -0,0 +1,3 @@
+Username
+bar
+foo
diff --git a/tests/tests/log/lastlog/17_lastlog-t/lastlog.test b/tests/tests/log/lastlog/17_lastlog-t/lastlog.test
new file mode 100755
index 0000000..a000cae
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/lastlog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=2 ./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=4 ./login.exp baz
+echo "OK"
+
+echo -n "lastlog..."
+lastlog -t 3 > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/17_lastlog-t/login.exp b/tests/tests/log/lastlog/17_lastlog-t/login.exp
new file mode 100755
index 0000000..7aea521
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/login.exp
@@ -0,0 +1,19 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -p -f $user\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config.txt b/tests/tests/log/lastlog/18_lastlog-b/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/group b/tests/tests/log/lastlog/18_lastlog-b/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/gshadow b/tests/tests/log/lastlog/18_lastlog-b/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/passwd b/tests/tests/log/lastlog/18_lastlog-b/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/shadow b/tests/tests/log/lastlog/18_lastlog-b/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/18_lastlog-b/data/lastlog.list b/tests/tests/log/lastlog/18_lastlog-b/data/lastlog.list
new file mode 100644
index 0000000..219b8da
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/data/lastlog.list
@@ -0,0 +1,21 @@
+Username
+root
+daemon
+bin
+sys
+sync
+games
+man
+lp
+mail
+news
+uucp
+proxy
+www-data
+backup
+list
+irc
+gnats
+nobody
+Debian-exim
+baz
diff --git a/tests/tests/log/lastlog/18_lastlog-b/lastlog.test b/tests/tests/log/lastlog/18_lastlog-b/lastlog.test
new file mode 100755
index 0000000..17349a3
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/lastlog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=2 ./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=4 ./login.exp baz
+echo "OK"
+
+echo -n "lastlog..."
+lastlog -b 3 > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/18_lastlog-b/login.exp b/tests/tests/log/lastlog/18_lastlog-b/login.exp
new file mode 100755
index 0000000..7aea521
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/login.exp
@@ -0,0 +1,19 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -p -f $user\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config.txt b/tests/tests/log/lastlog/19_lastlog-t_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/group b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/gshadow b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/passwd b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/shadow b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/data/lastlog.err b/tests/tests/log/lastlog/19_lastlog-t_invalid/data/lastlog.err
new file mode 100644
index 0000000..8197db7
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: invalid numeric argument '-2'
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/lastlog.test b/tests/tests/log/lastlog/19_lastlog-t_invalid/lastlog.test
new file mode 100755
index 0000000..50f71b5
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -t -2..."
+lastlog -t -2 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config.txt b/tests/tests/log/lastlog/20_lastlog-b_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/group b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/gshadow b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/passwd b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/shadow b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/data/lastlog.err b/tests/tests/log/lastlog/20_lastlog-b_invalid/data/lastlog.err
new file mode 100644
index 0000000..34429d4
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: invalid numeric argument '2a'
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/lastlog.test b/tests/tests/log/lastlog/20_lastlog-b_invalid/lastlog.test
new file mode 100755
index 0000000..af96813
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid -b argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -t 2a..."
+lastlog -b 2a 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/login/01_login_prompt/config.txt b/tests/tests/login/01_login_prompt/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/login/01_login_prompt/config/etc/group b/tests/tests/login/01_login_prompt/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/login/01_login_prompt/config/etc/gshadow b/tests/tests/login/01_login_prompt/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/login/01_login_prompt/config/etc/login.defs b/tests/tests/login/01_login_prompt/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/login/01_login_prompt/config/etc/passwd b/tests/tests/login/01_login_prompt/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/login/01_login_prompt/config/etc/shadow b/tests/tests/login/01_login_prompt/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/login/01_login_prompt/login.exp b/tests/tests/login/01_login_prompt/login.exp
new file mode 100755
index 0000000..f596dba
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/login.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login\r"
+expect " login: "
+send "myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "# expect uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "id\r"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "exit\r"
+
+exit 0
diff --git a/tests/tests/login/01_login_prompt/login.test b/tests/tests/login/01_login_prompt/login.test
new file mode 100755
index 0000000..5ef6e92
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/login.test
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./login.exp
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/login/02_login_user/config.txt b/tests/tests/login/02_login_user/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/login/02_login_user/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/login/02_login_user/config/etc/group b/tests/tests/login/02_login_user/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/login/02_login_user/config/etc/gshadow b/tests/tests/login/02_login_user/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/login/02_login_user/config/etc/login.defs b/tests/tests/login/02_login_user/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/login/02_login_user/config/etc/passwd b/tests/tests/login/02_login_user/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/login/02_login_user/config/etc/shadow b/tests/tests/login/02_login_user/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/login/02_login_user/login.exp b/tests/tests/login/02_login_user/login.exp
new file mode 100755
index 0000000..7ccef93
--- /dev/null
+++ b/tests/tests/login/02_login_user/login.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "id\r"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "exit\r"
+
+exit 0
+
diff --git a/tests/tests/login/02_login_user/login.test b/tests/tests/login/02_login_user/login.test
new file mode 100755
index 0000000..5ef6e92
--- /dev/null
+++ b/tests/tests/login/02_login_user/login.test
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./login.exp
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/login/03_login_check_tty/config.txt b/tests/tests/login/03_login_check_tty/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/login/03_login_check_tty/config/etc/group b/tests/tests/login/03_login_check_tty/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/login/03_login_check_tty/config/etc/gshadow b/tests/tests/login/03_login_check_tty/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/login/03_login_check_tty/config/etc/login.defs b/tests/tests/login/03_login_check_tty/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/login/03_login_check_tty/config/etc/passwd b/tests/tests/login/03_login_check_tty/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/login/03_login_check_tty/config/etc/shadow b/tests/tests/login/03_login_check_tty/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/login/03_login_check_tty/login.exp b/tests/tests/login/03_login_check_tty/login.exp
new file mode 100755
index 0000000..46aa50e
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/login.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "# expecting c--x-wx--T 88 424242/myuser 5/tty\r"
+expect "$ "
+send "stat -c '%A %t %u/%U %g/%G' `tty`\r"
+expect "crw------- 88 424242/myuser 5/tty\r"
+expect "$ "
+send "exit\r"
+
+exit 0
+
diff --git a/tests/tests/login/03_login_check_tty/login.test b/tests/tests/login/03_login_check_tty/login.test
new file mode 100755
index 0000000..5ef6e92
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/login.test
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./login.exp
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newgidmap/01_newgidmap/config.txt b/tests/tests/newgidmap/01_newgidmap/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config.txt
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/group b/tests/tests/newgidmap/01_newgidmap/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/login.defs b/tests/tests/newgidmap/01_newgidmap/config/etc/login.defs
new file mode 100644
index 0000000..87d7550
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/login.defs
@@ -0,0 +1,341 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+# GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/passwd b/tests/tests/newgidmap/01_newgidmap/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/subgid b/tests/tests/newgidmap/01_newgidmap/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/subuid b/tests/tests/newgidmap/01_newgidmap/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/01_newgidmap/data/gid_map b/tests/tests/newgidmap/01_newgidmap/data/gid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/data/gid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newgidmap/01_newgidmap/newgidmap.test b/tests/tests/newgidmap/01_newgidmap/newgidmap.test
new file mode 100755
index 0000000..7682662
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/newgidmap.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup gid mapping"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the system on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-gidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+echo -n "Enable unprivileged user namespaces... "
+sysctl -q kernel.unprivileged_userns_clone=1
+echo "OK"
+
+echo -n "Create world writable tmp directory... "
+rm -rf /tmp/test-gidmap
+mkdir -m 0777 /tmp/test-gidmap
+echo "OK"
+
+echo -n "setup gidmapping... "
+base=$(id -g foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map
+echo "OK"
+
+echo -n "Try to setup gidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-gidmap/newgidmap.err; ret=\$?; \
+        kill \$pid; exit \$ret" && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "newgidmap returned status ($status)... "
+test "status" != 0
+echo "OK"
+
+echo -n "Check that there were a failure message... "
+grep -q 'newgidmap: Target process is owned by a different' /tmp/test-gidmap/newgidmap.err
+echo "error message OK."
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-gidmap;
+
+restore_config
+trap '' 0
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config.txt b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config.txt
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/group b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/login.defs b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/login.defs
new file mode 100644
index 0000000..be73bde
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+
+GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/passwd b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subgid b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subuid b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map.bar b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map.bar
new file mode 100644
index 0000000..d69adea
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map.bar
@@ -0,0 +1,2 @@
+         0       1001          1
+         1    1000000       1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
new file mode 100755
index 0000000..1152b89
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup uid mapping when primary groups don't match"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-gidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+sysctl -q kernel.unprivileged_userns_clone=1
+
+echo -n "Create world writable tmp directory..."
+rm -rf /tmp/test-gidmap
+mkdir -m 0777 /tmp/test-gidmap
+echo "OK"
+
+echo -n "setup gidmapping... "
+base=$(id -g foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map
+echo "OK"
+
+# This next test should fail if setgroups on the ns is not
+# USERNS_SETGROUPS_ALLOWED ("allow")
+# TODO let's figure out what to do about this.  For now skip
+# that test.
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-gidmap;
+
+restore_config
+trap '' 0
+exit 0
+
+echo -n "setup gidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map.bar
+echo "OK"
+
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-gidmap;
+
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newuidmap/01_newuidmap/config.txt b/tests/tests/newuidmap/01_newuidmap/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config.txt
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/group b/tests/tests/newuidmap/01_newuidmap/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/login.defs b/tests/tests/newuidmap/01_newuidmap/config/etc/login.defs
new file mode 100644
index 0000000..970811e
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/login.defs
@@ -0,0 +1,343 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+# Enable this option to allow setting up uid/gid mapping
+# when the user uses an alternative primary group.
+# GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/passwd b/tests/tests/newuidmap/01_newuidmap/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/subgid b/tests/tests/newuidmap/01_newuidmap/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/subuid b/tests/tests/newuidmap/01_newuidmap/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/01_newuidmap/data/uid_map b/tests/tests/newuidmap/01_newuidmap/data/uid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/data/uid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newuidmap/01_newuidmap/newuidmap.test b/tests/tests/newuidmap/01_newuidmap/newuidmap.test
new file mode 100755
index 0000000..5ab3122
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/newuidmap.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -ex
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup uid mapping"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the system on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-uidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+echo -n "Enable unprivileged user namespaces... "
+sysctl -q kernel.unprivileged_userns_clone=1
+echo "OK"
+
+echo -n "Create world writable tmp directory... "
+rm -rf /tmp/test-uidmap
+mkdir -m 0777 /tmp/test-uidmap
+echo "OK"
+
+echo -n "setup uidmapping... "
+base=$(id -u foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2s; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
+echo "OK"
+
+echo -n "Try to setup uidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        newuidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-uidmap/newuidmap.err; ret=\$?; \
+        kill \$pid; exit \$ret" && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "newuidmap returned status ($status)... "
+test "status" != 0
+echo "OK"
+
+echo -n "Check that there were a failure message... "
+grep -q 'newuidmap: Target process is owned by a different' /tmp/test-uidmap/newuidmap.err
+echo "error message OK."
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-uidmap;
+
+restore_config
+trap '' 0
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config.txt b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config.txt
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/group b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/login.defs b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/login.defs
new file mode 100644
index 0000000..be73bde
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+
+GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/passwd b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subgid b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subuid b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/data/uid_map b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/data/uid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/data/uid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
new file mode 100755
index 0000000..a9a3385
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -ex
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup uid mapping when primary groups don't match"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-uidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+sysctl -q kernel.unprivileged_userns_clone=1
+
+echo -n "Create world writable tmp directory..."
+rm -rf /tmp/test-uidmap
+mkdir -m 0777 /tmp/test-uidmap
+echo "OK"
+
+echo -n "setup uidmapping... "
+base=$(id -u foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+	cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
+echo "OK"
+
+echo -n "setup uidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+	cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
+echo "OK"
+
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-uidmap;
+
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/01_create_user/config.txt b/tests/tests/newusers/01_create_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config.txt
diff --git a/tests/tests/newusers/01_create_user/config/etc/group b/tests/tests/newusers/01_create_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/01_create_user/config/etc/gshadow b/tests/tests/newusers/01_create_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/01_create_user/config/etc/pam.d/common-password b/tests/tests/newusers/01_create_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/01_create_user/config/etc/pam.d/newusers b/tests/tests/newusers/01_create_user/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/01_create_user/config/etc/passwd b/tests/tests/newusers/01_create_user/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/01_create_user/config/etc/shadow b/tests/tests/newusers/01_create_user/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/01_create_user/data/group b/tests/tests/newusers/01_create_user/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/01_create_user/data/gshadow b/tests/tests/newusers/01_create_user/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/01_create_user/data/newusers.list b/tests/tests/newusers/01_create_user/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/01_create_user/data/passwd b/tests/tests/newusers/01_create_user/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/01_create_user/data/shadow b/tests/tests/newusers/01_create_user/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/01_create_user/newusers.test b/tests/tests/newusers/01_create_user/newusers.test
new file mode 100755
index 0000000..049dd17
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/02_update_password/config.txt b/tests/tests/newusers/02_update_password/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/02_update_password/config/etc/group b/tests/tests/newusers/02_update_password/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/02_update_password/config/etc/gshadow b/tests/tests/newusers/02_update_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/02_update_password/config/etc/pam.d/common-password b/tests/tests/newusers/02_update_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/02_update_password/config/etc/pam.d/newusers b/tests/tests/newusers/02_update_password/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/02_update_password/config/etc/passwd b/tests/tests/newusers/02_update_password/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/02_update_password/config/etc/shadow b/tests/tests/newusers/02_update_password/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/02_update_password/data/newusers.list b/tests/tests/newusers/02_update_password/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/02_update_password/data/shadow b/tests/tests/newusers/02_update_password/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/02_update_password/newusers.test b/tests/tests/newusers/02_update_password/newusers.test
new file mode 100755
index 0000000..17d08e2
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/03_no_update_pid/config.txt b/tests/tests/newusers/03_no_update_pid/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/group b/tests/tests/newusers/03_no_update_pid/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/gshadow b/tests/tests/newusers/03_no_update_pid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/common-password b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/newusers b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/passwd b/tests/tests/newusers/03_no_update_pid/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/shadow b/tests/tests/newusers/03_no_update_pid/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/03_no_update_pid/data/newusers.list b/tests/tests/newusers/03_no_update_pid/data/newusers.list
new file mode 100644
index 0000000..e3128e7
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:4242::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/03_no_update_pid/data/shadow b/tests/tests/newusers/03_no_update_pid/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/03_no_update_pid/newusers.test b/tests/tests/newusers/03_no_update_pid/newusers.test
new file mode 100755
index 0000000..5e59924
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not change the pid of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/04_no_update_gid/config.txt b/tests/tests/newusers/04_no_update_gid/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/group b/tests/tests/newusers/04_no_update_gid/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/gshadow b/tests/tests/newusers/04_no_update_gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/common-password b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/newusers b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/passwd b/tests/tests/newusers/04_no_update_gid/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/shadow b/tests/tests/newusers/04_no_update_gid/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/04_no_update_gid/data/newusers.list b/tests/tests/newusers/04_no_update_gid/data/newusers.list
new file mode 100644
index 0000000..2610f3c
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/04_no_update_gid/data/shadow b/tests/tests/newusers/04_no_update_gid/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/04_no_update_gid/newusers.test b/tests/tests/newusers/04_no_update_gid/newusers.test
new file mode 100755
index 0000000..c1dabfa
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not change the gid of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/05_create_user_pid/config.txt b/tests/tests/newusers/05_create_user_pid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config.txt
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/group b/tests/tests/newusers/05_create_user_pid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/gshadow b/tests/tests/newusers/05_create_user_pid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/common-password b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/newusers b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/passwd b/tests/tests/newusers/05_create_user_pid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/shadow b/tests/tests/newusers/05_create_user_pid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/05_create_user_pid/data/group b/tests/tests/newusers/05_create_user_pid/data/group
new file mode 100644
index 0000000..96574a5
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4242:
diff --git a/tests/tests/newusers/05_create_user_pid/data/gshadow b/tests/tests/newusers/05_create_user_pid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/05_create_user_pid/data/newusers.list b/tests/tests/newusers/05_create_user_pid/data/newusers.list
new file mode 100644
index 0000000..f374b1b
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4242::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/05_create_user_pid/data/passwd b/tests/tests/newusers/05_create_user_pid/data/passwd
new file mode 100644
index 0000000..a45d9a7
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/05_create_user_pid/data/shadow b/tests/tests/newusers/05_create_user_pid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/05_create_user_pid/newusers.test b/tests/tests/newusers/05_create_user_pid/newusers.test
new file mode 100755
index 0000000..d2aa56a
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a given pid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/06_create_user_gid/config.txt b/tests/tests/newusers/06_create_user_gid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config.txt
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/group b/tests/tests/newusers/06_create_user_gid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/gshadow b/tests/tests/newusers/06_create_user_gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/common-password b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/newusers b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/passwd b/tests/tests/newusers/06_create_user_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/shadow b/tests/tests/newusers/06_create_user_gid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/06_create_user_gid/data/group b/tests/tests/newusers/06_create_user_gid/data/group
new file mode 100644
index 0000000..96574a5
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4242:
diff --git a/tests/tests/newusers/06_create_user_gid/data/gshadow b/tests/tests/newusers/06_create_user_gid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/06_create_user_gid/data/newusers.list b/tests/tests/newusers/06_create_user_gid/data/newusers.list
new file mode 100644
index 0000000..50e7505
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/06_create_user_gid/data/passwd b/tests/tests/newusers/06_create_user_gid/data/passwd
new file mode 100644
index 0000000..8ed5455
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/06_create_user_gid/data/shadow b/tests/tests/newusers/06_create_user_gid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/06_create_user_gid/newusers.test b/tests/tests/newusers/06_create_user_gid/newusers.test
new file mode 100755
index 0000000..57cb0d5
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a given gid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config.txt b/tests/tests/newusers/07_create_user_pid_gid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config.txt
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/group b/tests/tests/newusers/07_create_user_pid_gid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/gshadow b/tests/tests/newusers/07_create_user_pid_gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/common-password b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/newusers b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/passwd b/tests/tests/newusers/07_create_user_pid_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/shadow b/tests/tests/newusers/07_create_user_pid_gid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/group b/tests/tests/newusers/07_create_user_pid_gid/data/group
new file mode 100644
index 0000000..96574a5
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4242:
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/gshadow b/tests/tests/newusers/07_create_user_pid_gid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/newusers.list b/tests/tests/newusers/07_create_user_pid_gid/data/newusers.list
new file mode 100644
index 0000000..1701c92
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/passwd b/tests/tests/newusers/07_create_user_pid_gid/data/passwd
new file mode 100644
index 0000000..a45d9a7
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/shadow b/tests/tests/newusers/07_create_user_pid_gid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/newusers.test b/tests/tests/newusers/07_create_user_pid_gid/newusers.test
new file mode 100755
index 0000000..e9b0914
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with given pid and gid (both identical)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config.txt b/tests/tests/newusers/08_create_user_pid_other-gid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config.txt
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/group b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/gshadow b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/common-password b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/newusers b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/passwd b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/shadow b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/group b/tests/tests/newusers/08_create_user_pid_other-gid/data/group
new file mode 100644
index 0000000..b2d9984
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4243:
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/gshadow b/tests/tests/newusers/08_create_user_pid_other-gid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/newusers.list b/tests/tests/newusers/08_create_user_pid_other-gid/data/newusers.list
new file mode 100644
index 0000000..a71043d
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4242:4243:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/passwd b/tests/tests/newusers/08_create_user_pid_other-gid/data/passwd
new file mode 100644
index 0000000..fdefa6c
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:4243:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/shadow b/tests/tests/newusers/08_create_user_pid_other-gid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/newusers.test b/tests/tests/newusers/08_create_user_pid_other-gid/newusers.test
new file mode 100755
index 0000000..66573df
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with given pid and gid (with different id)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config.txt b/tests/tests/newusers/09_create_user_pid-as-user-bar/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config.txt
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/group b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/group
new file mode 100644
index 0000000..7c6bf3a
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/gshadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/common-password b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/newusers b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/passwd b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/passwd
new file mode 100644
index 0000000..26d70f2
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/shadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/group b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/group
new file mode 100644
index 0000000..90da8d7
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
+foo:x:1043:
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/gshadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/gshadow
new file mode 100644
index 0000000..d11bb83
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
+foo:*::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/newusers.list b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/newusers.list
new file mode 100644
index 0000000..5685534
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:bar::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/passwd b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/passwd
new file mode 100644
index 0000000..5f9155b
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
+foo:x:1042:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/shadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/newusers.test b/tests/tests/newusers/09_create_user_pid-as-user-bar/newusers.test
new file mode 100755
index 0000000..93deeb2
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with the pid of a named user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config.txt b/tests/tests/newusers/10_create_user_gid-as-group-bar/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config.txt
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/group b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/group
new file mode 100644
index 0000000..4e6b697
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1043:
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/gshadow b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/common-password b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/newusers b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/passwd b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/passwd
new file mode 100644
index 0000000..901ce16
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/shadow b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/data/newusers.list b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/data/passwd b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/passwd
new file mode 100644
index 0000000..e474273
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
+foo:x:1043:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/data/shadow b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/newusers.test b/tests/tests/newusers/10_create_user_gid-as-group-bar/newusers.test
new file mode 100755
index 0000000..ba852a4
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with the gid of a named group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/11_update_gecos/config.txt b/tests/tests/newusers/11_update_gecos/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/group b/tests/tests/newusers/11_update_gecos/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/gshadow b/tests/tests/newusers/11_update_gecos/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/pam.d/common-password b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/pam.d/newusers b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/passwd b/tests/tests/newusers/11_update_gecos/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/shadow b/tests/tests/newusers/11_update_gecos/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/11_update_gecos/data/newusers.list b/tests/tests/newusers/11_update_gecos/data/newusers.list
new file mode 100644
index 0000000..d4ac60c
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field - updated::/bin/sh
diff --git a/tests/tests/newusers/11_update_gecos/data/passwd b/tests/tests/newusers/11_update_gecos/data/passwd
new file mode 100644
index 0000000..c84bc61
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field - updated::/bin/sh
diff --git a/tests/tests/newusers/11_update_gecos/data/shadow b/tests/tests/newusers/11_update_gecos/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/11_update_gecos/newusers.test b/tests/tests/newusers/11_update_gecos/newusers.test
new file mode 100755
index 0000000..fb57724
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the gecos of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/12_update_shell/config.txt b/tests/tests/newusers/12_update_shell/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/12_update_shell/config/etc/group b/tests/tests/newusers/12_update_shell/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/12_update_shell/config/etc/gshadow b/tests/tests/newusers/12_update_shell/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/12_update_shell/config/etc/pam.d/common-password b/tests/tests/newusers/12_update_shell/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/12_update_shell/config/etc/pam.d/newusers b/tests/tests/newusers/12_update_shell/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/12_update_shell/config/etc/passwd b/tests/tests/newusers/12_update_shell/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/12_update_shell/config/etc/shadow b/tests/tests/newusers/12_update_shell/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/12_update_shell/data/newusers.list b/tests/tests/newusers/12_update_shell/data/newusers.list
new file mode 100644
index 0000000..55add69
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/bash
diff --git a/tests/tests/newusers/12_update_shell/data/passwd b/tests/tests/newusers/12_update_shell/data/passwd
new file mode 100644
index 0000000..8fc494c
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/bash
diff --git a/tests/tests/newusers/12_update_shell/data/shadow b/tests/tests/newusers/12_update_shell/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/12_update_shell/newusers.test b/tests/tests/newusers/12_update_shell/newusers.test
new file mode 100755
index 0000000..aca2591
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the shell of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/13_create_user_new-home/config.txt b/tests/tests/newusers/13_create_user_new-home/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config.txt
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/group b/tests/tests/newusers/13_create_user_new-home/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/gshadow b/tests/tests/newusers/13_create_user_new-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/common-password b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/newusers b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/passwd b/tests/tests/newusers/13_create_user_new-home/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/shadow b/tests/tests/newusers/13_create_user_new-home/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/13_create_user_new-home/data/group b/tests/tests/newusers/13_create_user_new-home/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/13_create_user_new-home/data/gshadow b/tests/tests/newusers/13_create_user_new-home/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/13_create_user_new-home/data/home_ls-a b/tests/tests/newusers/13_create_user_new-home/data/home_ls-a
new file mode 100644
index 0000000..81b7cb2
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x foo:foo `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/13_create_user_new-home/data/newusers.list b/tests/tests/newusers/13_create_user_new-home/data/newusers.list
new file mode 100644
index 0000000..d2dacfd
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/13_create_user_new-home/data/passwd b/tests/tests/newusers/13_create_user_new-home/data/passwd
new file mode 100644
index 0000000..a6c525b
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/13_create_user_new-home/data/shadow b/tests/tests/newusers/13_create_user_new-home/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/13_create_user_new-home/newusers.test b/tests/tests/newusers/13_create_user_new-home/newusers.test
new file mode 100755
index 0000000..3a693c1
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers creates the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/14_create_user_existing-home/config.txt b/tests/tests/newusers/14_create_user_existing-home/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config.txt
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/group b/tests/tests/newusers/14_create_user_existing-home/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/gshadow b/tests/tests/newusers/14_create_user_existing-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/common-password b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/newusers b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/passwd b/tests/tests/newusers/14_create_user_existing-home/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/shadow b/tests/tests/newusers/14_create_user_existing-home/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/group b/tests/tests/newusers/14_create_user_existing-home/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/gshadow b/tests/tests/newusers/14_create_user_existing-home/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/home_ls-a b/tests/tests/newusers/14_create_user_existing-home/data/home_ls-a
new file mode 100644
index 0000000..50cd7c4
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/newusers.list b/tests/tests/newusers/14_create_user_existing-home/data/newusers.list
new file mode 100644
index 0000000..d2dacfd
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/passwd b/tests/tests/newusers/14_create_user_existing-home/data/passwd
new file mode 100644
index 0000000..a6c525b
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/shadow b/tests/tests/newusers/14_create_user_existing-home/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/14_create_user_existing-home/newusers.test b/tests/tests/newusers/14_create_user_existing-home/newusers.test
new file mode 100755
index 0000000..1410aa2
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/newusers.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with an existing home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+mkdir /tmp/test-newusers
+
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/15_update_new-home/config.txt b/tests/tests/newusers/15_update_new-home/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/group b/tests/tests/newusers/15_update_new-home/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/gshadow b/tests/tests/newusers/15_update_new-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/pam.d/common-password b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/pam.d/newusers b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/passwd b/tests/tests/newusers/15_update_new-home/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/shadow b/tests/tests/newusers/15_update_new-home/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/15_update_new-home/data/home_ls-a b/tests/tests/newusers/15_update_new-home/data/home_ls-a
new file mode 100644
index 0000000..81b7cb2
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x foo:foo `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/15_update_new-home/data/newusers.list b/tests/tests/newusers/15_update_new-home/data/newusers.list
new file mode 100644
index 0000000..b2025de
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/15_update_new-home/data/passwd b/tests/tests/newusers/15_update_new-home/data/passwd
new file mode 100644
index 0000000..1db48b7
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/15_update_new-home/data/shadow b/tests/tests/newusers/15_update_new-home/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/15_update_new-home/newusers.test b/tests/tests/newusers/15_update_new-home/newusers.test
new file mode 100755
index 0000000..bc20ecf
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/newusers.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# TODO: check what happens to the old home
+log_start "$0" "newusers can update the home directory of an user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/16_update_existing-home/config.txt b/tests/tests/newusers/16_update_existing-home/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/group b/tests/tests/newusers/16_update_existing-home/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/gshadow b/tests/tests/newusers/16_update_existing-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/common-password b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/newusers b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/passwd b/tests/tests/newusers/16_update_existing-home/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/shadow b/tests/tests/newusers/16_update_existing-home/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/16_update_existing-home/data/home_ls-a b/tests/tests/newusers/16_update_existing-home/data/home_ls-a
new file mode 100644
index 0000000..50cd7c4
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/16_update_existing-home/data/newusers.list b/tests/tests/newusers/16_update_existing-home/data/newusers.list
new file mode 100644
index 0000000..b2025de
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/16_update_existing-home/data/passwd b/tests/tests/newusers/16_update_existing-home/data/passwd
new file mode 100644
index 0000000..1db48b7
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/16_update_existing-home/data/shadow b/tests/tests/newusers/16_update_existing-home/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/16_update_existing-home/newusers.test b/tests/tests/newusers/16_update_existing-home/newusers.test
new file mode 100755
index 0000000..1d901fa
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/newusers.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the home directory of an user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+mkdir /tmp/test-newusers
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config.txt b/tests/tests/newusers/17_create_user_pid-already-used/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config.txt
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/group b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/group
new file mode 100644
index 0000000..7c6bf3a
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/gshadow b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/common-password b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/newusers b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/passwd b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/passwd
new file mode 100644
index 0000000..26d70f2
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/shadow b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/group b/tests/tests/newusers/17_create_user_pid-already-used/data/group
new file mode 100644
index 0000000..90da8d7
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
+foo:x:1043:
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/gshadow b/tests/tests/newusers/17_create_user_pid-already-used/data/gshadow
new file mode 100644
index 0000000..d11bb83
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
+foo:*::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/newusers.list b/tests/tests/newusers/17_create_user_pid-already-used/data/newusers.list
new file mode 100644
index 0000000..f1c75fe
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:1042::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/passwd b/tests/tests/newusers/17_create_user_pid-already-used/data/passwd
new file mode 100644
index 0000000..5f9155b
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
+foo:x:1042:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/shadow b/tests/tests/newusers/17_create_user_pid-already-used/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/newusers.test b/tests/tests/newusers/17_create_user_pid-already-used/newusers.test
new file mode 100755
index 0000000..8546a9b
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a pid already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config.txt b/tests/tests/newusers/18_create_user_gid-already-used/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config.txt
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/group b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/group
new file mode 100644
index 0000000..4e6b697
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1043:
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/gshadow b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/common-password b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/newusers b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/passwd b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/passwd
new file mode 100644
index 0000000..901ce16
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/shadow b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/data/newusers.list b/tests/tests/newusers/18_create_user_gid-already-used/data/newusers.list
new file mode 100644
index 0000000..1714418
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/data/passwd b/tests/tests/newusers/18_create_user_gid-already-used/data/passwd
new file mode 100644
index 0000000..e474273
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
+foo:x:1043:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/data/shadow b/tests/tests/newusers/18_create_user_gid-already-used/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/newusers.test b/tests/tests/newusers/18_create_user_gid-already-used/newusers.test
new file mode 100755
index 0000000..7b15be8
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a gid already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/19_update_keep-old-home/config.txt b/tests/tests/newusers/19_update_keep-old-home/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/group b/tests/tests/newusers/19_update_keep-old-home/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/gshadow b/tests/tests/newusers/19_update_keep-old-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/common-password b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/newusers b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/passwd b/tests/tests/newusers/19_update_keep-old-home/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/shadow b/tests/tests/newusers/19_update_keep-old-home/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a
new file mode 100644
index 0000000..85833ad
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x foo:foo `/tmp/test-newusers2/.'
+drwxrwxrwt root:root `/tmp/test-newusers2/..'
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a.old b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a.old
new file mode 100644
index 0000000..c8d0412
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a.old
@@ -0,0 +1,3 @@
+-rw-r--r-- root:root `/tmp/test-newusers/foo'
+drwxr-xr-x root:root `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/newusers.list b/tests/tests/newusers/19_update_keep-old-home/data/newusers.list
new file mode 100644
index 0000000..7864ffe
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field:/tmp/test-newusers2:/bin/bash
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/passwd b/tests/tests/newusers/19_update_keep-old-home/data/passwd
new file mode 100644
index 0000000..23cd129
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field:/tmp/test-newusers2:/bin/bash
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/shadow b/tests/tests/newusers/19_update_keep-old-home/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/19_update_keep-old-home/newusers.test b/tests/tests/newusers/19_update_keep-old-home/newusers.test
new file mode 100755
index 0000000..74eea45
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/newusers.test
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# I don't know if it's really a feature
+log_start "$0" "newusers keeps the old home when changing the home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+mkdir /tmp/test-newusers
+echo foo > /tmp/test-newusers/foo
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers2
+echo "OK"
+echo -n "Old home directory is still there..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a.old
+diff -rauN data/home_ls-a.old tmp/home_ls-a.old
+echo "OK"
+echo -n "Check content of /tmp/test-newusers2..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers2/* /tmp/test-newusers2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directories..."
+rm -rf /tmp/test-newusers /tmp/test-newusers2
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a tmp/home_ls-a.old
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/20_multiple_users/config.txt b/tests/tests/newusers/20_multiple_users/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/group b/tests/tests/newusers/20_multiple_users/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/gshadow b/tests/tests/newusers/20_multiple_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/pam.d/common-password b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/pam.d/newusers b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/passwd b/tests/tests/newusers/20_multiple_users/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/shadow b/tests/tests/newusers/20_multiple_users/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/20_multiple_users/data/group b/tests/tests/newusers/20_multiple_users/data/group
new file mode 100644
index 0000000..ee3ddc0
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/group
@@ -0,0 +1,58 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
+foo1:x:1000:
+foo1a:x:1001:
+foo2:x:2000:
+foo3:x:2001:
+foo4:x:3000:
+foo5:x:3005:
+foo6:x:3002:
+foo7:x:61000:
+foo8:x:3003:
+foo9:x:3006:
+foo10:x:3004:
+foo11:x:63000:
+foo12:x:3007:
+foo13:x:3008:
+foo14:x:59000:
+foo15:x:59001:
diff --git a/tests/tests/newusers/20_multiple_users/data/gshadow b/tests/tests/newusers/20_multiple_users/data/gshadow
new file mode 100644
index 0000000..37b6caa
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/gshadow
@@ -0,0 +1,57 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo1a:*::
+foo2:*::
+foo3:*::
+foo4:*::
+foo5:*::
+foo6:*::
+foo7:*::
+foo8:*::
+foo9:*::
+foo10:*::
+foo11:*::
+foo12:*::
+foo13:*::
+foo14:*::
+foo15:*::
diff --git a/tests/tests/newusers/20_multiple_users/data/newusers.list b/tests/tests/newusers/20_multiple_users/data/newusers.list
new file mode 100644
index 0000000..68d54c2
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/newusers.list
@@ -0,0 +1,17 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo1a:foo1aPas:foo1::User Foo - Gecos Field::/bin/sh
+foo1b:foo1bPas::foo1a:User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
+foo4:foo4Pass:3000::User Foo - Gecos Field::/bin/sh
+foo5:foo5Pass::3005:User Foo - Gecos Field::/bin/sh
+foo6:foo6Pass:::User Foo - Gecos Field::/bin/sh
+foo7:foo7Pass:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:foo8Pass:::User Foo - Gecos Field::/bin/sh
+foo9:foo9Pass:62000::User Foo - Gecos Field::/bin/sh
+foo10:foo10Pas:::User Foo - Gecos Field::/bin/sh
+foo11:foo11Pas::63000:User Foo - Gecos Field::/bin/sh
+foo12:foo12Pas:::User Foo - Gecos Field::/bin/sh
+foo13:foo13Pas:::User Foo - Gecos Field::/bin/sh
+foo14:foo14Pas:59000::User Foo - Gecos Field::/bin/sh
+foo15:foo15Pas:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/20_multiple_users/data/passwd b/tests/tests/newusers/20_multiple_users/data/passwd
new file mode 100644
index 0000000..1dde7d5
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/passwd
@@ -0,0 +1,37 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
+foo1:x:1000:1000:User Foo - Gecos Field::/bin/sh
+foo1a:x:1000:1001:User Foo - Gecos Field::/bin/sh
+foo1b:x:1001:1001:User Foo - Gecos Field::/bin/sh
+foo2:x:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:x:2001:2001:User Foo - Gecos Field::/bin/sh
+foo4:x:3000:3000:User Foo - Gecos Field::/bin/sh
+foo5:x:3001:3005:User Foo - Gecos Field::/bin/sh
+foo6:x:3002:3002:User Foo - Gecos Field::/bin/sh
+foo7:x:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:x:3003:3003:User Foo - Gecos Field::/bin/sh
+foo9:x:62000:3006:User Foo - Gecos Field::/bin/sh
+foo10:x:3004:3004:User Foo - Gecos Field::/bin/sh
+foo11:x:3005:63000:User Foo - Gecos Field::/bin/sh
+foo12:x:3006:3007:User Foo - Gecos Field::/bin/sh
+foo13:x:3007:3008:User Foo - Gecos Field::/bin/sh
+foo14:x:59000:59000:User Foo - Gecos Field::/bin/sh
+foo15:x:59001:59001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/20_multiple_users/data/shadow b/tests/tests/newusers/20_multiple_users/data/shadow
new file mode 100644
index 0000000..f77568e
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/shadow
@@ -0,0 +1,37 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo1a:@PASS_DES foo1aPas@:@TODAY@:0:99999:7:::
+foo1b:@PASS_DES foo1bPas@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
+foo3:@PASS_DES foo3Pass@:@TODAY@:0:99999:7:::
+foo4:@PASS_DES foo4Pass@:@TODAY@:0:99999:7:::
+foo5:@PASS_DES foo5Pass@:@TODAY@:0:99999:7:::
+foo6:@PASS_DES foo6Pass@:@TODAY@:0:99999:7:::
+foo7:@PASS_DES foo7Pass@:@TODAY@:0:99999:7:::
+foo8:@PASS_DES foo8Pass@:@TODAY@:0:99999:7:::
+foo9:@PASS_DES foo9Pass@:@TODAY@:0:99999:7:::
+foo10:@PASS_DES foo10Pas@:@TODAY@:0:99999:7:::
+foo11:@PASS_DES foo11Pas@:@TODAY@:0:99999:7:::
+foo12:@PASS_DES foo12Pas@:@TODAY@:0:99999:7:::
+foo13:@PASS_DES foo13Pas@:@TODAY@:0:99999:7:::
+foo14:@PASS_DES foo14Pas@:@TODAY@:0:99999:7:::
+foo15:@PASS_DES foo15Pas@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/20_multiple_users/newusers.test b/tests/tests/newusers/20_multiple_users/newusers.test
new file mode 100755
index 0000000..8868f63
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can add multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+cp /etc/shadow /tmp
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config.txt b/tests/tests/newusers/21_create_user_UID_MAX/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config.txt
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/group b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/gshadow b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/common-password b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/newusers b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/passwd b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/shadow b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/group b/tests/tests/newusers/21_create_user_UID_MAX/data/group
new file mode 100644
index 0000000..f1809d9
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:60000:
+foo2:x:1000:
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/gshadow b/tests/tests/newusers/21_create_user_UID_MAX/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/newusers.list b/tests/tests/newusers/21_create_user_UID_MAX/data/newusers.list
new file mode 100644
index 0000000..30e9ec4
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/newusers.list
@@ -0,0 +1,2 @@
+foo1:foo1Pass:60000::User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/passwd b/tests/tests/newusers/21_create_user_UID_MAX/data/passwd
new file mode 100644
index 0000000..0af03d5
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:60000:60000:User Foo - Gecos Field::/bin/sh
+foo2:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/shadow b/tests/tests/newusers/21_create_user_UID_MAX/data/shadow
new file mode 100644
index 0000000..e33ca21
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/newusers.test b/tests/tests/newusers/21_create_user_UID_MAX/newusers.test
new file mode 100755
index 0000000..bb0e4cf
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers reuses a lower UID when UID_MAX is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config.txt b/tests/tests/newusers/22_create_user_GID_MAX/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config.txt
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/group b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/gshadow b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/common-password b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/newusers b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/passwd b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/shadow b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/group b/tests/tests/newusers/22_create_user_GID_MAX/data/group
new file mode 100644
index 0000000..f1809d9
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:60000:
+foo2:x:1000:
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/gshadow b/tests/tests/newusers/22_create_user_GID_MAX/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/newusers.list b/tests/tests/newusers/22_create_user_GID_MAX/data/newusers.list
new file mode 100644
index 0000000..08a2eff
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/newusers.list
@@ -0,0 +1,2 @@
+foo1:foo1Pass::60000:User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:60000::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/passwd b/tests/tests/newusers/22_create_user_GID_MAX/data/passwd
new file mode 100644
index 0000000..7f7ec76
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:60000:User Foo - Gecos Field::/bin/sh
+foo2:x:60000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/shadow b/tests/tests/newusers/22_create_user_GID_MAX/data/shadow
new file mode 100644
index 0000000..e33ca21
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/newusers.test b/tests/tests/newusers/22_create_user_GID_MAX/newusers.test
new file mode 100755
index 0000000..e07b081
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers reuses a lower GID when GID_MAX is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config.txt b/tests/tests/newusers/23_create_user_error_negative_UID/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config.txt
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/group b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/gshadow b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/passwd b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/shadow b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.err b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.err
new file mode 100644
index 0000000..d19a181
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: user '-1' does not exist
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.list b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.list
new file mode 100644
index 0000000..16f7a03
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:-1::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/newusers.test b/tests/tests/newusers/23_create_user_error_negative_UID/newusers.test
new file mode 100755
index 0000000..93762a6
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with negative UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config.txt b/tests/tests/newusers/24_create_user_error_invalid_UID/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config.txt
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/group b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/gshadow b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/passwd b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/shadow b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.err b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.err
new file mode 100644
index 0000000..d31a570
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid user ID '1foo'
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.list b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.list
new file mode 100644
index 0000000..11bf6b7
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:1foo::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/newusers.test b/tests/tests/newusers/24_create_user_error_invalid_UID/newusers.test
new file mode 100755
index 0000000..33d4c8b
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config.txt b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config.txt
new file mode 100644
index 0000000..63f3a93
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config.txt
@@ -0,0 +1,2 @@
+UID_MIN			 1000
+UID_MAX			 1001
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/group b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/gshadow b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/login.defs b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/login.defs
new file mode 100644
index 0000000..8a1af21
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			 1001
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/passwd b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/shadow b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.err b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.err
new file mode 100644
index 0000000..e12137f
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: Can't get unique UID (no more available UIDs)
+newusers: line 3: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.list b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.list
new file mode 100644
index 0000000..8d89304
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.list
@@ -0,0 +1,3 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:::User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/newusers.test b/tests/tests/newusers/25_create_user_error_no_remaining_UID/newusers.test
new file mode 100755
index 0000000..6412388
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/newusers.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails when there are no more available UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "newusers returned status '$status'"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config.txt b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config.txt
new file mode 100644
index 0000000..06fe808
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config.txt
@@ -0,0 +1,4 @@
+UID_MIN			 1000
+UID_MAX			 1002
+GID_MIN			 1000
+GID_MAX			 1001
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/group b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/gshadow b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/login.defs b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/login.defs
new file mode 100644
index 0000000..1709b87
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			 1002
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			 1001
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/passwd b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/shadow b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.err b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.err
new file mode 100644
index 0000000..1c50637
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: Can't get unique GID (no more available GIDs)
+newusers: line 3: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.list b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.list
new file mode 100644
index 0000000..8d89304
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.list
@@ -0,0 +1,3 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:::User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/newusers.test b/tests/tests/newusers/26_create_user_error_no_remaining_GID/newusers.test
new file mode 100755
index 0000000..f4c9683
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/newusers.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails when there are no more available GIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "newusers returned status '$status'"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config.txt b/tests/tests/newusers/27_create_user_error_invalid_username/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config.txt
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/group b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/gshadow b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/passwd b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/shadow b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.err b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.err
new file mode 100644
index 0000000..1781a93
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group name 'f o o'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.list b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.list
new file mode 100644
index 0000000..9b2d68b
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.list
@@ -0,0 +1 @@
+f o o:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/newusers.test b/tests/tests/newusers/27_create_user_error_invalid_username/newusers.test
new file mode 100755
index 0000000..7ba2780
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if the username is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config.txt b/tests/tests/newusers/28_create_user_error_invalid_groupname/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config.txt
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/group b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/gshadow b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/passwd b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/shadow b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.err b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.err
new file mode 100644
index 0000000..1781a93
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group name 'f o o'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.list b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.list
new file mode 100644
index 0000000..f57cf94
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::f o o:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/newusers.test b/tests/tests/newusers/28_create_user_error_invalid_groupname/newusers.test
new file mode 100755
index 0000000..6503bf1
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if the groupname is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config.txt b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config.txt
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/group b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/gshadow b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/passwd b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/shadow b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.err b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.err
new file mode 100644
index 0000000..420b076
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid user name 'f o o'
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.list b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.list
new file mode 100644
index 0000000..6f74caf
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.list
@@ -0,0 +1 @@
+f o o:fooPass::foo:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
new file mode 100755
index 0000000..9131db7
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if the username is invalid (even if groupname is valid)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config.txt b/tests/tests/newusers/30_create_user_different_groupname/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config.txt
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/group b/tests/tests/newusers/30_create_user_different_groupname/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/gshadow b/tests/tests/newusers/30_create_user_different_groupname/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/common-password b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/newusers b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/passwd b/tests/tests/newusers/30_create_user_different_groupname/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/shadow b/tests/tests/newusers/30_create_user_different_groupname/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/group b/tests/tests/newusers/30_create_user_different_groupname/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/gshadow b/tests/tests/newusers/30_create_user_different_groupname/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/newusers.list b/tests/tests/newusers/30_create_user_different_groupname/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/passwd b/tests/tests/newusers/30_create_user_different_groupname/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/shadow b/tests/tests/newusers/30_create_user_different_groupname/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/newusers.test b/tests/tests/newusers/30_create_user_different_groupname/newusers.test
new file mode 100755
index 0000000..c5fd4bb
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user and new group with different names"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config.txt b/tests/tests/newusers/31_create_user_error_invalid_GID/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config.txt
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/group b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/gshadow b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/passwd b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/shadow b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.err b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.err
new file mode 100644
index 0000000..8a425df
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group ID '1foo'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.list b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.list
new file mode 100644
index 0000000..09a2d0b
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::1foo:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/newusers.test b/tests/tests/newusers/31_create_user_error_invalid_GID/newusers.test
new file mode 100755
index 0000000..01e701e
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config.txt b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config.txt
new file mode 100644
index 0000000..9f0f610
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config.txt
@@ -0,0 +1 @@
+group bar exist in gshadow, not in group
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/group b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/gshadow b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/passwd b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/shadow b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.err b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.err
new file mode 100644
index 0000000..4d8ae70
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: group 'bar' is a shadow group, but does not exist in /etc/group
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.list b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/newusers.test b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/newusers.test
new file mode 100755
index 0000000..40749e3
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if a user references a group which exist in gshadow and not in group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config.txt b/tests/tests/newusers/33_update_password_no_shadow_password/config.txt
new file mode 100644
index 0000000..02cfc9a
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+no user foo in /etc/shadow
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/group b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/gshadow b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/common-password b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/newusers b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/passwd b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/shadow b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/data/newusers.list b/tests/tests/newusers/33_update_password_no_shadow_password/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/data/passwd b/tests/tests/newusers/33_update_password_no_shadow_password/data/passwd
new file mode 100644
index 0000000..33b4c02
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:@PASS_DES fooPass2@:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/newusers.test b/tests/tests/newusers/33_update_password_no_shadow_password/newusers.test
new file mode 100755
index 0000000..38189f7
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of a user which does not exist in shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config.txt b/tests/tests/newusers/34_update_password_no_shadow/config.txt
new file mode 100644
index 0000000..557c421
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+/etc/shadow will be destroyed
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/group b/tests/tests/newusers/34_update_password_no_shadow/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/gshadow b/tests/tests/newusers/34_update_password_no_shadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/common-password b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/newusers b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/passwd b/tests/tests/newusers/34_update_password_no_shadow/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/shadow b/tests/tests/newusers/34_update_password_no_shadow/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/34_update_password_no_shadow/data/newusers.list b/tests/tests/newusers/34_update_password_no_shadow/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/34_update_password_no_shadow/data/passwd b/tests/tests/newusers/34_update_password_no_shadow/data/passwd
new file mode 100644
index 0000000..33b4c02
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:@PASS_DES fooPass2@:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/34_update_password_no_shadow/newusers.test b/tests/tests/newusers/34_update_password_no_shadow/newusers.test
new file mode 100755
index 0000000..1a9979e
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user, when there is no shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+rm -f /etc/shadow /etc/gshadow
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+test ! -f /etc/shadow
+echo "OK" 
+echo -n "Check the gshadow file..." 
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/35_read_from_stdin/config.txt b/tests/tests/newusers/35_read_from_stdin/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config.txt
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/group b/tests/tests/newusers/35_read_from_stdin/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/gshadow b/tests/tests/newusers/35_read_from_stdin/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/common-password b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/newusers b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/passwd b/tests/tests/newusers/35_read_from_stdin/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/shadow b/tests/tests/newusers/35_read_from_stdin/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/35_read_from_stdin/data/group b/tests/tests/newusers/35_read_from_stdin/data/group
new file mode 100644
index 0000000..15f4c27
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/newusers/35_read_from_stdin/data/gshadow b/tests/tests/newusers/35_read_from_stdin/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/newusers/35_read_from_stdin/data/newusers.list b/tests/tests/newusers/35_read_from_stdin/data/newusers.list
new file mode 100644
index 0000000..b51078f
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/newusers.list
@@ -0,0 +1,2 @@
+foo1:foo1Pass:::User foo1 - Gecos Field::/bin/sh
+foo2:foo2Pass:::User foo2 - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/35_read_from_stdin/data/passwd b/tests/tests/newusers/35_read_from_stdin/data/passwd
new file mode 100644
index 0000000..0c6350e
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:User foo1 - Gecos Field::/bin/sh
+foo2:x:1001:1001:User foo2 - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/35_read_from_stdin/data/shadow b/tests/tests/newusers/35_read_from_stdin/data/shadow
new file mode 100644
index 0000000..e33ca21
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/35_read_from_stdin/newusers.test b/tests/tests/newusers/35_read_from_stdin/newusers.test
new file mode 100755
index 0000000..a135564
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can read the list from stdin"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+cat data/newusers.list | newusers
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/36_create_user_encrypted/config.txt b/tests/tests/newusers/36_create_user_encrypted/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config.txt
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/group b/tests/tests/newusers/36_create_user_encrypted/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/gshadow b/tests/tests/newusers/36_create_user_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/passwd b/tests/tests/newusers/36_create_user_encrypted/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/shadow b/tests/tests/newusers/36_create_user_encrypted/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/group b/tests/tests/newusers/36_create_user_encrypted/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/gshadow b/tests/tests/newusers/36_create_user_encrypted/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/newusers.list b/tests/tests/newusers/36_create_user_encrypted/data/newusers.list
new file mode 100644
index 0000000..4b43ba5
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fo9LtdQDLJ8Fs:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/passwd b/tests/tests/newusers/36_create_user_encrypted/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/shadow b/tests/tests/newusers/36_create_user_encrypted/data/shadow
new file mode 100644
index 0000000..1d221a8
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fo9LtdQDLJ8Fs:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/36_create_user_encrypted/newusers.test b/tests/tests/newusers/36_create_user_encrypted/newusers.test
new file mode 100755
index 0000000..ab0a264
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user, and provide an already encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config.txt b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config.txt
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/group b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/group b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/newusers.list b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/shadow
new file mode 100644
index 0000000..cff74f8
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_MD5 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/newusers.test b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/newusers.test
new file mode 100755
index 0000000..f916194
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the MD5 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config.txt b/tests/tests/newusers/37_create_user_encrypt_MD5/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config.txt
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/group b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/group b/tests/tests/newusers/37_create_user_encrypt_MD5/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/newusers.list b/tests/tests/newusers/37_create_user_encrypt_MD5/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5/data/shadow
new file mode 100644
index 0000000..cff74f8
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_MD5 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/newusers.test b/tests/tests/newusers/37_create_user_encrypt_MD5/newusers.test
new file mode 100755
index 0000000..e497ca9
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the MD5 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c MD5 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config.txt b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config.txt
new file mode 100644
index 0000000..b24760e
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+shadow and gshadow will be removed.
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/group b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/gshadow b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/passwd b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/shadow b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/newusers.list b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/newusers.list
new file mode 100644
index 0000000..d70655e
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fozvMZd6F6hFU:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/passwd b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/passwd
new file mode 100644
index 0000000..a8e6425
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:fozvMZd6F6hFU:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/newusers.test b/tests/tests/newusers/38_update_password_no_shadow_encrypted/newusers.test
new file mode 100755
index 0000000..ba0b660
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user in the passwd file, with a pre-encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+rm -f /etc/shadow /etc/gshadow
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+test ! -f /etc/shadow
+echo "OK" 
+echo -n "Check the gshadow file..." 
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config.txt b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config.txt
new file mode 100644
index 0000000..f21646b
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+No user foo in shadow
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/group b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/gshadow b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/passwd b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/shadow b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/newusers.list b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/newusers.list
new file mode 100644
index 0000000..d70655e
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fozvMZd6F6hFU:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/passwd b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/passwd
new file mode 100644
index 0000000..a8e6425
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:fozvMZd6F6hFU:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/newusers.test b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/newusers.test
new file mode 100755
index 0000000..1daf41f
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user with a pre-encrypted password, when this user has no shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/40_update_password_encrypted/config.txt b/tests/tests/newusers/40_update_password_encrypted/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/group b/tests/tests/newusers/40_update_password_encrypted/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/gshadow b/tests/tests/newusers/40_update_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/passwd b/tests/tests/newusers/40_update_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/shadow b/tests/tests/newusers/40_update_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/40_update_password_encrypted/data/newusers.list b/tests/tests/newusers/40_update_password_encrypted/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/40_update_password_encrypted/data/shadow b/tests/tests/newusers/40_update_password_encrypted/data/shadow
new file mode 100644
index 0000000..b466143
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooPass2:13906:0:99999:7:::
diff --git a/tests/tests/newusers/40_update_password_encrypted/newusers.test b/tests/tests/newusers/40_update_password_encrypted/newusers.test
new file mode 100755
index 0000000..bb6be18
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user with a pre-encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config.txt b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config.txt
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/group b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..ab27f3e
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/group b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/newusers.list b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/newusers.test b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
new file mode 100755
index 0000000..284bb3e
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config.txt b/tests/tests/newusers/41_create_user_encrypt_SHA256/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config.txt
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/group b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/group b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/newusers.list b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/newusers.test b/tests/tests/newusers/41_create_user_encrypt_SHA256/newusers.test
new file mode 100755
index 0000000..ba0828d
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c SHA256 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config.txt b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config.txt
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/group b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cc251ad
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/group b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/newusers.list b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/shadow
new file mode 100644
index 0000000..1f9ef64
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/newusers.test b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
new file mode 100755
index 0000000..796dbcc
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA512 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config.txt b/tests/tests/newusers/42_create_user_encrypt_SHA512/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config.txt
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/group b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/group b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/newusers.list b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/shadow
new file mode 100644
index 0000000..1f9ef64
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/newusers.test b/tests/tests/newusers/42_create_user_encrypt_SHA512/newusers.test
new file mode 100755
index 0000000..9036b9b
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA512 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c SHA512 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..a15d7a6
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256 rounds=3000
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
new file mode 100755
index 0000000..6260beb
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm and a specified number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c SHA256 -s 3000 data/newusers.list"
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 3000 ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config.txt b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config.txt
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/newusers.list b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
new file mode 100755
index 0000000..26f87f2
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm and a specified number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c SHA256 -s 3000 data/newusers.list"
+newusers -c SHA256 -s 3000 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 3000 ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config.txt b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config.txt
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..7bdd3a2
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256 rounds=300
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/newusers.list b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
new file mode 100755
index 0000000..e2c2c99
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers: the minimum number of rounds for SHA256 is 1000"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers data/newusers.list"
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 1000 ] && [ ! "$rounds" = "" ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config.txt b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config.txt
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/newusers.list b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
new file mode 100755
index 0000000..bea0ad8
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers: the minimum number of rounds for SHA256 is 1000"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c SHA256 -s 300 data/newusers.list"
+newusers -c SHA256 -s 300 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 1000 ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config.txt b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config.txt
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/group b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/gshadow b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/passwd b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/shadow b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.err b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.err
new file mode 100644
index 0000000..4b285af
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.err
@@ -0,0 +1,8 @@
+newusers: -s flag is only allowed with the -c flag
+Usage: newusers [options] [input]
+
+  -c, --crypt-method            the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -r, --system                  create system accounts
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.list b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/newusers.test b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/newusers.test
new file mode 100755
index 0000000..acc9648
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers: the number of rounds cannot be specified without a -c method"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "newusers -s 3000 data/newusers.list ..."
+newusers -s 3000 data/newusers.list 2> tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config.txt b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config.txt
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/group b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/gshadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/passwd b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/shadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/group b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/gshadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/newusers.list b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/passwd b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/shadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/shadow
new file mode 100644
index 0000000..cff74f8
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_MD5 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
new file mode 100755
index 0000000..2a5bfb8
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers ignore the number of rounds with the MD5 method"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c MD5 -s 3000 data/newusers.list"
+newusers -c MD5 -s 3000 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config.txt b/tests/tests/newusers/47_create_user_error_UID_4294967295/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config.txt
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/group b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/gshadow b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/passwd b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/shadow b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.err b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.err
new file mode 100644
index 0000000..3fa2568
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid user ID '4294967295'
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.list b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.list
new file mode 100644
index 0000000..db2d9a9
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4294967295::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/newusers.test b/tests/tests/newusers/47_create_user_error_UID_4294967295/newusers.test
new file mode 100755
index 0000000..33d4c8b
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config.txt b/tests/tests/newusers/48_create_user_error_GID_4294967295/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config.txt
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/group b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/gshadow b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/passwd b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/shadow b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.err b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.err
new file mode 100644
index 0000000..72803c5
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group ID '4294967295'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.list b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.list
new file mode 100644
index 0000000..734a204
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:2147483648:4294967295:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/newusers.test b/tests/tests/newusers/48_create_user_error_GID_4294967295/newusers.test
new file mode 100755
index 0000000..33d4c8b
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/49_multiple_system_users/config.txt b/tests/tests/newusers/49_multiple_system_users/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/group b/tests/tests/newusers/49_multiple_system_users/config/etc/group
new file mode 100644
index 0000000..35fb1e9
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
+fooo:x:997:
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/gshadow b/tests/tests/newusers/49_multiple_system_users/config/etc/gshadow
new file mode 100644
index 0000000..72f456f
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
+fooo:x::
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/common-password b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/newusers b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/passwd b/tests/tests/newusers/49_multiple_system_users/config/etc/passwd
new file mode 100644
index 0000000..a4907a1
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:998:998::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
+fooo:x:997:997:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/shadow b/tests/tests/newusers/49_multiple_system_users/config/etc/shadow
new file mode 100644
index 0000000..4fee3da
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
+fooo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/49_multiple_system_users/data/group b/tests/tests/newusers/49_multiple_system_users/data/group
new file mode 100644
index 0000000..d9abdaa
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/group
@@ -0,0 +1,59 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
+fooo:x:997:
+foo1:x:996:
+foo1a:x:999:
+foo2:x:2000:
+foo3:x:994:
+foo4:x:998:
+foo5:x:3005:
+foo6:x:992:
+foo7:x:61000:
+foo8:x:991:
+foo9:x:995:
+foo10:x:990:
+foo11:x:63000:
+foo12:x:988:
+foo13:x:987:
+foo14:x:993:
+foo15:x:986:
diff --git a/tests/tests/newusers/49_multiple_system_users/data/gshadow b/tests/tests/newusers/49_multiple_system_users/data/gshadow
new file mode 100644
index 0000000..51dc764
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/gshadow
@@ -0,0 +1,59 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
+fooo:x::
+foo1:*::
+foo1a:*::
+foo2:*::
+foo3:*::
+foo4:*::
+foo5:*::
+foo6:*::
+foo7:*::
+foo8:*::
+foo9:*::
+foo10:*::
+foo11:*::
+foo12:*::
+foo13:*::
+foo14:*::
+foo15:*::
diff --git a/tests/tests/newusers/49_multiple_system_users/data/newusers.list b/tests/tests/newusers/49_multiple_system_users/data/newusers.list
new file mode 100644
index 0000000..68d54c2
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/newusers.list
@@ -0,0 +1,17 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo1a:foo1aPas:foo1::User Foo - Gecos Field::/bin/sh
+foo1b:foo1bPas::foo1a:User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
+foo4:foo4Pass:3000::User Foo - Gecos Field::/bin/sh
+foo5:foo5Pass::3005:User Foo - Gecos Field::/bin/sh
+foo6:foo6Pass:::User Foo - Gecos Field::/bin/sh
+foo7:foo7Pass:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:foo8Pass:::User Foo - Gecos Field::/bin/sh
+foo9:foo9Pass:62000::User Foo - Gecos Field::/bin/sh
+foo10:foo10Pas:::User Foo - Gecos Field::/bin/sh
+foo11:foo11Pas::63000:User Foo - Gecos Field::/bin/sh
+foo12:foo12Pas:::User Foo - Gecos Field::/bin/sh
+foo13:foo13Pas:::User Foo - Gecos Field::/bin/sh
+foo14:foo14Pas:59000::User Foo - Gecos Field::/bin/sh
+foo15:foo15Pas:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/49_multiple_system_users/data/passwd b/tests/tests/newusers/49_multiple_system_users/data/passwd
new file mode 100644
index 0000000..fb8a075
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/passwd
@@ -0,0 +1,38 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:998:998::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
+fooo:x:997:997:User Foo - Gecos Field::/bin/sh
+foo1:x:996:996:User Foo - Gecos Field::/bin/sh
+foo1a:x:996:999:User Foo - Gecos Field::/bin/sh
+foo1b:x:995:999:User Foo - Gecos Field::/bin/sh
+foo2:x:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:x:994:994:User Foo - Gecos Field::/bin/sh
+foo4:x:3000:998:User Foo - Gecos Field::/bin/sh
+foo5:x:993:3005:User Foo - Gecos Field::/bin/sh
+foo6:x:992:992:User Foo - Gecos Field::/bin/sh
+foo7:x:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:x:991:991:User Foo - Gecos Field::/bin/sh
+foo9:x:62000:995:User Foo - Gecos Field::/bin/sh
+foo10:x:990:990:User Foo - Gecos Field::/bin/sh
+foo11:x:989:63000:User Foo - Gecos Field::/bin/sh
+foo12:x:988:988:User Foo - Gecos Field::/bin/sh
+foo13:x:987:987:User Foo - Gecos Field::/bin/sh
+foo14:x:59000:993:User Foo - Gecos Field::/bin/sh
+foo15:x:986:986:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/49_multiple_system_users/data/shadow b/tests/tests/newusers/49_multiple_system_users/data/shadow
new file mode 100644
index 0000000..bd434e3
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/shadow
@@ -0,0 +1,38 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
+fooo:eKzSSVkXDoVUM:13906:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo1a:@PASS_DES foo1aPas@:@TODAY@:0:99999:7:::
+foo1b:@PASS_DES foo1bPas@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
+foo3:@PASS_DES foo3Pass@:@TODAY@:0:99999:7:::
+foo4:@PASS_DES foo4Pass@:@TODAY@:0:99999:7:::
+foo5:@PASS_DES foo5Pass@:@TODAY@:0:99999:7:::
+foo6:@PASS_DES foo6Pass@:@TODAY@:0:99999:7:::
+foo7:@PASS_DES foo7Pass@:@TODAY@:0:99999:7:::
+foo8:@PASS_DES foo8Pass@:@TODAY@:0:99999:7:::
+foo9:@PASS_DES foo9Pass@:@TODAY@:0:99999:7:::
+foo10:@PASS_DES foo10Pas@:@TODAY@:0:99999:7:::
+foo11:@PASS_DES foo11Pas@:@TODAY@:0:99999:7:::
+foo12:@PASS_DES foo12Pas@:@TODAY@:0:99999:7:::
+foo13:@PASS_DES foo13Pas@:@TODAY@:0:99999:7:::
+foo14:@PASS_DES foo14Pas@:@TODAY@:0:99999:7:::
+foo15:@PASS_DES foo15Pas@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/49_multiple_system_users/newusers.test b/tests/tests/newusers/49_multiple_system_users/newusers.test
new file mode 100755
index 0000000..f9075d2
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can add multiple system users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers --system data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/50_usage/config.txt b/tests/tests/newusers/50_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config.txt
diff --git a/tests/tests/newusers/50_usage/config/etc/group b/tests/tests/newusers/50_usage/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/50_usage/config/etc/gshadow b/tests/tests/newusers/50_usage/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/50_usage/config/etc/passwd b/tests/tests/newusers/50_usage/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/50_usage/config/etc/shadow b/tests/tests/newusers/50_usage/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/50_usage/data/usage.out b/tests/tests/newusers/50_usage/data/usage.out
new file mode 100644
index 0000000..82fa641
--- /dev/null
+++ b/tests/tests/newusers/50_usage/data/usage.out
@@ -0,0 +1,7 @@
+Usage: newusers [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --system                  create system accounts
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/newusers/50_usage/newusers.test b/tests/tests/newusers/50_usage/newusers.test
new file mode 100755
index 0000000..3dca38a
--- /dev/null
+++ b/tests/tests/newusers/50_usage/newusers.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get newusers usage (newusers -h)..."
+newusers -h >tmp/usage.out
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/51_usage_invalid_option/config.txt b/tests/tests/newusers/51_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config.txt
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/group b/tests/tests/newusers/51_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/gshadow b/tests/tests/newusers/51_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/passwd b/tests/tests/newusers/51_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/shadow b/tests/tests/newusers/51_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/51_usage_invalid_option/data/usage.out b/tests/tests/newusers/51_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..e111c34
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/data/usage.out
@@ -0,0 +1,8 @@
+newusers: invalid option -- 'Z'
+Usage: newusers [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --system                  create system accounts
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/newusers/51_usage_invalid_option/newusers.test b/tests/tests/newusers/51_usage_invalid_option/newusers.test
new file mode 100755
index 0000000..77dc821
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers displays its usage message in case of bad usage"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with an invalid option (newusers -Z)..."
+newusers -Z bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/52_usage_2_input_files/config.txt b/tests/tests/newusers/52_usage_2_input_files/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config.txt
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/group b/tests/tests/newusers/52_usage_2_input_files/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/gshadow b/tests/tests/newusers/52_usage_2_input_files/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/passwd b/tests/tests/newusers/52_usage_2_input_files/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/shadow b/tests/tests/newusers/52_usage_2_input_files/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/52_usage_2_input_files/data/usage.out b/tests/tests/newusers/52_usage_2_input_files/data/usage.out
new file mode 100644
index 0000000..82fa641
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/data/usage.out
@@ -0,0 +1,7 @@
+Usage: newusers [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --system                  create system accounts
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/newusers/52_usage_2_input_files/newusers.test b/tests/tests/newusers/52_usage_2_input_files/newusers.test
new file mode 100755
index 0000000..255f1c4
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers displays its usage message in case of bad usage"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with 2 input files (newusers list1 list2)..."
+newusers list1 list2 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/53_locked_passwd/config.txt b/tests/tests/newusers/53_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config.txt
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/group b/tests/tests/newusers/53_locked_passwd/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/gshadow b/tests/tests/newusers/53_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/passwd b/tests/tests/newusers/53_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/shadow b/tests/tests/newusers/53_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/53_locked_passwd/data/newusers.list b/tests/tests/newusers/53_locked_passwd/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/53_locked_passwd/data/usage.out b/tests/tests/newusers/53_locked_passwd/data/usage.out
new file mode 100644
index 0000000..7a0563f
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/passwd.lock without a PID
+newusers: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/newusers/53_locked_passwd/newusers.test b/tests/tests/newusers/53_locked_passwd/newusers.test
new file mode 100755
index 0000000..790582e
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when passwd is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/54_locked_shadow/config.txt b/tests/tests/newusers/54_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config.txt
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/group b/tests/tests/newusers/54_locked_shadow/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/gshadow b/tests/tests/newusers/54_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/passwd b/tests/tests/newusers/54_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/shadow b/tests/tests/newusers/54_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/54_locked_shadow/data/newusers.list b/tests/tests/newusers/54_locked_shadow/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/54_locked_shadow/data/usage.out b/tests/tests/newusers/54_locked_shadow/data/usage.out
new file mode 100644
index 0000000..309a750
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/shadow.lock without a PID
+newusers: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/newusers/54_locked_shadow/newusers.test b/tests/tests/newusers/54_locked_shadow/newusers.test
new file mode 100755
index 0000000..c8b5038
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when shadow is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/55_locked_group/config.txt b/tests/tests/newusers/55_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config.txt
diff --git a/tests/tests/newusers/55_locked_group/config/etc/group b/tests/tests/newusers/55_locked_group/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/55_locked_group/config/etc/gshadow b/tests/tests/newusers/55_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/55_locked_group/config/etc/passwd b/tests/tests/newusers/55_locked_group/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/55_locked_group/config/etc/shadow b/tests/tests/newusers/55_locked_group/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/55_locked_group/data/newusers.list b/tests/tests/newusers/55_locked_group/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/55_locked_group/data/usage.out b/tests/tests/newusers/55_locked_group/data/usage.out
new file mode 100644
index 0000000..ad33b0c
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/group.lock without a PID
+newusers: cannot lock /etc/group; try again later.
diff --git a/tests/tests/newusers/55_locked_group/newusers.test b/tests/tests/newusers/55_locked_group/newusers.test
new file mode 100755
index 0000000..cae0458
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when group is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/56_locked_gshadow/config.txt b/tests/tests/newusers/56_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config.txt
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/group b/tests/tests/newusers/56_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/gshadow b/tests/tests/newusers/56_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/passwd b/tests/tests/newusers/56_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/shadow b/tests/tests/newusers/56_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/56_locked_gshadow/data/newusers.list b/tests/tests/newusers/56_locked_gshadow/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/56_locked_gshadow/data/usage.out b/tests/tests/newusers/56_locked_gshadow/data/usage.out
new file mode 100644
index 0000000..1d874cf
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/gshadow.lock without a PID
+newusers: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/newusers/56_locked_gshadow/newusers.test b/tests/tests/newusers/56_locked_gshadow/newusers.test
new file mode 100755
index 0000000..a317867
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when gshadow is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/57_missing_input_file/config.txt b/tests/tests/newusers/57_missing_input_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config.txt
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/group b/tests/tests/newusers/57_missing_input_file/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/gshadow b/tests/tests/newusers/57_missing_input_file/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/passwd b/tests/tests/newusers/57_missing_input_file/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/shadow b/tests/tests/newusers/57_missing_input_file/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/57_missing_input_file/data/usage.out b/tests/tests/newusers/57_missing_input_file/data/usage.out
new file mode 100644
index 0000000..6b55e2a
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/data/usage.out
@@ -0,0 +1 @@
+newusers: data/newusers.list: No such file or directory
diff --git a/tests/tests/newusers/57_missing_input_file/newusers.test b/tests/tests/newusers/57_missing_input_file/newusers.test
new file mode 100755
index 0000000..7e74f73
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when the input file cann be read"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with missing input file (newusers data/newusers.list)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/58_invalid_input_file/config.txt b/tests/tests/newusers/58_invalid_input_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config.txt
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/group b/tests/tests/newusers/58_invalid_input_file/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/gshadow b/tests/tests/newusers/58_invalid_input_file/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/passwd b/tests/tests/newusers/58_invalid_input_file/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/shadow b/tests/tests/newusers/58_invalid_input_file/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/58_invalid_input_file/data/newusers.err b/tests/tests/newusers/58_invalid_input_file/data/newusers.err
new file mode 100644
index 0000000..fe15bdc
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/data/newusers.err
@@ -0,0 +1,2 @@
+newusers: line 1: invalid line
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/58_invalid_input_file/data/newusers.list b/tests/tests/newusers/58_invalid_input_file/data/newusers.list
new file mode 100644
index 0000000..56266fd
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/data/newusers.list
@@ -0,0 +1 @@
+foo:foo:Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/58_invalid_input_file/newusers.test b/tests/tests/newusers/58_invalid_input_file/newusers.test
new file mode 100755
index 0000000..b4f7889
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when the input is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with invalid input (newusers data/newusers.list)..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "usage message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/59_no_gshadow_file/config.txt b/tests/tests/newusers/59_no_gshadow_file/config.txt
new file mode 100644
index 0000000..557c421
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+/etc/shadow will be destroyed
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/group b/tests/tests/newusers/59_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/gshadow b/tests/tests/newusers/59_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/common-password b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/newusers b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/passwd b/tests/tests/newusers/59_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/shadow b/tests/tests/newusers/59_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/group b/tests/tests/newusers/59_no_gshadow_file/data/group
new file mode 100644
index 0000000..a0ff22a
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:*:1000:
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/newusers.list b/tests/tests/newusers/59_no_gshadow_file/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/passwd b/tests/tests/newusers/59_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/shadow b/tests/tests/newusers/59_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/59_no_gshadow_file/newusers.test b/tests/tests/newusers/59_no_gshadow_file/newusers.test
new file mode 100755
index 0000000..bf18186
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user, when there is no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+rm -f /etc/gshadow
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/60_update_no_gecos/config.txt b/tests/tests/newusers/60_update_no_gecos/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/group b/tests/tests/newusers/60_update_no_gecos/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/gshadow b/tests/tests/newusers/60_update_no_gecos/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/common-password b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/newusers b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/passwd b/tests/tests/newusers/60_update_no_gecos/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/shadow b/tests/tests/newusers/60_update_no_gecos/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/60_update_no_gecos/data/newusers.list b/tests/tests/newusers/60_update_no_gecos/data/newusers.list
new file mode 100644
index 0000000..6233663
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::::/bin/bash
diff --git a/tests/tests/newusers/60_update_no_gecos/data/passwd b/tests/tests/newusers/60_update_no_gecos/data/passwd
new file mode 100644
index 0000000..8fc494c
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/bash
diff --git a/tests/tests/newusers/60_update_no_gecos/data/shadow b/tests/tests/newusers/60_update_no_gecos/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/60_update_no_gecos/newusers.test b/tests/tests/newusers/60_update_no_gecos/newusers.test
new file mode 100755
index 0000000..fb57724
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the gecos of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/61_update_no_shell/config.txt b/tests/tests/newusers/61_update_no_shell/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/group b/tests/tests/newusers/61_update_no_shell/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/gshadow b/tests/tests/newusers/61_update_no_shell/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/common-password b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/newusers b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/passwd b/tests/tests/newusers/61_update_no_shell/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/shadow b/tests/tests/newusers/61_update_no_shell/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/61_update_no_shell/data/newusers.list b/tests/tests/newusers/61_update_no_shell/data/newusers.list
new file mode 100644
index 0000000..75e0582
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field - updated::
diff --git a/tests/tests/newusers/61_update_no_shell/data/passwd b/tests/tests/newusers/61_update_no_shell/data/passwd
new file mode 100644
index 0000000..c84bc61
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field - updated::/bin/sh
diff --git a/tests/tests/newusers/61_update_no_shell/data/shadow b/tests/tests/newusers/61_update_no_shell/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/61_update_no_shell/newusers.test b/tests/tests/newusers/61_update_no_shell/newusers.test
new file mode 100755
index 0000000..fb57724
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the gecos of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/group b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/gshadow b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/passwd b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/shadow b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/shadow
new file mode 100644
index 0000000..3112803
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12978:0:99999:7:::
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/data/passwd.out b/tests/tests/passwd/01_passwd_-S_root_locked_account/data/passwd.out
new file mode 100644
index 0000000..86a73e1
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/data/passwd.out
@@ -0,0 +1 @@
+foo L 07/14/2005 0 99999 7 -1
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/passwd.test b/tests/tests/passwd/01_passwd_-S_root_locked_account/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/group b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/gshadow b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/passwd b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/shadow b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/data/passwd.out b/tests/tests/passwd/02_passwd_-S_root_valid_account/data/passwd.out
new file mode 100644
index 0000000..55af5a7
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/data/passwd.out
@@ -0,0 +1 @@
+foo P 07/13/2005 0 99999 7 -1
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/passwd.test b/tests/tests/passwd/02_passwd_-S_root_valid_account/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/group b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/gshadow b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/passwd b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/shadow b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/shadow
new file mode 100644
index 0000000..9b3b67f
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo::12988:0:99998:8:::
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/data/passwd.out b/tests/tests/passwd/03_passwd_-S_root_empty_password/data/passwd.out
new file mode 100644
index 0000000..c64fb61
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/data/passwd.out
@@ -0,0 +1 @@
+foo NP 07/24/2005 0 99998 8 -1
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/passwd.test b/tests/tests/passwd/03_passwd_-S_root_empty_password/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/group b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/gshadow b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/passwd b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/shadow b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/data/passwd.out b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/data/passwd.out
new file mode 100644
index 0000000..e86159d
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/data/passwd.out
@@ -0,0 +1 @@
+foo P
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
new file mode 100755
index 0000000..e084d34
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that /etc/shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/group b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/gshadow b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/passwd b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..dfb11c8
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/shadow b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/data/passwd.out b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/data/passwd.out
new file mode 100644
index 0000000..9ba8956
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/data/passwd.out
@@ -0,0 +1 @@
+foo L
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/group b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/gshadow b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/passwd b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/shadow b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/data/passwd.out b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/data/shadow b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/shadow
new file mode 100644
index 0000000..79c859a
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/passwd.test b/tests/tests/passwd/06_passwd_-l_root_lock_account/passwd.test
new file mode 100755
index 0000000..3fabb12
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can lock a password with passwd -l"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (passwd -l foo)..."
+passwd -l foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/group b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/gshadow b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/passwd b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..440df65
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/shadow b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..3ca4f73
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd.out b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
new file mode 100755
index 0000000..099c380
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can lock a password in /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (passwd -l foo)..."
+passwd -l foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/group b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/gshadow b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/passwd b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/shadow b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/shadow
new file mode 100644
index 0000000..79c859a
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/passwd.out b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/shadow b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/passwd.test b/tests/tests/passwd/08_passwd_-u_root_unlock_account/passwd.test
new file mode 100755
index 0000000..b5ac0d8
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can unlock a password with passwd -u"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "unlock foo's password (passwd -u foo)..."
+passwd -u foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/group b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/gshadow b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/passwd b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/shadow b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/data/passwd.err b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/data/passwd.err
new file mode 100644
index 0000000..2987d41
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/data/passwd.err
@@ -0,0 +1,2 @@
+passwd: unlocking the password would result in a passwordless account.
+You should set a password with usermod -p to unlock the password of this account.
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/passwd.test b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
new file mode 100755
index 0000000..b4d62f7
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd -u cannot create a passwordless account"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (passwd -u foo)..."
+passwd -u foo 2> tmp/passwd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/passwd.err tmp/passwd.err
+echo "error message OK."
+rm -f tmp/passwd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/group b/tests/tests/passwd/10_passwd_-d_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/gshadow b/tests/tests/passwd/10_passwd_-d_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/passwd b/tests/tests/passwd/10_passwd_-d_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/shadow b/tests/tests/passwd/10_passwd_-d_root/config/etc/shadow
new file mode 100644
index 0000000..79c859a
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/10_passwd_-d_root/data/passwd.out b/tests/tests/passwd/10_passwd_-d_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/10_passwd_-d_root/data/shadow b/tests/tests/passwd/10_passwd_-d_root/data/shadow
new file mode 100644
index 0000000..85ef660
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo::12977:0:99999:7:::
diff --git a/tests/tests/passwd/10_passwd_-d_root/passwd.test b/tests/tests/passwd/10_passwd_-d_root/passwd.test
new file mode 100755
index 0000000..e1ac5f2
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can delete a password with passwd -d"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete foo's password (passwd -d foo)..."
+passwd -d foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/group b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/gshadow b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/passwd b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/shadow b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/data/passwd.out b/tests/tests/passwd/11_passwd_--mindays_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/data/shadow b/tests/tests/passwd/11_passwd_--mindays_root/data/shadow
new file mode 100644
index 0000000..f424ad6
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:10:99999:7:::
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/passwd.test b/tests/tests/passwd/11_passwd_--mindays_root/passwd.test
new file mode 100755
index 0000000..409396f
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --mindays"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the min number of days for foo's password (passwd --mindays 10 foo)..."
+passwd --mindays 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/group b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/gshadow b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/passwd b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/shadow b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/data/passwd.out b/tests/tests/passwd/12_passwd_--maxdays_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/data/shadow b/tests/tests/passwd/12_passwd_--maxdays_root/data/shadow
new file mode 100644
index 0000000..82f40b6
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:10:7:::
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/passwd.test b/tests/tests/passwd/12_passwd_--maxdays_root/passwd.test
new file mode 100755
index 0000000..a895e3e
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --maxdays"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the max number of days for foo's password (passwd --maxdays 10 foo)..."
+passwd --maxdays 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/group b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/gshadow b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/passwd b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/shadow b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/data/passwd.out b/tests/tests/passwd/13_passwd_--warndays_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/data/shadow b/tests/tests/passwd/13_passwd_--warndays_root/data/shadow
new file mode 100644
index 0000000..a62edfa
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:10:::
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/passwd.test b/tests/tests/passwd/13_passwd_--warndays_root/passwd.test
new file mode 100755
index 0000000..18a8b87
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --warndays"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the number of warning days for foo's password (passwd --warndays 10 foo)..."
+passwd --warndays 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/group b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/gshadow b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/passwd b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/shadow b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/data/passwd.out b/tests/tests/passwd/14_passwd_--inactive_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/data/shadow b/tests/tests/passwd/14_passwd_--inactive_root/data/shadow
new file mode 100644
index 0000000..52dc304
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:10::
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/passwd.test b/tests/tests/passwd/14_passwd_--inactive_root/passwd.test
new file mode 100755
index 0000000..52dbab0
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --inactive"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the number of inactive days for foo's password (passwd --inactive 10 foo)..."
+passwd --inactive 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/group b/tests/tests/passwd/15_passwd_--expire_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/gshadow b/tests/tests/passwd/15_passwd_--expire_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/passwd b/tests/tests/passwd/15_passwd_--expire_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/shadow b/tests/tests/passwd/15_passwd_--expire_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/15_passwd_--expire_root/data/passwd.out b/tests/tests/passwd/15_passwd_--expire_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/15_passwd_--expire_root/data/shadow b/tests/tests/passwd/15_passwd_--expire_root/data/shadow
new file mode 100644
index 0000000..4cd6096
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:0:0:99999:7:::
diff --git a/tests/tests/passwd/15_passwd_--expire_root/passwd.test b/tests/tests/passwd/15_passwd_--expire_root/passwd.test
new file mode 100755
index 0000000..f2ab71d
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --expire"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set foo's password as expired (passwd --expire foo)..."
+passwd --expire foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/group b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/gshadow b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/passwd b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/shadow b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/shadow
new file mode 100644
index 0000000..3112803
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12978:0:99999:7:::
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/data/passwd.out b/tests/tests/passwd/16_passwd_-S-a_root/data/passwd.out
new file mode 100644
index 0000000..5a1b479
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/data/passwd.out
@@ -0,0 +1,20 @@
+root P 07/27/2005 0 99999 7 -1
+daemon L 07/13/2005 0 99999 7 -1
+bin L 07/13/2005 0 99999 7 -1
+sys L 07/13/2005 0 99999 7 -1
+sync L 07/13/2005 0 99999 7 -1
+games L 07/13/2005 0 99999 7 -1
+man L 07/13/2005 0 99999 7 -1
+lp L 07/13/2005 0 99999 7 -1
+mail L 07/13/2005 0 99999 7 -1
+news L 07/13/2005 0 99999 7 -1
+uucp L 07/13/2005 0 99999 7 -1
+proxy L 07/13/2005 0 99999 7 -1
+www-data L 07/13/2005 0 99999 7 -1
+backup L 07/13/2005 0 99999 7 -1
+list L 07/13/2005 0 99999 7 -1
+irc L 07/13/2005 0 99999 7 -1
+gnats L 07/13/2005 0 99999 7 -1
+nobody L 07/13/2005 0 99999 7 -1
+Debian-exim L 07/13/2005 0 99999 7 -1
+foo L 07/14/2005 0 99999 7 -1
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/passwd.test b/tests/tests/passwd/16_passwd_-S-a_root/passwd.test
new file mode 100755
index 0000000..1b64c53
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/passwd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+echo -n "passwd -S -a..."
+passwd -S -a > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/group b/tests/tests/passwd/17_passwd_root_change_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/gshadow b/tests/tests/passwd/17_passwd_root_change_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/pam.d/common-password b/tests/tests/passwd/17_passwd_root_change_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..38bce56
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/passwd b/tests/tests/passwd/17_passwd_root_change_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/shadow b/tests/tests/passwd/17_passwd_root_change_password/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/17_passwd_root_change_password/data/shadow b/tests/tests/passwd/17_passwd_root_change_password/data/shadow
new file mode 100644
index 0000000..6731888
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/data/shadow
@@ -0,0 +1,20 @@
+root:@PASS_MD5 rootpassword@:@TODAY@:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/17_passwd_root_change_password/passwd.exp b/tests/tests/passwd/17_passwd_root_change_password/passwd.exp
new file mode 100755
index 0000000..44c093b
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/passwd.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "passwd\r"
+expect "Enter new UNIX password: "
+send "rootpassword\r"
+expect "Retype new UNIX password: "
+send "rootpassword\r"
+expect "passwd: password updated successfully"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/17_passwd_root_change_password/passwd.test b/tests/tests/passwd/17_passwd_root_change_password/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/group b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/gshadow b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/pam.d/common-password b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..442182a
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/passwd b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/shadow b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/data/shadow b/tests/tests/passwd/18_passwd_root_change_password_user/data/shadow
new file mode 100644
index 0000000..30ac54d
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES foopassword@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/passwd.exp b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.exp
new file mode 100755
index 0000000..e7b3b8d
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "passwd foo\r"
+expect "Enter new UNIX password: "
+send "foopassword\r"
+expect "Retype new UNIX password: "
+send "foopassword\r"
+expect "passwd: password updated successfully"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/passwd.test b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/group b/tests/tests/passwd/19_passwd_user_change_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/gshadow b/tests/tests/passwd/19_passwd_user_change_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/pam.d/common-password b/tests/tests/passwd/19_passwd_user_change_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..a0d4283
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/passwd b/tests/tests/passwd/19_passwd_user_change_password/config/etc/passwd
new file mode 100644
index 0000000..82223ff
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/shadow b/tests/tests/passwd/19_passwd_user_change_password/config/etc/shadow
new file mode 100644
index 0000000..18a7168
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
diff --git a/tests/tests/passwd/19_passwd_user_change_password/data/shadow b/tests/tests/passwd/19_passwd_user_change_password/data/shadow
new file mode 100644
index 0000000..a638637
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 password-foo@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/passwd/19_passwd_user_change_password/passwd.exp b/tests/tests/passwd/19_passwd_user_change_password/passwd.exp
new file mode 100755
index 0000000..5754a05
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/passwd.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+send "su -l foo\r"
+expect "$ "
+send "id\r"
+expect "uid=1000(foo) gid=1000(foo) groups=1000(foo)"
+
+send "passwd\r"
+expect "Changing password for foo."
+expect "(current) UNIX password: "
+send "foopassword\r"
+expect "Enter new UNIX password: "
+send "password-foo\r"
+expect "Retype new UNIX password: "
+send "password-foo\r"
+expect "passwd: password updated successfully"
+expect "$ "
+send "echo \$?\r"
+expect "0"
+expect "$ "
+send "exit\r"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/19_passwd_user_change_password/passwd.test b/tests/tests/passwd/19_passwd_user_change_password/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/group b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/gshadow b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/pam.d/common-password b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/passwd b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/passwd
new file mode 100644
index 0000000..82223ff
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/shadow b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/shadow
new file mode 100644
index 0000000..18a7168
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/data/shadow b/tests/tests/passwd/20_passwd_user_change_password_same_user/data/shadow
new file mode 100644
index 0000000..542ae82
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 password-foo@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.exp b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.exp
new file mode 100755
index 0000000..33ee29a
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+send "su -l foo\r"
+expect "$ "
+send "id\r"
+expect "uid=1000(foo) gid=1000(foo) groups=1000(foo)"
+
+send "passwd foo\r"
+expect "Changing password for foo."
+expect "(current) UNIX password: "
+send "foopassword\r"
+expect "Enter new UNIX password: "
+send "password-foo\r"
+expect "Retype new UNIX password: "
+send "password-foo\r"
+expect "passwd: password updated successfully"
+expect "$ "
+send "echo \$?\r"
+expect "0"
+expect "$ "
+send "exit\r"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.test b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/group b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/group
new file mode 100644
index 0000000..fb4f67e
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo1:x:1001:
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/gshadow b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/gshadow
new file mode 100644
index 0000000..3e73b5a
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo1:*::
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/passwd b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/passwd
new file mode 100644
index 0000000..54cce8e
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
+foo1:x:1001:1001:::/bin/bash
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/shadow b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/shadow
new file mode 100644
index 0000000..4f88f0c
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
+foo1:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/data/passwd.err b/tests/tests/passwd/21_passwd_user_change_password_other_user/data/passwd.err
new file mode 100644
index 0000000..5b45f51
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/data/passwd.err
@@ -0,0 +1 @@
+passwd: You may not view or modify password information for foo1.
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/passwd.test b/tests/tests/passwd/21_passwd_user_change_password_other_user/passwd.test
new file mode 100755
index 0000000..bcb0a10
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/passwd.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+su -l foo -c "passwd foo1" 2>tmp/passwd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/passwd.err tmp/passwd.err
+echo "error message OK."
+rm -f tmp/passwd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/22_passwd_usage/config.txt b/tests/tests/passwd/22_passwd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/group b/tests/tests/passwd/22_passwd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/gshadow b/tests/tests/passwd/22_passwd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/passwd b/tests/tests/passwd/22_passwd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/shadow b/tests/tests/passwd/22_passwd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/22_passwd_usage/data/usage.out b/tests/tests/passwd/22_passwd_usage/data/usage.out
new file mode 100644
index 0000000..21552fe
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/data/usage.out
@@ -0,0 +1,22 @@
+Usage: passwd [options] [LOGIN]
+
+Options:
+  -a, --all                     report password status on all accounts
+  -d, --delete                  delete the password for the named account
+  -e, --expire                  force expire the password for the named account
+  -h, --help                    display this help message and exit
+  -k, --keep-tokens             change password only if expired
+  -i, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --lock                    lock the password of the named account
+  -n, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -q, --quiet                   quiet mode
+  -r, --repository REPOSITORY   change password in REPOSITORY repository
+  -R, --root CHROOT_DIR         directory to chroot into
+  -S, --status                  report password status on the named account
+  -u, --unlock                  unlock the password of the named account
+  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+  -x, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+
diff --git a/tests/tests/passwd/22_passwd_usage/passwd.test b/tests/tests/passwd/22_passwd_usage/passwd.test
new file mode 100755
index 0000000..077ec90
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/passwd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get passwd usage (passwd -h)..."
+passwd -h >tmp/usage.out
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/run_all b/tests/tests/run_all
new file mode 100755
index 0000000..ba6993a
--- /dev/null
+++ b/tests/tests/run_all
@@ -0,0 +1,1310 @@
+#!/bin/sh
+
+set -e
+
+export LC_ALL=C
+unset LANG
+unset LANGUAGE
+. common/config.sh
+
+USE_PAM="yes"
+FAILURE_TESTS="yes"
+
+succeeded=0
+failed=0
+failed_tests=""
+
+run_test()
+{
+	[ -f RUN_TEST.STOP ] && exit 1
+
+	if $1 > $1.log
+	then
+		succeeded=$((succeeded+1))
+		echo -n "+"
+	else
+		failed=$((failed+1))
+		failed_tests="$failed_tests $1"
+		echo -n "-"
+	fi
+	cat $1.log >> testsuite.log
+	[ -f /etc/passwd.lock ] && echo $1 /etc/passwd.lock || true
+	[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
+	[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
+	then
+		echo $1
+		ls -l /etc/shadow
+		chgrp shadow /etc/shadow
+	fi
+	if [ -d /nonexistent ]
+	then
+		echo $1 /nonexistent
+		rmdir /nonexistent
+	fi
+}
+
+echo "+: test passed"
+echo "-: test failed"
+
+# Empty the complete log.
+> testsuite.log
+
+find "${build_path}" -name "*.gcda" -delete
+run_test ./su/01/su_root.test
+run_test ./su/01/su_user.test
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./su/02/env_FOO-options_--login
+run_test ./su/02/env_FOO-options_--login_bash
+run_test ./su/02/env_FOO-options_--preserve-environment
+run_test ./su/02/env_FOO-options_--preserve-environment_bash
+run_test ./su/02/env_FOO-options_-
+run_test ./su/02/env_FOO-options_-_bash
+run_test ./su/02/env_FOO-options_-l-m
+run_test ./su/02/env_FOO-options_-l-m_bash
+run_test ./su/02/env_FOO-options_-l
+run_test ./su/02/env_FOO-options_-l_bash
+run_test ./su/02/env_FOO-options_-m_bash
+run_test ./su/02/env_FOO-options_-m
+run_test ./su/02/env_FOO-options_-p
+run_test ./su/02/env_FOO-options_-p_bash
+run_test ./su/02/env_FOO-options__bash
+run_test ./su/02/env_FOO-options_
+run_test ./su/02/env_FOO-options_-p-
+run_test ./su/02/env_FOO-options_-p-_bash
+run_test ./su/02/env_special-options_-l-p
+run_test ./su/02/env_special-options_-l
+run_test ./su/02/env_special-options_-l-p_bash
+run_test ./su/02/env_special-options_-l_bash
+run_test ./su/02/env_special-options_-p
+run_test ./su/02/env_special-options_-p_bash
+run_test ./su/02/env_special-options_
+run_test ./su/02/env_special-options__bash
+run_test ./su/02/env_special_root-options_-l-p
+run_test ./su/02/env_special_root-options_-l-p_bash
+run_test ./su/02/env_special_root-options_-l
+run_test ./su/02/env_special_root-options_-l_bash
+run_test ./su/02/env_special_root-options_-p
+run_test ./su/02/env_special_root-options_-p_bash
+run_test ./su/02/env_special_root-options_
+run_test ./su/02/env_special_root-options__bash
+run_test ./su/03/su_run_command01.test
+run_test ./su/03/su_run_command02.test
+run_test ./su/03/su_run_command03.test
+run_test ./su/03/su_run_command04.test
+run_test ./su/03/su_run_command05.test
+run_test ./su/03/su_run_command06.test
+run_test ./su/03/su_run_command07.test
+run_test ./su/03/su_run_command08.test
+run_test ./su/03/su_run_command09.test
+run_test ./su/03/su_run_command10.test
+run_test ./su/03/su_run_command11.test
+run_test ./su/03/su_run_command12.test
+run_test ./su/03/su_run_command13.test
+run_test ./su/03/su_run_command14.test
+run_test ./su/03/su_run_command15.test
+run_test ./su/03/su_run_command16.test
+run_test ./su/03/su_run_command17.test
+run_test ./su/04/su_wrong_user.test
+run_test ./su/04/su_user_wrong_passwd.test
+run_test ./su/04/su_user_wrong_passwd_syslog.test
+run_test ./su/05/su_user_wrong_passwd_syslog.test
+run_test ./su/06/su_user_syslog.test
+run_test ./su/07/su_user_syslog.test
+run_test ./su/08/env_special-options_
+run_test ./su/08/env_special_root-options_
+run_test ./su/09/env_special-options_
+run_test ./su/09/env_special_root-options_
+run_test ./su/10_su_sulog_success/su.test
+run_test ./su/11_su_sulog_failure/su.test
+run_test ./su/12_su_child_failure/su.test
+run_test ./su/13_su_child_success/su.test
+run_test ./chage/01/run
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./chage/02/run
+run_test ./chage/03_chsh_usage/chage.test
+run_test ./chage/04_chsh_usage_invalid_option/chage.test
+run_test ./chage/05_chsh_usage_2_users/chage.test
+run_test ./chage/06_chsh_usage_no_users/chage.test
+run_test ./chage/07_chsh_usage-l_exclusive/chage.test
+run_test ./chage/08_chsh_usage_invalid_date/chage.test
+run_test ./chage/09_chsh_usage_invalid_numeric_arg/chage.test
+run_test ./chage/10_chsh-l/chage.test
+run_test ./chage/11_chsh_usage_invalid_user/chage.test
+run_test ./chage/12_chsh_usage-l_invalid_user2/chage.test
+run_test ./chage/13_chsh_locked_passwd/chage.test
+run_test ./chage/14_chsh_locked_shadow/chage.test
+run_test ./chage/15_chage-I_no_shadow_entry/chage.test
+run_test ./chage/16_chage-m_no_shadow_entry/chage.test
+run_test ./chage/17_chage-M_no_shadow_entry/chage.test
+run_test ./chage/18_chage-d_no_shadow_entry/chage.test
+run_test ./chage/19_chage-W_no_shadow_entry/chage.test
+run_test ./chage/20_chage-E_no_shadow_entry/chage.test
+run_test ./chage/21_chage_no_shadow_file/chage.test
+run_test ./chage/22_chage_myuser-l/chage.test
+run_test ./chage/23_chage_myuser-I/chage.test
+run_test ./chage/24_chage_myuser-l_other/chage.test
+run_test ./chage/25_chage_interactive/chage.test
+run_test ./chage/26_chage_interactive_date_0/chage.test
+run_test ./chage/27_chage_interactive_date_-1/chage.test
+run_test ./chage/28_chage_interactive_date_EPOCH/chage.test
+run_test ./chage/29_chage_interactive_date_pre-EPOCH/chage.test
+run_test ./chage/30_chage_interactive_date_pre-EPOCH2/chage.test
+run_test ./chage/31_chage_interactive_date_invalid/chage.test
+run_test ./chage/32_chage_interactive_date_invalid2/chage.test
+run_test ./chage/33_chage_interactive-W_invalid1/chage.test
+run_test ./chage/34_chage_interactive-W_invalid2/chage.test
+run_test ./chage/35_chage_interactive-W-1/chage.test
+run_test ./chage/36_chage_interactive-I_invalid1/chage.test
+run_test ./chage/37_chage_interactive-I_invalid2/chage.test
+run_test ./chage/38_chage_interactive-I-1/chage.test
+run_test ./chage/39_chage_interactive-d-1/chage.test
+run_test ./chsh/01/run
+run_test ./chsh/02_chsh_usage/chsh.test
+run_test ./chsh/03_chsh_usage_invalid_option/chsh.test
+run_test ./chsh/04_chsh_usage_2_users/chsh.test
+run_test ./chsh/05_chsh_myuser_restricted_shell/chsh.test
+run_test ./chsh/06_chsh_myuser_non_restricted_shell/chsh.test
+run_test ./chsh/07_chsh_usage_invalid_user/chsh.test
+run_test ./chsh/08_chsh_myuser_to_restricted_shell/chsh.test
+run_test ./chsh/09_chsh_myuser_to_missing_shell/chsh.test
+run_test ./chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
+run_test ./chsh/11_chsh_auth_failure/chsh.test
+run_test ./chsh/12_chsh_warning_missing_shell/chsh.test
+run_test ./chsh/13_chsh_warning_non_executable/chsh.test
+run_test ./chsh/14_chsh_locked_passwd/chsh.test
+run_test ./chsh/15_chsh_PAM_error/chsh.test
+run_test ./chroot/chage/01_chage--root/chage.test
+run_test ./chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
+run_test ./chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
+run_test ./chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
+run_test ./chroot/chsh/01_chsh--root/chsh.test
+run_test ./chroot/gpasswd/01_gpasswd--root/gpasswd.test
+run_test ./chroot/groupadd/01_groupadd--root/groupadd.test
+run_test ./chroot/groupdel/01_groupdel--root/groupdel.test
+run_test ./chroot/groupmod/01_groupmod--root/groupmod.test
+run_test ./chroot/grpck/01_grpck--root/grpck.test
+run_test ./chroot/grpconv/01_grpconv--root/grpconv.test
+run_test ./chroot/grpunconv/01_grpunconv--root/grpunconv.test
+run_test ./chroot/lastlog/01_lastlog--root/lastlog.test
+run_test ./chroot/login/01_login_sublogin/login.test
+run_test ./chroot/pwck/01_pwck--root/pwck.test
+run_test ./chroot/pwconv/01_pwconv--root/pwconv.test
+run_test ./chroot/pwunconv/01_pwunconv--root/pwunconv.test
+run_test ./chroot/useradd/01_useradd--root/useradd.test
+run_test ./chroot/useradd/02_useradd--root_login.defs/useradd.test
+run_test ./chroot/useradd/03_useradd--root_useradd.default/useradd.test
+run_test ./chroot/useradd/04_useradd--root_useradd-D/useradd.test
+run_test ./chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
+run_test ./chroot/userdel/01_userdel--root/userdel.test
+run_test ./chroot/usermod/01_usermod--root/usermod.test
+run_test ./convtools/01/run
+run_test ./convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
+run_test ./convtools/03_grpconv_copy_passwd/grpconv.test
+run_test ./convtools/04_grpconv_no_password/grpconv.test
+run_test ./convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
+run_test ./convtools/06_grpconv_error_group_locked/grpconv.test
+run_test ./convtools/07_grpconv_error_gshadow_locked/grpconv.test
+run_test ./convtools/08_grpunconv_no_gshadow_file/grpunconv.test
+run_test ./convtools/09_grpunconv_error_group_locked/grpunconv.test
+run_test ./convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
+run_test ./convtools/11_pwconv_error_passwd_locked/pwconv.test
+run_test ./convtools/12_pwconv_error_shadow_locked/pwconv.test
+run_test ./convtools/13_pwunconv_error_passwd_locked/pwunconv.test
+run_test ./convtools/14_pwunconv_error_shadow_locked/pwunconv.test
+run_test ./convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
+run_test ./convtools/16_pwconv_copy_passwd/pwconv.test
+run_test ./convtools/17_pwunconv_no_shadow_file/pwunconv.test
+run_test ./convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
+run_test ./convtools/19_pwconv_NIS/pwconv.test
+run_test ./convtools/20_pwunconv_usage_option/pwunconv.test
+run_test ./convtools/21_pwunconv_keep_passwd_password/pwunconv.test
+run_test ./convtools/22_grpunconv_usage_option/grpunconv.test
+run_test ./convtools/23_grpunconv_keep_group_password/grpunconv.test
+run_test ./convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
+run_test ./convtools/25_pwconv_usage_option/pwconv.test
+run_test ./convtools/26_grpconv_usage_option/grpconv.test
+run_test ./convtools/27_pwunconv_usage/pwunconv.test
+run_test ./convtools/28_pwunconv_usage_extra_arg/pwunconv.test
+run_test ./convtools/29_grpconv_usage/grpconv.test
+run_test ./convtools/30_grpconv_usage_extra_arg/grpconv.test
+run_test ./convtools/31_pwconv_usage/pwconv.test
+run_test ./convtools/32_pwconv_usage_extra_arg/pwconv.test
+run_test ./convtools/33_grpunconv_usage/grpunconv.test
+run_test ./convtools/34_grpunconv_usage_extra_arg/grpunconv.test
+run_test ./cptools/02_cppw_usage/cppw.test
+run_test ./cptools/03_cppw_usage_invalid_option/cppw.test
+run_test ./cptools/04_cppw_no_file_argument/cppw.test
+run_test ./cptools/05_cppw_2_files/cppw.test
+run_test ./cptools/06_cppw_no_file/cppw.test
+run_test ./cptools/07_cppw_locked_passwd/cppw.test
+run_test ./cptools/08_cppw-p/cppw.test
+run_test ./cptools/09_cppw-g/cppw.test
+run_test ./cptools/10_cppw-g-s/cppw.test
+run_test ./cptools/11_cppw-p-s/cppw.test
+run_test ./cptools/12_cppw-s_no_shadow_file/cppw.test
+run_test ./debian/01/run
+run_test ./grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
+run_test ./grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
+run_test ./grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
+run_test ./grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
+run_test ./grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
+run_test ./grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
+run_test ./grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
+run_test ./grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
+run_test ./grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
+run_test ./grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
+run_test ./grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
+run_test ./grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
+run_test ./grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
+run_test ./grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
+run_test ./grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
+run_test ./grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
+run_test ./grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
+run_test ./grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
+run_test ./grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
+run_test ./grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
+run_test ./grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
+run_test ./grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
+run_test ./grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
+run_test ./grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
+run_test ./grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
+run_test ./grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
+run_test ./grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
+run_test ./grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
+run_test ./grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
+run_test ./grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
+run_test ./grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
+run_test ./grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
+run_test ./grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
+run_test ./grouptools/groupadd/01_groupadd_add_group/groupadd.test
+run_test ./grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/04_groupadd_set_password/groupadd.test
+run_test ./grouptools/groupadd/05_groupadd_set_GID/groupadd.test
+run_test ./grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
+run_test ./grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/08_groupadd_locked_group/groupadd.test
+run_test ./grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
+run_test ./grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
+run_test ./grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
+run_test ./grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
+run_test ./grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
+run_test ./grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
+run_test ./grouptools/groupadd/16_groupadd_existing_group/groupadd.test
+run_test ./grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
+run_test ./grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
+run_test ./grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
+run_test ./grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
+run_test ./grouptools/groupadd/22_groupadd_usage/groupadd.test
+run_test ./grouptools/groupadd/23_groupadd_no_groups/groupadd.test
+run_test ./grouptools/groupadd/24_groupadd_2_groups/groupadd.test
+run_test ./grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
+run_test ./grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
+run_test ./grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
+run_test ./grouptools/groupdel/01_groupdel_delete_group/groupdel.test
+run_test ./grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
+run_test ./grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
+run_test ./grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
+run_test ./grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
+run_test ./grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
+run_test ./grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
+run_test ./grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/10_groupdel_usage/groupdel.test
+run_test ./grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
+run_test ./grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
+run_test ./grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
+run_test ./grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
+run_test ./grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
+run_test ./grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
+run_test ./grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
+run_test ./grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
+run_test ./grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
+run_test ./grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
+run_test ./grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
+run_test ./grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
+run_test ./grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
+run_test ./grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
+run_test ./grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
+run_test ./grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
+run_test ./grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
+run_test ./grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/53_groupmems_usage/groupmems.test
+run_test ./grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
+run_test ./grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
+run_test ./grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
+run_test ./grouptools/groupmems/57_groupmems_authentication/groupmems.test
+run_test ./grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
+run_test ./grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
+run_test ./grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
+run_test ./grouptools/groupmod/01_groupmod_change_gid/groupmod.test
+run_test ./grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
+run_test ./grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
+run_test ./grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
+run_test ./grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/09_groupmod_set_password/groupmod.test
+run_test ./grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
+run_test ./grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
+run_test ./grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
+run_test ./grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
+run_test ./grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
+run_test ./grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
+run_test ./grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
+run_test ./grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
+run_test ./grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
+run_test ./grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
+run_test ./grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
+run_test ./grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
+run_test ./grouptools/groupmod/28_groupmod_usage/groupmod.test
+run_test ./grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
+run_test ./grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
+run_test ./grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
+run_test ./grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
+run_test ./grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
+run_test ./grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
+run_test ./grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
+run_test ./log/faillog/01_faillog_no_faillog/faillog.test
+run_test ./log/faillog/02_faillog_usage/faillog.test
+run_test ./log/faillog/03_faillog_format/faillog.test
+run_test ./log/faillog/04_faillog_multiple/faillog.test
+run_test ./log/faillog/05_faillog-u_ID/faillog.test
+run_test ./log/faillog/06_faillog-u_name/faillog.test
+run_test ./log/faillog/07_faillog-u_ID_invalid/faillog.test
+run_test ./log/faillog/08_faillog-u_name_invalid/faillog.test
+run_test ./log/faillog/09_faillog-u_range/faillog.test
+run_test ./log/faillog/10_faillog-u_open_range/faillog.test
+run_test ./log/faillog/11_faillog-u_range_open/faillog.test
+run_test ./log/faillog/12_faillog-u_range_invalid1/faillog.test
+run_test ./log/faillog/13_faillog-u_range_invalid2/faillog.test
+run_test ./log/faillog/14_faillog-u_range_invalid3/faillog.test
+run_test ./log/faillog/15_faillog_bad_option/faillog.test
+run_test ./log/faillog/16_faillog_extra_arg/faillog.test
+run_test ./log/faillog/17_faillog-t/faillog.test
+run_test ./log/faillog/18_faillog-t_invalid/faillog.test
+run_test ./log/faillog/19_faillog_multiple_same_user/faillog.test
+run_test ./log/faillog/20_faillog-r-u/faillog.test
+run_test ./log/faillog/21_faillog-r-u_range/faillog.test
+run_test ./log/faillog/22_faillog_removed_user/faillog.test
+run_test ./log/faillog/23_faillog-a_removed_user/faillog.test
+run_test ./log/faillog/24_faillog-u_removed_user/faillog.test
+run_test ./log/faillog/25_faillog-r-u_removed_user/faillog.test
+run_test ./log/faillog/26_faillog-r-u_range_removed_user/faillog.test
+run_test ./log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
+run_test ./log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
+run_test ./log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
+run_test ./log/faillog/30_faillog-r/faillog.test
+run_test ./log/faillog/31_faillog-r-u_open_range/faillog.test
+run_test ./log/faillog/32_faillog-l/faillog.test
+run_test ./log/faillog/33_faillog-l-u_user/faillog.test
+run_test ./log/faillog/34_faillog-l-u_range/faillog.test
+run_test ./log/faillog/35_faillog-l-u_open_range/faillog.test
+run_test ./log/faillog/36_faillog-l-u_range_open/faillog.test
+run_test ./log/faillog/37_faillog-l-a-u_user/faillog.test
+run_test ./log/faillog/38_faillog-l-a-u_range/faillog.test
+run_test ./log/faillog/39_faillog-l-a-u_open_range/faillog.test
+run_test ./log/faillog/40_faillog-l-a-u_range_open/faillog.test
+run_test ./log/faillog/41_faillog-l_invalid/faillog.test
+run_test ./log/faillog/42_faillog-m/faillog.test
+run_test ./log/faillog/43_faillog-m-u_user/faillog.test
+run_test ./log/faillog/44_faillog-m-u_range/faillog.test
+run_test ./log/faillog/45_faillog-m-u_open_range/faillog.test
+run_test ./log/faillog/46_faillog-m-u_range_open/faillog.test
+run_test ./log/faillog/47_faillog-m-a-u_user/faillog.test
+run_test ./log/faillog/48_faillog-m-a-u_range/faillog.test
+run_test ./log/faillog/49_faillog-m-a-u_open_range/faillog.test
+run_test ./log/faillog/50_faillog-m-a-u_range_open/faillog.test
+run_test ./log/faillog/51_faillog-m_invalid/faillog.test
+run_test ./log/faillog/52_faillog-t-l_exclusive/faillog.test
+run_test ./log/faillog/53_faillog-t-m_exclusive/faillog.test
+run_test ./log/faillog/54_faillog-t-r_exclusive/faillog.test
+run_test ./log/faillog/55_faillog_no_changes/faillog.test
+run_test ./log/faillog/56_faillog-l-m_empty_file/faillog.test
+run_test ./log/faillog/57_faillog-r_empty_file/faillog.test
+run_test ./log/faillog/58_faillog-l_no_failcount/faillog.test
+run_test ./log/lastlog/01_lastlog_no_lastlog/lastlog.test
+run_test ./log/lastlog/02_lastlog_usage/lastlog.test
+run_test ./log/lastlog/03_lastlog_format/lastlog.test
+run_test ./log/lastlog/04_lastlog_multiple/lastlog.test
+run_test ./log/lastlog/05_lastlog-u_ID/lastlog.test
+run_test ./log/lastlog/06_lastlog-u_name/lastlog.test
+run_test ./log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
+run_test ./log/lastlog/08_lastlog-u_name_invalid/lastlog.test
+run_test ./log/lastlog/09_lastlog-u_range/lastlog.test
+run_test ./log/lastlog/10_lastlog-u_open_range/lastlog.test
+run_test ./log/lastlog/11_lastlog-u_range_open/lastlog.test
+run_test ./log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
+run_test ./log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
+run_test ./log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
+run_test ./log/lastlog/15_lastlog_bad_option/lastlog.test
+run_test ./log/lastlog/16_lastlog_extra_arg/lastlog.test
+run_test ./log/lastlog/17_lastlog-t/lastlog.test
+run_test ./log/lastlog/18_lastlog-b/lastlog.test
+run_test ./log/lastlog/19_lastlog-t_invalid/lastlog.test
+run_test ./log/lastlog/20_lastlog-b_invalid/lastlog.test
+run_test ./usertools/01/01_useradd_add_user.test
+run_test ./usertools/01/01_userdel_delete_user.test
+run_test ./usertools/01/02_useradd_recreate_deleted_user.test
+run_test ./usertools/01/03_useradd_additional_options.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_fail.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
+run_test ./usertools/01/04_useradd_specified_UID.test
+run_test ./usertools/01/04_useradd_specified_UID_and_GID.test
+run_test ./usertools/01/04_userdel_delete_user_with_non_unique_UID.test
+run_test ./usertools/01/05_useradd_invalid_numeric_primary_group.test
+run_test ./usertools/01/06_useradd_invalid_named_primary_group.test
+run_test ./usertools/01/07_useradd_numerical_primary_group.test
+run_test ./usertools/01/08_useradd_named_primary_group.test
+run_test ./usertools/01/09_usermod_change_user_info.test
+run_test ./usertools/01/10_usermod_rename_user.test
+run_test ./usertools/01/10_usermod_rename_user_in_group.test
+run_test ./usertools/01/11_usermod_change_password.test
+run_test ./usertools/01/11_usermod_lock_password.test
+run_test ./usertools/01/11_usermod_unlock_empty_password.test
+run_test ./usertools/01/11_usermod_unlock_password.test
+run_test ./usertools/01/12_usermod_change_gid_name.test
+run_test ./usertools/01/12_usermod_change_gid_number.test
+run_test ./usertools/01/13_useradd_negative_UID.test
+run_test ./usertools/01/14_useradd_out_of_range_UID.test
+run_test ./usertools/01/15_useradd_specified_large_UID.test
+run_test ./usertools/01/16_useradd_add_user_to_multiple_groups.test
+run_test ./usertools/01/16_useradd_add_user_to_one_group.test
+run_test ./usertools/01/17_useradd_create_homedir.test
+run_test ./usertools/01/18_userdel_remove_homedir.test
+run_test ./usertools/01/19_userdel_delete_user_in_group.test
+run_test ./usertools/01/20_usermod_change_homedir.test
+run_test ./usertools/01/21_usermod_change_and_move_homedir.test
+run_test ./usertools/01/22_usermod_new_groups.test
+run_test ./usertools/01/23_usermod_add_groups.test
+run_test ./usertools/01/24_usermod_new_groups_remove_old_groups.test
+run_test ./usertools/01/25_useradd_specified_large_UID2.test
+run_test ./usertools/01/26_useradd_UID_-1.test
+run_test ./usertools/02/useradd_default_default_values.test
+run_test ./usertools/02/useradd_get_default_values.test
+run_test ./usertools/02/useradd_change_default_INACTIVE.test
+run_test ./usertools/02/useradd_change_default_SHELL.test
+run_test ./usertools/02/useradd_change_default_EXPIRE.test
+run_test ./usertools/02/useradd_change_default_GROUP.test
+run_test ./usertools/02/useradd_change_default_HOME.test
+run_test ./usertools/02/useradd_change_defaults.test
+run_test ./usertools/03/useradd_change_defaults.test
+run_test ./usertools/04/01_useradd_add_user.test
+run_test ./usertools/05_userdel_del_from_group_members/userdel.test
+run_test ./usertools/06_userdel_del_from_gshadow_members/userdel.test
+run_test ./usertools/07_userdel_del_from_gshadow_admins/userdel.test
+run_test ./usertools/08_userdel_del_from_group_and_gshadow/userdel.test
+run_test ./usertools/09_userdel_del_homedir/userdel.test
+run_test ./usertools/10_userdel_del_homedir_wrong_owner/userdel.test
+run_test ./usertools/11_usermod_move_homedir/usermod.test
+run_test ./usertools/12_usermod_move_homedir_dev_null/usermod.test
+run_test ./usertools/13_usermod_move_homedir_file/usermod.test
+run_test ./usertools/14_usermod_move_homedir_other_device/usermod.test
+run_test ./usertools/15_usermod_change_supplementary_groups/usermod.test
+run_test ./usertools/16_usermod_clear_supplementary_groups/usermod.test
+run_test ./usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
+run_test ./usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
+run_test ./usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
+run_test ./usertools/20_usermod_rename_user_in_member_lists/usermod.test
+run_test ./usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
+run_test ./usertools/22_usermod-a_existing_supplementary_group/usermod.test
+run_test ./usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
+run_test ./usertools/24_usermod_locked_passwd/usermod.test
+run_test ./usertools/25_usermod-G_locked_group/usermod.test
+run_test ./usertools/26_usermod_locked_shadow/usermod.test
+run_test ./usertools/27_usermod-G_locked_gshadow/usermod.test
+run_test ./usertools/28_usermod-c_locked_group/usermod.test
+run_test ./usertools/29_usermod-c_locked_gshadow/usermod.test
+run_test ./usertools/30_usermod-l_locked_group/usermod.test
+run_test ./usertools/31_usermod-l_locked_gshadow/usermod.test
+run_test ./usertools/32_usermod-u_new_UID/usermod.test
+run_test ./usertools/33_usermod-u_existing_UID/usermod.test
+run_test ./usertools/34_usermod-u-o_existing_UID/usermod.test
+run_test ./usertools/35_usermod-u_invalid_UID/usermod.test
+run_test ./usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
+run_test ./usertools/37_Debian_Bug_470745/usermod.test
+run_test ./usertools/38_usermod_invalid_user/usermod.test
+run_test ./usertools/39_usermod_-c_invalid_comment/usermod.test
+run_test ./usertools/40_usermod_-d_invalid_homedir/usermod.test
+run_test ./usertools/41_usermod_-d_invalid_shell/usermod.test
+run_test ./usertools/42_usermod_-g_invalid_group_name/usermod.test
+run_test ./usertools/43_usermod_-g_invalid_group_ID/usermod.test
+run_test ./usertools/44_usermod-l_existing_username/usermod.test
+run_test ./usertools/45_usermod-l_existing_username_passwd/usermod.test
+run_test ./usertools/46_usermod-l_existing_username_shadow/usermod.test
+run_test ./usertools/47_usermod-l_no_shadow_file/usermod.test
+run_test ./usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
+run_test ./usertools/49_userdel_delete_users_group/userdel.test
+run_test ./usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
+run_test ./usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
+run_test ./usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
+run_test ./usertools/53_userdel_delete_user_no_shadow_file/userdel.test
+run_test ./usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
+run_test ./usertools/55_userdel_busy_user/userdel.test
+run_test ./usertools/56_userdel_locked_passwd/userdel.test
+run_test ./usertools/57_userdel_locked_group/userdel.test
+run_test ./usertools/58_userdel_locked_shadow/userdel.test
+run_test ./usertools/59_userdel_locked_gshadow/userdel.test
+run_test ./usertools/60_userdel_invalid_user/userdel.test
+run_test ./usertools/61_userdel_del_homedir_with_symlinks/userdel.test
+run_test ./usertools/62_usermod_remove_supplementary_groups/usermod.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
+else
+	run_test ./usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
+fi
+run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+run_test ./usertools/useradd/01_useradd_usage/useradd.test
+run_test ./usertools/useradd/02_useradd_usage_invalid_option/useradd.test
+run_test ./usertools/useradd/03_useradd_usage_no_users/useradd.test
+run_test ./usertools/useradd/04_useradd_usage_2_users/useradd.test
+run_test ./usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
+run_test ./usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
+run_test ./usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
+run_test ./usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
+run_test ./usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
+run_test ./usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
+run_test ./usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
+run_test ./usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
+run_test ./usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
+run_test ./usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
+run_test ./usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
+run_test ./usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
+run_test ./usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
+run_test ./usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
+run_test ./usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
+run_test ./usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
+run_test ./usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
+run_test ./usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
+run_test ./usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
+run_test ./usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
+run_test ./usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
+run_test ./usertools/useradd/26_useradd_usage-o_without-u/useradd.test
+run_test ./usertools/useradd/27_useradd_usage-k_without-m/useradd.test
+run_test ./usertools/useradd/28_useradd_usage-U_with-g/useradd.test
+run_test ./usertools/useradd/29_useradd_usage-U_with-N/useradd.test
+run_test ./usertools/useradd/30_useradd_usage-m_with-M/useradd.test
+run_test ./usertools/useradd/31_useradd_usage_user_with-D/useradd.test
+run_test ./usertools/useradd/32_useradd_usage-D_with_other/useradd.test
+run_test ./usertools/useradd/33_useradd_usage_invalid_username/useradd.test
+run_test ./usertools/useradd/35_useradd_default_GROUP_name/useradd.test
+run_test ./usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
+run_test ./usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
+run_test ./usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
+run_test ./usertools/useradd/38_useradd_default_INACTIVE/useradd.test
+run_test ./usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
+run_test ./usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
+run_test ./usertools/useradd/41_useradd_default_default_SKEL/useradd.test
+run_test ./usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
+run_test ./usertools/useradd/43_useradd_default_no_final_eol/useradd.test
+run_test ./usertools/useradd/44_useradd_default_no_file/useradd.test
+run_test ./usertools/useradd/45_useradd-G_UID_name/useradd.test
+run_test ./usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
+run_test ./usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
+run_test ./usertools/useradd/48_useradd-G_name_duplicate/useradd.test
+run_test ./usertools/useradd/49_useradd-G_invalid_group/useradd.test
+run_test ./usertools/useradd/50_useradd-r/useradd.test
+run_test ./usertools/useradd/51_useradd_already_exist/useradd.test
+run_test ./usertools/useradd/52_useradd-U_group_already_exist/useradd.test
+run_test ./usertools/useradd/53_useradd-G_empty/useradd.test
+run_test ./usertools/useradd/54_useradd_no_shadow_file/useradd.test
+run_test ./usertools/useradd/55_useradd_no_gshadow_file/useradd.test
+run_test ./usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
+run_test ./usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
+run_test ./usertools/useradd/58_useradd-e_empty/useradd.test
+run_test ./usertools/useradd/59_useradd-e-1-f-1/useradd.test
+run_test ./usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
+run_test ./usertools/useradd/61_useradd-K/useradd.test
+run_test ./usertools/useradd/62_useradd-p/useradd.test
+run_test ./usertools/useradd/63_useradd-s/useradd.test
+run_test ./usertools/useradd/64_useradd_locked_passwd/useradd.test
+run_test ./usertools/useradd/65_useradd_locked_group/useradd.test
+run_test ./usertools/useradd/66_useradd_locked_shadow/useradd.test
+run_test ./usertools/useradd/67_useradd_locked_gshadow/useradd.test
+run_test ./usertools/useradd/68_useradd-s_empty/useradd.test
+run_test ./usertools/userdel/01_userdel_usage/userdel.test
+run_test ./usertools/userdel/02_userdel_usage_invalid_option/userdel.test
+run_test ./usertools/userdel/03_userdel_usage_no_users/userdel.test
+run_test ./usertools/userdel/04_userdel_usage_2_users/userdel.test
+run_test ./usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
+run_test ./usertools/userdel/06_userdel_no_usergroup/userdel.test
+run_test ./usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
+run_test ./usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
+run_test ./usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
+run_test ./usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
+run_test ./usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
+run_test ./usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
+run_test ./usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
+run_test ./usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
+run_test ./usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
+run_test ./usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
+run_test ./usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
+run_test ./usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
+run_test ./usertools/usermod/10_usermod_usage/usermod.test
+run_test ./usertools/usermod/11_usermod_usage_bad_option/usermod.test
+run_test ./usertools/usermod/12_usermod_usage_bad-f/usermod.test
+run_test ./usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
+run_test ./usertools/usermod/14_usermod_usage_no_options/usermod.test
+run_test ./usertools/usermod/15_usermod_usage_no_user/usermod.test
+run_test ./usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
+run_test ./usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
+run_test ./usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
+run_test ./usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
+run_test ./usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
+run_test ./usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
+run_test ./usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
+run_test ./usertools/usermod/23_usermod-e_date/usermod.test
+run_test ./usertools/usermod/24_usermod-e_date/usermod.test
+run_test ./usertools/usermod/25_usermod-e_empty_arg/usermod.test
+run_test ./usertools/usermod/26_usermod-e-1/usermod.test
+run_test ./usertools/usermod/27_usermod-e_invalid1/usermod.test
+run_test ./usertools/usermod/28_usermod-e_invalid2/usermod.test
+run_test ./usertools/usermod/29_usermod_no_changes/usermod.test
+run_test ./usertools/usermod/30_usermod_usage-a_without-G/usermod.test
+run_test ./usertools/usermod/31_usermod_usage-o_without-u/usermod.test
+run_test ./usertools/usermod/32_usermod_usage-m_without-d/usermod.test
+run_test ./usertools/usermod/33_usermod_change_shell/usermod.test
+run_test ./usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
+run_test ./usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
+run_test ./usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
+run_test ./usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
+run_test ./usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
+run_test ./usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
+run_test ./usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
+run_test ./usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
+run_test ./usertools/usermod/44_usermod-l_move_mailbox/usermod.test
+run_test ./usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
+run_test ./usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
+run_test ./usertools/usermod/47_usermod-u_default_maildir/usermod.test
+run_test ./usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
+run_test ./usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
+run_test ./usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
+run_test ./usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
+run_test ./usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
+run_test ./cptools/01/run1
+run_test ./cptools/01/run2
+run_test ./cptools/01/run3
+run_test ./cptools/01/run4
+run_test ./cktools/01/run1
+run_test ./cktools/01/run2
+run_test ./cktools/02_pwck_sort/pwck.test
+run_test ./cktools/03_grpck_sort/grpck.test
+run_test ./cktools/04_pwck_sort_missing_shadow_user/pwck.test
+run_test ./cktools/05_grpck_sort_missing_shadow_group/grpck.test
+run_test ./cktools/06_pwck_sort_NIS_server/pwck.test
+run_test ./cktools/07_pwck_sort_NIS_client/pwck.test
+run_test ./cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
+run_test ./cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
+run_test ./cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
+run_test ./cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
+run_test ./cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
+run_test ./cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/10_grpck_missing_field_group_local/grpck.test
+run_test ./cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
+run_test ./cktools/grpck/12_grpck_unknown_user_group/grpck.test
+run_test ./cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
+run_test ./cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
+run_test ./cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
+run_test ./cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
+run_test ./cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
+run_test ./cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
+run_test ./cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
+run_test ./cktools/grpck/21_grpck_invalid_group_name/grpck.test
+run_test ./cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
+run_test ./cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
+run_test ./cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
+run_test ./cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
+run_test ./cktools/grpck/26_grpck_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/28_grpck_usage/grpck.test
+run_test ./cktools/grpck/29_grpck_sort_readonly/grpck.test
+run_test ./cktools/grpck/30_grpck_3_files/grpck.test
+run_test ./cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
+run_test ./cktools/grpck/32_grpck_sort_nis/grpck.test
+run_test ./cktools/grpck/33_grpck_locked_group/grpck.test
+run_test ./cktools/grpck/34_grpck_locked_gshadow/grpck.test
+run_test ./cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
+run_test ./cktools/grpck/36_grpck_password_group_gshadow/grpck.test
+run_test ./cktools/grpck/37_grpck_invalid_option/grpck.test
+run_test ./cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
+run_test ./cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
+run_test ./cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
+run_test ./cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
+run_test ./cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
+run_test ./cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
+run_test ./cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
+run_test ./cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
+run_test ./cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
+run_test ./cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
+run_test ./cktools/pwck/18_pwck_invalid_user_name/pwck.test
+run_test ./cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
+run_test ./cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
+run_test ./cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
+run_test ./cktools/pwck/22_pwck_usage/pwck.test
+run_test ./cktools/pwck/23_pwck_locked_passwd/pwck.test
+run_test ./cktools/pwck/24_pwck_locked_shadow/pwck.test
+run_test ./cktools/pwck/25_pwck_usage_invalid_option/pwck.test
+run_test ./cktools/pwck/26_pwck_usage-s-r/pwck.test
+run_test ./cktools/pwck/27_pwck_usage_3_files/pwck.test
+run_test ./cktools/pwck/28_pwck_no_shadow_file/pwck.test
+run_test ./cktools/pwck/29_pwck_password_change_in_future/pwck.test
+run_test ./cktools/pwck/30_pwck_NIS_entries/pwck.test
+run_test ./cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
+run_test ./cktools/pwck/32_pwck_quiet/pwck.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
+	run_test ./crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
+	run_test ./crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
+	run_test ./crypt/login.defs_DES/05_chpasswd-e.test
+	run_test ./crypt/login.defs_DES/06_chpasswd-m.test
+fi
+run_test ./crypt/login.defs_DES/07_chgpasswd.test
+run_test ./crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
+run_test ./crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
+run_test ./crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
+run_test ./crypt/login.defs_DES/11_chgpasswd-e.test
+run_test ./crypt/login.defs_DES/12_chgpasswd-m.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_MD5/01_chpasswd.test
+	run_test ./crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_MD5/02_chgpasswd.test
+run_test ./crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_SHA256-round-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA512/01_chpasswd.test
+	run_test ./crypt/login.defs_none/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_SHA256-round-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA512/02_chgpasswd.test
+run_test ./crypt/login.defs_none/02_chgpasswd.test
+run_test ./newusers/01_create_user/newusers.test
+run_test ./newusers/02_update_password/newusers.test
+run_test ./newusers/03_no_update_pid/newusers.test
+run_test ./newusers/04_no_update_gid/newusers.test
+run_test ./newusers/05_create_user_pid/newusers.test
+run_test ./newusers/06_create_user_gid/newusers.test
+run_test ./newusers/07_create_user_pid_gid/newusers.test
+run_test ./newusers/08_create_user_pid_other-gid/newusers.test
+run_test ./newusers/09_create_user_pid-as-user-bar/newusers.test
+run_test ./newusers/10_create_user_gid-as-group-bar/newusers.test
+run_test ./newusers/11_update_gecos/newusers.test
+run_test ./newusers/12_update_shell/newusers.test
+run_test ./newusers/13_create_user_new-home/newusers.test
+run_test ./newusers/14_create_user_existing-home/newusers.test
+run_test ./newusers/15_update_new-home/newusers.test
+run_test ./newusers/16_update_existing-home/newusers.test
+run_test ./newusers/17_create_user_pid-already-used/newusers.test
+run_test ./newusers/18_create_user_gid-already-used/newusers.test
+run_test ./newusers/19_update_keep-old-home/newusers.test
+run_test ./newusers/20_multiple_users/newusers.test
+run_test ./newusers/21_create_user_UID_MAX/newusers.test
+run_test ./newusers/22_create_user_GID_MAX/newusers.test
+run_test ./newusers/23_create_user_error_negative_UID/newusers.test
+run_test ./newusers/24_create_user_error_invalid_UID/newusers.test
+run_test ./newusers/25_create_user_error_no_remaining_UID/newusers.test
+run_test ./newusers/26_create_user_error_no_remaining_GID/newusers.test
+run_test ./newusers/27_create_user_error_invalid_username/newusers.test
+run_test ./newusers/28_create_user_error_invalid_groupname/newusers.test
+run_test ./newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
+run_test ./newusers/30_create_user_different_groupname/newusers.test
+run_test ./newusers/31_create_user_error_invalid_GID/newusers.test
+run_test ./newusers/32_create_user_error_gshadow_group_exists/newusers.test
+run_test ./newusers/33_update_password_no_shadow_password/newusers.test
+run_test ./newusers/34_update_password_no_shadow/newusers.test
+run_test ./newusers/35_read_from_stdin/newusers.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./newusers/36_create_user_encrypted/newusers.test
+	run_test ./newusers/37_create_user_encrypt_MD5/newusers.test
+	run_test ./newusers/38_update_password_no_shadow_encrypted/newusers.test
+	run_test ./newusers/39_update_password_no_shadow_password_encrypted/newusers.test
+	run_test ./newusers/40_update_password_encrypted/newusers.test
+	run_test ./newusers/41_create_user_encrypt_SHA256/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
+	run_test ./newusers/45_create_user_encrypt_rounds_3000/newusers.test
+	run_test ./newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
+else
+
+	run_test ./newusers/37_create_user_encrypt_MD5-PAM/newusers.test
+
+
+
+	run_test ./newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
+
+
+fi
+run_test ./newusers/47_create_user_error_UID_4294967295/newusers.test
+run_test ./newusers/48_create_user_error_GID_4294967295/newusers.test
+run_test ./newusers/49_multiple_system_users/newusers.test
+run_test ./newusers/50_usage/newusers.test
+run_test ./newusers/51_usage_invalid_option/newusers.test
+run_test ./newusers/52_usage_2_input_files/newusers.test
+run_test ./newusers/53_locked_passwd/newusers.test
+run_test ./newusers/54_locked_shadow/newusers.test
+run_test ./newusers/55_locked_group/newusers.test
+run_test ./newusers/56_locked_gshadow/newusers.test
+run_test ./newusers/57_missing_input_file/newusers.test
+run_test ./newusers/58_invalid_input_file/newusers.test
+run_test ./newusers/59_no_gshadow_file/newusers.test
+run_test ./newusers/60_update_no_gecos/newusers.test
+run_test ./newusers/61_update_no_shell/newusers.test
+run_test ./split_groups/01_useradd_split_group/useradd.test
+run_test ./split_groups/02_useradd_no_split_group/useradd.test
+run_test ./split_groups/03_useradd_split_group_already_split/useradd.test
+run_test ./split_groups/04_useradd_split_group_already_full/useradd.test
+run_test ./split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
+run_test ./split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
+run_test ./split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
+run_test ./split_groups/08_useradd_no_split_group_already_split/useradd.test
+run_test ./split_groups/09_groupdel_split_group_already_split/groupdel.test
+run_test ./split_groups/10_groupdel_no_split_group_already_split/groupdel.test
+if [ "$FAILURE_TESTS" = "yes" ]; then
+run_test ./failures/chage/01_chage_openRW_passwd_failure/chage.test
+run_test ./failures/chage/02_chage_openRO_passwd_failure/chage.test
+run_test ./failures/chage/03_chage_openRW_shadow_failure/chage.test
+run_test ./failures/chage/04_chage_openRO_shadow_failure/chage.test
+run_test ./failures/chage/05_chage_rename_shadow_failure/chage.test
+run_test ./failures/chage/06_chage_rename_passwd_failure/chage.test
+run_test ./failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
+run_test ./failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
+fi
+run_test ./failures/chsh/01_chsh_open_passwd_failure/chsh.test
+run_test ./failures/chsh/02_chsh_rename_passwd_failure/chsh.test
+run_test ./failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
+run_test ./failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
+run_test ./failures/cppw/03_cppw_rename_passwd_failure/cppw.test
+run_test ./failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
+run_test ./failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
+run_test ./failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
+run_test ./failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
+run_test ./failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
+run_test ./failures/groupadd/04_groupadd_group_open_failure/groupadd.test
+run_test ./failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
+run_test ./failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
+run_test ./failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
+run_test ./failures/groupdel/04_groupdel_group_open_failure/groupdel.test
+run_test ./failures/groupmems/01_groupmems_group_open_failure/groupmems.test
+run_test ./failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
+run_test ./failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
+run_test ./failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
+run_test ./failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
+run_test ./failures/groupmod/04_groupmod_group_open_failure/groupmod.test
+run_test ./failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
+run_test ./failures/grpck/01_grpck_system_group_open_failure/grpck.test
+run_test ./failures/grpck/02_grpck_group_open_failure/grpck.test
+run_test ./failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/04_grpck_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
+run_test ./failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
+run_test ./failures/grpconv/01_grpconv_open_group_failure/grpconv.test
+run_test ./failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
+run_test ./failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
+run_test ./failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
+run_test ./failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
+run_test ./failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
+run_test ./failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
+run_test ./failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
+run_test ./failures/newusers/01_newusers_open_passwd_failure/newusers.test
+run_test ./failures/newusers/02_newusers_open_shadow_failure/newusers.test
+run_test ./failures/newusers/03_newusers_open_group_failure/newusers.test
+run_test ./failures/newusers/04_newusers_open_gshadow_failure/newusers.test
+run_test ./failures/newusers/05_newusers_rename_passwd_failure/newusers.test
+run_test ./failures/newusers/06_newusers_rename_shadow_failure/newusers.test
+run_test ./failures/newusers/07_newusers_rename_group_failure/newusers.test
+run_test ./failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
+run_test ./failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
+run_test ./failures/newusers/10_newusers_time_0/newusers.test
+run_test ./failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
+run_test ./failures/pwck/02_pwck_passwd_open_failure/pwck.test
+run_test ./failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
+run_test ./failures/pwck/04_pwck_shadow_open_failure/pwck.test
+run_test ./failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
+run_test ./failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
+run_test ./failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
+run_test ./failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
+run_test ./failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
+run_test ./failures/pwconv/05_pwconv_time_0/pwconv.test
+run_test ./failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
+run_test ./failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
+run_test ./failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
+run_test ./failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
+run_test ./failures/useradd/01_useradd_open_passwd_failure/useradd.test
+run_test ./failures/useradd/02_useradd_open_shadow_failure/useradd.test
+run_test ./failures/useradd/03_useradd_open_group_failure/useradd.test
+run_test ./failures/useradd/04_useradd_open_gshadow_failure/useradd.test
+run_test ./failures/useradd/05_useradd_rename_passwd_failure/useradd.test
+run_test ./failures/useradd/06_useradd_rename_shadow_failure/useradd.test
+run_test ./failures/useradd/07_useradd_rename_group_failure/useradd.test
+run_test ./failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
+run_test ./failures/useradd/09_useradd_rename_defaults_failure/useradd.test
+run_test ./failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
+run_test ./failures/useradd/11_useradd_time_0/useradd.test
+run_test ./failures/useradd/12_useradd_open_subuid_failure/useradd.test
+run_test ./failures/useradd/13_useradd_open_subgid_failure/useradd.test
+run_test ./failures/useradd/14_username_rename_subuid_failure/useradd.test
+run_test ./failures/useradd/15_username_rename_subgid_failure/useradd.test
+run_test ./failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
+run_test ./failures/userdel/02_userdel_group_rename_failure/userdel.test
+run_test ./failures/userdel/03_userdel_shadow_rename_failure/userdel.test
+run_test ./failures/userdel/04_userdel_passwd_rename_failure/userdel.test
+run_test ./failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
+run_test ./failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
+run_test ./failures/userdel/07_userdel_failure_remove_homedir/userdel.test
+run_test ./failures/userdel/08_userdel_open_passwd_failure/userdel.test
+run_test ./failures/userdel/09_userdel_open_shadow_failure/userdel.test
+run_test ./failures/userdel/10_userdel_open_group_failure/userdel.test
+run_test ./failures/userdel/11_userdel_open_gshadow_failure/userdel.test
+run_test ./failures/userdel/12_userdel_open_subuid_failure/userdel.test
+run_test ./failures/userdel/13_userdel_open_subgid_failure/userdel.test
+run_test ./failures/userdel/14_userdel_rename_subuid_failure/usedel.test
+run_test ./failures/userdel/15_userdel_rename_subgid_failure/usedel.test
+run_test ./failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
+run_test ./failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
+run_test ./failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
+run_test ./failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
+run_test ./failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
+run_test ./failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
+run_test ./failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
+run_test ./failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
+run_test ./failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
+run_test ./failures/usermod/10_usermod_-p_time_0/usermod.test
+run_test ./failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
+#run_test ./failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
+run_test ./failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
+run_test ./failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
+run_test ./failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
+run_test ./failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
+run_test ./failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
+run_test ./failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
+fi
+run_test ./expiry/01_expiry_-c_no_expiry/expiry.test
+run_test ./expiry/02_expiry_-c_expired/expiry.test
+run_test ./expiry/03_expiry_-f_expired/expiry.test
+run_test ./expiry/04_expiry_no_options/expiry.test
+run_test ./expiry/05_expiry_-c_no_shadow_file/expiry.test
+run_test ./expiry/06_expiry_-c_no_shadow_entry/expiry.test
+run_test ./expiry/07_expiry_-c_expired_account/expiry.test
+run_test ./expiry/08_expiry_-c_expired_max+inact/expiry.test
+run_test ./expiry/09_expiry_-c_expired_not_inactive/expiry.test
+run_test ./expiry/10_expiry_bad_option/expiry.test
+run_test ./expiry/11_expiry_usage/expiry.test
+run_test ./expiry/12_expiry_extra_arg/expiry.test
+run_test ./expiry/13_expiry_usage-c-f/expiry.test
+run_test ./passwd/01_passwd_-S_root_locked_account/passwd.test
+run_test ./passwd/02_passwd_-S_root_valid_account/passwd.test
+run_test ./passwd/03_passwd_-S_root_empty_password/passwd.test
+run_test ./passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
+run_test ./passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
+run_test ./passwd/06_passwd_-l_root_lock_account/passwd.test
+run_test ./passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
+run_test ./passwd/08_passwd_-u_root_unlock_account/passwd.test
+run_test ./passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
+run_test ./passwd/10_passwd_-d_root/passwd.test
+run_test ./passwd/11_passwd_--mindays_root/passwd.test
+run_test ./passwd/12_passwd_--maxdays_root/passwd.test
+run_test ./passwd/13_passwd_--warndays_root/passwd.test
+run_test ./passwd/14_passwd_--inactive_root/passwd.test
+run_test ./passwd/15_passwd_--expire_root/passwd.test
+run_test ./passwd/16_passwd_-S-a_root/passwd.test
+run_test ./passwd/17_passwd_root_change_password/passwd.test
+run_test ./passwd/18_passwd_root_change_password_user/passwd.test
+run_test ./passwd/19_passwd_user_change_password/passwd.test
+run_test ./passwd/20_passwd_user_change_password_same_user/passwd.test
+run_test ./passwd/21_passwd_user_change_password_other_user/passwd.test
+run_test ./passwd/22_passwd_usage/passwd.test
+run_test ./login/01_login_prompt/login.test
+run_test ./login/02_login_user/login.test
+run_test ./login/03_login_check_tty/login.test
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./subids/01_useradd_no_subids/useradd.test
+run_test ./subids/02_useradd_with_subids/useradd.test
+run_test ./subids/03_useradd_no_subgid/useradd.test
+run_test ./subids/04_useradd_no_subuid/useradd.test
+run_test ./subids/05_useradd_fill_gap_start/useradd.test
+run_test ./subids/06_useradd_fill_gap_middle/useradd.test
+run_test ./subids/07_useradd_fill_gap_end/useradd.test
+run_test ./subids/08_useradd_no_more_subuids_start/useradd.test
+run_test ./subids/09_useradd_no_more_subgids_start/useradd.test
+run_test ./subids/10_useradd_no_more_subuids_end/useradd.test
+run_test ./subids/11_useradd_no_more_subgids_end/useradd.test
+run_test ./subids/12_useradd_invalid_subuid_configuration1/useradd.test
+run_test ./subids/13_useradd_invalid_subuid_configuration2/useradd.test
+run_test ./subids/14_useradd_invalid_subuid_configuration3/useradd.test
+run_test ./subids/15_useradd_invalid_subgid_configuration1/useradd.test
+run_test ./subids/16_useradd_invalid_subgid_configuration2/useradd.test
+run_test ./subids/17_useradd_invalid_subgid_configuration3/useradd.test
+run_test ./subids/18_useradd_min=max/useradd.test
+run_test ./subids/19_useradd_locked_subuid/useradd.test
+run_test ./subids/20_useradd_locked_subgid/useradd.test
+run_test ./subids/21_usermod_create_subuid_range/usermod.test
+run_test ./subids/22_usermod_create_subgid_range/usermod.test
+run_test ./subids/23_usermod_create_subids_ranges/usermod.test
+run_test ./subids/24_usermod_create_subids_overlapping_ranges/usermod.test
+run_test ./subids/25_usermod_add_range/usermod.test
+run_test ./subids/26_usermod_add_overlapping_ranges/usermod.test
+run_test ./subids/27_usermod_remove_range_all/usermod.test
+run_test ./subids/28_usermod_remove_range_partial_begin/usermod.test
+run_test ./subids/29_usermod_remove_range_partial_middle/usermod.test
+run_test ./subids/30_usermod_remove_range_partial_end/usermod.test
+run_test ./subids/31_usermod_remove_outside_range/usermod.test
+run_test ./subids/32_usermod_remove_overlapping_range_begin/usermod.test
+run_test ./subids/33_usermod_remove_overlapping_range_end/usermod.test
+run_test ./subids/34_usermod_remove_overlapping_range_all/usermod.test
+run_test ./subids/35_usermod_remove_only_user_ranges/usermod.test
+run_test ./subids/36_usermod_remove_with_comment/usermod.test
+run_test ./subids/37_usermod_-v_invalid_range/usermod.test
+run_test ./subids/38_usermod_-V_invalid_range/usermod.test
+run_test ./subids/39_usermod_-w_invalid_range/usermod.test
+run_test ./subids/40_usermod_-W_invalid_range/usermod.test
+run_test ./subids/41_usermod_locked_subuid/usermod.test
+run_test ./subids/42_usermod_locked_subgid/usermod.test
+run_test ./subids/43_usermod_-w_no_subgid/usermod.test
+run_test ./subids/44_usermod_-W_no_subgid/usermod.test
+run_test ./subids/45_usermod_-v_no_subgid/usermod.test
+run_test ./subids/46_usermod_-V_no_subgid/usermod.test
+run_test ./subids/47_usermod_-v_invalid_range2/usermod.test
+run_test ./subids/48_usermod_-v_invalid_range3/usermod.test
+run_test ./subids/49_usermod_-v_invalid_range4/usermod.test
+run_test ./subids/50_usermod_-v_invalid_range5/usermod.test
+run_test ./subids/51_usermod_-v_invalid_range6/usermod.test
+run_test ./subids/52_usermod_-v_invalid_range7/usermod.test
+run_test ./subids/53_userdel_one_subuid_range/userdel.test
+run_test ./subids/54_userdel_one_subgid_range/userdel.test
+run_test ./subids/55_userdel_no_subuid/userdel.test
+run_test ./subids/56_userdel_no_subgid/userdel.test
+run_test ./subids/57_userdel_multiple_ranges/userdel.test
+run_test ./subids/58_newusers_with_subids/newusers.test
+run_test ./subids/59_newusers_no_subuid/newusers.test
+run_test ./subids/60_newusers_no_subgid/newusers.test
+run_test ./subids/61_newusers_user_alread_has_subgids/newusers.test
+run_test ./subids/62_newusers_user_alread_has_subuids/newusers.test
+run_test ./subids/63_useradd_fill_gap4/useradd.test
+run_test ./subids/64_useradd_fill_gap5/useradd.test
+run_test ./subids/65_useradd_fill_gap6/useradd.test
+run_test ./subids/66_subordinate_range_cmp/useradd.test
+run_test ./subids/67_invalid_subuid_file1/useradd.test
+run_test ./subids/68_invalid_subuid_file2/useradd.test
+run_test ./subids/69_invalid_subuid_file3/useradd.test
+run_test ./subids/70_invalid_subuid_file4/useradd.test
+run_test ./subids/71_useradd_subids_for_system/useradd.test
+run_test ./newuidmap/01_newuidmap/newuidmap.test
+run_test ./newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
+run_test ./newgidmap/01_newgidmap/newgidmap.test
+run_test ./newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
+
+echo
+echo "$succeeded test(s) passed"
+echo "$failed test(s) failed"
+echo "log written in 'testsuite.log'"
+if [ "$failed" != 0 ]
+then
+	echo "the following tests failed:"
+	echo "$failed_tests"
+fi
diff --git a/tests/tests/run_all.coverage b/tests/tests/run_all.coverage
new file mode 100755
index 0000000..d865c0e
--- /dev/null
+++ b/tests/tests/run_all.coverage
@@ -0,0 +1,1329 @@
+#!/bin/sh
+
+set -e
+
+export LC_ALL=C
+unset LANG
+unset LANGUAGE
+. common/config.sh
+
+USE_PAM="yes"
+FAILURE_TESTS="yes"
+
+succeeded=0
+failed=0
+failed_tests=""
+
+run_test()
+{
+	find "$build_path" -name "*.gcda" -delete
+	find "$build_path" -name "*.gcno" | while read f
+	do
+		g=${f%gcno}gcda
+		touch $g
+		chmod a+rw $g
+	done
+
+	if $1 > $1.log
+	then
+		succeeded=$((succeeded+1))
+		echo -n "+"
+	else
+		failed=$((failed+1))
+		failed_tests="$failed_tests $1"
+		echo -n "-"
+	fi
+	cat $1.log >> testsuite.log
+	[ -f /etc/passwd.lock ] && echo $1 /etc/passwd.lock || true
+	[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
+	[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
+	then
+		echo $1
+		ls -l /etc/shadow
+		chgrp shadow /etc/shadow
+	fi
+	if [ -d /nonexistent ]
+	then
+		echo $1 /nonexistent
+		rmdir /nonexistent
+	fi
+
+	find $build_path -name "*.gcda" -size 0 -delete
+	if echo $1 | grep -v -q debian
+	then
+		TESTNAME=$(echo $1| sed -e 's/^\.\///' -e 's/[.\/=-]/_/g')
+		lcov -q -c -d $build_path -o app_test.info -t $TESTNAME
+		lcov -q -a app_total.info -a app_test.info -o app_total.info
+		rm -f app_test.info
+	fi
+}
+
+echo "+: test passed"
+echo "-: test failed"
+
+# Empty the complete log.
+> testsuite.log
+
+lcov -q -c -i -d $build_path -o app_base.info
+lcov -q -a app_base.info -o app_total.info
+rm -f app_base.info
+
+run_test ./su/01/su_root.test
+run_test ./su/01/su_user.test
+run_test ./su/02/env_FOO-options_--login
+run_test ./su/02/env_FOO-options_--login_bash
+run_test ./su/02/env_FOO-options_--preserve-environment
+run_test ./su/02/env_FOO-options_--preserve-environment_bash
+run_test ./su/02/env_FOO-options_-
+run_test ./su/02/env_FOO-options_-_bash
+run_test ./su/02/env_FOO-options_-l-m
+run_test ./su/02/env_FOO-options_-l-m_bash
+run_test ./su/02/env_FOO-options_-l
+run_test ./su/02/env_FOO-options_-l_bash
+run_test ./su/02/env_FOO-options_-m_bash
+run_test ./su/02/env_FOO-options_-m
+run_test ./su/02/env_FOO-options_-p
+run_test ./su/02/env_FOO-options_-p_bash
+run_test ./su/02/env_FOO-options__bash
+run_test ./su/02/env_FOO-options_
+run_test ./su/02/env_FOO-options_-p-
+run_test ./su/02/env_FOO-options_-p-_bash
+run_test ./su/02/env_special-options_-l-p
+run_test ./su/02/env_special-options_-l
+run_test ./su/02/env_special-options_-l-p_bash
+run_test ./su/02/env_special-options_-l_bash
+run_test ./su/02/env_special-options_-p
+run_test ./su/02/env_special-options_-p_bash
+run_test ./su/02/env_special-options_
+run_test ./su/02/env_special-options__bash
+run_test ./su/02/env_special_root-options_-l-p
+run_test ./su/02/env_special_root-options_-l-p_bash
+run_test ./su/02/env_special_root-options_-l
+run_test ./su/02/env_special_root-options_-l_bash
+run_test ./su/02/env_special_root-options_-p
+run_test ./su/02/env_special_root-options_-p_bash
+run_test ./su/02/env_special_root-options_
+run_test ./su/02/env_special_root-options__bash
+run_test ./su/03/su_run_command01.test
+run_test ./su/03/su_run_command02.test
+run_test ./su/03/su_run_command03.test
+run_test ./su/03/su_run_command04.test
+run_test ./su/03/su_run_command05.test
+run_test ./su/03/su_run_command06.test
+run_test ./su/03/su_run_command07.test
+run_test ./su/03/su_run_command08.test
+run_test ./su/03/su_run_command09.test
+run_test ./su/03/su_run_command10.test
+run_test ./su/03/su_run_command11.test
+run_test ./su/03/su_run_command12.test
+run_test ./su/03/su_run_command13.test
+run_test ./su/03/su_run_command14.test
+run_test ./su/03/su_run_command15.test
+run_test ./su/03/su_run_command16.test
+run_test ./su/03/su_run_command17.test
+run_test ./su/04/su_wrong_user.test
+run_test ./su/04/su_user_wrong_passwd.test
+run_test ./su/04/su_user_wrong_passwd_syslog.test
+run_test ./su/05/su_user_wrong_passwd_syslog.test
+run_test ./su/06/su_user_syslog.test
+run_test ./su/07/su_user_syslog.test
+run_test ./su/08/env_special-options_
+run_test ./su/08/env_special_root-options_
+run_test ./su/09/env_special-options_
+run_test ./su/09/env_special_root-options_
+run_test ./su/10_su_sulog_success/su.test
+run_test ./su/11_su_sulog_failure/su.test
+run_test ./su/12_su_child_failure/su.test
+run_test ./su/13_su_child_success/su.test
+run_test ./chage/01/run
+run_test ./chage/02/run
+run_test ./chage/03_chsh_usage/chage.test
+run_test ./chage/04_chsh_usage_invalid_option/chage.test
+run_test ./chage/05_chsh_usage_2_users/chage.test
+run_test ./chage/06_chsh_usage_no_users/chage.test
+run_test ./chage/07_chsh_usage-l_exclusive/chage.test
+run_test ./chage/08_chsh_usage_invalid_date/chage.test
+run_test ./chage/09_chsh_usage_invalid_numeric_arg/chage.test
+run_test ./chage/10_chsh-l/chage.test
+run_test ./chage/11_chsh_usage_invalid_user/chage.test
+run_test ./chage/12_chsh_usage-l_invalid_user2/chage.test
+run_test ./chage/13_chsh_locked_passwd/chage.test
+run_test ./chage/14_chsh_locked_shadow/chage.test
+run_test ./chage/15_chage-I_no_shadow_entry/chage.test
+run_test ./chage/16_chage-m_no_shadow_entry/chage.test
+run_test ./chage/17_chage-M_no_shadow_entry/chage.test
+run_test ./chage/18_chage-d_no_shadow_entry/chage.test
+run_test ./chage/19_chage-W_no_shadow_entry/chage.test
+run_test ./chage/20_chage-E_no_shadow_entry/chage.test
+run_test ./chage/21_chage_no_shadow_file/chage.test
+run_test ./chage/22_chage_myuser-l/chage.test
+run_test ./chage/23_chage_myuser-I/chage.test
+run_test ./chage/24_chage_myuser-l_other/chage.test
+run_test ./chage/25_chage_interactive/chage.test
+run_test ./chage/26_chage_interactive_date_0/chage.test
+run_test ./chage/27_chage_interactive_date_-1/chage.test
+run_test ./chage/28_chage_interactive_date_EPOCH/chage.test
+run_test ./chage/29_chage_interactive_date_pre-EPOCH/chage.test
+run_test ./chage/30_chage_interactive_date_pre-EPOCH2/chage.test
+run_test ./chage/31_chage_interactive_date_invalid/chage.test
+run_test ./chage/32_chage_interactive_date_invalid2/chage.test
+run_test ./chage/33_chage_interactive-W_invalid1/chage.test
+run_test ./chage/34_chage_interactive-W_invalid2/chage.test
+run_test ./chage/35_chage_interactive-W-1/chage.test
+run_test ./chage/36_chage_interactive-I_invalid1/chage.test
+run_test ./chage/37_chage_interactive-I_invalid2/chage.test
+run_test ./chage/38_chage_interactive-I-1/chage.test
+run_test ./chage/39_chage_interactive-d-1/chage.test
+run_test ./chsh/01/run
+run_test ./chsh/02_chsh_usage/chsh.test
+run_test ./chsh/03_chsh_usage_invalid_option/chsh.test
+run_test ./chsh/04_chsh_usage_2_users/chsh.test
+run_test ./chsh/05_chsh_myuser_restricted_shell/chsh.test
+run_test ./chsh/06_chsh_myuser_non_restricted_shell/chsh.test
+run_test ./chsh/07_chsh_usage_invalid_user/chsh.test
+run_test ./chsh/08_chsh_myuser_to_restricted_shell/chsh.test
+run_test ./chsh/09_chsh_myuser_to_missing_shell/chsh.test
+run_test ./chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
+run_test ./chsh/11_chsh_auth_failure/chsh.test
+run_test ./chsh/12_chsh_warning_missing_shell/chsh.test
+run_test ./chsh/13_chsh_warning_non_executable/chsh.test
+run_test ./chsh/14_chsh_locked_passwd/chsh.test
+run_test ./chsh/15_chsh_PAM_error/chsh.test
+run_test ./chroot/chage/01_chage--root/chage.test
+run_test ./chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
+run_test ./chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
+run_test ./chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
+run_test ./chroot/chsh/01_chsh--root/chsh.test
+run_test ./chroot/gpasswd/01_gpasswd--root/gpasswd.test
+run_test ./chroot/groupadd/01_groupadd--root/groupadd.test
+run_test ./chroot/groupdel/01_groupdel--root/groupdel.test
+run_test ./chroot/groupmod/01_groupmod--root/groupmod.test
+run_test ./chroot/grpck/01_grpck--root/grpck.test
+run_test ./chroot/grpconv/01_grpconv--root/grpconv.test
+run_test ./chroot/grpunconv/01_grpunconv--root/grpunconv.test
+run_test ./chroot/lastlog/01_lastlog--root/lastlog.test
+run_test ./chroot/login/01_login_sublogin/login.test
+run_test ./chroot/pwck/01_pwck--root/pwck.test
+run_test ./chroot/pwconv/01_pwconv--root/pwconv.test
+run_test ./chroot/pwunconv/01_pwunconv--root/pwunconv.test
+run_test ./chroot/useradd/01_useradd--root/useradd.test
+run_test ./chroot/useradd/02_useradd--root_login.defs/useradd.test
+run_test ./chroot/useradd/03_useradd--root_useradd.default/useradd.test
+run_test ./chroot/useradd/04_useradd--root_useradd-D/useradd.test
+run_test ./chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
+run_test ./chroot/userdel/01_userdel--root/userdel.test
+run_test ./chroot/usermod/01_usermod--root/usermod.test
+run_test ./convtools/01/run
+run_test ./convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
+run_test ./convtools/03_grpconv_copy_passwd/grpconv.test
+run_test ./convtools/04_grpconv_no_password/grpconv.test
+run_test ./convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
+run_test ./convtools/06_grpconv_error_group_locked/grpconv.test
+run_test ./convtools/07_grpconv_error_gshadow_locked/grpconv.test
+run_test ./convtools/08_grpunconv_no_gshadow_file/grpunconv.test
+run_test ./convtools/09_grpunconv_error_group_locked/grpunconv.test
+run_test ./convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
+run_test ./convtools/11_pwconv_error_passwd_locked/pwconv.test
+run_test ./convtools/12_pwconv_error_shadow_locked/pwconv.test
+run_test ./convtools/13_pwunconv_error_passwd_locked/pwunconv.test
+run_test ./convtools/14_pwunconv_error_shadow_locked/pwunconv.test
+run_test ./convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
+run_test ./convtools/16_pwconv_copy_passwd/pwconv.test
+run_test ./convtools/17_pwunconv_no_shadow_file/pwunconv.test
+run_test ./convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
+run_test ./convtools/19_pwconv_NIS/pwconv.test
+run_test ./convtools/20_pwunconv_usage_option/pwunconv.test
+run_test ./convtools/21_pwunconv_keep_passwd_password/pwunconv.test
+run_test ./convtools/22_grpunconv_usage_option/grpunconv.test
+run_test ./convtools/23_grpunconv_keep_group_password/grpunconv.test
+run_test ./convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
+run_test ./convtools/25_pwconv_usage_option/pwconv.test
+run_test ./convtools/26_grpconv_usage_option/grpconv.test
+run_test ./convtools/27_pwunconv_usage/pwunconv.test
+run_test ./convtools/28_pwunconv_usage_extra_arg/pwunconv.test
+run_test ./convtools/29_grpconv_usage/grpconv.test
+run_test ./convtools/30_grpconv_usage_extra_arg/grpconv.test
+run_test ./convtools/31_pwconv_usage/pwconv.test
+run_test ./convtools/32_pwconv_usage_extra_arg/pwconv.test
+run_test ./convtools/33_grpunconv_usage/grpunconv.test
+run_test ./convtools/34_grpunconv_usage_extra_arg/grpunconv.test
+run_test ./cptools/02_cppw_usage/cppw.test
+run_test ./cptools/03_cppw_usage_invalid_option/cppw.test
+run_test ./cptools/04_cppw_no_file_argument/cppw.test
+run_test ./cptools/05_cppw_2_files/cppw.test
+run_test ./cptools/06_cppw_no_file/cppw.test
+run_test ./cptools/07_cppw_locked_passwd/cppw.test
+run_test ./cptools/08_cppw-p/cppw.test
+run_test ./cptools/09_cppw-g/cppw.test
+run_test ./cptools/10_cppw-g-s/cppw.test
+run_test ./cptools/11_cppw-p-s/cppw.test
+run_test ./cptools/12_cppw-s_no_shadow_file/cppw.test
+run_test ./debian/01/run
+run_test ./grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
+run_test ./grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
+run_test ./grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
+run_test ./grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
+run_test ./grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
+run_test ./grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
+run_test ./grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
+run_test ./grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
+run_test ./grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
+run_test ./grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
+run_test ./grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
+run_test ./grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
+run_test ./grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
+run_test ./grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
+run_test ./grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
+run_test ./grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
+run_test ./grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
+run_test ./grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
+run_test ./grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
+run_test ./grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
+run_test ./grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
+run_test ./grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
+run_test ./grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
+run_test ./grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
+run_test ./grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
+run_test ./grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
+run_test ./grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
+run_test ./grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
+run_test ./grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
+run_test ./grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
+run_test ./grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
+run_test ./grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
+run_test ./grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
+run_test ./grouptools/groupadd/01_groupadd_add_group/groupadd.test
+run_test ./grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/04_groupadd_set_password/groupadd.test
+run_test ./grouptools/groupadd/05_groupadd_set_GID/groupadd.test
+run_test ./grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
+run_test ./grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/08_groupadd_locked_group/groupadd.test
+run_test ./grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
+run_test ./grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
+run_test ./grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
+run_test ./grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
+run_test ./grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
+run_test ./grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
+run_test ./grouptools/groupadd/16_groupadd_existing_group/groupadd.test
+run_test ./grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
+run_test ./grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
+run_test ./grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
+run_test ./grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
+run_test ./grouptools/groupadd/22_groupadd_usage/groupadd.test
+run_test ./grouptools/groupadd/23_groupadd_no_groups/groupadd.test
+run_test ./grouptools/groupadd/24_groupadd_2_groups/groupadd.test
+run_test ./grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
+run_test ./grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
+run_test ./grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
+run_test ./grouptools/groupdel/01_groupdel_delete_group/groupdel.test
+run_test ./grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
+run_test ./grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
+run_test ./grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
+run_test ./grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
+run_test ./grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
+run_test ./grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
+run_test ./grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/10_groupdel_usage/groupdel.test
+run_test ./grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
+run_test ./grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
+run_test ./grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
+run_test ./grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
+run_test ./grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
+run_test ./grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
+run_test ./grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
+run_test ./grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
+run_test ./grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
+run_test ./grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
+run_test ./grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
+run_test ./grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
+run_test ./grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
+run_test ./grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
+run_test ./grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
+run_test ./grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
+run_test ./grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
+run_test ./grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/53_groupmems_usage/groupmems.test
+run_test ./grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
+run_test ./grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
+run_test ./grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
+run_test ./grouptools/groupmems/57_groupmems_authentication/groupmems.test
+run_test ./grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
+run_test ./grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
+run_test ./grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
+run_test ./grouptools/groupmod/01_groupmod_change_gid/groupmod.test
+run_test ./grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
+run_test ./grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
+run_test ./grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
+run_test ./grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/09_groupmod_set_password/groupmod.test
+run_test ./grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
+run_test ./grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
+run_test ./grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
+run_test ./grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
+run_test ./grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
+run_test ./grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
+run_test ./grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
+run_test ./grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
+run_test ./grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
+run_test ./grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
+run_test ./grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
+run_test ./grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
+run_test ./grouptools/groupmod/28_groupmod_usage/groupmod.test
+run_test ./grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
+run_test ./grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
+run_test ./grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
+run_test ./grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
+run_test ./grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
+run_test ./grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
+run_test ./grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
+run_test ./log/faillog/01_faillog_no_faillog/faillog.test
+run_test ./log/faillog/02_faillog_usage/faillog.test
+run_test ./log/faillog/03_faillog_format/faillog.test
+run_test ./log/faillog/04_faillog_multiple/faillog.test
+run_test ./log/faillog/05_faillog-u_ID/faillog.test
+run_test ./log/faillog/06_faillog-u_name/faillog.test
+run_test ./log/faillog/07_faillog-u_ID_invalid/faillog.test
+run_test ./log/faillog/08_faillog-u_name_invalid/faillog.test
+run_test ./log/faillog/09_faillog-u_range/faillog.test
+run_test ./log/faillog/10_faillog-u_open_range/faillog.test
+run_test ./log/faillog/11_faillog-u_range_open/faillog.test
+run_test ./log/faillog/12_faillog-u_range_invalid1/faillog.test
+run_test ./log/faillog/13_faillog-u_range_invalid2/faillog.test
+run_test ./log/faillog/14_faillog-u_range_invalid3/faillog.test
+run_test ./log/faillog/15_faillog_bad_option/faillog.test
+run_test ./log/faillog/16_faillog_extra_arg/faillog.test
+run_test ./log/faillog/17_faillog-t/faillog.test
+run_test ./log/faillog/18_faillog-t_invalid/faillog.test
+run_test ./log/faillog/19_faillog_multiple_same_user/faillog.test
+run_test ./log/faillog/20_faillog-r-u/faillog.test
+run_test ./log/faillog/21_faillog-r-u_range/faillog.test
+run_test ./log/faillog/22_faillog_removed_user/faillog.test
+run_test ./log/faillog/23_faillog-a_removed_user/faillog.test
+run_test ./log/faillog/24_faillog-u_removed_user/faillog.test
+run_test ./log/faillog/25_faillog-r-u_removed_user/faillog.test
+run_test ./log/faillog/26_faillog-r-u_range_removed_user/faillog.test
+run_test ./log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
+run_test ./log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
+run_test ./log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
+run_test ./log/faillog/30_faillog-r/faillog.test
+run_test ./log/faillog/31_faillog-r-u_open_range/faillog.test
+run_test ./log/faillog/32_faillog-l/faillog.test
+run_test ./log/faillog/33_faillog-l-u_user/faillog.test
+run_test ./log/faillog/34_faillog-l-u_range/faillog.test
+run_test ./log/faillog/35_faillog-l-u_open_range/faillog.test
+run_test ./log/faillog/36_faillog-l-u_range_open/faillog.test
+run_test ./log/faillog/37_faillog-l-a-u_user/faillog.test
+run_test ./log/faillog/38_faillog-l-a-u_range/faillog.test
+run_test ./log/faillog/39_faillog-l-a-u_open_range/faillog.test
+run_test ./log/faillog/40_faillog-l-a-u_range_open/faillog.test
+run_test ./log/faillog/41_faillog-l_invalid/faillog.test
+run_test ./log/faillog/42_faillog-m/faillog.test
+run_test ./log/faillog/43_faillog-m-u_user/faillog.test
+run_test ./log/faillog/44_faillog-m-u_range/faillog.test
+run_test ./log/faillog/45_faillog-m-u_open_range/faillog.test
+run_test ./log/faillog/46_faillog-m-u_range_open/faillog.test
+run_test ./log/faillog/47_faillog-m-a-u_user/faillog.test
+run_test ./log/faillog/48_faillog-m-a-u_range/faillog.test
+run_test ./log/faillog/49_faillog-m-a-u_open_range/faillog.test
+run_test ./log/faillog/50_faillog-m-a-u_range_open/faillog.test
+run_test ./log/faillog/51_faillog-m_invalid/faillog.test
+run_test ./log/faillog/52_faillog-t-l_exclusive/faillog.test
+run_test ./log/faillog/53_faillog-t-m_exclusive/faillog.test
+run_test ./log/faillog/54_faillog-t-r_exclusive/faillog.test
+run_test ./log/faillog/55_faillog_no_changes/faillog.test
+run_test ./log/faillog/56_faillog-l-m_empty_file/faillog.test
+run_test ./log/faillog/57_faillog-r_empty_file/faillog.test
+run_test ./log/faillog/58_faillog-l_no_failcount/faillog.test
+run_test ./log/lastlog/01_lastlog_no_lastlog/lastlog.test
+run_test ./log/lastlog/02_lastlog_usage/lastlog.test
+run_test ./log/lastlog/03_lastlog_format/lastlog.test
+run_test ./log/lastlog/04_lastlog_multiple/lastlog.test
+run_test ./log/lastlog/05_lastlog-u_ID/lastlog.test
+run_test ./log/lastlog/06_lastlog-u_name/lastlog.test
+run_test ./log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
+run_test ./log/lastlog/08_lastlog-u_name_invalid/lastlog.test
+run_test ./log/lastlog/09_lastlog-u_range/lastlog.test
+run_test ./log/lastlog/10_lastlog-u_open_range/lastlog.test
+run_test ./log/lastlog/11_lastlog-u_range_open/lastlog.test
+run_test ./log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
+run_test ./log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
+run_test ./log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
+run_test ./log/lastlog/15_lastlog_bad_option/lastlog.test
+run_test ./log/lastlog/16_lastlog_extra_arg/lastlog.test
+run_test ./log/lastlog/17_lastlog-t/lastlog.test
+run_test ./log/lastlog/18_lastlog-b/lastlog.test
+run_test ./log/lastlog/19_lastlog-t_invalid/lastlog.test
+run_test ./log/lastlog/20_lastlog-b_invalid/lastlog.test
+run_test ./usertools/01/01_useradd_add_user.test
+run_test ./usertools/01/01_userdel_delete_user.test
+run_test ./usertools/01/02_useradd_recreate_deleted_user.test
+run_test ./usertools/01/03_useradd_additional_options.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_fail.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
+run_test ./usertools/01/04_useradd_specified_UID.test
+run_test ./usertools/01/04_useradd_specified_UID_and_GID.test
+run_test ./usertools/01/04_userdel_delete_user_with_non_unique_UID.test
+run_test ./usertools/01/05_useradd_invalid_numeric_primary_group.test
+run_test ./usertools/01/06_useradd_invalid_named_primary_group.test
+run_test ./usertools/01/07_useradd_numerical_primary_group.test
+run_test ./usertools/01/08_useradd_named_primary_group.test
+run_test ./usertools/01/09_usermod_change_user_info.test
+run_test ./usertools/01/10_usermod_rename_user.test
+run_test ./usertools/01/10_usermod_rename_user_in_group.test
+run_test ./usertools/01/11_usermod_change_password.test
+run_test ./usertools/01/11_usermod_lock_password.test
+run_test ./usertools/01/11_usermod_unlock_empty_password.test
+run_test ./usertools/01/11_usermod_unlock_password.test
+run_test ./usertools/01/12_usermod_change_gid_name.test
+run_test ./usertools/01/12_usermod_change_gid_number.test
+run_test ./usertools/01/13_useradd_negative_UID.test
+run_test ./usertools/01/14_useradd_out_of_range_UID.test
+run_test ./usertools/01/15_useradd_specified_large_UID.test
+run_test ./usertools/01/16_useradd_add_user_to_multiple_groups.test
+run_test ./usertools/01/16_useradd_add_user_to_one_group.test
+run_test ./usertools/01/17_useradd_create_homedir.test
+run_test ./usertools/01/18_userdel_remove_homedir.test
+run_test ./usertools/01/19_userdel_delete_user_in_group.test
+run_test ./usertools/01/20_usermod_change_homedir.test
+run_test ./usertools/01/21_usermod_change_and_move_homedir.test
+run_test ./usertools/01/22_usermod_new_groups.test
+run_test ./usertools/01/23_usermod_add_groups.test
+run_test ./usertools/01/24_usermod_new_groups_remove_old_groups.test
+run_test ./usertools/01/25_useradd_specified_large_UID2.test
+run_test ./usertools/01/26_useradd_UID_-1.test
+run_test ./usertools/02/useradd_default_default_values.test
+run_test ./usertools/02/useradd_get_default_values.test
+run_test ./usertools/02/useradd_change_default_INACTIVE.test
+run_test ./usertools/02/useradd_change_default_SHELL.test
+run_test ./usertools/02/useradd_change_default_EXPIRE.test
+run_test ./usertools/02/useradd_change_default_GROUP.test
+run_test ./usertools/02/useradd_change_default_HOME.test
+run_test ./usertools/02/useradd_change_defaults.test
+run_test ./usertools/03/useradd_change_defaults.test
+run_test ./usertools/04/01_useradd_add_user.test
+run_test ./usertools/05_userdel_del_from_group_members/userdel.test
+run_test ./usertools/06_userdel_del_from_gshadow_members/userdel.test
+run_test ./usertools/07_userdel_del_from_gshadow_admins/userdel.test
+run_test ./usertools/08_userdel_del_from_group_and_gshadow/userdel.test
+run_test ./usertools/09_userdel_del_homedir/userdel.test
+run_test ./usertools/10_userdel_del_homedir_wrong_owner/userdel.test
+run_test ./usertools/11_usermod_move_homedir/usermod.test
+run_test ./usertools/12_usermod_move_homedir_dev_null/usermod.test
+run_test ./usertools/13_usermod_move_homedir_file/usermod.test
+run_test ./usertools/14_usermod_move_homedir_other_device/usermod.test
+run_test ./usertools/15_usermod_change_supplementary_groups/usermod.test
+run_test ./usertools/16_usermod_clear_supplementary_groups/usermod.test
+run_test ./usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
+run_test ./usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
+run_test ./usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
+run_test ./usertools/20_usermod_rename_user_in_member_lists/usermod.test
+run_test ./usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
+run_test ./usertools/22_usermod-a_existing_supplementary_group/usermod.test
+run_test ./usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
+run_test ./usertools/24_usermod_locked_passwd/usermod.test
+run_test ./usertools/25_usermod-G_locked_group/usermod.test
+run_test ./usertools/26_usermod_locked_shadow/usermod.test
+run_test ./usertools/27_usermod-G_locked_gshadow/usermod.test
+run_test ./usertools/28_usermod-c_locked_group/usermod.test
+run_test ./usertools/29_usermod-c_locked_gshadow/usermod.test
+run_test ./usertools/30_usermod-l_locked_group/usermod.test
+run_test ./usertools/31_usermod-l_locked_gshadow/usermod.test
+run_test ./usertools/32_usermod-u_new_UID/usermod.test
+run_test ./usertools/33_usermod-u_existing_UID/usermod.test
+run_test ./usertools/34_usermod-u-o_existing_UID/usermod.test
+run_test ./usertools/35_usermod-u_invalid_UID/usermod.test
+run_test ./usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
+run_test ./usertools/37_Debian_Bug_470745/usermod.test
+run_test ./usertools/38_usermod_invalid_user/usermod.test
+run_test ./usertools/39_usermod_-c_invalid_comment/usermod.test
+run_test ./usertools/40_usermod_-d_invalid_homedir/usermod.test
+run_test ./usertools/41_usermod_-d_invalid_shell/usermod.test
+run_test ./usertools/42_usermod_-g_invalid_group_name/usermod.test
+run_test ./usertools/43_usermod_-g_invalid_group_ID/usermod.test
+run_test ./usertools/44_usermod-l_existing_username/usermod.test
+run_test ./usertools/45_usermod-l_existing_username_passwd/usermod.test
+run_test ./usertools/46_usermod-l_existing_username_shadow/usermod.test
+run_test ./usertools/47_usermod-l_no_shadow_file/usermod.test
+run_test ./usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
+run_test ./usertools/49_userdel_delete_users_group/userdel.test
+run_test ./usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
+run_test ./usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
+run_test ./usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
+run_test ./usertools/53_userdel_delete_user_no_shadow_file/userdel.test
+run_test ./usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
+run_test ./usertools/55_userdel_busy_user/userdel.test
+run_test ./usertools/56_userdel_locked_passwd/userdel.test
+run_test ./usertools/57_userdel_locked_group/userdel.test
+run_test ./usertools/58_userdel_locked_shadow/userdel.test
+run_test ./usertools/59_userdel_locked_gshadow/userdel.test
+run_test ./usertools/60_userdel_invalid_user/userdel.test
+run_test ./usertools/61_userdel_del_homedir_with_symlinks/userdel.test
+run_test ./usertools/62_usermod_remove_supplementary_groups/usermod.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
+else
+	run_test ./usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
+fi
+run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+run_test ./usertools/useradd/01_useradd_usage/useradd.test
+run_test ./usertools/useradd/02_useradd_usage_invalid_option/useradd.test
+run_test ./usertools/useradd/03_useradd_usage_no_users/useradd.test
+run_test ./usertools/useradd/04_useradd_usage_2_users/useradd.test
+run_test ./usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
+run_test ./usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
+run_test ./usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
+run_test ./usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
+run_test ./usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
+run_test ./usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
+run_test ./usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
+run_test ./usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
+run_test ./usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
+run_test ./usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
+run_test ./usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
+run_test ./usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
+run_test ./usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
+run_test ./usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
+run_test ./usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
+run_test ./usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
+run_test ./usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
+run_test ./usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
+run_test ./usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
+run_test ./usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
+run_test ./usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
+run_test ./usertools/useradd/26_useradd_usage-o_without-u/useradd.test
+run_test ./usertools/useradd/27_useradd_usage-k_without-m/useradd.test
+run_test ./usertools/useradd/28_useradd_usage-U_with-g/useradd.test
+run_test ./usertools/useradd/29_useradd_usage-U_with-N/useradd.test
+run_test ./usertools/useradd/30_useradd_usage-m_with-M/useradd.test
+run_test ./usertools/useradd/31_useradd_usage_user_with-D/useradd.test
+run_test ./usertools/useradd/32_useradd_usage-D_with_other/useradd.test
+run_test ./usertools/useradd/33_useradd_usage_invalid_username/useradd.test
+run_test ./usertools/useradd/35_useradd_default_GROUP_name/useradd.test
+run_test ./usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
+run_test ./usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
+run_test ./usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
+run_test ./usertools/useradd/38_useradd_default_INACTIVE/useradd.test
+run_test ./usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
+run_test ./usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
+run_test ./usertools/useradd/41_useradd_default_default_SKEL/useradd.test
+run_test ./usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
+run_test ./usertools/useradd/43_useradd_default_no_final_eol/useradd.test
+run_test ./usertools/useradd/44_useradd_default_no_file/useradd.test
+run_test ./usertools/useradd/45_useradd-G_UID_name/useradd.test
+run_test ./usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
+run_test ./usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
+run_test ./usertools/useradd/48_useradd-G_name_duplicate/useradd.test
+run_test ./usertools/useradd/49_useradd-G_invalid_group/useradd.test
+run_test ./usertools/useradd/50_useradd-r/useradd.test
+run_test ./usertools/useradd/51_useradd_already_exist/useradd.test
+run_test ./usertools/useradd/52_useradd-U_group_already_exist/useradd.test
+run_test ./usertools/useradd/53_useradd-G_empty/useradd.test
+run_test ./usertools/useradd/54_useradd_no_shadow_file/useradd.test
+run_test ./usertools/useradd/55_useradd_no_gshadow_file/useradd.test
+run_test ./usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
+run_test ./usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
+run_test ./usertools/useradd/58_useradd-e_empty/useradd.test
+run_test ./usertools/useradd/59_useradd-e-1-f-1/useradd.test
+run_test ./usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
+run_test ./usertools/useradd/61_useradd-K/useradd.test
+run_test ./usertools/useradd/62_useradd-p/useradd.test
+run_test ./usertools/useradd/63_useradd-s/useradd.test
+run_test ./usertools/useradd/64_useradd_locked_passwd/useradd.test
+run_test ./usertools/useradd/65_useradd_locked_group/useradd.test
+run_test ./usertools/useradd/66_useradd_locked_shadow/useradd.test
+run_test ./usertools/useradd/67_useradd_locked_gshadow/useradd.test
+run_test ./usertools/useradd/68_useradd-s_empty/useradd.test
+run_test ./usertools/userdel/01_userdel_usage/userdel.test
+run_test ./usertools/userdel/02_userdel_usage_invalid_option/userdel.test
+run_test ./usertools/userdel/03_userdel_usage_no_users/userdel.test
+run_test ./usertools/userdel/04_userdel_usage_2_users/userdel.test
+run_test ./usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
+run_test ./usertools/userdel/06_userdel_no_usergroup/userdel.test
+run_test ./usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
+run_test ./usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
+run_test ./usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
+run_test ./usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
+run_test ./usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
+run_test ./usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
+run_test ./usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
+run_test ./usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
+run_test ./usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
+run_test ./usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
+run_test ./usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
+run_test ./usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
+run_test ./usertools/usermod/10_usermod_usage/usermod.test
+run_test ./usertools/usermod/11_usermod_usage_bad_option/usermod.test
+run_test ./usertools/usermod/12_usermod_usage_bad-f/usermod.test
+run_test ./usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
+run_test ./usertools/usermod/14_usermod_usage_no_options/usermod.test
+run_test ./usertools/usermod/15_usermod_usage_no_user/usermod.test
+run_test ./usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
+run_test ./usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
+run_test ./usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
+run_test ./usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
+run_test ./usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
+run_test ./usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
+run_test ./usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
+run_test ./usertools/usermod/23_usermod-e_date/usermod.test
+run_test ./usertools/usermod/24_usermod-e_date/usermod.test
+run_test ./usertools/usermod/25_usermod-e_empty_arg/usermod.test
+run_test ./usertools/usermod/26_usermod-e-1/usermod.test
+run_test ./usertools/usermod/27_usermod-e_invalid1/usermod.test
+run_test ./usertools/usermod/28_usermod-e_invalid2/usermod.test
+run_test ./usertools/usermod/29_usermod_no_changes/usermod.test
+run_test ./usertools/usermod/30_usermod_usage-a_without-G/usermod.test
+run_test ./usertools/usermod/31_usermod_usage-o_without-u/usermod.test
+run_test ./usertools/usermod/32_usermod_usage-m_without-d/usermod.test
+run_test ./usertools/usermod/33_usermod_change_shell/usermod.test
+run_test ./usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
+run_test ./usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
+run_test ./usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
+run_test ./usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
+run_test ./usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
+run_test ./usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
+run_test ./usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
+run_test ./usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
+run_test ./usertools/usermod/44_usermod-l_move_mailbox/usermod.test
+run_test ./usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
+run_test ./usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
+run_test ./usertools/usermod/47_usermod-u_default_maildir/usermod.test
+run_test ./usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
+run_test ./usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
+run_test ./usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
+run_test ./usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
+run_test ./usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
+run_test ./cptools/01/run1
+run_test ./cptools/01/run2
+run_test ./cptools/01/run3
+run_test ./cptools/01/run4
+run_test ./cktools/01/run1
+run_test ./cktools/01/run2
+run_test ./cktools/02_pwck_sort/pwck.test
+run_test ./cktools/03_grpck_sort/grpck.test
+run_test ./cktools/04_pwck_sort_missing_shadow_user/pwck.test
+run_test ./cktools/05_grpck_sort_missing_shadow_group/grpck.test
+run_test ./cktools/06_pwck_sort_NIS_server/pwck.test
+run_test ./cktools/07_pwck_sort_NIS_client/pwck.test
+run_test ./cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
+run_test ./cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
+run_test ./cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
+run_test ./cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
+run_test ./cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
+run_test ./cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/10_grpck_missing_field_group_local/grpck.test
+run_test ./cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
+run_test ./cktools/grpck/12_grpck_unknown_user_group/grpck.test
+run_test ./cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
+run_test ./cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
+run_test ./cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
+run_test ./cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
+run_test ./cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
+run_test ./cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
+run_test ./cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
+run_test ./cktools/grpck/21_grpck_invalid_group_name/grpck.test
+run_test ./cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
+run_test ./cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
+run_test ./cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
+run_test ./cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
+run_test ./cktools/grpck/26_grpck_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/28_grpck_usage/grpck.test
+run_test ./cktools/grpck/29_grpck_sort_readonly/grpck.test
+run_test ./cktools/grpck/30_grpck_3_files/grpck.test
+run_test ./cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
+run_test ./cktools/grpck/32_grpck_sort_nis/grpck.test
+run_test ./cktools/grpck/33_grpck_locked_group/grpck.test
+run_test ./cktools/grpck/34_grpck_locked_gshadow/grpck.test
+run_test ./cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
+run_test ./cktools/grpck/36_grpck_password_group_gshadow/grpck.test
+run_test ./cktools/grpck/37_grpck_invalid_option/grpck.test
+run_test ./cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
+run_test ./cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
+run_test ./cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
+run_test ./cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
+run_test ./cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
+run_test ./cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
+run_test ./cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
+run_test ./cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
+run_test ./cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
+run_test ./cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
+run_test ./cktools/pwck/18_pwck_invalid_user_name/pwck.test
+run_test ./cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
+run_test ./cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
+run_test ./cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
+run_test ./cktools/pwck/22_pwck_usage/pwck.test
+run_test ./cktools/pwck/23_pwck_locked_passwd/pwck.test
+run_test ./cktools/pwck/24_pwck_locked_shadow/pwck.test
+run_test ./cktools/pwck/25_pwck_usage_invalid_option/pwck.test
+run_test ./cktools/pwck/26_pwck_usage-s-r/pwck.test
+run_test ./cktools/pwck/27_pwck_usage_3_files/pwck.test
+run_test ./cktools/pwck/28_pwck_no_shadow_file/pwck.test
+run_test ./cktools/pwck/29_pwck_password_change_in_future/pwck.test
+run_test ./cktools/pwck/30_pwck_NIS_entries/pwck.test
+run_test ./cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
+run_test ./cktools/pwck/32_pwck_quiet/pwck.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
+	run_test ./crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
+	run_test ./crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
+	run_test ./crypt/login.defs_DES/05_chpasswd-e.test
+	run_test ./crypt/login.defs_DES/06_chpasswd-m.test
+fi
+run_test ./crypt/login.defs_DES/07_chgpasswd.test
+run_test ./crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
+run_test ./crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
+run_test ./crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
+run_test ./crypt/login.defs_DES/11_chgpasswd-e.test
+run_test ./crypt/login.defs_DES/12_chgpasswd-m.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_MD5/01_chpasswd.test
+	run_test ./crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_MD5/02_chgpasswd.test
+run_test ./crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_SHA256-round-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA512/01_chpasswd.test
+	run_test ./crypt/login.defs_none/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_SHA256-round-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA512/02_chgpasswd.test
+run_test ./crypt/login.defs_none/02_chgpasswd.test
+run_test ./newusers/01_create_user/newusers.test
+run_test ./newusers/02_update_password/newusers.test
+run_test ./newusers/03_no_update_pid/newusers.test
+run_test ./newusers/04_no_update_gid/newusers.test
+run_test ./newusers/05_create_user_pid/newusers.test
+run_test ./newusers/06_create_user_gid/newusers.test
+run_test ./newusers/07_create_user_pid_gid/newusers.test
+run_test ./newusers/08_create_user_pid_other-gid/newusers.test
+run_test ./newusers/09_create_user_pid-as-user-bar/newusers.test
+run_test ./newusers/10_create_user_gid-as-group-bar/newusers.test
+run_test ./newusers/11_update_gecos/newusers.test
+run_test ./newusers/12_update_shell/newusers.test
+run_test ./newusers/13_create_user_new-home/newusers.test
+run_test ./newusers/14_create_user_existing-home/newusers.test
+run_test ./newusers/15_update_new-home/newusers.test
+run_test ./newusers/16_update_existing-home/newusers.test
+run_test ./newusers/17_create_user_pid-already-used/newusers.test
+run_test ./newusers/18_create_user_gid-already-used/newusers.test
+run_test ./newusers/19_update_keep-old-home/newusers.test
+run_test ./newusers/20_multiple_users/newusers.test
+run_test ./newusers/21_create_user_UID_MAX/newusers.test
+run_test ./newusers/22_create_user_GID_MAX/newusers.test
+run_test ./newusers/23_create_user_error_negative_UID/newusers.test
+run_test ./newusers/24_create_user_error_invalid_UID/newusers.test
+run_test ./newusers/25_create_user_error_no_remaining_UID/newusers.test
+run_test ./newusers/26_create_user_error_no_remaining_GID/newusers.test
+run_test ./newusers/27_create_user_error_invalid_username/newusers.test
+run_test ./newusers/28_create_user_error_invalid_groupname/newusers.test
+run_test ./newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
+run_test ./newusers/30_create_user_different_groupname/newusers.test
+run_test ./newusers/31_create_user_error_invalid_GID/newusers.test
+run_test ./newusers/32_create_user_error_gshadow_group_exists/newusers.test
+run_test ./newusers/33_update_password_no_shadow_password/newusers.test
+run_test ./newusers/34_update_password_no_shadow/newusers.test
+run_test ./newusers/35_read_from_stdin/newusers.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./newusers/36_create_user_encrypted/newusers.test
+	run_test ./newusers/37_create_user_encrypt_MD5/newusers.test
+	run_test ./newusers/38_update_password_no_shadow_encrypted/newusers.test
+	run_test ./newusers/39_update_password_no_shadow_password_encrypted/newusers.test
+	run_test ./newusers/40_update_password_encrypted/newusers.test
+	run_test ./newusers/41_create_user_encrypt_SHA256/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
+	run_test ./newusers/45_create_user_encrypt_rounds_3000/newusers.test
+	run_test ./newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
+else
+
+	run_test ./newusers/37_create_user_encrypt_MD5-PAM/newusers.test
+
+
+
+	run_test ./newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
+
+
+fi
+run_test ./newusers/47_create_user_error_UID_4294967295/newusers.test
+run_test ./newusers/48_create_user_error_GID_4294967295/newusers.test
+run_test ./newusers/49_multiple_system_users/newusers.test
+run_test ./newusers/50_usage/newusers.test
+run_test ./newusers/51_usage_invalid_option/newusers.test
+run_test ./newusers/52_usage_2_input_files/newusers.test
+run_test ./newusers/53_locked_passwd/newusers.test
+run_test ./newusers/54_locked_shadow/newusers.test
+run_test ./newusers/55_locked_group/newusers.test
+run_test ./newusers/56_locked_gshadow/newusers.test
+run_test ./newusers/57_missing_input_file/newusers.test
+run_test ./newusers/58_invalid_input_file/newusers.test
+run_test ./newusers/59_no_gshadow_file/newusers.test
+run_test ./newusers/60_update_no_gecos/newusers.test
+run_test ./newusers/61_update_no_shell/newusers.test
+run_test ./split_groups/01_useradd_split_group/useradd.test
+run_test ./split_groups/02_useradd_no_split_group/useradd.test
+run_test ./split_groups/03_useradd_split_group_already_split/useradd.test
+run_test ./split_groups/04_useradd_split_group_already_full/useradd.test
+run_test ./split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
+run_test ./split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
+run_test ./split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
+run_test ./split_groups/08_useradd_no_split_group_already_split/useradd.test
+run_test ./split_groups/09_groupdel_split_group_already_split/groupdel.test
+run_test ./split_groups/10_groupdel_no_split_group_already_split/groupdel.test
+if [ "$FAILURE_TESTS" = "yes" ]; then
+run_test ./failures/chage/01_chage_openRW_passwd_failure/chage.test
+run_test ./failures/chage/02_chage_openRO_passwd_failure/chage.test
+run_test ./failures/chage/03_chage_openRW_shadow_failure/chage.test
+run_test ./failures/chage/04_chage_openRO_shadow_failure/chage.test
+run_test ./failures/chage/05_chage_rename_shadow_failure/chage.test
+run_test ./failures/chage/06_chage_rename_passwd_failure/chage.test
+run_test ./failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
+run_test ./failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
+fi
+run_test ./failures/chsh/01_chsh_open_passwd_failure/chsh.test
+run_test ./failures/chsh/02_chsh_rename_passwd_failure/chsh.test
+run_test ./failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
+run_test ./failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
+run_test ./failures/cppw/03_cppw_rename_passwd_failure/cppw.test
+run_test ./failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
+run_test ./failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
+run_test ./failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
+run_test ./failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
+run_test ./failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
+run_test ./failures/groupadd/04_groupadd_group_open_failure/groupadd.test
+run_test ./failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
+run_test ./failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
+run_test ./failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
+run_test ./failures/groupdel/04_groupdel_group_open_failure/groupdel.test
+run_test ./failures/groupmems/01_groupmems_group_open_failure/groupmems.test
+run_test ./failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
+run_test ./failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
+run_test ./failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
+run_test ./failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
+run_test ./failures/groupmod/04_groupmod_group_open_failure/groupmod.test
+run_test ./failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
+run_test ./failures/grpck/01_grpck_system_group_open_failure/grpck.test
+run_test ./failures/grpck/02_grpck_group_open_failure/grpck.test
+run_test ./failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/04_grpck_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
+run_test ./failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
+run_test ./failures/grpconv/01_grpconv_open_group_failure/grpconv.test
+run_test ./failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
+run_test ./failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
+run_test ./failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
+run_test ./failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
+run_test ./failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
+run_test ./failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
+run_test ./failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
+run_test ./failures/newusers/01_newusers_open_passwd_failure/newusers.test
+run_test ./failures/newusers/02_newusers_open_shadow_failure/newusers.test
+run_test ./failures/newusers/03_newusers_open_group_failure/newusers.test
+run_test ./failures/newusers/04_newusers_open_gshadow_failure/newusers.test
+run_test ./failures/newusers/05_newusers_rename_passwd_failure/newusers.test
+run_test ./failures/newusers/06_newusers_rename_shadow_failure/newusers.test
+run_test ./failures/newusers/07_newusers_rename_group_failure/newusers.test
+run_test ./failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
+run_test ./failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
+run_test ./failures/newusers/10_newusers_time_0/newusers.test
+run_test ./failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
+run_test ./failures/pwck/02_pwck_passwd_open_failure/pwck.test
+run_test ./failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
+run_test ./failures/pwck/04_pwck_shadow_open_failure/pwck.test
+run_test ./failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
+run_test ./failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
+run_test ./failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
+run_test ./failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
+run_test ./failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
+run_test ./failures/pwconv/05_pwconv_time_0/pwconv.test
+run_test ./failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
+run_test ./failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
+run_test ./failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
+run_test ./failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
+run_test ./failures/useradd/01_useradd_open_passwd_failure/useradd.test
+run_test ./failures/useradd/02_useradd_open_shadow_failure/useradd.test
+run_test ./failures/useradd/03_useradd_open_group_failure/useradd.test
+run_test ./failures/useradd/04_useradd_open_gshadow_failure/useradd.test
+run_test ./failures/useradd/05_useradd_rename_passwd_failure/useradd.test
+run_test ./failures/useradd/06_useradd_rename_shadow_failure/useradd.test
+run_test ./failures/useradd/07_useradd_rename_group_failure/useradd.test
+run_test ./failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
+run_test ./failures/useradd/09_useradd_rename_defaults_failure/useradd.test
+run_test ./failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
+run_test ./failures/useradd/11_useradd_time_0/useradd.test
+run_test ./failures/useradd/12_useradd_open_subuid_failure/useradd.test
+run_test ./failures/useradd/13_useradd_open_subgid_failure/useradd.test
+run_test ./failures/useradd/14_username_rename_subuid_failure/useradd.test
+run_test ./failures/useradd/15_username_rename_subgid_failure/useradd.test
+run_test ./failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
+run_test ./failures/userdel/02_userdel_group_rename_failure/userdel.test
+run_test ./failures/userdel/03_userdel_shadow_rename_failure/userdel.test
+run_test ./failures/userdel/04_userdel_passwd_rename_failure/userdel.test
+run_test ./failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
+run_test ./failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
+run_test ./failures/userdel/07_userdel_failure_remove_homedir/userdel.test
+run_test ./failures/userdel/08_userdel_open_passwd_failure/userdel.test
+run_test ./failures/userdel/09_userdel_open_shadow_failure/userdel.test
+run_test ./failures/userdel/10_userdel_open_group_failure/userdel.test
+run_test ./failures/userdel/11_userdel_open_gshadow_failure/userdel.test
+run_test ./failures/userdel/12_userdel_open_subuid_failure/userdel.test
+run_test ./failures/userdel/13_userdel_open_subgid_failure/userdel.test
+run_test ./failures/userdel/14_userdel_rename_subuid_failure/usedel.test
+run_test ./failures/userdel/15_userdel_rename_subgid_failure/usedel.test
+run_test ./failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
+run_test ./failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
+run_test ./failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
+run_test ./failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
+run_test ./failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
+run_test ./failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
+run_test ./failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
+run_test ./failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
+run_test ./failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
+run_test ./failures/usermod/10_usermod_-p_time_0/usermod.test
+run_test ./failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
+#run_test ./failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
+run_test ./failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
+run_test ./failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
+run_test ./failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
+run_test ./failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
+run_test ./failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
+run_test ./failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
+fi
+run_test ./expiry/01_expiry_-c_no_expiry/expiry.test
+run_test ./expiry/02_expiry_-c_expired/expiry.test
+run_test ./expiry/03_expiry_-f_expired/expiry.test
+run_test ./expiry/04_expiry_no_options/expiry.test
+run_test ./expiry/05_expiry_-c_no_shadow_file/expiry.test
+run_test ./expiry/06_expiry_-c_no_shadow_entry/expiry.test
+run_test ./expiry/07_expiry_-c_expired_account/expiry.test
+run_test ./expiry/08_expiry_-c_expired_max+inact/expiry.test
+run_test ./expiry/09_expiry_-c_expired_not_inactive/expiry.test
+run_test ./expiry/10_expiry_bad_option/expiry.test
+run_test ./expiry/11_expiry_usage/expiry.test
+run_test ./expiry/12_expiry_extra_arg/expiry.test
+run_test ./expiry/13_expiry_usage-c-f/expiry.test
+run_test ./passwd/01_passwd_-S_root_locked_account/passwd.test
+run_test ./passwd/02_passwd_-S_root_valid_account/passwd.test
+run_test ./passwd/03_passwd_-S_root_empty_password/passwd.test
+run_test ./passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
+run_test ./passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
+run_test ./passwd/06_passwd_-l_root_lock_account/passwd.test
+run_test ./passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
+run_test ./passwd/08_passwd_-u_root_unlock_account/passwd.test
+run_test ./passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
+run_test ./passwd/10_passwd_-d_root/passwd.test
+run_test ./passwd/11_passwd_--mindays_root/passwd.test
+run_test ./passwd/12_passwd_--maxdays_root/passwd.test
+run_test ./passwd/13_passwd_--warndays_root/passwd.test
+run_test ./passwd/14_passwd_--inactive_root/passwd.test
+run_test ./passwd/15_passwd_--expire_root/passwd.test
+run_test ./passwd/16_passwd_-S-a_root/passwd.test
+run_test ./passwd/17_passwd_root_change_password/passwd.test
+run_test ./passwd/18_passwd_root_change_password_user/passwd.test
+run_test ./passwd/19_passwd_user_change_password/passwd.test
+run_test ./passwd/20_passwd_user_change_password_same_user/passwd.test
+run_test ./passwd/21_passwd_user_change_password_other_user/passwd.test
+run_test ./passwd/22_passwd_usage/passwd.test
+run_test ./login/01_login_prompt/login.test
+run_test ./login/02_login_user/login.test
+run_test ./login/03_login_check_tty/login.test
+run_test ./subids/01_useradd_no_subids/useradd.test
+run_test ./subids/02_useradd_with_subids/useradd.test
+run_test ./subids/03_useradd_no_subgid/useradd.test
+run_test ./subids/04_useradd_no_subuid/useradd.test
+run_test ./subids/05_useradd_fill_gap_start/useradd.test
+run_test ./subids/06_useradd_fill_gap_middle/useradd.test
+run_test ./subids/07_useradd_fill_gap_end/useradd.test
+run_test ./subids/08_useradd_no_more_subuids_start/useradd.test
+run_test ./subids/09_useradd_no_more_subgids_start/useradd.test
+run_test ./subids/10_useradd_no_more_subuids_end/useradd.test
+run_test ./subids/11_useradd_no_more_subgids_end/useradd.test
+run_test ./subids/12_useradd_invalid_subuid_configuration1/useradd.test
+run_test ./subids/13_useradd_invalid_subuid_configuration2/useradd.test
+run_test ./subids/14_useradd_invalid_subuid_configuration3/useradd.test
+run_test ./subids/15_useradd_invalid_subgid_configuration1/useradd.test
+run_test ./subids/16_useradd_invalid_subgid_configuration2/useradd.test
+run_test ./subids/17_useradd_invalid_subgid_configuration3/useradd.test
+run_test ./subids/18_useradd_min=max/useradd.test
+run_test ./subids/19_useradd_locked_subuid/useradd.test
+run_test ./subids/20_useradd_locked_subgid/useradd.test
+run_test ./subids/21_usermod_create_subuid_range/usermod.test
+run_test ./subids/22_usermod_create_subgid_range/usermod.test
+run_test ./subids/23_usermod_create_subids_ranges/usermod.test
+run_test ./subids/24_usermod_create_subids_overlapping_ranges/usermod.test
+run_test ./subids/25_usermod_add_range/usermod.test
+run_test ./subids/26_usermod_add_overlapping_ranges/usermod.test
+run_test ./subids/27_usermod_remove_range_all/usermod.test
+run_test ./subids/28_usermod_remove_range_partial_begin/usermod.test
+run_test ./subids/29_usermod_remove_range_partial_middle/usermod.test
+run_test ./subids/30_usermod_remove_range_partial_end/usermod.test
+run_test ./subids/31_usermod_remove_outside_range/usermod.test
+run_test ./subids/32_usermod_remove_overlapping_range_begin/usermod.test
+run_test ./subids/33_usermod_remove_overlapping_range_end/usermod.test
+run_test ./subids/34_usermod_remove_overlapping_range_all/usermod.test
+run_test ./subids/35_usermod_remove_only_user_ranges/usermod.test
+run_test ./subids/36_usermod_remove_with_comment/usermod.test
+run_test ./subids/37_usermod_-v_invalid_range/usermod.test
+run_test ./subids/38_usermod_-V_invalid_range/usermod.test
+run_test ./subids/39_usermod_-w_invalid_range/usermod.test
+run_test ./subids/40_usermod_-W_invalid_range/usermod.test
+run_test ./subids/41_usermod_locked_subuid/usermod.test
+run_test ./subids/42_usermod_locked_subgid/usermod.test
+run_test ./subids/43_usermod_-w_no_subgid/usermod.test
+run_test ./subids/44_usermod_-W_no_subgid/usermod.test
+run_test ./subids/45_usermod_-v_no_subgid/usermod.test
+run_test ./subids/46_usermod_-V_no_subgid/usermod.test
+run_test ./subids/47_usermod_-v_invalid_range2/usermod.test
+run_test ./subids/48_usermod_-v_invalid_range3/usermod.test
+run_test ./subids/49_usermod_-v_invalid_range4/usermod.test
+run_test ./subids/50_usermod_-v_invalid_range5/usermod.test
+run_test ./subids/51_usermod_-v_invalid_range6/usermod.test
+run_test ./subids/52_usermod_-v_invalid_range7/usermod.test
+run_test ./subids/53_userdel_one_subuid_range/userdel.test
+run_test ./subids/54_userdel_one_subgid_range/userdel.test
+run_test ./subids/55_userdel_no_subuid/userdel.test
+run_test ./subids/56_userdel_no_subgid/userdel.test
+run_test ./subids/57_userdel_multiple_ranges/userdel.test
+run_test ./subids/58_newusers_with_subids/newusers.test
+run_test ./subids/59_newusers_no_subuid/newusers.test
+run_test ./subids/60_newusers_no_subgid/newusers.test
+run_test ./subids/61_newusers_user_alread_has_subgids/newusers.test
+run_test ./subids/62_newusers_user_alread_has_subuids/newusers.test
+run_test ./subids/63_useradd_fill_gap4/useradd.test
+run_test ./subids/64_useradd_fill_gap5/useradd.test
+run_test ./subids/65_useradd_fill_gap6/useradd.test
+run_test ./subids/66_subordinate_range_cmp/useradd.test
+run_test ./subids/67_invalid_subuid_file1/useradd.test
+run_test ./subids/68_invalid_subuid_file2/useradd.test
+run_test ./subids/69_invalid_subuid_file3/useradd.test
+run_test ./subids/70_invalid_subuid_file4/useradd.test
+run_test ./subids/71_useradd_subids_for_system/useradd.test
+run_test ./newuidmap/01_newuidmap/newuidmap.test
+run_test ./newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
+run_test ./newgidmap/01_newgidmap/newgidmap.test
+run_test ./newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
+
+echo
+
+genhtml --quiet --frames --output-directory coverage.test --show-details app_total.info
+
+echo
+echo "$succeeded test(s) passed"
+echo "$failed test(s) failed"
+echo "log written in 'testsuite.log'"
+if [ "$failed" != 0 ]
+then
+	echo "the following tests failed:"
+	echo "$failed_tests"
+fi
diff --git a/tests/tests/run_some b/tests/tests/run_some
new file mode 100755
index 0000000..91f5626
--- /dev/null
+++ b/tests/tests/run_some
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+set -e
+
+export LC_ALL=C
+unset LANG
+unset LANGUAGE
+. common/config.sh
+
+USE_PAM="yes"
+FAILURE_TESTS="yes"
+
+succeeded=0
+failed=0
+failed_tests=""
+
+run_test()
+{
+	[ -f RUN_TEST.STOP ] && exit 1
+
+	passed=0
+	if $1 > $1.log 2>&1
+	then
+		passed=1
+	fi
+
+	if [ -n "$2" ]; then # ignore failure
+		printf '.'
+	elif [ $passed -eq 1 ]; then
+		succeeded=$((succeeded+1))
+		printf '+'
+	else
+		failed=$((failed+1))
+		failed_tests="$failed_tests $1"
+		printf '-'
+	fi
+	cat $1.log >> testsuite.log
+	[ -f /etc/passwd.lock ] && echo $1 /etc/passwd.lock || true
+	[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
+	[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	rm -rf /tmp/test-uidmap
+	if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
+	then
+		echo $1
+		ls -l /etc/shadow
+		chgrp shadow /etc/shadow
+	fi
+	if [ -d /nonexistent ]
+	then
+		echo $1 /nonexistent
+		rmdir /nonexistent
+	fi
+}
+
+echo "+: test passed"
+echo "-: test failed"
+
+# Empty the complete log.
+> testsuite.log
+
+find "${build_path}" -name "*.gcda" -delete
+# ignore the result of the first test.  ~magic~
+run_test ./su/01/su_user.test ignore_failure
+run_test ./su/01/su_user.test
+run_test ./su/01/su_root.test
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./su/02/env_FOO-options_--login
+run_test ./su/02/env_FOO-options_--login_bash
+run_test ./su/02/env_FOO-options_--preserve-environment
+run_test ./su/02/env_FOO-options_--preserve-environment_bash
+run_test ./su/02/env_FOO-options_-
+run_test ./su/02/env_FOO-options_-_bash
+run_test ./su/02/env_FOO-options_-l-m
+run_test ./su/02/env_FOO-options_-l-m_bash
+run_test ./su/02/env_FOO-options_-l
+run_test ./su/02/env_FOO-options_-l_bash
+run_test ./su/02/env_FOO-options_-m_bash
+run_test ./su/02/env_FOO-options_-m
+run_test ./su/02/env_FOO-options_-p
+run_test ./su/02/env_FOO-options_-p_bash
+run_test ./su/02/env_FOO-options__bash
+run_test ./su/02/env_FOO-options_
+run_test ./su/02/env_FOO-options_-p-
+run_test ./su/02/env_FOO-options_-p-_bash
+run_test ./su/02/env_special-options_-l-p
+run_test ./su/02/env_special-options_-l
+run_test ./su/02/env_special-options_-l-p_bash
+run_test ./su/02/env_special-options_-l_bash
+run_test ./su/02/env_special-options_-p
+run_test ./su/02/env_special-options_-p_bash
+run_test ./su/02/env_special-options_
+run_test ./su/02/env_special-options__bash
+run_test ./su/02/env_special_root-options_-l-p
+run_test ./su/02/env_special_root-options_-l-p_bash
+run_test ./su/02/env_special_root-options_-l
+run_test ./su/02/env_special_root-options_-l_bash
+run_test ./su/02/env_special_root-options_-p
+run_test ./su/02/env_special_root-options_-p_bash
+run_test ./su/02/env_special_root-options_
+run_test ./su/02/env_special_root-options__bash
+run_test ./su/03/su_run_command01.test
+run_test ./su/03/su_run_command02.test
+run_test ./su/03/su_run_command03.test
+run_test ./su/03/su_run_command04.test
+run_test ./su/03/su_run_command05.test
+run_test ./su/03/su_run_command06.test
+run_test ./su/03/su_run_command07.test
+run_test ./su/03/su_run_command08.test
+run_test ./su/03/su_run_command09.test
+run_test ./su/03/su_run_command10.test
+run_test ./su/03/su_run_command11.test
+run_test ./su/03/su_run_command12.test
+run_test ./su/03/su_run_command13.test
+run_test ./su/03/su_run_command14.test
+run_test ./su/03/su_run_command15.test
+run_test ./su/03/su_run_command16.test
+run_test ./su/03/su_run_command17.test
+run_test ./su/04/su_wrong_user.test
+run_test ./su/04/su_user_wrong_passwd.test
+run_test ./su/04/su_user_wrong_passwd_syslog.test
+run_test ./su/05/su_user_wrong_passwd_syslog.test
+run_test ./su/06/su_user_syslog.test
+run_test ./su/07/su_user_syslog.test
+run_test ./su/08/env_special-options_
+run_test ./su/08/env_special_root-options_
+run_test ./su/09/env_special-options_
+run_test ./su/09/env_special_root-options_
+run_test ./su/10_su_sulog_success/su.test
+run_test ./su/11_su_sulog_failure/su.test
+run_test ./su/12_su_child_failure/su.test
+run_test ./su/13_su_child_success/su.test
+run_test ./libsubid/01_list_ranges/list_ranges.test
+run_test ./libsubid/02_get_subid_owners/get_subid_owners.test
+run_test ./libsubid/03_add_remove/add_remove_subids.test
+run_test ./newuidmap/01_newuidmap/newuidmap.test
+run_test ./newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
+run_test ./newgidmap/01_newgidmap/newgidmap.test
+run_test ./newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
+run_test ./libsubid/04_nss/subidnss.test
+run_test ./usertools/62_usermod_remove_supplementary_groups/usermod.test
+
+echo
+echo "$succeeded test(s) passed"
+echo "$failed test(s) failed"
+echo "log written in 'testsuite.log'"
+if [ "$failed" != 0 ]
+then
+	echo "the following tests failed:"
+	echo "$failed_tests"
+	exit 1
+fi
diff --git a/tests/tests/split_groups/01_useradd_split_group/config.txt b/tests/tests/split_groups/01_useradd_split_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/default/useradd b/tests/tests/split_groups/01_useradd_split_group/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/group b/tests/tests/split_groups/01_useradd_split_group/config/etc/group
new file mode 100644
index 0000000..af7aa3b
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/gshadow b/tests/tests/split_groups/01_useradd_split_group/config/etc/gshadow
new file mode 100644
index 0000000..cfa80d5
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2
+foo1:*::
+foo2:*::
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/login.defs b/tests/tests/split_groups/01_useradd_split_group/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/passwd b/tests/tests/split_groups/01_useradd_split_group/config/etc/passwd
new file mode 100644
index 0000000..708e6ef
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/shadow b/tests/tests/split_groups/01_useradd_split_group/config/etc/shadow
new file mode 100644
index 0000000..f13ec56
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/group b/tests/tests/split_groups/01_useradd_split_group/data/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/gshadow b/tests/tests/split_groups/01_useradd_split_group/data/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/passwd b/tests/tests/split_groups/01_useradd_split_group/data/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/shadow b/tests/tests/split_groups/01_useradd_split_group/data/shadow
new file mode 100644
index 0000000..cb7911b
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/01_useradd_split_group/useradd.test b/tests/tests/split_groups/01_useradd_split_group/useradd.test
new file mode 100755
index 0000000..402aad9
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group with a full line"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo3, in group foo (useradd -G foo foo3)..."
+useradd -G foo foo3
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config.txt b/tests/tests/split_groups/02_useradd_no_split_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/default/useradd b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/group b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/group
new file mode 100644
index 0000000..af7aa3b
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/gshadow b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/gshadow
new file mode 100644
index 0000000..cfa80d5
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2
+foo1:*::
+foo2:*::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/login.defs b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/login.defs
new file mode 100644
index 0000000..ccf42f7
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	0
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/passwd b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/passwd
new file mode 100644
index 0000000..708e6ef
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/shadow b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/shadow
new file mode 100644
index 0000000..f13ec56
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/group b/tests/tests/split_groups/02_useradd_no_split_group/data/group
new file mode 100644
index 0000000..355db7e
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2,foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/gshadow b/tests/tests/split_groups/02_useradd_no_split_group/data/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/passwd b/tests/tests/split_groups/02_useradd_no_split_group/data/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/shadow b/tests/tests/split_groups/02_useradd_no_split_group/data/shadow
new file mode 100644
index 0000000..cb7911b
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/useradd.test b/tests/tests/split_groups/02_useradd_no_split_group/useradd.test
new file mode 100755
index 0000000..402aad9
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group with a full line"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo3, in group foo (useradd -G foo foo3)..."
+useradd -G foo foo3
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config.txt b/tests/tests/split_groups/03_useradd_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/default/useradd b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/group b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/group b/tests/tests/split_groups/03_useradd_split_group_already_split/data/group
new file mode 100644
index 0000000..3c1c18b
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/group
@@ -0,0 +1,47 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo4
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
+foo4:x:1003:
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/gshadow b/tests/tests/split_groups/03_useradd_split_group_already_split/data/gshadow
new file mode 100644
index 0000000..ca307ab
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/gshadow
@@ -0,0 +1,46 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3,foo4
+foo1:*::
+foo2:*::
+foo3:!::
+foo4:!::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/passwd b/tests/tests/split_groups/03_useradd_split_group_already_split/data/passwd
new file mode 100644
index 0000000..f60db36
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
+foo4:x:1003:1003::/home/foo4:/bin/sh
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/shadow b/tests/tests/split_groups/03_useradd_split_group_already_split/data/shadow
new file mode 100644
index 0000000..3ee0375
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
+foo4:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/useradd.test b/tests/tests/split_groups/03_useradd_split_group_already_split/useradd.test
new file mode 100755
index 0000000..5c8fbad
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config.txt b/tests/tests/split_groups/04_useradd_split_group_already_full/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/default/useradd b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/group b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/group
new file mode 100644
index 0000000..355db7e
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2,foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/gshadow b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/login.defs b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/passwd b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/shadow b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/group b/tests/tests/split_groups/04_useradd_split_group_already_full/data/group
new file mode 100644
index 0000000..3c1c18b
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/group
@@ -0,0 +1,47 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo4
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
+foo4:x:1003:
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/gshadow b/tests/tests/split_groups/04_useradd_split_group_already_full/data/gshadow
new file mode 100644
index 0000000..ca307ab
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/gshadow
@@ -0,0 +1,46 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3,foo4
+foo1:*::
+foo2:*::
+foo3:!::
+foo4:!::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/passwd b/tests/tests/split_groups/04_useradd_split_group_already_full/data/passwd
new file mode 100644
index 0000000..f60db36
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
+foo4:x:1003:1003::/home/foo4:/bin/sh
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/shadow b/tests/tests/split_groups/04_useradd_split_group_already_full/data/shadow
new file mode 100644
index 0000000..3ee0375
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
+foo4:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/useradd.test b/tests/tests/split_groups/04_useradd_split_group_already_full/useradd.test
new file mode 100755
index 0000000..f4aab68
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group with already more user than allowed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config.txt b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/group b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/group
new file mode 100644
index 0000000..bdc8297
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:pass1:999:foo1,foo2
+foo:pass2:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/gshadow b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/login.defs b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/passwd b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/shadow b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/data/useradd.err b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/data/useradd.err
new file mode 100644
index 0000000..050950f
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/data/useradd.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+useradd: failed to prepare the new /etc/group entry 'foo'
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
new file mode 100755
index 0000000..165e47d
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split, with different group passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config.txt b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/group b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/group
new file mode 100644
index 0000000..792c688
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:pass:998:foo1,foo2
+foo:pass:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/gshadow b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/login.defs b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/passwd b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/shadow b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/data/useradd.err b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/data/useradd.err
new file mode 100644
index 0000000..050950f
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/data/useradd.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+useradd: failed to prepare the new /etc/group entry 'foo'
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
new file mode 100755
index 0000000..970d10c
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split, with different GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config.txt b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/default/useradd b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/group b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/group
new file mode 100644
index 0000000..c4ea1f0
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo1
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/gshadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/login.defs b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/passwd b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/shadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/group b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/group
new file mode 100644
index 0000000..3c1c18b
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/group
@@ -0,0 +1,47 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo4
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
+foo4:x:1003:
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/gshadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/gshadow
new file mode 100644
index 0000000..ca307ab
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/gshadow
@@ -0,0 +1,46 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3,foo4
+foo1:*::
+foo2:*::
+foo3:!::
+foo4:!::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/passwd b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/passwd
new file mode 100644
index 0000000..f60db36
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
+foo4:x:1003:1003::/home/foo4:/bin/sh
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/shadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/shadow
new file mode 100644
index 0000000..3ee0375
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
+foo4:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
new file mode 100755
index 0000000..5c8fbad
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config.txt b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/group b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..ccf42f7
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	0
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/data/useradd.err b/tests/tests/split_groups/08_useradd_no_split_group_already_split/data/useradd.err
new file mode 100644
index 0000000..050950f
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/data/useradd.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+useradd: failed to prepare the new /etc/group entry 'foo'
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/useradd.test b/tests/tests/split_groups/08_useradd_no_split_group_already_split/useradd.test
new file mode 100755
index 0000000..055dec9
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split, with MAX_MEMBERS_PER_GROUP set to 0"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config.txt b/tests/tests/split_groups/09_groupdel_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/group b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/data/group b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/group
new file mode 100644
index 0000000..7053f0e
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/data/gshadow b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/gshadow
new file mode 100644
index 0000000..f2ee7ec
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/groupdel.test b/tests/tests/split_groups/09_groupdel_split_group_already_split/groupdel.test
new file mode 100755
index 0000000..0789a2e
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/groupdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete a split group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config.txt b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/group b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..ccf42f7
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	0
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/data/groupdel.err b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/data/groupdel.err
new file mode 100644
index 0000000..7bd0741
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/data/groupdel.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+groupdel: cannot remove entry 'foo' from /etc/group
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/groupdel.test b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/groupdel.test
new file mode 100755
index 0000000..b1086b6
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete a split group, with MAX_MEMBERS_PER_GROUP set to 0"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/01/config.txt b/tests/tests/su/01/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/01/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/01/config/etc/group b/tests/tests/su/01/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/01/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/01/config/etc/gshadow b/tests/tests/su/01/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/01/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/01/config/etc/passwd b/tests/tests/su/01/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/01/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/01/config/etc/shadow b/tests/tests/su/01/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/01/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/01/run_su.exp b/tests/tests/su/01/run_su.exp
new file mode 100755
index 0000000..f1c1fb4
--- /dev/null
+++ b/tests/tests/su/01/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL (timeout)"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/01/su_root.test b/tests/tests/su/01/su_root.test
new file mode 100755
index 0000000..1bc2268
--- /dev/null
+++ b/tests/tests/su/01/su_root.test
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to root"
+
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp root rootF00barbaz '# '
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/01/su_user.test b/tests/tests/su/01/su_user.test
new file mode 100755
index 0000000..7fd1f57
--- /dev/null
+++ b/tests/tests/su/01/su_user.test
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/config.txt b/tests/tests/su/02/config.txt
new file mode 100644
index 0000000..70dfcd2
--- /dev/null
+++ b/tests/tests/su/02/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+# /etc/profile is empty to avoid interferences.
diff --git a/tests/tests/su/02/config/etc/group b/tests/tests/su/02/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/02/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/02/config/etc/gshadow b/tests/tests/su/02/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/02/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/02/config/etc/passwd b/tests/tests/su/02/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/su/02/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/02/config/etc/profile b/tests/tests/su/02/config/etc/profile
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/02/config/etc/profile
diff --git a/tests/tests/su/02/config/etc/shadow b/tests/tests/su/02/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/02/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/02/env_FOO-options_ b/tests/tests/su/02/env_FOO-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_- b/tests/tests/su/02/env_FOO-options_-
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--login b/tests/tests/su/02/env_FOO-options_--login
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--login
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--login.exp b/tests/tests/su/02/env_FOO-options_--login.exp
new file mode 100755
index 0000000..6f84498
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--login.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su --login, make a login shell
+#
+#=============================================================================
+send "/bin/su --login $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be empty"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--login_bash b/tests/tests/su/02/env_FOO-options_--login_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--login_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--preserve-environment b/tests/tests/su/02/env_FOO-options_--preserve-environment
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--preserve-environment
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--preserve-environment.exp b/tests/tests/su/02/env_FOO-options_--preserve-environment.exp
new file mode 100755
index 0000000..99fd27b
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--preserve-environment.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su --preserve-environment, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--preserve-environment_bash b/tests/tests/su/02/env_FOO-options_--preserve-environment_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--preserve-environment_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-.exp b/tests/tests/su/02/env_FOO-options_-.exp
new file mode 100755
index 0000000..d6251a7
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -, make a login shell
+#
+#=============================================================================
+send "/bin/su - $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be empty"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-_bash b/tests/tests/su/02/env_FOO-options_-_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l b/tests/tests/su/02/env_FOO-options_-l
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l-m b/tests/tests/su/02/env_FOO-options_-l-m
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l-m
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l-m.exp b/tests/tests/su/02/env_FOO-options_-l-m.exp
new file mode 100755
index 0000000..0e8ede1
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l-m.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l -m, make a login shell, but preserve environment
+#
+#=============================================================================
+send "/bin/su -l -m $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l-m_bash b/tests/tests/su/02/env_FOO-options_-l-m_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l-m_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l.exp b/tests/tests/su/02/env_FOO-options_-l.exp
new file mode 100755
index 0000000..87bc038
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l, make a login shell
+#
+#=============================================================================
+send "/bin/su - $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be empty"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l_bash b/tests/tests/su/02/env_FOO-options_-l_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-m b/tests/tests/su/02/env_FOO-options_-m
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-m
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-m.exp b/tests/tests/su/02/env_FOO-options_-m.exp
new file mode 100755
index 0000000..e63eff9
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-m.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -m, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-m_bash b/tests/tests/su/02/env_FOO-options_-m_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-m_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p b/tests/tests/su/02/env_FOO-options_-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p- b/tests/tests/su/02/env_FOO-options_-p-
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p-
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p-.exp b/tests/tests/su/02/env_FOO-options_-p-.exp
new file mode 100755
index 0000000..fce2de3
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p-.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -p -, make a login shell, but preserve environment
+#
+#=============================================================================
+send "/bin/su -p $command - myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p-_bash b/tests/tests/su/02/env_FOO-options_-p-_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p-_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p.exp b/tests/tests/su/02/env_FOO-options_-p.exp
new file mode 100755
index 0000000..e63eff9
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -m, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p_bash b/tests/tests/su/02/env_FOO-options_-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_.exp b/tests/tests/su/02/env_FOO-options_.exp
new file mode 100755
index 0000000..fc0f2a9
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options__bash b/tests/tests/su/02/env_FOO-options__bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options__bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_ b/tests/tests/su/02/env_special-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l b/tests/tests/su/02/env_special-options_-l
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l-p b/tests/tests/su/02/env_special-options_-l-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l-p.exp b/tests/tests/su/02/env_special-options_-l-p.exp
new file mode 100755
index 0000000..355bfc2
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l-p.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -m -l, make a login shell, but preserve environment
+# However, PATH is not preserved, but set to what it would be with login
+#
+#=============================================================================
+send "/bin/su -p $command -l myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options_-l-p_bash b/tests/tests/su/02/env_special-options_-l-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l.exp b/tests/tests/su/02/env_special-options_-l.exp
new file mode 100755
index 0000000..d49e1ab
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l.exp
@@ -0,0 +1,54 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l, make a login shell
+#
+#=============================================================================
+send "/bin/su - $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options_-l_bash b/tests/tests/su/02/env_special-options_-l_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-p b/tests/tests/su/02/env_special-options_-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-p.exp b/tests/tests/su/02/env_special-options_-p.exp
new file mode 100755
index 0000000..e2f1ba4
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-p.exp
@@ -0,0 +1,56 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect -re "PATH=\"(.*)\"\r" {set PATH $expect_out(1,string)}
+send_user "PATH='$PATH'"
+expect "# "
+
+#=============================================================================
+#
+# su -m, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'root'root'/bin/bash'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options_-p_bash b/tests/tests/su/02/env_special-options_-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_.exp b/tests/tests/su/02/env_special-options_.exp
new file mode 100755
index 0000000..7c69860
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options__bash b/tests/tests/su/02/env_special-options__bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options__bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_ b/tests/tests/su/02/env_special_root-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l b/tests/tests/su/02/env_special_root-options_-l
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l-p b/tests/tests/su/02/env_special_root-options_-l-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l-p.exp b/tests/tests/su/02/env_special_root-options_-l-p.exp
new file mode 100755
index 0000000..06e9f4a
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l-p.exp
@@ -0,0 +1,57 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l -p root, make a login shell, but preserve environment
+# However, PATH is not preserved, but set to what it would be with login
+# for root
+#
+#=============================================================================
+send "/bin/su -p $command - root\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l-p_bash b/tests/tests/su/02/env_special_root-options_-l-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l.exp b/tests/tests/su/02/env_special_root-options_-l.exp
new file mode 100755
index 0000000..bcbd39c
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l.exp
@@ -0,0 +1,54 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l root, make a login shell
+#
+#=============================================================================
+send "/bin/su $command -l root\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l_bash b/tests/tests/su/02/env_special_root-options_-l_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-p b/tests/tests/su/02/env_special_root-options_-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-p.exp b/tests/tests/su/02/env_special_root-options_-p.exp
new file mode 100755
index 0000000..62f7aa7
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-p.exp
@@ -0,0 +1,56 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect -re "PATH=\"(.*)\"\r" {set PATH $expect_out(1,string)}
+send_user "PATH='$PATH'"
+expect "# "
+
+#=============================================================================
+#
+# su -p root, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-p_bash b/tests/tests/su/02/env_special_root-options_-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_.exp b/tests/tests/su/02/env_special_root-options_.exp
new file mode 100755
index 0000000..7f4b271
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su to root, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su $command\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options__bash b/tests/tests/su/02/env_special_root-options__bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options__bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/run_env_test.sh b/tests/tests/su/02/run_env_test.sh
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/run_env_test.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/config/etc/group b/tests/tests/su/03/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/03/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/03/config/etc/gshadow b/tests/tests/su/03/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/03/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/03/config/etc/passwd b/tests/tests/su/03/config/etc/passwd
new file mode 100644
index 0000000..eabf509
--- /dev/null
+++ b/tests/tests/su/03/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:
+testsuite::424242:424242::/home/:
diff --git a/tests/tests/su/03/config/etc/shadow b/tests/tests/su/03/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/03/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/03/data/ls.out b/tests/tests/su/03/data/ls.out
new file mode 100644
index 0000000..ee19d5d
--- /dev/null
+++ b/tests/tests/su/03/data/ls.out
@@ -0,0 +1 @@
+etc
diff --git a/tests/tests/su/03/su_run_command01.test b/tests/tests/su/03/su_run_command01.test
new file mode 100755
index 0000000..776d43f
--- /dev/null
+++ b/tests/tests/su/03/su_run_command01.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su myuser -c 'ls config'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser -c 'ls config'> tmp/out 2> tmp/err"
+/bin/su myuser -c 'ls config'> tmp/out 2> tmp/err
+
+echo "su reported:"
+echo "=== stdout ==="
+cat tmp/out
+echo "=== stderr ==="
+cat tmp/err
+echo "=============="
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command02.test b/tests/tests/su/03/su_run_command02.test
new file mode 100755
index 0000000..ff0c434
--- /dev/null
+++ b/tests/tests/su/03/su_run_command02.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su -- myuser -c 'ls config'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -- myuser -c 'ls config'> tmp/out 2> tmp/err"
+/bin/su -- myuser -c 'ls config'> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command03.test b/tests/tests/su/03/su_run_command03.test
new file mode 100755
index 0000000..2abde6a
--- /dev/null
+++ b/tests/tests/su/03/su_run_command03.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su myuser -- -c 'ls config'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser -- -c 'ls config'> tmp/out 2> tmp/err"
+/bin/su myuser -- -c 'ls config'> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command04.test b/tests/tests/su/03/su_run_command04.test
new file mode 100755
index 0000000..c2a09c2
--- /dev/null
+++ b/tests/tests/su/03/su_run_command04.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su -c 'ls config' myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -c 'ls config' myuser> tmp/out 2> tmp/err"
+/bin/su -c 'ls config' myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command05.test b/tests/tests/su/03/su_run_command05.test
new file mode 100755
index 0000000..f7d278b
--- /dev/null
+++ b/tests/tests/su/03/su_run_command05.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su -c 'ls config' -- myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -c 'ls config' -- myuser> tmp/out 2> tmp/err"
+/bin/su -c 'ls config' -- myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command06.test b/tests/tests/su/03/su_run_command06.test
new file mode 100755
index 0000000..146af83
--- /dev/null
+++ b/tests/tests/su/03/su_run_command06.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command07.test b/tests/tests/su/03/su_run_command07.test
new file mode 100755
index 0000000..9f08c2a
--- /dev/null
+++ b/tests/tests/su/03/su_run_command07.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su - myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su - myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su - myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command08.test b/tests/tests/su/03/su_run_command08.test
new file mode 100755
index 0000000..51b8bab
--- /dev/null
+++ b/tests/tests/su/03/su_run_command08.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su - -- myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su - -- myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su - -- myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command09.test b/tests/tests/su/03/su_run_command09.test
new file mode 100755
index 0000000..d24df2c
--- /dev/null
+++ b/tests/tests/su/03/su_run_command09.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su - myuser -- -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su - myuser -- -c pwd> tmp/out 2> tmp/err"
+/bin/su - myuser -- -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command10.test b/tests/tests/su/03/su_run_command10.test
new file mode 100755
index 0000000..c74f79f
--- /dev/null
+++ b/tests/tests/su/03/su_run_command10.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -l myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -l myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su -l myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command11.test b/tests/tests/su/03/su_run_command11.test
new file mode 100755
index 0000000..8a6311b
--- /dev/null
+++ b/tests/tests/su/03/su_run_command11.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su --login -- myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su --login -- myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su --login -- myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command12.test b/tests/tests/su/03/su_run_command12.test
new file mode 100755
index 0000000..6ac4f20
--- /dev/null
+++ b/tests/tests/su/03/su_run_command12.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -l myuser -- -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -l myuser -- -c pwd> tmp/out 2> tmp/err"
+/bin/su -l myuser -- -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command13.test b/tests/tests/su/03/su_run_command13.test
new file mode 100755
index 0000000..0b042b9
--- /dev/null
+++ b/tests/tests/su/03/su_run_command13.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -p -c pwd -- - myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -p -c pwd -- - myuser> tmp/out 2> tmp/err"
+/bin/su -p -c pwd -- - myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || {
+	echo "FAIL"
+	echo "tmp/err is not empty:"
+	cat tmp/err
+	false
+}
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command14.test b/tests/tests/su/03/su_run_command14.test
new file mode 100755
index 0000000..c8fc49b
--- /dev/null
+++ b/tests/tests/su/03/su_run_command14.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -p -c pwd - myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -p -c pwd - myuser> tmp/out 2> tmp/err"
+/bin/su -p -c pwd - myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command15.test b/tests/tests/su/03/su_run_command15.test
new file mode 100755
index 0000000..d57b27d
--- /dev/null
+++ b/tests/tests/su/03/su_run_command15.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -c pwd -p - myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -c pwd -p - myuser> tmp/out 2> tmp/err"
+/bin/su -c pwd -p - myuser> tmp/out 2> tmp/err
+
+echo "su reported:"
+echo "=== stdout ==="
+cat tmp/out
+echo "=== stderr ==="
+cat tmp/err
+echo "=============="
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command16.test b/tests/tests/su/03/su_run_command16.test
new file mode 100755
index 0000000..2876516
--- /dev/null
+++ b/tests/tests/su/03/su_run_command16.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -c pwd - -p myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -c pwd - -p myuser> tmp/out 2> tmp/err"
+/bin/su -c pwd - -p myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command17.test b/tests/tests/su/03/su_run_command17.test
new file mode 100755
index 0000000..b423faa
--- /dev/null
+++ b/tests/tests/su/03/su_run_command17.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -c pwd - myuser -p"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -c pwd - myuser -p> tmp/out 2> tmp/err"
+/bin/su -c pwd - myuser -p> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/04/config.txt b/tests/tests/su/04/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/04/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/04/config/etc/group b/tests/tests/su/04/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/04/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/04/config/etc/gshadow b/tests/tests/su/04/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/04/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/04/config/etc/login.defs b/tests/tests/su/04/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/su/04/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/04/config/etc/passwd b/tests/tests/su/04/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/04/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/04/config/etc/shadow b/tests/tests/su/04/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/04/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/04/config/var/log/auth.log b/tests/tests/su/04/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/04/config/var/log/auth.log
diff --git a/tests/tests/su/04/data/wrong_user.err b/tests/tests/su/04/data/wrong_user.err
new file mode 100644
index 0000000..774438e
--- /dev/null
+++ b/tests/tests/su/04/data/wrong_user.err
@@ -0,0 +1 @@
+No passwd entry for user 'myuser2'
diff --git a/tests/tests/su/04/run_su_failed.exp b/tests/tests/su/04/run_su_failed.exp
new file mode 100755
index 0000000..1811bfc
--- /dev/null
+++ b/tests/tests/su/04/run_su_failed.exp
@@ -0,0 +1,58 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect failure"
+
+expect "su: Authentication failure\r"
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n# make sure we are still 'testsuite'"
+send "\r"			;# restore the prompt for the logs
+expect "$ "			;# Wait for the prompt
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+expect "$ "			;# Wait for the prompt
+send "exit\r"
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/su/04/su_user_wrong_passwd.test b/tests/tests/su/04/su_user_wrong_passwd.test
new file mode 100755
index 0000000..757f0f1
--- /dev/null
+++ b/tests/tests/su/04/su_user_wrong_passwd.test
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su_failed.exp myuser myuserF00barbaz_wrongpass '$ '
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/04/su_user_wrong_passwd_syslog.test b/tests/tests/su/04/su_user_wrong_passwd_syslog.test
new file mode 100755
index 0000000..6c6a55d
--- /dev/null
+++ b/tests/tests/su/04/su_user_wrong_passwd_syslog.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su_failed.exp myuser myuserF00barbaz_wrongpass '$ '
+
+echo
+
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'FAILED su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "FAILED su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "Looking for '- pts/[0-9]+ testsuite:myuser' in /var/log/auth.log..."
+grep -q -E "\- /dev/pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/04/su_wrong_user.test b/tests/tests/su/04/su_wrong_user.test
new file mode 100755
index 0000000..96b4dc3
--- /dev/null
+++ b/tests/tests/su/04/su_wrong_user.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "su with a wrong user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser2 -c pwd> tmp/out 2> tmp/err"
+/bin/su myuser2 -c pwd> tmp/out 2> tmp/err || {
+	status=$?
+}
+
+echo -n "Checking status=1..."
+test "$status" = "1"
+echo OK
+
+echo -n "Checking tmp/out..."
+[ "$(wc -c tmp/out)" = "0 tmp/out" ] || {
+	echo "FAIL"
+	echo "tmp/out is not empty:"
+	cat tmp/out
+	false
+}
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+diff -au data/wrong_user.err tmp/err 
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/05/config.txt b/tests/tests/su/05/config.txt
new file mode 100644
index 0000000..e70e04e
--- /dev/null
+++ b/tests/tests/su/05/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+#
+# Same config as 04, with SYSLOG_SU_ENAB set to "no"
diff --git a/tests/tests/su/05/config/etc/group b/tests/tests/su/05/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/05/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/05/config/etc/gshadow b/tests/tests/su/05/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/05/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/05/config/etc/login.defs b/tests/tests/su/05/config/etc/login.defs
new file mode 100644
index 0000000..91e45f5
--- /dev/null
+++ b/tests/tests/su/05/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/05/config/etc/passwd b/tests/tests/su/05/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/05/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/05/config/etc/shadow b/tests/tests/su/05/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/05/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/05/config/var/log/auth.log b/tests/tests/su/05/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/05/config/var/log/auth.log
diff --git a/tests/tests/su/05/run_su_failed.exp b/tests/tests/su/05/run_su_failed.exp
new file mode 100755
index 0000000..1811bfc
--- /dev/null
+++ b/tests/tests/su/05/run_su_failed.exp
@@ -0,0 +1,58 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect failure"
+
+expect "su: Authentication failure\r"
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n# make sure we are still 'testsuite'"
+send "\r"			;# restore the prompt for the logs
+expect "$ "			;# Wait for the prompt
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+expect "$ "			;# Wait for the prompt
+send "exit\r"
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/su/05/su_user_wrong_passwd_syslog.test b/tests/tests/su/05/su_user_wrong_passwd_syslog.test
new file mode 100755
index 0000000..339e6ff
--- /dev/null
+++ b/tests/tests/su/05/su_user_wrong_passwd_syslog.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su_failed.exp myuser myuserF00barbaz_wrongpass '$ '
+
+echo
+
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'FAILED su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "FAILED su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "'- pts/[0-9]+ testsuite:myuser' should not be logged in /var/log/auth.log..."
+grep -v -q -E "\- pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/06/config.txt b/tests/tests/su/06/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/06/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/06/config/etc/group b/tests/tests/su/06/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/06/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/06/config/etc/gshadow b/tests/tests/su/06/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/06/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/06/config/etc/login.defs b/tests/tests/su/06/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/su/06/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/06/config/etc/passwd b/tests/tests/su/06/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/06/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/06/config/etc/shadow b/tests/tests/su/06/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/06/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/06/config/var/log/auth.log b/tests/tests/su/06/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/06/config/var/log/auth.log
diff --git a/tests/tests/su/06/run_su.exp b/tests/tests/su/06/run_su.exp
new file mode 100755
index 0000000..ebe5068
--- /dev/null
+++ b/tests/tests/su/06/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/06/su_user_syslog.test b/tests/tests/su/06/su_user_syslog.test
new file mode 100755
index 0000000..50ca92e
--- /dev/null
+++ b/tests/tests/su/06/su_user_syslog.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'Successful su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "Successful su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "Looking for '+ pts/[0-9]+ tstsuite:myuser' in /var/log/auth.log..."
+grep -q -E "\+ /dev/pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/07/config.txt b/tests/tests/su/07/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/07/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/07/config/etc/group b/tests/tests/su/07/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/07/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/07/config/etc/gshadow b/tests/tests/su/07/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/07/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/07/config/etc/login.defs b/tests/tests/su/07/config/etc/login.defs
new file mode 100644
index 0000000..91e45f5
--- /dev/null
+++ b/tests/tests/su/07/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/07/config/etc/passwd b/tests/tests/su/07/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/07/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/07/config/etc/shadow b/tests/tests/su/07/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/07/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/07/config/var/log/auth.log b/tests/tests/su/07/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/07/config/var/log/auth.log
diff --git a/tests/tests/su/07/run_su.exp b/tests/tests/su/07/run_su.exp
new file mode 100755
index 0000000..ebe5068
--- /dev/null
+++ b/tests/tests/su/07/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/07/su_user_syslog.test b/tests/tests/su/07/su_user_syslog.test
new file mode 100755
index 0000000..3c84121
--- /dev/null
+++ b/tests/tests/su/07/su_user_syslog.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'Successful su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "Successful su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "Looking for '+ pts/[0-9]+ tstsuite:myuser' in /var/log/auth.log..."
+grep -v -q -E "\+ pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/08/config.txt b/tests/tests/su/08/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/08/config.txt
diff --git a/tests/tests/su/08/config/etc/group b/tests/tests/su/08/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/08/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/08/config/etc/gshadow b/tests/tests/su/08/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/08/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/08/config/etc/login.defs b/tests/tests/su/08/config/etc/login.defs
new file mode 100644
index 0000000..01b74d9
--- /dev/null
+++ b/tests/tests/su/08/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/08/config/etc/passwd b/tests/tests/su/08/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/su/08/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/08/config/etc/shadow b/tests/tests/su/08/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/08/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/08/env_special-options_ b/tests/tests/su/08/env_special-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/08/env_special-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/08/env_special-options_.exp b/tests/tests/su/08/env_special-options_.exp
new file mode 100755
index 0000000..7c69860
--- /dev/null
+++ b/tests/tests/su/08/env_special-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/08/env_special_root-options_ b/tests/tests/su/08/env_special_root-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/08/env_special_root-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/08/env_special_root-options_.exp b/tests/tests/su/08/env_special_root-options_.exp
new file mode 100755
index 0000000..7f4b271
--- /dev/null
+++ b/tests/tests/su/08/env_special_root-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su to root, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su $command\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/09/config.txt b/tests/tests/su/09/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/09/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/09/config/etc/group b/tests/tests/su/09/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/09/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/09/config/etc/gshadow b/tests/tests/su/09/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/09/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/09/config/etc/login.defs b/tests/tests/su/09/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/su/09/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/09/config/etc/passwd b/tests/tests/su/09/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/su/09/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/09/config/etc/shadow b/tests/tests/su/09/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/09/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/09/env_special-options_ b/tests/tests/su/09/env_special-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/09/env_special-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/09/env_special-options_.exp b/tests/tests/su/09/env_special-options_.exp
new file mode 100755
index 0000000..a116a1a
--- /dev/null
+++ b/tests/tests/su/09/env_special-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/bin:/usr/bin'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/bin:/usr/bin\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/09/env_special_root-options_ b/tests/tests/su/09/env_special_root-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/09/env_special_root-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/09/env_special_root-options_.exp b/tests/tests/su/09/env_special_root-options_.exp
new file mode 100755
index 0000000..726616d
--- /dev/null
+++ b/tests/tests/su/09/env_special_root-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su to root, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su $command\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/sbin:/bin:/usr/sbin:/usr/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/sbin:/bin:/usr/sbin:/usr/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/10_su_sulog_success/config.txt b/tests/tests/su/10_su_sulog_success/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/group b/tests/tests/su/10_su_sulog_success/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/gshadow b/tests/tests/su/10_su_sulog_success/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/login.defs b/tests/tests/su/10_su_sulog_success/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/passwd b/tests/tests/su/10_su_sulog_success/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/shadow b/tests/tests/su/10_su_sulog_success/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/10_su_sulog_success/config/var/log/sulog b/tests/tests/su/10_su_sulog_success/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/var/log/sulog
diff --git a/tests/tests/su/10_su_sulog_success/data/sulog b/tests/tests/su/10_su_sulog_success/data/sulog
new file mode 100644
index 0000000..cba81e9
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/data/sulog
@@ -0,0 +1 @@
+2 /var/log/sulog
diff --git a/tests/tests/su/10_su_sulog_success/run_su.exp b/tests/tests/su/10_su_sulog_success/run_su.exp
new file mode 100755
index 0000000..ebe5068
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/10_su_sulog_success/su.test b/tests/tests/su/10_su_sulog_success/su.test
new file mode 100755
index 0000000..3e98b36
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/su.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo -n "Check /var/log/sulog..."
+wc -l /var/log/sulog > tmp/sulog
+d=$(date +"SU %m/%d %H:%M")
+cat /var/log/sulog | \
+    grep -E -v "$d \+ /dev/pts/[0-9]* root-testsuite" | \
+    grep -E -v "$d \+ /dev/pts/[0-9]* testsuite-myuser" \
+        >> tmp/sulog || true
+diff -auN tmp/sulog data/sulog
+echo "OK"
+rm -f tmp/sulog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/11_su_sulog_failure/config.txt b/tests/tests/su/11_su_sulog_failure/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/group b/tests/tests/su/11_su_sulog_failure/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/gshadow b/tests/tests/su/11_su_sulog_failure/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/login.defs b/tests/tests/su/11_su_sulog_failure/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/passwd b/tests/tests/su/11_su_sulog_failure/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/shadow b/tests/tests/su/11_su_sulog_failure/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/11_su_sulog_failure/config/var/log/sulog b/tests/tests/su/11_su_sulog_failure/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/var/log/sulog
diff --git a/tests/tests/su/11_su_sulog_failure/data/sulog b/tests/tests/su/11_su_sulog_failure/data/sulog
new file mode 100644
index 0000000..cba81e9
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/data/sulog
@@ -0,0 +1 @@
+2 /var/log/sulog
diff --git a/tests/tests/su/11_su_sulog_failure/run_su.exp b/tests/tests/su/11_su_sulog_failure/run_su.exp
new file mode 100755
index 0000000..cbac2b5
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/run_su.exp
@@ -0,0 +1,67 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password wrong\r"	;# Send the password
+
+send_user "\n# password '$password wrong' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect {
+	# Wait for the new prompt
+	"$ " {
+		send_user "\n\n# make sure we are 'testsuite'\n"
+		send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+		expect "uid=424243(testsuite) gid=424243 groups=424243"
+		send "exit\r"
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/11_su_sulog_failure/su.test b/tests/tests/su/11_su_sulog_failure/su.test
new file mode 100755
index 0000000..3a46eaa
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/su.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo -n "Check /var/log/sulog..."
+wc -l /var/log/sulog > tmp/sulog
+d1=$(date +"SU %m/%d %H:%M")
+d2=$(date -d"1 minute ago" +"SU %m/%d %H:%M")
+cat /var/log/sulog | \
+    grep -E -v "$d1 \+ /dev/pts/[0-9]* root-testsuite"  | \
+    grep -E -v "$d2 \+ /dev/pts/[0-9]* root-testsuite"  | \
+    grep -E -v "$d1 - /dev/pts/[0-9]* testsuite-myuser" | \
+    grep -E -v "$d2 - /dev/pts/[0-9]* testsuite-myuser" \
+        >> tmp/sulog || true
+diff -au data/sulog tmp/sulog
+echo "OK"
+rm -f tmp/sulog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/12_su_child_failure/config.txt b/tests/tests/su/12_su_child_failure/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/12_su_child_failure/config/etc/group b/tests/tests/su/12_su_child_failure/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/12_su_child_failure/config/etc/gshadow b/tests/tests/su/12_su_child_failure/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/12_su_child_failure/config/etc/login.defs b/tests/tests/su/12_su_child_failure/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/12_su_child_failure/config/etc/passwd b/tests/tests/su/12_su_child_failure/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/12_su_child_failure/config/etc/shadow b/tests/tests/su/12_su_child_failure/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/12_su_child_failure/config/var/log/sulog b/tests/tests/su/12_su_child_failure/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/var/log/sulog
diff --git a/tests/tests/su/12_su_child_failure/su.test b/tests/tests/su/12_su_child_failure/su.test
new file mode 100755
index 0000000..948f113
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/su.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su return failures of its child"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Run su, execute false..."
+su -l myuser -c false && exit || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check the return status..."
+[ "$status" = "1" ]
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/13_su_child_success/config.txt b/tests/tests/su/13_su_child_success/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/13_su_child_success/config/etc/group b/tests/tests/su/13_su_child_success/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/13_su_child_success/config/etc/gshadow b/tests/tests/su/13_su_child_success/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/13_su_child_success/config/etc/login.defs b/tests/tests/su/13_su_child_success/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/13_su_child_success/config/etc/passwd b/tests/tests/su/13_su_child_success/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/13_su_child_success/config/etc/shadow b/tests/tests/su/13_su_child_success/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/13_su_child_success/config/var/log/sulog b/tests/tests/su/13_su_child_success/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/var/log/sulog
diff --git a/tests/tests/su/13_su_child_success/su.test b/tests/tests/su/13_su_child_success/su.test
new file mode 100755
index 0000000..6ff932c
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/su.test
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su return failures of its child"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Run su, execute false..."
+su -l myuser -c true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/01_useradd_no_subids/config.txt b/tests/tests/subids/01_useradd_no_subids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config.txt
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/default/useradd b/tests/tests/subids/01_useradd_no_subids/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/group b/tests/tests/subids/01_useradd_no_subids/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/gshadow b/tests/tests/subids/01_useradd_no_subids/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/passwd b/tests/tests/subids/01_useradd_no_subids/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/shadow b/tests/tests/subids/01_useradd_no_subids/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/subgid b/tests/tests/subids/01_useradd_no_subids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/subgid
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/subuid b/tests/tests/subids/01_useradd_no_subids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/subuid
diff --git a/tests/tests/subids/01_useradd_no_subids/data/group b/tests/tests/subids/01_useradd_no_subids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/01_useradd_no_subids/data/gshadow b/tests/tests/subids/01_useradd_no_subids/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/01_useradd_no_subids/data/passwd b/tests/tests/subids/01_useradd_no_subids/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/01_useradd_no_subids/data/shadow b/tests/tests/subids/01_useradd_no_subids/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/01_useradd_no_subids/useradd.test b/tests/tests/subids/01_useradd_no_subids/useradd.test
new file mode 100755
index 0000000..768d0aa
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/useradd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd does not create /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid /etc/subuid..."
+rm -f /etc/subgid /etc/subuid
+echo "OK"
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check that /etc/subuid and /etc/subgid were not created..."
+test ! -f /etc/subgid
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/02_useradd_with_subids/config.txt b/tests/tests/subids/02_useradd_with_subids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config.txt
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/default/useradd b/tests/tests/subids/02_useradd_with_subids/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/group b/tests/tests/subids/02_useradd_with_subids/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/gshadow b/tests/tests/subids/02_useradd_with_subids/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/passwd b/tests/tests/subids/02_useradd_with_subids/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/shadow b/tests/tests/subids/02_useradd_with_subids/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/subgid b/tests/tests/subids/02_useradd_with_subids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/subgid
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/subuid b/tests/tests/subids/02_useradd_with_subids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/subuid
diff --git a/tests/tests/subids/02_useradd_with_subids/data/group b/tests/tests/subids/02_useradd_with_subids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/02_useradd_with_subids/data/gshadow b/tests/tests/subids/02_useradd_with_subids/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/02_useradd_with_subids/data/passwd b/tests/tests/subids/02_useradd_with_subids/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/02_useradd_with_subids/data/shadow b/tests/tests/subids/02_useradd_with_subids/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/02_useradd_with_subids/data/subgid b/tests/tests/subids/02_useradd_with_subids/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/02_useradd_with_subids/data/subuid b/tests/tests/subids/02_useradd_with_subids/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/02_useradd_with_subids/useradd.test b/tests/tests/subids/02_useradd_with_subids/useradd.test
new file mode 100755
index 0000000..e9154c1
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd adds subids in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/03_useradd_no_subgid/config.txt b/tests/tests/subids/03_useradd_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config.txt
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/default/useradd b/tests/tests/subids/03_useradd_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/group b/tests/tests/subids/03_useradd_no_subgid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/gshadow b/tests/tests/subids/03_useradd_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/passwd b/tests/tests/subids/03_useradd_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/shadow b/tests/tests/subids/03_useradd_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/subgid b/tests/tests/subids/03_useradd_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/subuid b/tests/tests/subids/03_useradd_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/group b/tests/tests/subids/03_useradd_no_subgid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/gshadow b/tests/tests/subids/03_useradd_no_subgid/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/passwd b/tests/tests/subids/03_useradd_no_subgid/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/shadow b/tests/tests/subids/03_useradd_no_subgid/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/subuid b/tests/tests/subids/03_useradd_no_subgid/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/03_useradd_no_subgid/useradd.test b/tests/tests/subids/03_useradd_no_subgid/useradd.test
new file mode 100755
index 0000000..5312710
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/useradd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/subuid even if /etc/subgid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/04_useradd_no_subuid/config.txt b/tests/tests/subids/04_useradd_no_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config.txt
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/default/useradd b/tests/tests/subids/04_useradd_no_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/group b/tests/tests/subids/04_useradd_no_subuid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/gshadow b/tests/tests/subids/04_useradd_no_subuid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/passwd b/tests/tests/subids/04_useradd_no_subuid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/shadow b/tests/tests/subids/04_useradd_no_subuid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/subgid b/tests/tests/subids/04_useradd_no_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/subgid
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/subuid b/tests/tests/subids/04_useradd_no_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/subuid
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/group b/tests/tests/subids/04_useradd_no_subuid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/gshadow b/tests/tests/subids/04_useradd_no_subuid/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/passwd b/tests/tests/subids/04_useradd_no_subuid/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/shadow b/tests/tests/subids/04_useradd_no_subuid/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/subgid b/tests/tests/subids/04_useradd_no_subuid/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/04_useradd_no_subuid/useradd.test b/tests/tests/subids/04_useradd_no_subuid/useradd.test
new file mode 100755
index 0000000..ce0b8b7
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/useradd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/subgid even if /etc/subuid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config.txt b/tests/tests/subids/05_useradd_fill_gap_start/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config.txt
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/default/useradd b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/group b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/gshadow b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/passwd b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/shadow b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subgid b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subgid
new file mode 100644
index 0000000..909f4ac
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subgid
@@ -0,0 +1 @@
+root:110000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subuid b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subuid
new file mode 100644
index 0000000..909f4ac
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subuid
@@ -0,0 +1 @@
+root:110000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/group b/tests/tests/subids/05_useradd_fill_gap_start/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/gshadow b/tests/tests/subids/05_useradd_fill_gap_start/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/passwd b/tests/tests/subids/05_useradd_fill_gap_start/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/shadow b/tests/tests/subids/05_useradd_fill_gap_start/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/subgid b/tests/tests/subids/05_useradd_fill_gap_start/data/subgid
new file mode 100644
index 0000000..73b5737
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/subgid
@@ -0,0 +1,2 @@
+root:110000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/subuid b/tests/tests/subids/05_useradd_fill_gap_start/data/subuid
new file mode 100644
index 0000000..73b5737
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/subuid
@@ -0,0 +1,2 @@
+root:110000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/useradd.test b/tests/tests/subids/05_useradd_fill_gap_start/useradd.test
new file mode 100755
index 0000000..79c0292
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/sub[ug]id at the beginning"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config.txt b/tests/tests/subids/06_useradd_fill_gap_middle/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config.txt
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/default/useradd b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/group b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/gshadow b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/passwd b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/shadow b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subgid b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subgid
new file mode 100644
index 0000000..8b9c643
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subgid
@@ -0,0 +1,2 @@
+root:100000:100000
+root:210000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subuid b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subuid
new file mode 100644
index 0000000..8b9c643
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subuid
@@ -0,0 +1,2 @@
+root:100000:100000
+root:210000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/group b/tests/tests/subids/06_useradd_fill_gap_middle/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/gshadow b/tests/tests/subids/06_useradd_fill_gap_middle/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/passwd b/tests/tests/subids/06_useradd_fill_gap_middle/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/shadow b/tests/tests/subids/06_useradd_fill_gap_middle/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/subgid b/tests/tests/subids/06_useradd_fill_gap_middle/data/subgid
new file mode 100644
index 0000000..c6e45a0
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/subgid
@@ -0,0 +1,3 @@
+root:100000:100000
+root:210000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/subuid b/tests/tests/subids/06_useradd_fill_gap_middle/data/subuid
new file mode 100644
index 0000000..c6e45a0
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/subuid
@@ -0,0 +1,3 @@
+root:100000:100000
+root:210000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/useradd.test b/tests/tests/subids/06_useradd_fill_gap_middle/useradd.test
new file mode 100755
index 0000000..484164e
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/sub[ug]id between 2 used ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config.txt b/tests/tests/subids/07_useradd_fill_gap_end/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config.txt
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/default/useradd b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/group b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/gshadow b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/passwd b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/shadow b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subgid b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subuid b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subuid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subuid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/group b/tests/tests/subids/07_useradd_fill_gap_end/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/gshadow b/tests/tests/subids/07_useradd_fill_gap_end/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/passwd b/tests/tests/subids/07_useradd_fill_gap_end/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/shadow b/tests/tests/subids/07_useradd_fill_gap_end/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/subgid b/tests/tests/subids/07_useradd_fill_gap_end/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/subuid b/tests/tests/subids/07_useradd_fill_gap_end/data/subuid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/subuid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/useradd.test b/tests/tests/subids/07_useradd_fill_gap_end/useradd.test
new file mode 100755
index 0000000..1175451
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/sub[ug]id at the end"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config.txt b/tests/tests/subids/08_useradd_no_more_subuids_start/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config.txt
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/default/useradd b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/group b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/gshadow b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/passwd b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/shadow b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subgid b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subgid
new file mode 100644
index 0000000..2342814
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subgid
@@ -0,0 +1 @@
+root:110000:600100000
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subuid b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subuid
new file mode 100644
index 0000000..bafb12d
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subuid
@@ -0,0 +1 @@
+root:109999:600100000
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/data/useradd.err b/tests/tests/subids/08_useradd_no_more_subuids_start/data/useradd.err
new file mode 100644
index 0000000..133e01f
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate UID range
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/useradd.test b/tests/tests/subids/08_useradd_no_more_subuids_start/useradd.test
new file mode 100755
index 0000000..fea00a1
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config.txt b/tests/tests/subids/09_useradd_no_more_subgids_start/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config.txt
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/default/useradd b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/group b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/gshadow b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/passwd b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/shadow b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subgid b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subgid
new file mode 100644
index 0000000..bafb12d
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subgid
@@ -0,0 +1 @@
+root:109999:600100000
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subuid b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subuid
new file mode 100644
index 0000000..2342814
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subuid
@@ -0,0 +1 @@
+root:110000:600100000
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/data/useradd.err b/tests/tests/subids/09_useradd_no_more_subgids_start/data/useradd.err
new file mode 100644
index 0000000..d832f1f
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate GID range
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/useradd.test b/tests/tests/subids/09_useradd_no_more_subgids_start/useradd.test
new file mode 100755
index 0000000..3f23799
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config.txt b/tests/tests/subids/10_useradd_no_more_subuids_end/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config.txt
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/default/useradd b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/group b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/gshadow b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/passwd b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/shadow b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subgid b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subuid b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subuid
new file mode 100644
index 0000000..b6bb132
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subuid
@@ -0,0 +1 @@
+root:100000:599990002
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/data/useradd.err b/tests/tests/subids/10_useradd_no_more_subuids_end/data/useradd.err
new file mode 100644
index 0000000..133e01f
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate UID range
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/useradd.test b/tests/tests/subids/10_useradd_no_more_subuids_end/useradd.test
new file mode 100755
index 0000000..fea00a1
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config.txt b/tests/tests/subids/11_useradd_no_more_subgids_end/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config.txt
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/default/useradd b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/group b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/gshadow b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/passwd b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/shadow b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subgid b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subgid
new file mode 100644
index 0000000..b6bb132
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990002
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subuid b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subuid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subuid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/data/useradd.err b/tests/tests/subids/11_useradd_no_more_subgids_end/data/useradd.err
new file mode 100644
index 0000000..d832f1f
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate GID range
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/useradd.test b/tests/tests/subids/11_useradd_no_more_subgids_end/useradd.test
new file mode 100755
index 0000000..3f23799
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config.txt b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config.txt
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/default/useradd b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/group b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/gshadow b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/login.defs b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/login.defs
new file mode 100644
index 0000000..97553e7
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MAX		   100000
+SUB_UID_MIN		600100000
+SUB_UID_COUNT		    10000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+#SUB_GID_MAX		   100000
+#SUB_GID_MIN		600100000
+#SUB_GID_COUNT		    10000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/passwd b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/shadow b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subgid b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subgid
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subuid b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subuid
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/data/useradd.err b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/data/useradd.err
new file mode 100644
index 0000000..c7c46fb
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_UID_MIN (600100000), SUB_UID_MAX (100000), SUB_UID_COUNT (10000)
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/useradd.test b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/useradd.test
new file mode 100755
index 0000000..a350e39
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subuid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config.txt b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config.txt
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/default/useradd b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/group b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/gshadow b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/login.defs b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/login.defs
new file mode 100644
index 0000000..416dc88
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MIN		   100000
+SUB_UID_MAX		600100000
+SUB_UID_COUNT		600100000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+#SUB_GID_MIN		   100000
+#SUB_GID_MAX		600100000
+#SUB_GID_COUNT		600100000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/passwd b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/shadow b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subgid b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subgid
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subuid b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subuid
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/data/useradd.err b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/data/useradd.err
new file mode 100644
index 0000000..469e0a8
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_UID_MIN (100000), SUB_UID_MAX (600100000), SUB_UID_COUNT (600100000)
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/useradd.test b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/useradd.test
new file mode 100755
index 0000000..a350e39
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subuid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config.txt b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config.txt
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/default/useradd b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/group b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/gshadow b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/login.defs b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/login.defs
new file mode 100644
index 0000000..3f8796a
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MIN		   100000
+SUB_UID_MAX		   100000
+SUB_UID_COUNT		        2
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+#SUB_GID_MIN		   100000
+#SUB_GID_MAX		   100000
+#SUB_GID_COUNT		        2
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/passwd b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/shadow b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subgid b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subgid
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subuid b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subuid
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/data/useradd.err b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/data/useradd.err
new file mode 100644
index 0000000..3ab22c5
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_UID_MIN (100000), SUB_UID_MAX (100000), SUB_UID_COUNT (2)
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/useradd.test b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/useradd.test
new file mode 100755
index 0000000..a350e39
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subuid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config.txt b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config.txt
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/default/useradd b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/group b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/gshadow b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/login.defs b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/login.defs
new file mode 100644
index 0000000..6810e0b
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+#SUB_UID_MAX		   100000
+#SUB_UID_MIN		600100000
+#SUB_UID_COUNT		    10000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MAX		   100000
+SUB_GID_MIN		600100000
+SUB_GID_COUNT		    10000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/passwd b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/shadow b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subgid b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subgid
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subuid b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subuid
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/data/useradd.err b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/data/useradd.err
new file mode 100644
index 0000000..9c4c664
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_GID_MIN (600100000), SUB_GID_MAX (100000), SUB_GID_COUNT (10000)
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/useradd.test b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/useradd.test
new file mode 100755
index 0000000..a737c53
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subgid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config.txt b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config.txt
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/default/useradd b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/group b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/gshadow b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/login.defs b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/login.defs
new file mode 100644
index 0000000..4f11deb
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+#SUB_UID_MIN		   100000
+#SUB_UID_MAX		600100000
+#SUB_UID_COUNT		600100000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MIN		   100000
+SUB_GID_MAX		600100000
+SUB_GID_COUNT		600100000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/passwd b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/shadow b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subgid b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subgid
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subuid b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subuid
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/data/useradd.err b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/data/useradd.err
new file mode 100644
index 0000000..53b37e0
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_GID_MIN (100000), SUB_GID_MAX (600100000), SUB_GID_COUNT (600100000)
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/useradd.test b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/useradd.test
new file mode 100755
index 0000000..a737c53
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subgid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config.txt b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config.txt
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/default/useradd b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/group b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/gshadow b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/login.defs b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/login.defs
new file mode 100644
index 0000000..9b233d4
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+#SUB_UID_MIN		   100000
+#SUB_UID_MAX		   100000
+#SUB_UID_COUNT		        2
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MIN		   100000
+SUB_GID_MAX		   100000
+SUB_GID_COUNT		        2
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/passwd b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/shadow b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subgid b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subgid
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subuid b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subuid
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/data/useradd.err b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/data/useradd.err
new file mode 100644
index 0000000..fd9289d
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_GID_MIN (100000), SUB_GID_MAX (100000), SUB_GID_COUNT (2)
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/useradd.test b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/useradd.test
new file mode 100755
index 0000000..a737c53
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subgid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/18_useradd_min=max/config.txt b/tests/tests/subids/18_useradd_min=max/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config.txt
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/default/useradd b/tests/tests/subids/18_useradd_min=max/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/group b/tests/tests/subids/18_useradd_min=max/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/gshadow b/tests/tests/subids/18_useradd_min=max/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/login.defs b/tests/tests/subids/18_useradd_min=max/config/etc/login.defs
new file mode 100644
index 0000000..751974d
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MIN		   100000
+SUB_UID_MAX		   100000
+SUB_UID_COUNT		        1
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MIN		   100000
+SUB_GID_MAX		   100000
+SUB_GID_COUNT		        1
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/passwd b/tests/tests/subids/18_useradd_min=max/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/shadow b/tests/tests/subids/18_useradd_min=max/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/subgid b/tests/tests/subids/18_useradd_min=max/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/subgid
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/subuid b/tests/tests/subids/18_useradd_min=max/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/subuid
diff --git a/tests/tests/subids/18_useradd_min=max/data/group b/tests/tests/subids/18_useradd_min=max/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/18_useradd_min=max/data/gshadow b/tests/tests/subids/18_useradd_min=max/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/18_useradd_min=max/data/passwd b/tests/tests/subids/18_useradd_min=max/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/18_useradd_min=max/data/shadow b/tests/tests/subids/18_useradd_min=max/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/18_useradd_min=max/data/subgid b/tests/tests/subids/18_useradd_min=max/data/subgid
new file mode 100644
index 0000000..25a4ca7
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/subgid
@@ -0,0 +1 @@
+foo:100000:1
diff --git a/tests/tests/subids/18_useradd_min=max/data/subuid b/tests/tests/subids/18_useradd_min=max/data/subuid
new file mode 100644
index 0000000..25a4ca7
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/subuid
@@ -0,0 +1 @@
+foo:100000:1
diff --git a/tests/tests/subids/18_useradd_min=max/useradd.test b/tests/tests/subids/18_useradd_min=max/useradd.test
new file mode 100755
index 0000000..10bb7b7
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd can create one subid in /etc/sub[ug]id when SUB_.ID_MIN=SUB_.ID_MAX"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config.txt b/tests/tests/subids/19_useradd_locked_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config.txt
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/default/useradd b/tests/tests/subids/19_useradd_locked_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/group b/tests/tests/subids/19_useradd_locked_subuid/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/gshadow b/tests/tests/subids/19_useradd_locked_subuid/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/passwd b/tests/tests/subids/19_useradd_locked_subuid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/shadow b/tests/tests/subids/19_useradd_locked_subuid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/subgid b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subgid
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/subuid b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subuid
diff --git a/tests/tests/subids/19_useradd_locked_subuid/data/useradd.err b/tests/tests/subids/19_useradd_locked_subuid/data/useradd.err
new file mode 100644
index 0000000..c785407
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/subuid.lock without a PID
+useradd: cannot lock /etc/subuid; try again later.
diff --git a/tests/tests/subids/19_useradd_locked_subuid/useradd.test b/tests/tests/subids/19_useradd_locked_subuid/useradd.test
new file mode 100755
index 0000000..279573f
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/useradd.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd checks if the subuid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subuid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subuid..."
+touch /etc/subuid.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subuid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config.txt b/tests/tests/subids/20_useradd_locked_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config.txt
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/default/useradd b/tests/tests/subids/20_useradd_locked_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/group b/tests/tests/subids/20_useradd_locked_subgid/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/gshadow b/tests/tests/subids/20_useradd_locked_subgid/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/passwd b/tests/tests/subids/20_useradd_locked_subgid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/shadow b/tests/tests/subids/20_useradd_locked_subgid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/subgid b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subgid
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/subuid b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subuid
diff --git a/tests/tests/subids/20_useradd_locked_subgid/data/useradd.err b/tests/tests/subids/20_useradd_locked_subgid/data/useradd.err
new file mode 100644
index 0000000..13bbf3b
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/subgid.lock without a PID
+useradd: cannot lock /etc/subgid; try again later.
diff --git a/tests/tests/subids/20_useradd_locked_subgid/useradd.test b/tests/tests/subids/20_useradd_locked_subgid/useradd.test
new file mode 100755
index 0000000..145ac98
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/useradd.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd checks if the subgid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subgid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subgid..."
+touch /etc/subgid.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subgid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config.txt b/tests/tests/subids/21_usermod_create_subuid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/default/useradd b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/group b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/gshadow b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/passwd b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/shadow b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subgid b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subgid
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subuid b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subuid
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/data/subuid b/tests/tests/subids/21_usermod_create_subuid_range/data/subuid
new file mode 100644
index 0000000..b1cd704
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/data/subuid
@@ -0,0 +1 @@
+foo:100000:501
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/usermod.test b/tests/tests/subids/21_usermod_create_subuid_range/usermod.test
new file mode 100755
index 0000000..3c5470d
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create a subuid range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create range of subuid for user foo (usermod -v 100000-100500 foo)..."
+usermod -v 100000-100500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config.txt b/tests/tests/subids/22_usermod_create_subgid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/default/useradd b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/group b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/gshadow b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/passwd b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/shadow b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subgid b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subgid
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subuid b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subuid
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/data/subgid b/tests/tests/subids/22_usermod_create_subgid_range/data/subgid
new file mode 100644
index 0000000..b1cd704
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/data/subgid
@@ -0,0 +1 @@
+foo:100000:501
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/usermod.test b/tests/tests/subids/22_usermod_create_subgid_range/usermod.test
new file mode 100755
index 0000000..a5045a4
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create a subgid range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create range of subgid for user foo (usermod -w 100000-100500 foo)..."
+usermod -w 100000-100500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config.txt b/tests/tests/subids/23_usermod_create_subids_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/default/useradd b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/group b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/gshadow b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/passwd b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/shadow b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subgid b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subgid
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subuid b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subuid
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/data/subgid b/tests/tests/subids/23_usermod_create_subids_ranges/data/subgid
new file mode 100644
index 0000000..e0a6b2f
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/data/subgid
@@ -0,0 +1,3 @@
+foo:102000:501
+foo:101000:502
+foo:100000:502
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/data/subuid b/tests/tests/subids/23_usermod_create_subids_ranges/data/subuid
new file mode 100644
index 0000000..8d10ef6
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:501
+foo:101000:501
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/usermod.test b/tests/tests/subids/23_usermod_create_subids_ranges/usermod.test
new file mode 100755
index 0000000..fccfade
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create multiple subuid and subgid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create ranges of subuid and subgid for user foo (usermod -v 101000-101500 -w 100000-100501 -w 101000-101501 -w 102000-102500 -v 100000-100500 foo)..."
+usermod -v 101000-101500 -w 100000-100501 -w 101000-101501 -w 102000-102500 -v 100000-100500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config.txt b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/default/useradd b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/group b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/gshadow b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/passwd b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/shadow b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subgid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subgid
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subuid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subuid
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subgid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subgid
new file mode 100644
index 0000000..e1960c7
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subgid
@@ -0,0 +1,3 @@
+foo:100000:402
+foo:100500:1002
+foo:100000:502
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subuid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subuid
new file mode 100644
index 0000000..e07aca9
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subuid
@@ -0,0 +1,4 @@
+foo:200011:10
+foo:200000:11
+foo:100000:1001
+foo:101000:501
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/usermod.test b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/usermod.test
new file mode 100755
index 0000000..ad1725b
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create overlapping subuid and subgid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create ranges of subuid and subgid for user foo (usermod -v 101000-101500 -w 100000-100501 -w 100500-101501 -v 100000-101000 -v 200000-200010 -v 200011-200020 -w 100000-100401 foo)..."
+usermod -v 101000-101500 -w 100000-100501 -w 100500-101501 -v 100000-101000 -v 200000-200010 -v 200011-200020 -w 100000-100401 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/25_usermod_add_range/config.txt b/tests/tests/subids/25_usermod_add_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/default/useradd b/tests/tests/subids/25_usermod_add_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/group b/tests/tests/subids/25_usermod_add_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/gshadow b/tests/tests/subids/25_usermod_add_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/passwd b/tests/tests/subids/25_usermod_add_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/shadow b/tests/tests/subids/25_usermod_add_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/subgid b/tests/tests/subids/25_usermod_add_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/subuid b/tests/tests/subids/25_usermod_add_range/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/25_usermod_add_range/data/subgid b/tests/tests/subids/25_usermod_add_range/data/subgid
new file mode 100644
index 0000000..e4babf0
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:150000:502
diff --git a/tests/tests/subids/25_usermod_add_range/data/subuid b/tests/tests/subids/25_usermod_add_range/data/subuid
new file mode 100644
index 0000000..80fb282
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:120000:501
diff --git a/tests/tests/subids/25_usermod_add_range/usermod.test b/tests/tests/subids/25_usermod_add_range/usermod.test
new file mode 100755
index 0000000..5278875
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can add subuid and subgid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add ranges of subuid and subgid for user foo (usermod -v 120000-120500 -w 150000-150501 foo)..."
+usermod -v 120000-120500 -w 150000-150501 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config.txt b/tests/tests/subids/26_usermod_add_overlapping_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/default/useradd b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/group b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/gshadow b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/passwd b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/shadow b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subgid b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subuid b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subgid b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subgid
new file mode 100644
index 0000000..455f531
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subgid
@@ -0,0 +1,3 @@
+foo:100000:10000
+foo:200000:10000
+foo:100000:50502
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subuid b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subuid
new file mode 100644
index 0000000..072266b
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subuid
@@ -0,0 +1,3 @@
+foo:100000:10000
+foo:200000:10000
+foo:110000:10501
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/usermod.test b/tests/tests/subids/26_usermod_add_overlapping_ranges/usermod.test
new file mode 100755
index 0000000..9224181
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can add subuid and subgid ranges overlapping with existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add ranges of subuid and subgid for user foo (usermod -v 110000-120500 -w 100000-150501 -v 200000-200500 foo)..."
+usermod -v 110000-120500 -w 100000-150501 -v 200000-200500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config.txt b/tests/tests/subids/27_usermod_remove_range_all/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/default/useradd b/tests/tests/subids/27_usermod_remove_range_all/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/group b/tests/tests/subids/27_usermod_remove_range_all/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/gshadow b/tests/tests/subids/27_usermod_remove_range_all/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/passwd b/tests/tests/subids/27_usermod_remove_range_all/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/shadow b/tests/tests/subids/27_usermod_remove_range_all/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/subgid b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/subuid b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/27_usermod_remove_range_all/data/subgid b/tests/tests/subids/27_usermod_remove_range_all/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/data/subgid
diff --git a/tests/tests/subids/27_usermod_remove_range_all/data/subuid b/tests/tests/subids/27_usermod_remove_range_all/data/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/data/subuid
diff --git a/tests/tests/subids/27_usermod_remove_range_all/usermod.test b/tests/tests/subids/27_usermod_remove_range_all/usermod.test
new file mode 100755
index 0000000..0bd7f0b
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove subuid and subgid ranges matching boundaries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-109999 -W 100000-109999 foo)..."
+usermod -V 100000-109999 -W 100000-109999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config.txt b/tests/tests/subids/28_usermod_remove_range_partial_begin/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/default/useradd b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/group b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/gshadow b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/passwd b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/shadow b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subgid b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subuid b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subgid b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subgid
new file mode 100644
index 0000000..8feb16c
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200001:9999
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subuid b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subuid
new file mode 100644
index 0000000..454c624
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subuid
@@ -0,0 +1,2 @@
+foo:106000:4000
+foo:209999:1
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/usermod.test b/tests/tests/subids/28_usermod_remove_range_partial_begin/usermod.test
new file mode 100755
index 0000000..03a7966
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges with matching lower boundaries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-105999 -W 200000-200000 foo)..."
+usermod -V 100000-105999 -W 200000-200000 -V 200000-209998 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config.txt b/tests/tests/subids/29_usermod_remove_range_partial_middle/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/default/useradd b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/group b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/gshadow b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/passwd b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/shadow b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subgid b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subuid b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subgid b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subgid
new file mode 100644
index 0000000..179115c
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:5000
+foo:109999:1
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subuid b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subuid
new file mode 100644
index 0000000..b1f3d76
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subuid
@@ -0,0 +1,4 @@
+foo:100000:1
+foo:200000:5000
+foo:207001:2999
+foo:106000:4000
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/usermod.test b/tests/tests/subids/29_usermod_remove_range_partial_middle/usermod.test
new file mode 100755
index 0000000..bba46bc
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges included in existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100001-105999 -W 105000-109998 -V 205000-207000 foo)..."
+usermod -V 100001-105999 -W 105000-109998 -V 205000-207000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config.txt b/tests/tests/subids/30_usermod_remove_range_partial_end/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/default/useradd b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/group b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/gshadow b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/passwd b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/shadow b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subgid b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subuid b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/data/subgid b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subgid
new file mode 100644
index 0000000..707bde6
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subgid
@@ -0,0 +1 @@
+foo:100000:5000
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/data/subuid b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subuid
new file mode 100644
index 0000000..88ff38c
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:1
+foo:200000:9999
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/usermod.test b/tests/tests/subids/30_usermod_remove_range_partial_end/usermod.test
new file mode 100755
index 0000000..c110716
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges with matching upper boundaries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100001-109999 -W 105000-109999 -V 209998-209999 foo)..."
+usermod -V 100001-109999 -W 105000-109999 -V 209999-209999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config.txt b/tests/tests/subids/31_usermod_remove_outside_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/default/useradd b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/group b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/gshadow b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/passwd b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/shadow b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subgid b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subuid b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/data/subgid b/tests/tests/subids/31_usermod_remove_outside_range/data/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/data/subuid b/tests/tests/subids/31_usermod_remove_outside_range/data/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/usermod.test b/tests/tests/subids/31_usermod_remove_outside_range/usermod.test
new file mode 100755
index 0000000..477c722
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not remove subuid and subgid ranges if provided ranges are outside of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 1000-99999 -W 110000-199999 foo)..."
+usermod -V 1000-99999 -W 110000-199999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config.txt b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/default/useradd b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/group b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/gshadow b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/passwd b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/shadow b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subgid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subuid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subgid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subgid
new file mode 100644
index 0000000..c2dcd1a
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subgid
@@ -0,0 +1 @@
+foo:109999:1
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subuid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subuid
new file mode 100644
index 0000000..30bf143
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subuid
@@ -0,0 +1,2 @@
+foo:100001:9999
+foo:209999:1
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/usermod.test b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/usermod.test
new file mode 100755
index 0000000..1f2766a
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges overlapping beginning of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 10000-100000 -W 5000-109998 -V 110000-209998 foo)..."
+usermod -V 10000-100000 -W 5000-109998 -V 110000-209998 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config.txt b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/default/useradd b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/group b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/gshadow b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/passwd b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/shadow b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subgid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subuid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subgid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subgid
new file mode 100644
index 0000000..707bde6
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subgid
@@ -0,0 +1 @@
+foo:100000:5000
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subuid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subuid
new file mode 100644
index 0000000..88ff38c
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:1
+foo:200000:9999
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/usermod.test b/tests/tests/subids/33_usermod_remove_overlapping_range_end/usermod.test
new file mode 100755
index 0000000..545fd27
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges overlapping upper boundaries of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100001-109999 -W 105000-120000 -V 209999-210001 foo)..."
+usermod -V 100001-109999 -W 105000-120000 -V 209999-210001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config.txt b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/default/useradd b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/group b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/gshadow b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/passwd b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/shadow b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subgid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subuid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subgid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subgid
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subuid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subuid
new file mode 100644
index 0000000..92313ec
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subuid
@@ -0,0 +1 @@
+foo:100000:9999
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/usermod.test b/tests/tests/subids/34_usermod_remove_overlapping_range_all/usermod.test
new file mode 100755
index 0000000..ba781eb
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges whose boundaries overlap boundaries of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -W 99997-110002 -V 109999-210000 foo)..."
+usermod -W 99997-110002 -V 109999-210000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config.txt b/tests/tests/subids/35_usermod_remove_only_user_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/default/useradd b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/group b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/gshadow b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/passwd b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/shadow b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subgid b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subgid
new file mode 100644
index 0000000..81c7134
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subgid
@@ -0,0 +1,4 @@
+root:100000:10000
+foo:100000:10000
+foo:200000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subuid b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subuid
new file mode 100644
index 0000000..96f8274
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subuid
@@ -0,0 +1,4 @@
+foo:100000:10000
+foo:200000:10000
+root:100000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subgid b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subgid
new file mode 100644
index 0000000..ba36f20
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subgid
@@ -0,0 +1,2 @@
+root:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subuid b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subuid
new file mode 100644
index 0000000..5000837
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subuid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:100000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/usermod.test b/tests/tests/subids/35_usermod_remove_only_user_ranges/usermod.test
new file mode 100755
index 0000000..191ffb2
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not remove subuid and subgid ranges of other users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-109999 -W 100000-109999 foo)..."
+usermod -V 100000-109999 -W 100000-109999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config.txt b/tests/tests/subids/36_usermod_remove_with_comment/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/default/useradd b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/group b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/gshadow b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/passwd b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/shadow b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subgid b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subgid
new file mode 100644
index 0000000..efd5bbc
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subgid
@@ -0,0 +1,3 @@
+foo:100000:10000
+# This is a duplicate entry
+foo:100000:10000
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subuid b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subuid
new file mode 100644
index 0000000..efd5bbc
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subuid
@@ -0,0 +1,3 @@
+foo:100000:10000
+# This is a duplicate entry
+foo:100000:10000
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/data/subgid b/tests/tests/subids/36_usermod_remove_with_comment/data/subgid
new file mode 100644
index 0000000..cbb145c
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/data/subgid
@@ -0,0 +1 @@
+# This is a duplicate entry
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/data/subuid b/tests/tests/subids/36_usermod_remove_with_comment/data/subuid
new file mode 100644
index 0000000..cbb145c
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/data/subuid
@@ -0,0 +1 @@
+# This is a duplicate entry
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/usermod.test b/tests/tests/subids/36_usermod_remove_with_comment/usermod.test
new file mode 100755
index 0000000..ae1e146
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod ignores and keeps comments when ranges are removed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-109999 -W 100000-109999 foo)..."
+usermod -V 100000-109999 -W 100000-109999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config.txt b/tests/tests/subids/37_usermod_-v_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/default/useradd b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/group b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/gshadow b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/passwd b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/shadow b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subgid b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subuid b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/data/usermod.err b/tests/tests/subids/37_usermod_-v_invalid_range/data/usermod.err
new file mode 100644
index 0000000..b863376
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '110000-100000'
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/usermod.test b/tests/tests/subids/37_usermod_-v_invalid_range/usermod.test
new file mode 100755
index 0000000..4f0ec18
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "min > max (usermod -v 110000-100000 foo)..."
+usermod -v 110000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config.txt b/tests/tests/subids/38_usermod_-V_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/default/useradd b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/group b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/gshadow b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/passwd b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/shadow b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subgid b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subuid b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/data/usermod.err b/tests/tests/subids/38_usermod_-V_invalid_range/data/usermod.err
new file mode 100644
index 0000000..2d8964d
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '110000'
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/usermod.test b/tests/tests/subids/38_usermod_-V_invalid_range/usermod.test
new file mode 100755
index 0000000..462c803
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "range is a single value (usermod -V 110000 foo)..."
+usermod -V 110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config.txt b/tests/tests/subids/39_usermod_-w_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/default/useradd b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/group b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/gshadow b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/passwd b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/shadow b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subgid b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subuid b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/data/usermod.err b/tests/tests/subids/39_usermod_-w_invalid_range/data/usermod.err
new file mode 100644
index 0000000..1e3eb0b
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate gid range '100000a-110000'
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/usermod.test b/tests/tests/subids/39_usermod_-w_invalid_range/usermod.test
new file mode 100755
index 0000000..d347344
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "characters inserted in range (usermod -w 100000a-110000 foo)..."
+usermod -w 100000a-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config.txt b/tests/tests/subids/40_usermod_-W_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/default/useradd b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/group b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/gshadow b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/passwd b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/shadow b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subgid b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subuid b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/data/usermod.err b/tests/tests/subids/40_usermod_-W_invalid_range/data/usermod.err
new file mode 100644
index 0000000..15803ff
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate gid range '100000-110000a'
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/usermod.test b/tests/tests/subids/40_usermod_-W_invalid_range/usermod.test
new file mode 100755
index 0000000..803ab62
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "invalid characters appended (usermod -W 100000-110000a foo)..."
+usermod -W 100000-110000a foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config.txt b/tests/tests/subids/41_usermod_locked_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config.txt
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/default/useradd b/tests/tests/subids/41_usermod_locked_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/group b/tests/tests/subids/41_usermod_locked_subuid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/gshadow b/tests/tests/subids/41_usermod_locked_subuid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/passwd b/tests/tests/subids/41_usermod_locked_subuid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/shadow b/tests/tests/subids/41_usermod_locked_subuid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/subgid b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subgid
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/subuid b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subuid
diff --git a/tests/tests/subids/41_usermod_locked_subuid/data/usermod.err b/tests/tests/subids/41_usermod_locked_subuid/data/usermod.err
new file mode 100644
index 0000000..5d2daeb
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/subuid.lock without a PID
+usermod: cannot lock /etc/subuid; try again later.
diff --git a/tests/tests/subids/41_usermod_locked_subuid/usermod.test b/tests/tests/subids/41_usermod_locked_subuid/usermod.test
new file mode 100755
index 0000000..8b954ea
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the subuid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subuid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subuid..."
+touch /etc/subuid.lock
+echo "done"
+
+echo -n "Add subuid ranges to user foo (usermod -v 100000-100000 foo)..."
+usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subuid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config.txt b/tests/tests/subids/42_usermod_locked_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config.txt
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/default/useradd b/tests/tests/subids/42_usermod_locked_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/group b/tests/tests/subids/42_usermod_locked_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/gshadow b/tests/tests/subids/42_usermod_locked_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/passwd b/tests/tests/subids/42_usermod_locked_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/shadow b/tests/tests/subids/42_usermod_locked_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/subgid b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subgid
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/subuid b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subuid
diff --git a/tests/tests/subids/42_usermod_locked_subgid/data/usermod.err b/tests/tests/subids/42_usermod_locked_subgid/data/usermod.err
new file mode 100644
index 0000000..dee7b1d
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/subgid.lock without a PID
+usermod: cannot lock /etc/subgid; try again later.
diff --git a/tests/tests/subids/42_usermod_locked_subgid/usermod.test b/tests/tests/subids/42_usermod_locked_subgid/usermod.test
new file mode 100755
index 0000000..c44be3a
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the subgid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subgid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subgid..."
+touch /etc/subgid.lock
+echo "done"
+
+echo -n "Add subgid ranges to user foo (usermod -w 100000-100000 foo)..."
+usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subgid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config.txt b/tests/tests/subids/43_usermod_-w_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config.txt
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/default/useradd b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/group b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/gshadow b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/passwd b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/shadow b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subgid b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subuid b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/data/usermod.err b/tests/tests/subids/43_usermod_-w_no_subgid/data/usermod.err
new file mode 100644
index 0000000..4f03a68
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subgid does not exist, you cannot use the flags -w or -W
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/usermod.test b/tests/tests/subids/43_usermod_-w_no_subgid/usermod.test
new file mode 100755
index 0000000..118bc4a
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -w fails is there is no subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Add subgid ranges to user foo (usermod -w 100000-100000 foo)..."
+usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config.txt b/tests/tests/subids/44_usermod_-W_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config.txt
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/default/useradd b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/group b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/gshadow b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/passwd b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/shadow b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subgid b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subuid b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/data/usermod.err b/tests/tests/subids/44_usermod_-W_no_subgid/data/usermod.err
new file mode 100644
index 0000000..4f03a68
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subgid does not exist, you cannot use the flags -w or -W
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/usermod.test b/tests/tests/subids/44_usermod_-W_no_subgid/usermod.test
new file mode 100755
index 0000000..da7788e
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -W fails is there is no subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Remove subgid ranges to user foo (usermod -W 100000-100000 foo)..."
+usermod -W 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config.txt b/tests/tests/subids/45_usermod_-v_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config.txt
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/default/useradd b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/group b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/gshadow b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/passwd b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/shadow b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subgid b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subuid b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/data/usermod.err b/tests/tests/subids/45_usermod_-v_no_subgid/data/usermod.err
new file mode 100644
index 0000000..e3ea042
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/usermod.test b/tests/tests/subids/45_usermod_-v_no_subgid/usermod.test
new file mode 100755
index 0000000..af1359d
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -v fails is there is no subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Add subuid ranges to user foo (usermod -v 100000-100000 foo)..."
+usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config.txt b/tests/tests/subids/46_usermod_-V_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config.txt
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/default/useradd b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/group b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/gshadow b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/passwd b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/shadow b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subgid b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subuid b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/data/usermod.err b/tests/tests/subids/46_usermod_-V_no_subgid/data/usermod.err
new file mode 100644
index 0000000..e3ea042
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/usermod.test b/tests/tests/subids/46_usermod_-V_no_subgid/usermod.test
new file mode 100755
index 0000000..df95f3f
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -V fails is there is no subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Remove subuid ranges to user foo (usermod -V 100000-100000 foo)..."
+usermod -V 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config.txt b/tests/tests/subids/47_usermod_-v_invalid_range2/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/default/useradd b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/group b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/gshadow b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/passwd b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/shadow b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subgid b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subuid b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/data/usermod.err b/tests/tests/subids/47_usermod_-v_invalid_range2/data/usermod.err
new file mode 100644
index 0000000..384efdc
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range 'a100000-110000'
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/usermod.test b/tests/tests/subids/47_usermod_-v_invalid_range2/usermod.test
new file mode 100755
index 0000000..776e383
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "invalid characters at the beginning (usermod -v a100000-110000 foo)..."
+usermod -v a100000-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config.txt b/tests/tests/subids/48_usermod_-v_invalid_range3/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/default/useradd b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/group b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/gshadow b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/passwd b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/shadow b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subgid b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subuid b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/data/usermod.err b/tests/tests/subids/48_usermod_-v_invalid_range3/data/usermod.err
new file mode 100644
index 0000000..26b5963
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range ''
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/usermod.test b/tests/tests/subids/48_usermod_-v_invalid_range3/usermod.test
new file mode 100755
index 0000000..3363322
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "empty range (usermod -v '' foo)..."
+usermod -v '' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config.txt b/tests/tests/subids/49_usermod_-v_invalid_range4/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/default/useradd b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/group b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/gshadow b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/passwd b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/shadow b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subgid b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subuid b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/data/usermod.err b/tests/tests/subids/49_usermod_-v_invalid_range4/data/usermod.err
new file mode 100644
index 0000000..3b7df62
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '-100000-110000'
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/usermod.test b/tests/tests/subids/49_usermod_-v_invalid_range4/usermod.test
new file mode 100755
index 0000000..c0b9357
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "negative UID (usermod -v -100000-110000 foo)..."
+usermod -v -100000-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config.txt b/tests/tests/subids/50_usermod_-v_invalid_range5/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/default/useradd b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/group b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/gshadow b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/passwd b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/shadow b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subgid b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subuid b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/data/usermod.err b/tests/tests/subids/50_usermod_-v_invalid_range5/data/usermod.err
new file mode 100644
index 0000000..4d538c9
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '9223372036854775808-110000'
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/usermod.test b/tests/tests/subids/50_usermod_-v_invalid_range5/usermod.test
new file mode 100755
index 0000000..ddd831f
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "out of range UID (usermod -v 9223372036854775808-110000 foo)..."
+usermod -v 9223372036854775808-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config.txt b/tests/tests/subids/51_usermod_-v_invalid_range6/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/default/useradd b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/group b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/gshadow b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/passwd b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/shadow b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subgid b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subuid b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/data/usermod.err b/tests/tests/subids/51_usermod_-v_invalid_range6/data/usermod.err
new file mode 100644
index 0000000..64d4f80
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '110000-9223372036854775808'
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/usermod.test b/tests/tests/subids/51_usermod_-v_invalid_range6/usermod.test
new file mode 100755
index 0000000..3b23c76
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "out of range UID (usermod -v 110000-9223372036854775808 foo)..."
+usermod -v 110000-9223372036854775808 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config.txt b/tests/tests/subids/52_usermod_-v_invalid_range7/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/default/useradd b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/group b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/gshadow b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/passwd b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/shadow b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subgid b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subuid b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/data/usermod.err b/tests/tests/subids/52_usermod_-v_invalid_range7/data/usermod.err
new file mode 100644
index 0000000..746202a
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '100000--110000'
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/usermod.test b/tests/tests/subids/52_usermod_-v_invalid_range7/usermod.test
new file mode 100755
index 0000000..a00cf16
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "negative upper limit (usermod -v 100000--110000 foo)..."
+usermod -v 100000--110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config.txt b/tests/tests/subids/53_userdel_one_subuid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/default/useradd b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/group b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/gshadow b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/passwd b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/shadow b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subgid b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subgid
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subuid b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/group b/tests/tests/subids/53_userdel_one_subuid_range/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/gshadow b/tests/tests/subids/53_userdel_one_subuid_range/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/passwd b/tests/tests/subids/53_userdel_one_subuid_range/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/shadow b/tests/tests/subids/53_userdel_one_subuid_range/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/subuid b/tests/tests/subids/53_userdel_one_subuid_range/data/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/subuid
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/userdel.test b/tests/tests/subids/53_userdel_one_subuid_range/userdel.test
new file mode 100755
index 0000000..2588794
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/userdel.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete an user with its subordinate UIDs range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config.txt b/tests/tests/subids/54_userdel_one_subgid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/default/useradd b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/group b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/gshadow b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/passwd b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/shadow b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subgid b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subuid b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subuid
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/group b/tests/tests/subids/54_userdel_one_subgid_range/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/gshadow b/tests/tests/subids/54_userdel_one_subgid_range/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/passwd b/tests/tests/subids/54_userdel_one_subgid_range/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/shadow b/tests/tests/subids/54_userdel_one_subgid_range/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/subgid b/tests/tests/subids/54_userdel_one_subgid_range/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/subgid
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/userdel.test b/tests/tests/subids/54_userdel_one_subgid_range/userdel.test
new file mode 100755
index 0000000..4ac57f8
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/userdel.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete an user with its subordinate GIDs range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/55_userdel_no_subuid/config.txt b/tests/tests/subids/55_userdel_no_subuid/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/default/useradd b/tests/tests/subids/55_userdel_no_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/group b/tests/tests/subids/55_userdel_no_subuid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/gshadow b/tests/tests/subids/55_userdel_no_subuid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/passwd b/tests/tests/subids/55_userdel_no_subuid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/shadow b/tests/tests/subids/55_userdel_no_subuid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/subgid b/tests/tests/subids/55_userdel_no_subuid/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/subuid b/tests/tests/subids/55_userdel_no_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/subuid
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/group b/tests/tests/subids/55_userdel_no_subuid/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/gshadow b/tests/tests/subids/55_userdel_no_subuid/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/passwd b/tests/tests/subids/55_userdel_no_subuid/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/shadow b/tests/tests/subids/55_userdel_no_subuid/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/subgid b/tests/tests/subids/55_userdel_no_subuid/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/subgid
diff --git a/tests/tests/subids/55_userdel_no_subuid/userdel.test b/tests/tests/subids/55_userdel_no_subuid/userdel.test
new file mode 100755
index 0000000..8b9f33f
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/userdel.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can remove an user with its subordinate GIDs even if /etc/subuid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subgid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/56_userdel_no_subgid/config.txt b/tests/tests/subids/56_userdel_no_subgid/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/default/useradd b/tests/tests/subids/56_userdel_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/group b/tests/tests/subids/56_userdel_no_subgid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/gshadow b/tests/tests/subids/56_userdel_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/passwd b/tests/tests/subids/56_userdel_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/shadow b/tests/tests/subids/56_userdel_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/subgid b/tests/tests/subids/56_userdel_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/subuid b/tests/tests/subids/56_userdel_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/group b/tests/tests/subids/56_userdel_no_subgid/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/gshadow b/tests/tests/subids/56_userdel_no_subgid/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/passwd b/tests/tests/subids/56_userdel_no_subgid/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/shadow b/tests/tests/subids/56_userdel_no_subgid/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/subuid b/tests/tests/subids/56_userdel_no_subgid/data/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/subuid
diff --git a/tests/tests/subids/56_userdel_no_subgid/userdel.test b/tests/tests/subids/56_userdel_no_subgid/userdel.test
new file mode 100755
index 0000000..fe545c0
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/userdel.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can remove an user with its subordinate UIDs even if /etc/subgid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config.txt b/tests/tests/subids/57_userdel_multiple_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/default/useradd b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/group b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/gshadow b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/passwd b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/shadow b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subgid b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subgid
new file mode 100644
index 0000000..4b52edc
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subgid
@@ -0,0 +1,14 @@
+#1
+foo:10000:500
+#2
+foo:100000:10000
+foo:100000:5000
+#3
+foo:200000:10000
+foo:200000:20000
+#4
+foo:300000:10000
+roo:300000:10000
+foo:300000:10000
+foo:400000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subuid b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subuid
new file mode 100644
index 0000000..4b52edc
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subuid
@@ -0,0 +1,14 @@
+#1
+foo:10000:500
+#2
+foo:100000:10000
+foo:100000:5000
+#3
+foo:200000:10000
+foo:200000:20000
+#4
+foo:300000:10000
+roo:300000:10000
+foo:300000:10000
+foo:400000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/group b/tests/tests/subids/57_userdel_multiple_ranges/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/gshadow b/tests/tests/subids/57_userdel_multiple_ranges/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/passwd b/tests/tests/subids/57_userdel_multiple_ranges/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/shadow b/tests/tests/subids/57_userdel_multiple_ranges/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/subgid b/tests/tests/subids/57_userdel_multiple_ranges/data/subgid
new file mode 100644
index 0000000..adb2561
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/subgid
@@ -0,0 +1,6 @@
+#1
+#2
+#3
+#4
+roo:300000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/subuid b/tests/tests/subids/57_userdel_multiple_ranges/data/subuid
new file mode 100644
index 0000000..adb2561
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/subuid
@@ -0,0 +1,6 @@
+#1
+#2
+#3
+#4
+roo:300000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/userdel.test b/tests/tests/subids/57_userdel_multiple_ranges/userdel.test
new file mode 100755
index 0000000..93f116f
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/userdel.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete an user with its subordinate UIDs ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/58_newusers_with_subids/config.txt b/tests/tests/subids/58_newusers_with_subids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config.txt
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/group b/tests/tests/subids/58_newusers_with_subids/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/gshadow b/tests/tests/subids/58_newusers_with_subids/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/common-password b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/newusers b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/passwd b/tests/tests/subids/58_newusers_with_subids/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/shadow b/tests/tests/subids/58_newusers_with_subids/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/subgid b/tests/tests/subids/58_newusers_with_subids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/subgid
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/subuid b/tests/tests/subids/58_newusers_with_subids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/subuid
diff --git a/tests/tests/subids/58_newusers_with_subids/data/group b/tests/tests/subids/58_newusers_with_subids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/58_newusers_with_subids/data/gshadow b/tests/tests/subids/58_newusers_with_subids/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/58_newusers_with_subids/data/newusers.list b/tests/tests/subids/58_newusers_with_subids/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/58_newusers_with_subids/data/passwd b/tests/tests/subids/58_newusers_with_subids/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/58_newusers_with_subids/data/shadow b/tests/tests/subids/58_newusers_with_subids/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/58_newusers_with_subids/data/subgid b/tests/tests/subids/58_newusers_with_subids/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/58_newusers_with_subids/data/subuid b/tests/tests/subids/58_newusers_with_subids/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/58_newusers_with_subids/newusers.test b/tests/tests/subids/58_newusers_with_subids/newusers.test
new file mode 100755
index 0000000..2b69632
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/newusers.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers creates subordinate IDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/59_newusers_no_subuid/config.txt b/tests/tests/subids/59_newusers_no_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config.txt
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/group b/tests/tests/subids/59_newusers_no_subuid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/gshadow b/tests/tests/subids/59_newusers_no_subuid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/common-password b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/newusers b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/passwd b/tests/tests/subids/59_newusers_no_subuid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/shadow b/tests/tests/subids/59_newusers_no_subuid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/subgid b/tests/tests/subids/59_newusers_no_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/subgid
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/subuid b/tests/tests/subids/59_newusers_no_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/subuid
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/group b/tests/tests/subids/59_newusers_no_subuid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/gshadow b/tests/tests/subids/59_newusers_no_subuid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/newusers.list b/tests/tests/subids/59_newusers_no_subuid/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/passwd b/tests/tests/subids/59_newusers_no_subuid/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/shadow b/tests/tests/subids/59_newusers_no_subuid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/subgid b/tests/tests/subids/59_newusers_no_subuid/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/59_newusers_no_subuid/newusers.test b/tests/tests/subids/59_newusers_no_subuid/newusers.test
new file mode 100755
index 0000000..f99d9a5
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers create subordinate GIDs even if /etc/subuid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/60_newusers_no_subgid/config.txt b/tests/tests/subids/60_newusers_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config.txt
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/group b/tests/tests/subids/60_newusers_no_subgid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/gshadow b/tests/tests/subids/60_newusers_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/common-password b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/newusers b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/passwd b/tests/tests/subids/60_newusers_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/shadow b/tests/tests/subids/60_newusers_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/subgid b/tests/tests/subids/60_newusers_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/subuid b/tests/tests/subids/60_newusers_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/group b/tests/tests/subids/60_newusers_no_subgid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/gshadow b/tests/tests/subids/60_newusers_no_subgid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/newusers.list b/tests/tests/subids/60_newusers_no_subgid/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/passwd b/tests/tests/subids/60_newusers_no_subgid/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/shadow b/tests/tests/subids/60_newusers_no_subgid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/subuid b/tests/tests/subids/60_newusers_no_subgid/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/60_newusers_no_subgid/newusers.test b/tests/tests/subids/60_newusers_no_subgid/newusers.test
new file mode 100755
index 0000000..32a4174
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers create subordinate UIDs even if /etc/subgid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config.txt b/tests/tests/subids/61_newusers_user_already_has_subgids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config.txt
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/group b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/gshadow b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/common-password b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/newusers b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/passwd b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/shadow b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/shadow
new file mode 100644
index 0000000..648c54d
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subgid b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subgid
new file mode 100644
index 0000000..c6faa36
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subgid
@@ -0,0 +1 @@
+foo:200000:2000
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subuid b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subuid
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/group b/tests/tests/subids/61_newusers_user_already_has_subgids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/gshadow b/tests/tests/subids/61_newusers_user_already_has_subgids/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/newusers.list b/tests/tests/subids/61_newusers_user_already_has_subgids/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/passwd b/tests/tests/subids/61_newusers_user_already_has_subgids/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/shadow b/tests/tests/subids/61_newusers_user_already_has_subgids/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/subuid b/tests/tests/subids/61_newusers_user_already_has_subgids/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/newusers.test b/tests/tests/subids/61_newusers_user_already_has_subgids/newusers.test
new file mode 100755
index 0000000..752932e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/newusers.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not create subordinate GIDs if the user already has subordinate GIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config.txt b/tests/tests/subids/62_newusers_user_already_has_subuids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config.txt
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/group b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/gshadow b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/common-password b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/newusers b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/passwd b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/shadow b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/shadow
new file mode 100644
index 0000000..648c54d
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subgid b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subgid
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subuid b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subuid
new file mode 100644
index 0000000..ad0d53a
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subuid
@@ -0,0 +1,2 @@
+root:150000:10000
+foo:200000:2000
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/group b/tests/tests/subids/62_newusers_user_already_has_subuids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/gshadow b/tests/tests/subids/62_newusers_user_already_has_subuids/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/newusers.list b/tests/tests/subids/62_newusers_user_already_has_subuids/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/passwd b/tests/tests/subids/62_newusers_user_already_has_subuids/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/shadow b/tests/tests/subids/62_newusers_user_already_has_subuids/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/subgid b/tests/tests/subids/62_newusers_user_already_has_subuids/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/newusers.test b/tests/tests/subids/62_newusers_user_already_has_subuids/newusers.test
new file mode 100755
index 0000000..d300db8
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/newusers.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not create subordinate UIDs if the user already has subordinate UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config.txt b/tests/tests/subids/63_useradd_fill_gap4/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config.txt
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/default/useradd b/tests/tests/subids/63_useradd_fill_gap4/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/group b/tests/tests/subids/63_useradd_fill_gap4/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/gshadow b/tests/tests/subids/63_useradd_fill_gap4/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/passwd b/tests/tests/subids/63_useradd_fill_gap4/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/shadow b/tests/tests/subids/63_useradd_fill_gap4/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/subgid b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/subuid b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subuid
new file mode 100644
index 0000000..5d64255
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subuid
@@ -0,0 +1,3 @@
+root:100000:599990001
+# This is after max
+root:600100001:10000
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/group b/tests/tests/subids/63_useradd_fill_gap4/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/gshadow b/tests/tests/subids/63_useradd_fill_gap4/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/passwd b/tests/tests/subids/63_useradd_fill_gap4/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/shadow b/tests/tests/subids/63_useradd_fill_gap4/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/subgid b/tests/tests/subids/63_useradd_fill_gap4/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/subuid b/tests/tests/subids/63_useradd_fill_gap4/data/subuid
new file mode 100644
index 0000000..15b3a3c
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/subuid
@@ -0,0 +1,4 @@
+root:100000:599990001
+root:600100001:10000
+# This is after max
+foo:600090001:10000
diff --git a/tests/tests/subids/63_useradd_fill_gap4/useradd.test b/tests/tests/subids/63_useradd_fill_gap4/useradd.test
new file mode 100755
index 0000000..eb399cf
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd fills subids gaps in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config.txt b/tests/tests/subids/64_useradd_fill_gap5/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config.txt
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/default/useradd b/tests/tests/subids/64_useradd_fill_gap5/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/group b/tests/tests/subids/64_useradd_fill_gap5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/gshadow b/tests/tests/subids/64_useradd_fill_gap5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/passwd b/tests/tests/subids/64_useradd_fill_gap5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/shadow b/tests/tests/subids/64_useradd_fill_gap5/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/subgid b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/subuid b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subuid
new file mode 100644
index 0000000..c178aee
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subuid
@@ -0,0 +1,3 @@
+root:100000:599990001
+# This is after max
+root:600100002:10000
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/group b/tests/tests/subids/64_useradd_fill_gap5/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/gshadow b/tests/tests/subids/64_useradd_fill_gap5/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/passwd b/tests/tests/subids/64_useradd_fill_gap5/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/shadow b/tests/tests/subids/64_useradd_fill_gap5/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/subgid b/tests/tests/subids/64_useradd_fill_gap5/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/subuid b/tests/tests/subids/64_useradd_fill_gap5/data/subuid
new file mode 100644
index 0000000..a992af1
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/subuid
@@ -0,0 +1,4 @@
+root:100000:599990001
+root:600100002:10000
+# This is after max
+foo:600090001:10000
diff --git a/tests/tests/subids/64_useradd_fill_gap5/useradd.test b/tests/tests/subids/64_useradd_fill_gap5/useradd.test
new file mode 100755
index 0000000..eb399cf
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd fills subids gaps in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config.txt b/tests/tests/subids/65_useradd_fill_gap6/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config.txt
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/default/useradd b/tests/tests/subids/65_useradd_fill_gap6/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/group b/tests/tests/subids/65_useradd_fill_gap6/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/gshadow b/tests/tests/subids/65_useradd_fill_gap6/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/passwd b/tests/tests/subids/65_useradd_fill_gap6/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/shadow b/tests/tests/subids/65_useradd_fill_gap6/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/subgid b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/subuid b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subuid
new file mode 100644
index 0000000..7f96123
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subuid
@@ -0,0 +1 @@
+root:90000:5000
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/group b/tests/tests/subids/65_useradd_fill_gap6/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/gshadow b/tests/tests/subids/65_useradd_fill_gap6/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/passwd b/tests/tests/subids/65_useradd_fill_gap6/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/shadow b/tests/tests/subids/65_useradd_fill_gap6/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/subgid b/tests/tests/subids/65_useradd_fill_gap6/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/subuid b/tests/tests/subids/65_useradd_fill_gap6/data/subuid
new file mode 100644
index 0000000..d275cb0
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/subuid
@@ -0,0 +1,2 @@
+root:90000:5000
+foo:100000:10000
diff --git a/tests/tests/subids/65_useradd_fill_gap6/useradd.test b/tests/tests/subids/65_useradd_fill_gap6/useradd.test
new file mode 100755
index 0000000..11baa08
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd create subids in /etc/sub[ug]id (range occupied before min)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config.txt b/tests/tests/subids/66_subordinate_range_cmp/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config.txt
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/default/useradd b/tests/tests/subids/66_subordinate_range_cmp/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/group b/tests/tests/subids/66_subordinate_range_cmp/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/gshadow b/tests/tests/subids/66_subordinate_range_cmp/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/passwd b/tests/tests/subids/66_subordinate_range_cmp/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/shadow b/tests/tests/subids/66_subordinate_range_cmp/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/subgid b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/subuid b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subuid
new file mode 100644
index 0000000..973cff0
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subuid
@@ -0,0 +1,15 @@
+#1
+root:90000:5000
+sfoo:300000:10000
+root:300000:10000
+root:200000:15000
+root:200000:10000
+root:100000:5000
+#2
+root:90000:5000
+root:200000:10000
+root:200000:15000
+root:300000:10000
+sfoo:300000:10000
+root:100000:5000
+#3
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/group b/tests/tests/subids/66_subordinate_range_cmp/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/gshadow b/tests/tests/subids/66_subordinate_range_cmp/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/passwd b/tests/tests/subids/66_subordinate_range_cmp/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/shadow b/tests/tests/subids/66_subordinate_range_cmp/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/subgid b/tests/tests/subids/66_subordinate_range_cmp/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/subuid b/tests/tests/subids/66_subordinate_range_cmp/data/subuid
new file mode 100644
index 0000000..1bd0022
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/subuid
@@ -0,0 +1,16 @@
+root:90000:5000
+root:90000:5000
+root:100000:5000
+root:100000:5000
+root:200000:10000
+root:200000:10000
+root:200000:15000
+root:200000:15000
+root:300000:10000
+root:300000:10000
+sfoo:300000:10000
+sfoo:300000:10000
+#3
+#2
+#1
+foo:105000:10000
diff --git a/tests/tests/subids/66_subordinate_range_cmp/useradd.test b/tests/tests/subids/66_subordinate_range_cmp/useradd.test
new file mode 100755
index 0000000..966db07
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "test the sort algorithm for subordinate IDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config.txt b/tests/tests/subids/67_invalid_subuid_file1/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config.txt
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/default/useradd b/tests/tests/subids/67_invalid_subuid_file1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/group b/tests/tests/subids/67_invalid_subuid_file1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/gshadow b/tests/tests/subids/67_invalid_subuid_file1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/passwd b/tests/tests/subids/67_invalid_subuid_file1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/shadow b/tests/tests/subids/67_invalid_subuid_file1/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/subgid b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/subuid b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subuid
new file mode 100644
index 0000000..5ebb946
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subuid
@@ -0,0 +1,2 @@
+root::5000
+root:200000:10000
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/group b/tests/tests/subids/67_invalid_subuid_file1/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/gshadow b/tests/tests/subids/67_invalid_subuid_file1/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/passwd b/tests/tests/subids/67_invalid_subuid_file1/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/shadow b/tests/tests/subids/67_invalid_subuid_file1/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/subgid b/tests/tests/subids/67_invalid_subuid_file1/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/subuid b/tests/tests/subids/67_invalid_subuid_file1/data/subuid
new file mode 100644
index 0000000..492cd04
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/subuid
@@ -0,0 +1,3 @@
+root:200000:10000
+root::5000
+foo:100000:10000
diff --git a/tests/tests/subids/67_invalid_subuid_file1/useradd.test b/tests/tests/subids/67_invalid_subuid_file1/useradd.test
new file mode 100755
index 0000000..acdd793
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (no numerical subordinate user ID)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config.txt b/tests/tests/subids/68_invalid_subuid_file2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config.txt
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/default/useradd b/tests/tests/subids/68_invalid_subuid_file2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/group b/tests/tests/subids/68_invalid_subuid_file2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/gshadow b/tests/tests/subids/68_invalid_subuid_file2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/passwd b/tests/tests/subids/68_invalid_subuid_file2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/shadow b/tests/tests/subids/68_invalid_subuid_file2/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/subgid b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/subuid b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subuid
new file mode 100644
index 0000000..154481d
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subuid
@@ -0,0 +1,2 @@
+root:100000:
+root:200000:10000
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/group b/tests/tests/subids/68_invalid_subuid_file2/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/gshadow b/tests/tests/subids/68_invalid_subuid_file2/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/passwd b/tests/tests/subids/68_invalid_subuid_file2/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/shadow b/tests/tests/subids/68_invalid_subuid_file2/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/subgid b/tests/tests/subids/68_invalid_subuid_file2/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/subuid b/tests/tests/subids/68_invalid_subuid_file2/data/subuid
new file mode 100644
index 0000000..162f05c
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/subuid
@@ -0,0 +1,3 @@
+root:200000:10000
+root:100000:
+foo:100000:10000
diff --git a/tests/tests/subids/68_invalid_subuid_file2/useradd.test b/tests/tests/subids/68_invalid_subuid_file2/useradd.test
new file mode 100755
index 0000000..fa67277
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (no numerical subordinate user ID count)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config.txt b/tests/tests/subids/69_invalid_subuid_file3/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config.txt
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/default/useradd b/tests/tests/subids/69_invalid_subuid_file3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/group b/tests/tests/subids/69_invalid_subuid_file3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/gshadow b/tests/tests/subids/69_invalid_subuid_file3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/passwd b/tests/tests/subids/69_invalid_subuid_file3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/shadow b/tests/tests/subids/69_invalid_subuid_file3/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/subgid b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/subuid b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subuid
new file mode 100644
index 0000000..86fd00d
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subuid
@@ -0,0 +1,2 @@
+:100000:10000
+root:200000:10000
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/group b/tests/tests/subids/69_invalid_subuid_file3/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/gshadow b/tests/tests/subids/69_invalid_subuid_file3/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/passwd b/tests/tests/subids/69_invalid_subuid_file3/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/shadow b/tests/tests/subids/69_invalid_subuid_file3/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/subgid b/tests/tests/subids/69_invalid_subuid_file3/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/subuid b/tests/tests/subids/69_invalid_subuid_file3/data/subuid
new file mode 100644
index 0000000..7faccee
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/subuid
@@ -0,0 +1,3 @@
+root:200000:10000
+:100000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/69_invalid_subuid_file3/useradd.test b/tests/tests/subids/69_invalid_subuid_file3/useradd.test
new file mode 100755
index 0000000..89bc4cb
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (no login name)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config.txt b/tests/tests/subids/70_invalid_subuid_file4/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config.txt
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/default/useradd b/tests/tests/subids/70_invalid_subuid_file4/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/group b/tests/tests/subids/70_invalid_subuid_file4/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/gshadow b/tests/tests/subids/70_invalid_subuid_file4/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/passwd b/tests/tests/subids/70_invalid_subuid_file4/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/shadow b/tests/tests/subids/70_invalid_subuid_file4/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/subgid b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/subuid b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subuid
new file mode 100644
index 0000000..c8f2b70
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subuid
@@ -0,0 +1,5 @@
+root:-1:10000
+root:100000:-1
+root:100000a:10000
+root:100000:10000a
+root:200000:10000
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/group b/tests/tests/subids/70_invalid_subuid_file4/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/gshadow b/tests/tests/subids/70_invalid_subuid_file4/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/passwd b/tests/tests/subids/70_invalid_subuid_file4/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/shadow b/tests/tests/subids/70_invalid_subuid_file4/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/subgid b/tests/tests/subids/70_invalid_subuid_file4/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/subuid b/tests/tests/subids/70_invalid_subuid_file4/data/subuid
new file mode 100644
index 0000000..d162a80
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/subuid
@@ -0,0 +1,6 @@
+root:200000:10000
+root:100000:10000a
+root:100000a:10000
+root:100000:-1
+root:-1:10000
+foo:100000:10000
diff --git a/tests/tests/subids/70_invalid_subuid_file4/useradd.test b/tests/tests/subids/70_invalid_subuid_file4/useradd.test
new file mode 100755
index 0000000..a20e0e9
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (invalid numerical values)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config.txt b/tests/tests/subids/71_useradd_subids_for_system/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config.txt
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/default/useradd b/tests/tests/subids/71_useradd_subids_for_system/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/group b/tests/tests/subids/71_useradd_subids_for_system/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/gshadow b/tests/tests/subids/71_useradd_subids_for_system/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/passwd b/tests/tests/subids/71_useradd_subids_for_system/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/shadow b/tests/tests/subids/71_useradd_subids_for_system/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/subgid b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subgid
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/subuid b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subuid
diff --git a/tests/tests/subids/71_useradd_subids_for_system/data/subgid b/tests/tests/subids/71_useradd_subids_for_system/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/71_useradd_subids_for_system/data/subuid b/tests/tests/subids/71_useradd_subids_for_system/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/71_useradd_subids_for_system/useradd.test b/tests/tests/subids/71_useradd_subids_for_system/useradd.test
new file mode 100755
index 0000000..b9e073f
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/useradd.test
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd adds subids for system user in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add system user foo..."
+useradd -r -F foo
+echo "OK"
+
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
diff --git a/tests/tests/unit/.deps/test_adds-test_adds.Po b/tests/tests/unit/.deps/test_adds-test_adds.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_adds-test_adds.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_atoi_strtoi-test_atoi_strtoi.Po b/tests/tests/unit/.deps/test_atoi_strtoi-test_atoi_strtoi.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_atoi_strtoi-test_atoi_strtoi.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_chkname-test_chkname.Po b/tests/tests/unit/.deps/test_chkname-test_chkname.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_chkname-test_chkname.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_logind-test_logind.Po b/tests/tests/unit/.deps/test_logind-test_logind.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_logind-test_logind.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_sprintf-test_sprintf.Po b/tests/tests/unit/.deps/test_sprintf-test_sprintf.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_sprintf-test_sprintf.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_strncpy-test_strncpy.Po b/tests/tests/unit/.deps/test_strncpy-test_strncpy.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_strncpy-test_strncpy.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_strtcpy-test_strtcpy.Po b/tests/tests/unit/.deps/test_strtcpy-test_strtcpy.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_strtcpy-test_strtcpy.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_xasprintf-test_xasprintf.Po b/tests/tests/unit/.deps/test_xasprintf-test_xasprintf.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_xasprintf-test_xasprintf.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_zustr2stp-test_zustr2stp.Po b/tests/tests/unit/.deps/test_zustr2stp-test_zustr2stp.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_zustr2stp-test_zustr2stp.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.gitignore b/tests/tests/unit/.gitignore
new file mode 100644
index 0000000..f331069
--- /dev/null
+++ b/tests/tests/unit/.gitignore
@@ -0,0 +1,6 @@
+# General files applicable to all test files
+*.log
+*.trs
+
+# Specific files to be added each time a new file is included
+test_logind
\ No newline at end of file
diff --git a/tests/tests/unit/Makefile b/tests/tests/unit/Makefile
new file mode 100644
index 0000000..39e86e1
--- /dev/null
+++ b/tests/tests/unit/Makefile
@@ -0,0 +1,1702 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# tests/unit/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/shadow
+pkgincludedir = $(includedir)/shadow
+pkglibdir = $(libdir)/shadow
+pkglibexecdir = $(libexecdir)/shadow
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-pc-linux-gnu
+host_triplet = x86_64-pc-linux-gnu
+check_PROGRAMS = test_adds$(EXEEXT) \
+	test_atoi_strtoi$(EXEEXT) \
+	test_chkname$(EXEEXT) test_sprintf$(EXEEXT) \
+	test_strncpy$(EXEEXT) test_strtcpy$(EXEEXT) \
+	test_xasprintf$(EXEEXT) \
+	test_zustr2stp$(EXEEXT) $(am__EXEEXT_1)
+am__append_1 = \
+    test_logind
+
+subdir = tests/unit
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__EXEEXT_1 =  \
+	test_logind$(EXEEXT)
+am__test_adds_SOURCES_DIST = ../../lib/adds.c test_adds.c
+am__dirstamp = $(am__leading_dot)dirstamp
+am_test_adds_OBJECTS =  \
+	../../lib/test_adds-adds.$(OBJEXT) \
+	test_adds-test_adds.$(OBJEXT)
+test_adds_OBJECTS = $(am_test_adds_OBJECTS)
+am__DEPENDENCIES_1 =
+test_adds_DEPENDENCIES = $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+test_adds_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_adds_CFLAGS) \
+	$(CFLAGS) $(test_adds_LDFLAGS) $(LDFLAGS) -o $@
+am__test_atoi_strtoi_SOURCES_DIST = ../../lib/atoi/strtoi.c \
+	test_atoi_strtoi.c
+am_test_atoi_strtoi_OBJECTS = ../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT) \
+	test_atoi_strtoi-test_atoi_strtoi.$(OBJEXT)
+test_atoi_strtoi_OBJECTS = $(am_test_atoi_strtoi_OBJECTS)
+test_atoi_strtoi_DEPENDENCIES =  \
+	$(am__DEPENDENCIES_1)
+test_atoi_strtoi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_atoi_strtoi_CFLAGS) $(CFLAGS) \
+	$(test_atoi_strtoi_LDFLAGS) $(LDFLAGS) -o $@
+am__test_chkname_SOURCES_DIST = ../../lib/chkname.c test_chkname.c
+am_test_chkname_OBJECTS =  \
+	../../lib/test_chkname-chkname.$(OBJEXT) \
+	test_chkname-test_chkname.$(OBJEXT)
+test_chkname_OBJECTS = $(am_test_chkname_OBJECTS)
+test_chkname_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_chkname_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_chkname_CFLAGS) \
+	$(CFLAGS) $(test_chkname_LDFLAGS) $(LDFLAGS) -o $@
+am__test_logind_SOURCES_DIST = ../../lib/logind.c test_logind.c
+am_test_logind_OBJECTS =  \
+	../../lib/test_logind-logind.$(OBJEXT) \
+	test_logind-test_logind.$(OBJEXT)
+test_logind_OBJECTS = $(am_test_logind_OBJECTS)
+test_logind_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+test_logind_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_logind_CFLAGS) \
+	$(CFLAGS) $(test_logind_LDFLAGS) $(LDFLAGS) -o $@
+am__test_sprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_sprintf.c
+am_test_sprintf_OBJECTS = ../../lib/string/test_sprintf-sprintf.$(OBJEXT) \
+	test_sprintf-test_sprintf.$(OBJEXT)
+test_sprintf_OBJECTS = $(am_test_sprintf_OBJECTS)
+test_sprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_sprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_sprintf_CFLAGS) \
+	$(CFLAGS) $(test_sprintf_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strncpy_SOURCES_DIST = test_strncpy.c
+am_test_strncpy_OBJECTS =  \
+	test_strncpy-test_strncpy.$(OBJEXT)
+test_strncpy_OBJECTS = $(am_test_strncpy_OBJECTS)
+test_strncpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strncpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strncpy_CFLAGS) \
+	$(CFLAGS) $(test_strncpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strtcpy_SOURCES_DIST = ../../lib/string/strtcpy.c \
+	test_strtcpy.c
+am_test_strtcpy_OBJECTS = ../../lib/string/test_strtcpy-strtcpy.$(OBJEXT) \
+	test_strtcpy-test_strtcpy.$(OBJEXT)
+test_strtcpy_OBJECTS = $(am_test_strtcpy_OBJECTS)
+test_strtcpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strtcpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strtcpy_CFLAGS) \
+	$(CFLAGS) $(test_strtcpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_xasprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_xasprintf.c
+am_test_xasprintf_OBJECTS = ../../lib/string/test_xasprintf-sprintf.$(OBJEXT) \
+	test_xasprintf-test_xasprintf.$(OBJEXT)
+test_xasprintf_OBJECTS = $(am_test_xasprintf_OBJECTS)
+test_xasprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_xasprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_xasprintf_CFLAGS) $(CFLAGS) $(test_xasprintf_LDFLAGS) \
+	$(LDFLAGS) -o $@
+am__test_zustr2stp_SOURCES_DIST = test_zustr2stp.c
+am_test_zustr2stp_OBJECTS =  \
+	test_zustr2stp-test_zustr2stp.$(OBJEXT)
+test_zustr2stp_OBJECTS = $(am_test_zustr2stp_OBJECTS)
+test_zustr2stp_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_zustr2stp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_zustr2stp_CFLAGS) $(CFLAGS) $(test_zustr2stp_LDFLAGS) \
+	$(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_$(V))
+am__v_P_ = $(am__v_P_$(AM_DEFAULT_VERBOSITY))
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ../../lib/$(DEPDIR)/test_adds-adds.Po \
+	../../lib/$(DEPDIR)/test_chkname-chkname.Po \
+	../../lib/$(DEPDIR)/test_logind-logind.Po \
+	../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po \
+	../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po \
+	../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po \
+	../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po \
+	./$(DEPDIR)/test_adds-test_adds.Po \
+	./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po \
+	./$(DEPDIR)/test_chkname-test_chkname.Po \
+	./$(DEPDIR)/test_logind-test_logind.Po \
+	./$(DEPDIR)/test_sprintf-test_sprintf.Po \
+	./$(DEPDIR)/test_strncpy-test_strncpy.Po \
+	./$(DEPDIR)/test_strtcpy-test_strtcpy.Po \
+	./$(DEPDIR)/test_xasprintf-test_xasprintf.Po \
+	./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(test_adds_SOURCES) $(test_atoi_strtoi_SOURCES) \
+	$(test_chkname_SOURCES) $(test_logind_SOURCES) \
+	$(test_sprintf_SOURCES) $(test_strncpy_SOURCES) \
+	$(test_strtcpy_SOURCES) $(test_xasprintf_SOURCES) \
+	$(test_zustr2stp_SOURCES)
+DIST_SOURCES = $(am__test_adds_SOURCES_DIST) \
+	$(am__test_atoi_strtoi_SOURCES_DIST) \
+	$(am__test_chkname_SOURCES_DIST) \
+	$(am__test_logind_SOURCES_DIST) \
+	$(am__test_sprintf_SOURCES_DIST) \
+	$(am__test_strncpy_SOURCES_DIST) \
+	$(am__test_strtcpy_SOURCES_DIST) \
+	$(am__test_xasprintf_SOURCES_DIST) \
+	$(am__test_zustr2stp_SOURCES_DIST)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS =  .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+	$(top_srcdir)/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' aclocal-1.16
+AMTAR = $${TAR-tar}
+AM_DEFAULT_VERBOSITY = 0
+AR = ar
+AUTOCONF = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' autoconf
+AUTOHEADER = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' autoheader
+AUTOMAKE = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' automake-1.16
+AWK = gawk
+CC = gcc
+CCDEPMODE = depmode=gcc3
+CFLAGS = -O2 -Wall -Wextra -Werror=implicit-function-declaration -Werror=implicit-int -Werror=incompatible-pointer-types -Werror=int-conversion -Wno-expansion-to-defined -Wno-unknown-attributes -Wno-unknown-warning-option
+CMOCKA_CFLAGS = 
+CMOCKA_LIBS = -lcmocka 
+CPP = gcc -E
+CPPFLAGS = 
+CSCOPE = cscope
+CTAGS = ctags
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+DLLTOOL = false
+DSYMUTIL = 
+DUMPBIN = 
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+ECONF_CPPFLAGS = 
+EGREP = /usr/bin/grep -E
+ETAGS = etags
+EXEEXT = 
+FGREP = /usr/bin/grep -F
+FILECMD = file
+GETTEXT_MACRO_VERSION = 0.19
+GMSGFMT = /usr/bin/msgfmt
+GMSGFMT_015 = /usr/bin/msgfmt
+GREP = /usr/bin/grep
+GROUP_NAME_MAX_LENGTH = 32
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+INTLLIBS = 
+INTL_MACOSX_LIBS = 
+LD = /usr/bin/ld -m elf_x86_64
+LDFLAGS = 
+LIBACL = -lacl
+LIBADD_DL =  
+LIBADD_DLD_LINK = 
+LIBADD_DLOPEN = 
+LIBADD_SHL_LOAD = 
+LIBATTR = -lattr
+LIBAUDIT = -laudit
+LIBBSD = 
+LIBBSD_CFLAGS = -isystem /usr/include/x86_64-linux-gnu/bsd -DLIBBSD_OVERLAY 
+LIBBSD_LIBS = -lbsd 
+LIBCRYPT = -lcrypt
+LIBECONF = 
+LIBICONV = -liconv
+LIBINTL = 
+LIBMD = 
+LIBOBJS =  ${LIBOBJDIR}sgetgrent$U.o ${LIBOBJDIR}sgetpwent$U.o
+LIBPAM = 
+LIBS = -lbsd 
+LIBSELINUX = -lselinux
+LIBSEMANAGE = -lsemanage
+LIBSKEY = 
+LIBSUBID_ABI = 4.0.0
+LIBSUBID_ABI_MAJOR = 4
+LIBSUBID_ABI_MICRO = 0
+LIBSUBID_ABI_MINOR = 0
+LIBSYSTEMD = -lsystemd
+LIBTCB = 
+LIBTOOL = $(SHELL) $(top_builddir)/libtool
+LIPO = 
+LIYESCRYPT = -lcrypt
+LN_S = ln -s
+LTLIBICONV = -liconv
+LTLIBINTL = 
+LTLIBOBJS =  ${LIBOBJDIR}sgetgrent$U.lo ${LIBOBJDIR}sgetpwent$U.lo
+LT_DLLOADERS =  dlopen.la
+LT_DLPREOPEN = -dlpreopen dlopen.la 
+LT_SYS_LIBRARY_PATH = 
+MAINT = 
+MAKEINFO = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' makeinfo
+MANIFEST_TOOL = :
+MKDIR_P = /usr/bin/mkdir -p
+MSGFMT = /usr/bin/msgfmt
+MSGFMT_015 = /usr/bin/msgfmt
+MSGMERGE = /usr/bin/msgmerge
+NM = /usr/bin/nm -B
+NMEDIT = 
+OBJDUMP = objdump
+OBJEXT = o
+OTOOL = 
+OTOOL64 = 
+PACKAGE = shadow
+PACKAGE_BUGREPORT = pkg-shadow-devel@lists.alioth.debian.org
+PACKAGE_NAME = shadow
+PACKAGE_STRING = shadow 4.15.2
+PACKAGE_TARNAME = shadow
+PACKAGE_URL = https://github.com/shadow-maint/shadow
+PACKAGE_VERSION = 4.15.2
+PATH_SEPARATOR = :
+PKG_CONFIG = /usr/bin/pkg-config
+PKG_CONFIG_LIBDIR = 
+PKG_CONFIG_PATH = 
+POSUB = po
+RANLIB = ranlib
+SED = /usr/bin/sed
+SET_MAKE = 
+SHELL = /bin/bash
+STRIP = strip
+USE_NLS = yes
+VENDORDIR = 
+VERSION = 4.15.2
+XGETTEXT = /usr/bin/xgettext
+XGETTEXT_015 = /usr/bin/xgettext
+XGETTEXT_EXTRA_OPTIONS = 
+XMLCATALOG = /usr/bin/xmlcatalog
+XML_CATALOG_FILE = /etc/xml/catalog
+XSLTPROC = /usr/bin/xsltproc
+YACC = bison -y
+YFLAGS = 
+abs_builddir = /home/alx/src/shadow/stable/shadow/4.15.2/tests/unit
+abs_srcdir = /home/alx/src/shadow/stable/shadow/4.15.2/tests/unit
+abs_top_builddir = /home/alx/src/shadow/stable/shadow/4.15.2
+abs_top_srcdir = /home/alx/src/shadow/stable/shadow/4.15.2
+ac_ct_AR = ar
+ac_ct_CC = gcc
+ac_ct_DUMPBIN = 
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = tar --format=posix -chf - "$$tardir"
+am__untar = tar -xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-pc-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+capcmd = 
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = 
+host = x86_64-pc-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /home/alx/src/shadow/stable/shadow/4.15.2/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = $(MKDIR_P)
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr
+program_transform_name = s,x,x,
+psdir = ${docdir}
+runstatedir = ${localstatedir}/run
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../../
+top_builddir = ../..
+top_srcdir = ../..
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+TESTS = $(check_PROGRAMS)
+test_adds_SOURCES = \
+    ../../lib/adds.c \
+    test_adds.c \
+    $(NULL)
+
+test_adds_CFLAGS = \
+    $(AM_FLAGS) \
+    $(NULL)
+
+test_adds_LDFLAGS = \
+    $(NULL)
+
+test_adds_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_atoi_strtoi_SOURCES = \
+    ../../lib/atoi/strtoi.c \
+    test_atoi_strtoi.c \
+    $(NULL)
+
+test_atoi_strtoi_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_atoi_strtoi_LDFLAGS = \
+    $(NULL)
+
+test_atoi_strtoi_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_chkname_SOURCES = \
+    ../../lib/chkname.c \
+    test_chkname.c \
+    $(NULL)
+
+test_chkname_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_chkname_LDFLAGS = \
+    $(NULL)
+
+test_chkname_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_logind_SOURCES = \
+    ../../lib/logind.c \
+    test_logind.c \
+    $(NULL)
+
+test_logind_CFLAGS = \
+    $(AM_CFLAGS) \
+    -lsystemd \
+    $(NULL)
+
+test_logind_LDFLAGS = \
+    -Wl,-wrap,prefix_getpwnam \
+    -Wl,-wrap,sd_uid_get_sessions \
+    $(NULL)
+
+test_logind_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(LIBSYSTEMD) \
+    $(NULL)
+
+test_sprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_sprintf.c \
+    $(NULL)
+
+test_sprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_sprintf_LDFLAGS = \
+    $(NULL)
+
+test_sprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strncpy_SOURCES = \
+    test_strncpy.c \
+    $(NULL)
+
+test_strncpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_strncpy_LDFLAGS = \
+    $(NULL)
+
+test_strncpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strtcpy_SOURCES = \
+    ../../lib/string/strtcpy.c \
+    test_strtcpy.c \
+    $(NULL)
+
+test_strtcpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_strtcpy_LDFLAGS = \
+    $(NULL)
+
+test_strtcpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_xasprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_xasprintf.c \
+    $(NULL)
+
+test_xasprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_xasprintf_LDFLAGS = \
+    -Wl,-wrap,vasprintf \
+    -Wl,-wrap,exit \
+    $(NULL)
+
+test_xasprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_zustr2stp_SOURCES = \
+    test_zustr2stp.c \
+    $(NULL)
+
+test_zustr2stp_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_zustr2stp_LDFLAGS = \
+    $(NULL)
+
+test_zustr2stp_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/unit/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign tests/unit/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+../../lib/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib
+	@: > ../../lib/$(am__dirstamp)
+../../lib/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/$(DEPDIR)
+	@: > ../../lib/$(DEPDIR)/$(am__dirstamp)
+../../lib/test_adds-adds.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_adds$(EXEEXT): $(test_adds_OBJECTS) $(test_adds_DEPENDENCIES) $(EXTRA_test_adds_DEPENDENCIES) 
+	@rm -f test_adds$(EXEEXT)
+	$(AM_V_CCLD)$(test_adds_LINK) $(test_adds_OBJECTS) $(test_adds_LDADD) $(LIBS)
+../../lib/atoi/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi
+	@: > ../../lib/atoi/$(am__dirstamp)
+../../lib/atoi/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi/$(DEPDIR)
+	@: > ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT):  \
+	../../lib/atoi/$(am__dirstamp) \
+	../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+
+test_atoi_strtoi$(EXEEXT): $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_DEPENDENCIES) $(EXTRA_test_atoi_strtoi_DEPENDENCIES) 
+	@rm -f test_atoi_strtoi$(EXEEXT)
+	$(AM_V_CCLD)$(test_atoi_strtoi_LINK) $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_LDADD) $(LIBS)
+../../lib/test_chkname-chkname.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_chkname$(EXEEXT): $(test_chkname_OBJECTS) $(test_chkname_DEPENDENCIES) $(EXTRA_test_chkname_DEPENDENCIES) 
+	@rm -f test_chkname$(EXEEXT)
+	$(AM_V_CCLD)$(test_chkname_LINK) $(test_chkname_OBJECTS) $(test_chkname_LDADD) $(LIBS)
+../../lib/test_logind-logind.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_logind$(EXEEXT): $(test_logind_OBJECTS) $(test_logind_DEPENDENCIES) $(EXTRA_test_logind_DEPENDENCIES) 
+	@rm -f test_logind$(EXEEXT)
+	$(AM_V_CCLD)$(test_logind_LINK) $(test_logind_OBJECTS) $(test_logind_LDADD) $(LIBS)
+../../lib/string/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string
+	@: > ../../lib/string/$(am__dirstamp)
+../../lib/string/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string/$(DEPDIR)
+	@: > ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+../../lib/string/test_sprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_sprintf$(EXEEXT): $(test_sprintf_OBJECTS) $(test_sprintf_DEPENDENCIES) $(EXTRA_test_sprintf_DEPENDENCIES) 
+	@rm -f test_sprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_sprintf_LINK) $(test_sprintf_OBJECTS) $(test_sprintf_LDADD) $(LIBS)
+
+test_strncpy$(EXEEXT): $(test_strncpy_OBJECTS) $(test_strncpy_DEPENDENCIES) $(EXTRA_test_strncpy_DEPENDENCIES) 
+	@rm -f test_strncpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strncpy_LINK) $(test_strncpy_OBJECTS) $(test_strncpy_LDADD) $(LIBS)
+../../lib/string/test_strtcpy-strtcpy.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_strtcpy$(EXEEXT): $(test_strtcpy_OBJECTS) $(test_strtcpy_DEPENDENCIES) $(EXTRA_test_strtcpy_DEPENDENCIES) 
+	@rm -f test_strtcpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strtcpy_LINK) $(test_strtcpy_OBJECTS) $(test_strtcpy_LDADD) $(LIBS)
+../../lib/string/test_xasprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_xasprintf$(EXEEXT): $(test_xasprintf_OBJECTS) $(test_xasprintf_DEPENDENCIES) $(EXTRA_test_xasprintf_DEPENDENCIES) 
+	@rm -f test_xasprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_xasprintf_LINK) $(test_xasprintf_OBJECTS) $(test_xasprintf_LDADD) $(LIBS)
+
+test_zustr2stp$(EXEEXT): $(test_zustr2stp_OBJECTS) $(test_zustr2stp_DEPENDENCIES) $(EXTRA_test_zustr2stp_DEPENDENCIES) 
+	@rm -f test_zustr2stp$(EXEEXT)
+	$(AM_V_CCLD)$(test_zustr2stp_LINK) $(test_zustr2stp_OBJECTS) $(test_zustr2stp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f ../../lib/*.$(OBJEXT)
+	-rm -f ../../lib/atoi/*.$(OBJEXT)
+	-rm -f ../../lib/string/*.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ../../lib/$(DEPDIR)/test_adds-adds.Po # am--include-marker
+include ../../lib/$(DEPDIR)/test_chkname-chkname.Po # am--include-marker
+include ../../lib/$(DEPDIR)/test_logind-logind.Po # am--include-marker
+include ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po # am--include-marker
+include ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po # am--include-marker
+include ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po # am--include-marker
+include ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po # am--include-marker
+include ./$(DEPDIR)/test_adds-test_adds.Po # am--include-marker
+include ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po # am--include-marker
+include ./$(DEPDIR)/test_chkname-test_chkname.Po # am--include-marker
+include ./$(DEPDIR)/test_logind-test_logind.Po # am--include-marker
+include ./$(DEPDIR)/test_sprintf-test_sprintf.Po # am--include-marker
+include ./$(DEPDIR)/test_strncpy-test_strncpy.Po # am--include-marker
+include ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po # am--include-marker
+include ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po # am--include-marker
+include ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+	$(am__mv) $$depbase.Tpo $$depbase.Po
+#	$(AM_V_CC)source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+	$(am__mv) $$depbase.Tpo $$depbase.Po
+#	$(AM_V_CC)source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+	$(am__mv) $$depbase.Tpo $$depbase.Plo
+#	$(AM_V_CC)source='$<' object='$@' libtool=yes \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(LTCOMPILE) -c -o $@ $<
+
+../../lib/test_adds-adds.o: ../../lib/adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.o -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+#	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+
+../../lib/test_adds-adds.obj: ../../lib/adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+#	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+
+test_adds-test_adds.o: test_adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.o -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+#	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+
+test_adds-test_adds.obj: test_adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.obj -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+#	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+
+../../lib/atoi/test_atoi_strtoi-strtoi.o: ../../lib/atoi/strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.o -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+#	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+
+../../lib/atoi/test_atoi_strtoi-strtoi.obj: ../../lib/atoi/strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.obj -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+#	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+
+test_atoi_strtoi-test_atoi_strtoi.o: test_atoi_strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.o -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+#	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+
+test_atoi_strtoi-test_atoi_strtoi.obj: test_atoi_strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.obj -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+#	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+
+../../lib/test_chkname-chkname.o: ../../lib/chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.o -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+#	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+
+../../lib/test_chkname-chkname.obj: ../../lib/chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+#	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+
+test_chkname-test_chkname.o: test_chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.o -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+#	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+
+test_chkname-test_chkname.obj: test_chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.obj -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+#	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+
+../../lib/test_logind-logind.o: ../../lib/logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.o -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+#	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+
+../../lib/test_logind-logind.obj: ../../lib/logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+#	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+
+test_logind-test_logind.o: test_logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.o -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+#	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+
+test_logind-test_logind.obj: test_logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.obj -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+#	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+
+../../lib/string/test_sprintf-sprintf.o: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_sprintf-sprintf.obj: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_sprintf-test_sprintf.o: test_sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.o -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+#	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+
+test_sprintf-test_sprintf.obj: test_sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.obj -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+#	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+
+test_strncpy-test_strncpy.o: test_strncpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.o -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+#	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+
+test_strncpy-test_strncpy.obj: test_strncpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.obj -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+#	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+
+../../lib/string/test_strtcpy-strtcpy.o: ../../lib/string/strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+#	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+
+../../lib/string/test_strtcpy-strtcpy.obj: ../../lib/string/strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+#	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+
+test_strtcpy-test_strtcpy.o: test_strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.o -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+#	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+
+test_strtcpy-test_strtcpy.obj: test_strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.obj -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+#	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+
+../../lib/string/test_xasprintf-sprintf.o: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_xasprintf-sprintf.obj: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_xasprintf-test_xasprintf.o: test_xasprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.o -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+#	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+
+test_xasprintf-test_xasprintf.obj: test_xasprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.obj -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+#	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+
+test_zustr2stp-test_zustr2stp.o: test_zustr2stp.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.o -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+#	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+
+test_zustr2stp-test_zustr2stp.obj: test_zustr2stp.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.obj -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+#	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(check_PROGRAMS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(check_PROGRAMS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+test_adds.log: test_adds$(EXEEXT)
+	@p='test_adds$(EXEEXT)'; \
+	b='test_adds'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_atoi_strtoi.log: test_atoi_strtoi$(EXEEXT)
+	@p='test_atoi_strtoi$(EXEEXT)'; \
+	b='test_atoi_strtoi'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_chkname.log: test_chkname$(EXEEXT)
+	@p='test_chkname$(EXEEXT)'; \
+	b='test_chkname'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_sprintf.log: test_sprintf$(EXEEXT)
+	@p='test_sprintf$(EXEEXT)'; \
+	b='test_sprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strncpy.log: test_strncpy$(EXEEXT)
+	@p='test_strncpy$(EXEEXT)'; \
+	b='test_strncpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strtcpy.log: test_strtcpy$(EXEEXT)
+	@p='test_strtcpy$(EXEEXT)'; \
+	b='test_strtcpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_xasprintf.log: test_xasprintf$(EXEEXT)
+	@p='test_xasprintf$(EXEEXT)'; \
+	b='test_xasprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_zustr2stp.log: test_zustr2stp$(EXEEXT)
+	@p='test_zustr2stp$(EXEEXT)'; \
+	b='test_zustr2stp'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_logind.log: test_logind$(EXEEXT)
+	@p='test_logind$(EXEEXT)'; \
+	b='test_logind'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+#.test$(EXEEXT).log:
+#	@p='$<'; \
+#	$(am__set_b); \
+#	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+#	--log-file $$b.log --trs-file $$b.trs \
+#	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+#	"$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f ../../lib/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(am__dirstamp)
+	-rm -f ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/string/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/tests/unit/Makefile.am b/tests/tests/unit/Makefile.am
new file mode 100644
index 0000000..d89367a
--- /dev/null
+++ b/tests/tests/unit/Makefile.am
@@ -0,0 +1,145 @@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+
+if HAVE_CMOCKA
+TESTS = $(check_PROGRAMS)
+
+check_PROGRAMS = \
+    test_adds \
+    test_atoi_strtoi \
+    test_chkname \
+    test_sprintf \
+    test_strncpy \
+    test_strtcpy \
+    test_xasprintf \
+    test_zustr2stp
+
+if ENABLE_LOGIND
+check_PROGRAMS += \
+    test_logind
+endif # ENABLE_LOGIND
+
+check_PROGRAMS += \
+    $(NULL)
+
+test_adds_SOURCES = \
+    ../../lib/adds.c \
+    test_adds.c \
+    $(NULL)
+test_adds_CFLAGS = \
+    $(AM_FLAGS) \
+    $(NULL)
+test_adds_LDFLAGS = \
+    $(NULL)
+test_adds_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_atoi_strtoi_SOURCES = \
+    ../../lib/atoi/strtoi.c \
+    test_atoi_strtoi.c \
+    $(NULL)
+test_atoi_strtoi_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_atoi_strtoi_LDFLAGS = \
+    $(NULL)
+test_atoi_strtoi_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_chkname_SOURCES = \
+    ../../lib/chkname.c \
+    test_chkname.c \
+    $(NULL)
+test_chkname_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_chkname_LDFLAGS = \
+    $(NULL)
+test_chkname_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_logind_SOURCES = \
+    ../../lib/logind.c \
+    test_logind.c \
+    $(NULL)
+test_logind_CFLAGS = \
+    $(AM_CFLAGS) \
+    -lsystemd \
+    $(NULL)
+test_logind_LDFLAGS = \
+    -Wl,-wrap,prefix_getpwnam \
+    -Wl,-wrap,sd_uid_get_sessions \
+    $(NULL)
+test_logind_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(LIBSYSTEMD) \
+    $(NULL)
+
+test_sprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_sprintf.c \
+    $(NULL)
+test_sprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_sprintf_LDFLAGS = \
+    $(NULL)
+test_sprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strncpy_SOURCES = \
+    test_strncpy.c \
+    $(NULL)
+test_strncpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strncpy_LDFLAGS = \
+    $(NULL)
+test_strncpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strtcpy_SOURCES = \
+    ../../lib/string/strtcpy.c \
+    test_strtcpy.c \
+    $(NULL)
+test_strtcpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strtcpy_LDFLAGS = \
+    $(NULL)
+test_strtcpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_xasprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_xasprintf.c \
+    $(NULL)
+test_xasprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_xasprintf_LDFLAGS = \
+    -Wl,-wrap,vasprintf \
+    -Wl,-wrap,exit \
+    $(NULL)
+test_xasprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_zustr2stp_SOURCES = \
+    test_zustr2stp.c \
+    $(NULL)
+test_zustr2stp_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_zustr2stp_LDFLAGS = \
+    $(NULL)
+test_zustr2stp_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+endif # HAVE_CMOCKA
diff --git a/tests/tests/unit/Makefile.in b/tests/tests/unit/Makefile.in
new file mode 100644
index 0000000..108070c
--- /dev/null
+++ b/tests/tests/unit/Makefile.in
@@ -0,0 +1,1702 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_CMOCKA_TRUE@check_PROGRAMS = test_adds$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname$(EXEEXT) test_sprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_strncpy$(EXEEXT) test_strtcpy$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp$(EXEEXT) $(am__EXEEXT_1)
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__append_1 = \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@    test_logind
+
+subdir = tests/unit
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__EXEEXT_1 =  \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@	test_logind$(EXEEXT)
+am__test_adds_SOURCES_DIST = ../../lib/adds.c test_adds.c
+am__dirstamp = $(am__leading_dot)dirstamp
+@HAVE_CMOCKA_TRUE@am_test_adds_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_adds-adds.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_adds-test_adds.$(OBJEXT)
+test_adds_OBJECTS = $(am_test_adds_OBJECTS)
+am__DEPENDENCIES_1 =
+@HAVE_CMOCKA_TRUE@test_adds_DEPENDENCIES = $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+test_adds_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_adds_CFLAGS) \
+	$(CFLAGS) $(test_adds_LDFLAGS) $(LDFLAGS) -o $@
+am__test_atoi_strtoi_SOURCES_DIST = ../../lib/atoi/strtoi.c \
+	test_atoi_strtoi.c
+@HAVE_CMOCKA_TRUE@am_test_atoi_strtoi_OBJECTS = ../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi-test_atoi_strtoi.$(OBJEXT)
+test_atoi_strtoi_OBJECTS = $(am_test_atoi_strtoi_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_DEPENDENCIES =  \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_atoi_strtoi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_atoi_strtoi_CFLAGS) $(CFLAGS) \
+	$(test_atoi_strtoi_LDFLAGS) $(LDFLAGS) -o $@
+am__test_chkname_SOURCES_DIST = ../../lib/chkname.c test_chkname.c
+@HAVE_CMOCKA_TRUE@am_test_chkname_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_chkname-chkname.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname-test_chkname.$(OBJEXT)
+test_chkname_OBJECTS = $(am_test_chkname_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_chkname_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_chkname_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_chkname_CFLAGS) \
+	$(CFLAGS) $(test_chkname_LDFLAGS) $(LDFLAGS) -o $@
+am__test_logind_SOURCES_DIST = ../../lib/logind.c test_logind.c
+@HAVE_CMOCKA_TRUE@am_test_logind_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_logind-logind.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_logind-test_logind.$(OBJEXT)
+test_logind_OBJECTS = $(am_test_logind_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_logind_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_logind_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_logind_CFLAGS) \
+	$(CFLAGS) $(test_logind_LDFLAGS) $(LDFLAGS) -o $@
+am__test_sprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_sprintf.c
+@HAVE_CMOCKA_TRUE@am_test_sprintf_OBJECTS = ../../lib/string/test_sprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_sprintf-test_sprintf.$(OBJEXT)
+test_sprintf_OBJECTS = $(am_test_sprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_sprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_sprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_sprintf_CFLAGS) \
+	$(CFLAGS) $(test_sprintf_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strncpy_SOURCES_DIST = test_strncpy.c
+@HAVE_CMOCKA_TRUE@am_test_strncpy_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_strncpy-test_strncpy.$(OBJEXT)
+test_strncpy_OBJECTS = $(am_test_strncpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strncpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strncpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strncpy_CFLAGS) \
+	$(CFLAGS) $(test_strncpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strtcpy_SOURCES_DIST = ../../lib/string/strtcpy.c \
+	test_strtcpy.c
+@HAVE_CMOCKA_TRUE@am_test_strtcpy_OBJECTS = ../../lib/string/test_strtcpy-strtcpy.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_strtcpy-test_strtcpy.$(OBJEXT)
+test_strtcpy_OBJECTS = $(am_test_strtcpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strtcpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strtcpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strtcpy_CFLAGS) \
+	$(CFLAGS) $(test_strtcpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_xasprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_xasprintf.c
+@HAVE_CMOCKA_TRUE@am_test_xasprintf_OBJECTS = ../../lib/string/test_xasprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf-test_xasprintf.$(OBJEXT)
+test_xasprintf_OBJECTS = $(am_test_xasprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_xasprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_xasprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_xasprintf_CFLAGS) $(CFLAGS) $(test_xasprintf_LDFLAGS) \
+	$(LDFLAGS) -o $@
+am__test_zustr2stp_SOURCES_DIST = test_zustr2stp.c
+@HAVE_CMOCKA_TRUE@am_test_zustr2stp_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp-test_zustr2stp.$(OBJEXT)
+test_zustr2stp_OBJECTS = $(am_test_zustr2stp_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_zustr2stp_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_zustr2stp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_zustr2stp_CFLAGS) $(CFLAGS) $(test_zustr2stp_LDFLAGS) \
+	$(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ../../lib/$(DEPDIR)/test_adds-adds.Po \
+	../../lib/$(DEPDIR)/test_chkname-chkname.Po \
+	../../lib/$(DEPDIR)/test_logind-logind.Po \
+	../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po \
+	../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po \
+	../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po \
+	../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po \
+	./$(DEPDIR)/test_adds-test_adds.Po \
+	./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po \
+	./$(DEPDIR)/test_chkname-test_chkname.Po \
+	./$(DEPDIR)/test_logind-test_logind.Po \
+	./$(DEPDIR)/test_sprintf-test_sprintf.Po \
+	./$(DEPDIR)/test_strncpy-test_strncpy.Po \
+	./$(DEPDIR)/test_strtcpy-test_strtcpy.Po \
+	./$(DEPDIR)/test_xasprintf-test_xasprintf.Po \
+	./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(test_adds_SOURCES) $(test_atoi_strtoi_SOURCES) \
+	$(test_chkname_SOURCES) $(test_logind_SOURCES) \
+	$(test_sprintf_SOURCES) $(test_strncpy_SOURCES) \
+	$(test_strtcpy_SOURCES) $(test_xasprintf_SOURCES) \
+	$(test_zustr2stp_SOURCES)
+DIST_SOURCES = $(am__test_adds_SOURCES_DIST) \
+	$(am__test_atoi_strtoi_SOURCES_DIST) \
+	$(am__test_chkname_SOURCES_DIST) \
+	$(am__test_logind_SOURCES_DIST) \
+	$(am__test_sprintf_SOURCES_DIST) \
+	$(am__test_strncpy_SOURCES_DIST) \
+	$(am__test_strtcpy_SOURCES_DIST) \
+	$(am__test_xasprintf_SOURCES_DIST) \
+	$(am__test_zustr2stp_SOURCES_DIST)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+	$(top_srcdir)/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
+EGREP = @EGREP@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
+LIBCRYPT = @LIBCRYPT@
+LIBECONF = @LIBECONF@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBSUBID_ABI = @LIBSUBID_ABI@
+LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
+LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
+LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LIYESCRYPT = @LIYESCRYPT@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VENDORDIR = @VENDORDIR@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+capcmd = @capcmd@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+@HAVE_CMOCKA_TRUE@TESTS = $(check_PROGRAMS)
+@HAVE_CMOCKA_TRUE@test_adds_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/adds.c \
+@HAVE_CMOCKA_TRUE@    test_adds.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_FLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/atoi/strtoi.c \
+@HAVE_CMOCKA_TRUE@    test_atoi_strtoi.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/chkname.c \
+@HAVE_CMOCKA_TRUE@    test_chkname.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/logind.c \
+@HAVE_CMOCKA_TRUE@    test_logind.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    -lsystemd \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,prefix_getpwnam \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,sd_uid_get_sessions \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(LIBSYSTEMD) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_sprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_strncpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/strtcpy.c \
+@HAVE_CMOCKA_TRUE@    test_strtcpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_xasprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,vasprintf \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,exit \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_zustr2stp.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/unit/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign tests/unit/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+../../lib/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib
+	@: > ../../lib/$(am__dirstamp)
+../../lib/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/$(DEPDIR)
+	@: > ../../lib/$(DEPDIR)/$(am__dirstamp)
+../../lib/test_adds-adds.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_adds$(EXEEXT): $(test_adds_OBJECTS) $(test_adds_DEPENDENCIES) $(EXTRA_test_adds_DEPENDENCIES) 
+	@rm -f test_adds$(EXEEXT)
+	$(AM_V_CCLD)$(test_adds_LINK) $(test_adds_OBJECTS) $(test_adds_LDADD) $(LIBS)
+../../lib/atoi/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi
+	@: > ../../lib/atoi/$(am__dirstamp)
+../../lib/atoi/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi/$(DEPDIR)
+	@: > ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT):  \
+	../../lib/atoi/$(am__dirstamp) \
+	../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+
+test_atoi_strtoi$(EXEEXT): $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_DEPENDENCIES) $(EXTRA_test_atoi_strtoi_DEPENDENCIES) 
+	@rm -f test_atoi_strtoi$(EXEEXT)
+	$(AM_V_CCLD)$(test_atoi_strtoi_LINK) $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_LDADD) $(LIBS)
+../../lib/test_chkname-chkname.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_chkname$(EXEEXT): $(test_chkname_OBJECTS) $(test_chkname_DEPENDENCIES) $(EXTRA_test_chkname_DEPENDENCIES) 
+	@rm -f test_chkname$(EXEEXT)
+	$(AM_V_CCLD)$(test_chkname_LINK) $(test_chkname_OBJECTS) $(test_chkname_LDADD) $(LIBS)
+../../lib/test_logind-logind.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_logind$(EXEEXT): $(test_logind_OBJECTS) $(test_logind_DEPENDENCIES) $(EXTRA_test_logind_DEPENDENCIES) 
+	@rm -f test_logind$(EXEEXT)
+	$(AM_V_CCLD)$(test_logind_LINK) $(test_logind_OBJECTS) $(test_logind_LDADD) $(LIBS)
+../../lib/string/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string
+	@: > ../../lib/string/$(am__dirstamp)
+../../lib/string/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string/$(DEPDIR)
+	@: > ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+../../lib/string/test_sprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_sprintf$(EXEEXT): $(test_sprintf_OBJECTS) $(test_sprintf_DEPENDENCIES) $(EXTRA_test_sprintf_DEPENDENCIES) 
+	@rm -f test_sprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_sprintf_LINK) $(test_sprintf_OBJECTS) $(test_sprintf_LDADD) $(LIBS)
+
+test_strncpy$(EXEEXT): $(test_strncpy_OBJECTS) $(test_strncpy_DEPENDENCIES) $(EXTRA_test_strncpy_DEPENDENCIES) 
+	@rm -f test_strncpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strncpy_LINK) $(test_strncpy_OBJECTS) $(test_strncpy_LDADD) $(LIBS)
+../../lib/string/test_strtcpy-strtcpy.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_strtcpy$(EXEEXT): $(test_strtcpy_OBJECTS) $(test_strtcpy_DEPENDENCIES) $(EXTRA_test_strtcpy_DEPENDENCIES) 
+	@rm -f test_strtcpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strtcpy_LINK) $(test_strtcpy_OBJECTS) $(test_strtcpy_LDADD) $(LIBS)
+../../lib/string/test_xasprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_xasprintf$(EXEEXT): $(test_xasprintf_OBJECTS) $(test_xasprintf_DEPENDENCIES) $(EXTRA_test_xasprintf_DEPENDENCIES) 
+	@rm -f test_xasprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_xasprintf_LINK) $(test_xasprintf_OBJECTS) $(test_xasprintf_LDADD) $(LIBS)
+
+test_zustr2stp$(EXEEXT): $(test_zustr2stp_OBJECTS) $(test_zustr2stp_DEPENDENCIES) $(EXTRA_test_zustr2stp_DEPENDENCIES) 
+	@rm -f test_zustr2stp$(EXEEXT)
+	$(AM_V_CCLD)$(test_zustr2stp_LINK) $(test_zustr2stp_OBJECTS) $(test_zustr2stp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f ../../lib/*.$(OBJEXT)
+	-rm -f ../../lib/atoi/*.$(OBJEXT)
+	-rm -f ../../lib/string/*.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_adds-adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_chkname-chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_logind-logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_adds-test_adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_chkname-test_chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_logind-test_logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_sprintf-test_sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strncpy-test_strncpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strtcpy-test_strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_xasprintf-test_xasprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+../../lib/test_adds-adds.o: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.o -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+
+../../lib/test_adds-adds.obj: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+
+test_adds-test_adds.o: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.o -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+
+test_adds-test_adds.obj: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.obj -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+
+../../lib/atoi/test_atoi_strtoi-strtoi.o: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.o -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+
+../../lib/atoi/test_atoi_strtoi-strtoi.obj: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.obj -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+
+test_atoi_strtoi-test_atoi_strtoi.o: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.o -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+
+test_atoi_strtoi-test_atoi_strtoi.obj: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.obj -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+
+../../lib/test_chkname-chkname.o: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.o -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+
+../../lib/test_chkname-chkname.obj: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+
+test_chkname-test_chkname.o: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.o -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+
+test_chkname-test_chkname.obj: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.obj -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+
+../../lib/test_logind-logind.o: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.o -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+
+../../lib/test_logind-logind.obj: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+
+test_logind-test_logind.o: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.o -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+
+test_logind-test_logind.obj: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.obj -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+
+../../lib/string/test_sprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_sprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_sprintf-test_sprintf.o: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.o -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+
+test_sprintf-test_sprintf.obj: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.obj -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+
+test_strncpy-test_strncpy.o: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.o -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+
+test_strncpy-test_strncpy.obj: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.obj -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+
+../../lib/string/test_strtcpy-strtcpy.o: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+
+../../lib/string/test_strtcpy-strtcpy.obj: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+
+test_strtcpy-test_strtcpy.o: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.o -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+
+test_strtcpy-test_strtcpy.obj: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.obj -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+
+../../lib/string/test_xasprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_xasprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_xasprintf-test_xasprintf.o: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.o -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+
+test_xasprintf-test_xasprintf.obj: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.obj -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+
+test_zustr2stp-test_zustr2stp.o: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.o -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+
+test_zustr2stp-test_zustr2stp.obj: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.obj -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(check_PROGRAMS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(check_PROGRAMS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+test_adds.log: test_adds$(EXEEXT)
+	@p='test_adds$(EXEEXT)'; \
+	b='test_adds'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_atoi_strtoi.log: test_atoi_strtoi$(EXEEXT)
+	@p='test_atoi_strtoi$(EXEEXT)'; \
+	b='test_atoi_strtoi'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_chkname.log: test_chkname$(EXEEXT)
+	@p='test_chkname$(EXEEXT)'; \
+	b='test_chkname'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_sprintf.log: test_sprintf$(EXEEXT)
+	@p='test_sprintf$(EXEEXT)'; \
+	b='test_sprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strncpy.log: test_strncpy$(EXEEXT)
+	@p='test_strncpy$(EXEEXT)'; \
+	b='test_strncpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strtcpy.log: test_strtcpy$(EXEEXT)
+	@p='test_strtcpy$(EXEEXT)'; \
+	b='test_strtcpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_xasprintf.log: test_xasprintf$(EXEEXT)
+	@p='test_xasprintf$(EXEEXT)'; \
+	b='test_xasprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_zustr2stp.log: test_zustr2stp$(EXEEXT)
+	@p='test_zustr2stp$(EXEEXT)'; \
+	b='test_zustr2stp'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_logind.log: test_logind$(EXEEXT)
+	@p='test_logind$(EXEEXT)'; \
+	b='test_logind'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f ../../lib/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(am__dirstamp)
+	-rm -f ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/string/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/tests/unit/test_adds.c b/tests/tests/unit/test_adds.c
new file mode 100644
index 0000000..fdc671f
--- /dev/null
+++ b/tests/tests/unit/test_adds.c
@@ -0,0 +1,105 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <limits.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "adds.h"
+
+
+static void test_addsl_2_ok(void **state);
+static void test_addsl_2_underflow(void **state);
+static void test_addsl_2_overflow(void **state);
+static void test_addsl_3_ok(void **state);
+static void test_addsl_3_underflow(void **state);
+static void test_addsl_3_overflow(void **state);
+static void test_addsl_5_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_addsl_2_ok),
+        cmocka_unit_test(test_addsl_2_underflow),
+        cmocka_unit_test(test_addsl_2_overflow),
+        cmocka_unit_test(test_addsl_3_ok),
+        cmocka_unit_test(test_addsl_3_underflow),
+        cmocka_unit_test(test_addsl_3_overflow),
+        cmocka_unit_test(test_addsl_5_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_addsl_2_ok(void **state)
+{
+	assert_true(addsl(1, 3)			== 1 + 3);
+	assert_true(addsl(-4321, 7)		== -4321 + 7);
+	assert_true(addsl(1, 1)			== 1 + 1);
+	assert_true(addsl(-1, -2)		== -1 - 2);
+	assert_true(addsl(LONG_MAX, -1)		== LONG_MAX - 1);
+	assert_true(addsl(LONG_MIN, 1)		== LONG_MIN + 1);
+	assert_true(addsl(LONG_MIN, LONG_MAX)	== LONG_MIN + LONG_MAX);
+	assert_true(addsl(0, 0)			== 0);
+}
+
+
+static void
+test_addsl_2_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, -1)		== LONG_MIN);
+	assert_true(addsl(LONG_MIN + 3, -7)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, LONG_MIN)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_2_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, 1)		== LONG_MAX);
+	assert_true(addsl(LONG_MAX - 3, 7)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX)	== LONG_MAX);
+}
+
+
+static void
+test_addsl_3_ok(void **state)
+{
+	assert_true(addsl(1, 2, 3)		== 1 + 2 + 3);
+	assert_true(addsl(LONG_MIN, -3, 4)	== LONG_MIN + 4 - 3);
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN)
+						== LONG_MAX + LONG_MIN + LONG_MAX);
+}
+
+
+static void
+test_addsl_3_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, 2, -3)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, -1, 0)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_3_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, -1, 2)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, +1, 0)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX, 0)== LONG_MAX);
+}
+
+
+static void
+test_addsl_5_ok(void **state)
+{
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN, LONG_MIN, 44) == 42);
+}
diff --git a/tests/tests/unit/test_atoi_strtoi.c b/tests/tests/unit/test_atoi_strtoi.c
new file mode 100644
index 0000000..535b6ab
--- /dev/null
+++ b/tests/tests/unit/test_atoi_strtoi.c
@@ -0,0 +1,157 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "atoi/strtoi.h"
+#include "atoi/strtou_noneg.h"
+
+
+static void test_strtoi(void **state);
+static void test_strtou(void **state);
+static void test_strtou_noneg(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_strtoi),
+        cmocka_unit_test(test_strtou),
+        cmocka_unit_test(test_strtou_noneg),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_strtoi(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtoi_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtoi_("40", &end, 5, INTMAX_MIN, INTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("-40", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == -40);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_("40", &end, 5, 0, UINTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("-40", &end, 0, 0, UINTMAX_MAX, &status) == -40ull);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("z", &end, 0, 0, UINTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, UINTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou_noneg(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_noneg("42", NULL, -1, 1, 2, &status)
+	            == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_noneg("40", &end, 5, 0, UINTMAX_MAX, &status)
+	            == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("-40", &end, 0, 2, UINTMAX_MAX, &status)
+	            == 2);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg(" 5", &end, 0, 3, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
diff --git a/tests/tests/unit/test_chkname.c b/tests/tests/unit/test_chkname.c
new file mode 100644
index 0000000..e0f9f84
--- /dev/null
+++ b/tests/tests/unit/test_chkname.c
@@ -0,0 +1,149 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "alloc.h"
+#include "chkname.h"
+
+
+static void test_is_valid_user_name_ok(void **state);
+static void test_is_valid_user_name_ok_dollar(void **state);
+static void test_is_valid_user_name_nok_dash(void **state);
+static void test_is_valid_user_name_nok_dir(void **state);
+static void test_is_valid_user_name_nok_dollar(void **state);
+static void test_is_valid_user_name_nok_empty(void **state);
+static void test_is_valid_user_name_nok_numeric(void **state);
+static void test_is_valid_user_name_nok_otherchars(void **state);
+static void test_is_valid_user_name_long(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_is_valid_user_name_ok),
+        cmocka_unit_test(test_is_valid_user_name_ok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_dash),
+        cmocka_unit_test(test_is_valid_user_name_nok_dir),
+        cmocka_unit_test(test_is_valid_user_name_nok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_empty),
+        cmocka_unit_test(test_is_valid_user_name_nok_numeric),
+        cmocka_unit_test(test_is_valid_user_name_nok_otherchars),
+        cmocka_unit_test(test_is_valid_user_name_long),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_is_valid_user_name_ok(void **state)
+{
+	assert_true(is_valid_user_name("alx"));
+	assert_true(is_valid_user_name("u-ser"));
+	assert_true(is_valid_user_name("u"));
+	assert_true(is_valid_user_name("I"));
+	assert_true(is_valid_user_name("_"));
+	assert_true(is_valid_user_name("_.-"));
+	assert_true(is_valid_user_name(".007"));
+	assert_true(is_valid_user_name("0_0"));
+	assert_true(is_valid_user_name("some_longish_user_name_sHould_also_be_valid.wHY_not"));
+}
+
+
+static void
+test_is_valid_user_name_ok_dollar(void **state)
+{
+	// Non-POSIX extension for Samba 3.x "add machine script".
+	assert_true(is_valid_user_name("dollar$"));
+	assert_true(is_valid_user_name("SSS$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dash(void **state)
+{
+	assert_true(false == is_valid_user_name("-"));
+	assert_true(false == is_valid_user_name("-not-valid"));
+	assert_true(false == is_valid_user_name("--C"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dir(void **state)
+{
+	assert_true(false == is_valid_user_name("."));
+	assert_true(false == is_valid_user_name(".."));
+}
+
+
+static void
+test_is_valid_user_name_nok_dollar(void **state)
+{
+	assert_true(false == is_valid_user_name("$"));
+	assert_true(false == is_valid_user_name("$dollar"));
+	assert_true(false == is_valid_user_name("mo$ney"));
+	assert_true(false == is_valid_user_name("do$$ar"));
+	assert_true(false == is_valid_user_name("foo$bar$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_empty(void **state)
+{
+	assert_true(false == is_valid_user_name(""));
+}
+
+
+static void
+test_is_valid_user_name_nok_numeric(void **state)
+{
+	assert_true(false == is_valid_user_name("6"));
+	assert_true(false == is_valid_user_name("42"));
+}
+
+
+static void
+test_is_valid_user_name_nok_otherchars(void **state)
+{
+	assert_true(false == is_valid_user_name("no spaces"));
+	assert_true(false == is_valid_user_name("no,"));
+	assert_true(false == is_valid_user_name("no;"));
+	assert_true(false == is_valid_user_name("no:"));
+}
+
+
+static void
+test_is_valid_user_name_long(void **state)
+{
+	size_t  max;
+	char    *name;
+
+	max = sysconf(_SC_LOGIN_NAME_MAX);
+	name = MALLOC(max + 1, char);
+	assert_true(name != NULL);
+
+	memset(name, '_', max);
+
+	name[max] = '\0';
+	assert_true(false == is_valid_user_name(name));
+
+	name[max - 1] = '\0';
+	assert_true(is_valid_user_name(name));
+
+	free(name);
+}
diff --git a/tests/tests/unit/test_logind.c b/tests/tests/unit/test_logind.c
new file mode 100644
index 0000000..f91782c
--- /dev/null
+++ b/tests/tests/unit/test_logind.c
@@ -0,0 +1,69 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <pwd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#include "prototypes.h"
+
+/***********************
+ * WRAPPERS
+ **********************/
+struct passwd *
+__wrap_prefix_getpwnam(uid_t uid)
+{
+    return (struct passwd*) mock();
+}
+
+int
+__wrap_sd_uid_get_sessions(uid_t uid, int require_active, char ***sessions)
+{
+    return mock();
+}
+
+/***********************
+ * TEST
+ **********************/
+static void test_active_sessions_count_return_ok(void **state)
+{
+    int count;
+    struct passwd *pw = malloc(sizeof(struct passwd));
+
+    will_return(__wrap_prefix_getpwnam, pw);
+    will_return(__wrap_sd_uid_get_sessions, 1);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 1);
+}
+
+static void test_active_sessions_count_prefix_getpwnam_failure(void **state)
+{
+    int count;
+    struct passwd *pw = NULL;
+
+    will_return(__wrap_prefix_getpwnam, pw);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 0);
+}
+
+int main(void)
+{
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test(test_active_sessions_count_return_ok),
+        cmocka_unit_test(test_active_sessions_count_prefix_getpwnam_failure),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/tests/unit/test_sprintf.c b/tests/tests/unit/test_sprintf.c
new file mode 100644
index 0000000..bedcff6
--- /dev/null
+++ b/tests/tests/unit/test_sprintf.c
@@ -0,0 +1,66 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/sprintf.h"
+
+
+static void test_SNPRINTF_trunc(void **state);
+static void test_SNPRINTF_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_SNPRINTF_trunc),
+        cmocka_unit_test(test_SNPRINTF_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_SNPRINTF_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(SNPRINTF(buf, "f%su", "oo") < 0);
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "barbaz") == -1);
+	assert_true(strcmp(buf, "bar") == 0);
+}
+
+
+static void
+test_SNPRINTF_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_true(SNPRINTF(buf, "%s", "foo") == strlen("foo"));
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "%do", 1) == strlen("1o"));
+	assert_true(strcmp(buf, "1o") == 0);
+
+	assert_true(SNPRINTF(buf, "f") == strlen("f"));
+	assert_true(strcmp(buf, "f") == 0);
+
+	assert_true(SNPRINTF(buf, "") == strlen(""));
+	assert_true(strcmp(buf, "") == 0);
+}
diff --git a/tests/tests/unit/test_strncpy.c b/tests/tests/unit/test_strncpy.c
new file mode 100644
index 0000000..968765b
--- /dev/null
+++ b/tests/tests/unit/test_strncpy.c
@@ -0,0 +1,85 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strncpy.h"
+
+
+static void test_STRNCPY_trunc(void **state);
+static void test_STRNCPY_fit(void **state);
+static void test_STRNCPY_pad(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRNCPY_trunc),
+        cmocka_unit_test(test_STRNCPY_fit),
+        cmocka_unit_test(test_STRNCPY_pad),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRNCPY_trunc(void **state)
+{
+	char  buf[3];
+
+	char  src1[4] = {'f', 'o', 'o', 'o'};
+	char  res1[3] = {'f', 'o', 'o'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[5] = "barb";
+	char  res2[3] = {'b', 'a', 'r'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_fit(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = {'b', 'a', 'z'};
+	char  res1[3] = {'b', 'a', 'z'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[4] = "qwe";
+	char  res2[3] = {'q', 'w', 'e'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_pad(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = "as";
+	char  res1[3] = {'a', 's', 0};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[3] = "";
+	char  res2[3] = {0, 0, 0};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+
+	char  src3[3] = {'a', 0, 'b'};
+	char  res3[3] = {'a', 0, 0};
+	assert_true(memcmp(res3, STRNCPY(buf, src3), sizeof(buf)) == 0);
+}
diff --git a/tests/tests/unit/test_strtcpy.c b/tests/tests/unit/test_strtcpy.c
new file mode 100644
index 0000000..12351a5
--- /dev/null
+++ b/tests/tests/unit/test_strtcpy.c
@@ -0,0 +1,67 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strtcpy.h"
+
+
+static void test_STRTCPY_trunc(void **state);
+static void test_STRTCPY_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRTCPY_trunc),
+        cmocka_unit_test(test_STRTCPY_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRTCPY_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(STRTCPY(buf, "fooo") < 0);
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "barbaz"), -1);
+	assert_string_equal(buf, "bar");
+}
+
+
+static void
+test_STRTCPY_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_int_equal(STRTCPY(buf, "foo"), strlen("foo"));
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "fo"), strlen("fo"));
+	assert_string_equal(buf, "fo");
+
+	assert_int_equal(STRTCPY(buf, "f"), strlen("f"));
+	assert_string_equal(buf, "f");
+
+	assert_int_equal(STRTCPY(buf, ""), strlen(""));
+	assert_string_equal(buf, "");
+}
diff --git a/tests/tests/unit/test_xasprintf.c b/tests/tests/unit/test_xasprintf.c
new file mode 100644
index 0000000..4b5d093
--- /dev/null
+++ b/tests/tests/unit/test_xasprintf.c
@@ -0,0 +1,114 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <setjmp.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/sprintf.h"
+
+
+#define assert_unreachable()  assert_true(0)
+
+#define XASPRINTF_CALLED  (-36)
+#define EXIT_CALLED       (42)
+#define TEST_OK           (-6)
+
+
+static jmp_buf  jmpb;
+
+
+/**********************
+ * WRAPPERS
+ **********************/
+int __real_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+int __wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+void __wrap_exit(int status);
+
+
+int
+__wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap)
+{
+	return mock() == -1 ? -1 : __real_vasprintf(p, fmt, ap);
+}
+
+
+void
+__wrap_exit(int status)
+{
+	longjmp(jmpb, EXIT_CALLED);
+}
+
+
+/**********************
+ * TEST
+ **********************/
+static void test_xasprintf_exit(void **state);
+static void test_xasprintf_ok(void **state);
+
+
+static void
+test_xasprintf_exit(void **state)
+{
+	volatile int    len;
+	char *volatile  p;
+
+	will_return(__wrap_vasprintf, -1);
+
+	len = 0;
+
+	switch (setjmp(jmpb)) {
+	case 0:
+		len = XASPRINTF_CALLED;
+		len = xasprintf(&p, "foo%s", "bar");
+		assert_unreachable();
+		break;
+	case EXIT_CALLED:
+		assert_int_equal(len, XASPRINTF_CALLED);
+		len = TEST_OK;
+		break;
+	default:
+		assert_unreachable();
+		break;
+	}
+
+	assert_int_equal(len, TEST_OK);
+}
+
+
+static void
+test_xasprintf_ok(void **state)
+{
+	int   len;
+	char  *p;
+
+	// Trick: it will actually return the length, not 0.
+	will_return(__wrap_vasprintf, 0);
+
+	len = xasprintf(&p, "foo%d%s", 1, "bar");
+	assert_int_equal(len, strlen("foo1bar"));
+	assert_string_equal(p, "foo1bar");
+	free(p);
+}
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_xasprintf_exit),
+        cmocka_unit_test(test_xasprintf_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/tests/unit/test_zustr2stp.c b/tests/tests/unit/test_zustr2stp.c
new file mode 100644
index 0000000..198d2eb
--- /dev/null
+++ b/tests/tests/unit/test_zustr2stp.c
@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/zustr2stp.h"
+
+
+static void test_ZUSTR2STP(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_ZUSTR2STP),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_ZUSTR2STP(void **state)
+{
+	char  src[3] = {'1', '2', '3'};
+	char  dst[4];
+
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("123"));
+	assert_true(strcmp("123", dst) == 0);
+
+	src[2] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("12"));
+	assert_true(strcmp("12", dst) == 0);
+
+	src[1] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("1"));
+	assert_true(strcmp("1", dst) == 0);
+
+	src[0] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen(""));
+	assert_true(strcmp("", dst) == 0);
+}
diff --git a/tests/tests/usertools/01/01_useradd_add_user.test b/tests/tests/usertools/01/01_useradd_add_user.test
new file mode 100755
index 0000000..dfd0366
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_useradd_add_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_useradd_add_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_useradd_add_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_useradd_add_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/01_useradd_add_user/group b/tests/tests/usertools/01/01_useradd_add_user/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/01_useradd_add_user/gshadow b/tests/tests/usertools/01/01_useradd_add_user/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/01_useradd_add_user/passwd b/tests/tests/usertools/01/01_useradd_add_user/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/01_useradd_add_user/shadow b/tests/tests/usertools/01/01_useradd_add_user/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/01_userdel_delete_user.test b/tests/tests/usertools/01/01_userdel_delete_user.test
new file mode 100755
index 0000000..132e16a
--- /dev/null
+++ b/tests/tests/usertools/01/01_userdel_delete_user.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user.test b/tests/tests/usertools/01/02_useradd_recreate_deleted_user.test
new file mode 100755
index 0000000..44721f5
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+echo -n "Create user test2 (useradd test1)..."
+useradd test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/group b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/group
new file mode 100644
index 0000000..3b8e510
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test2:x:1000:
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/gshadow b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/gshadow
new file mode 100644
index 0000000..73d0298
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test2:!::
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/passwd b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/passwd
new file mode 100644
index 0000000..0a8cf88
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test2:x:1000:1000::/home/test2:/bin/sh
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/shadow b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/shadow
new file mode 100644
index 0000000..1ca61d8
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/03_useradd_additional_options.test b/tests/tests/usertools/01/03_useradd_additional_options.test
new file mode 100755
index 0000000..5808e45
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd options --comment, --expiredate, --shell, --inactive, --home-dir"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test3 with options)..."
+useradd --comment "comment test3" \
+	--expiredate "2006-02-04" \
+	--shell "/bin/bash" \
+	--inactive "12" \
+	--home-dir "/nonexistenthomedir" \
+	test3
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 03_useradd_additional_options/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 03_useradd_additional_options/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 03_useradd_additional_options/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 03_useradd_additional_options/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test3..."
+test ! -d /home/test3
+echo "OK"
+echo -n "no homedir /nonexistenthomedir..."
+test ! -d /nonexistenthomedir
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/group b/tests/tests/usertools/01/03_useradd_additional_options/group
new file mode 100644
index 0000000..a0c1381
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test3:x:1000:
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/gshadow b/tests/tests/usertools/01/03_useradd_additional_options/gshadow
new file mode 100644
index 0000000..88e4ab1
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test3:!::
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/passwd b/tests/tests/usertools/01/03_useradd_additional_options/passwd
new file mode 100644
index 0000000..725da57
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test3:x:1000:1000:comment test3:/nonexistenthomedir:/bin/bash
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/shadow b/tests/tests/usertools/01/03_useradd_additional_options/shadow
new file mode 100644
index 0000000..77fbfbc
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test3:!:@TODAY@:0:99999:7:12:13183:
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail.test b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail.test
new file mode 100755
index 0000000..7332451
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with an existing ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 test2)..."
+useradd -u 4242 test2 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "All right, useradd returned error $status."
+echo -n "Check returned status..."
+test "$status" = "4"
+echo "OK"
+
+echo "useradd displayed:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 04_useradd_add_user_with_existing_UID_fail/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/group b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/gshadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/passwd b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/passwd
new file mode 100644
index 0000000..4b6c808
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/shadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/useradd.err b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/useradd.err
new file mode 100644
index 0000000..23e5962
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/useradd.err
@@ -0,0 +1 @@
+useradd: UID 4242 is not unique
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
new file mode 100755
index 0000000..b630c67
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified existing ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 -o test2)..."
+useradd -u 4242 -o test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test1..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir /home/test2..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/group b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/group
new file mode 100644
index 0000000..a951b25
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
+test2:x:4243:
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/gshadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/gshadow
new file mode 100644
index 0000000..11e7389
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
+test2:!::
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/passwd b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/passwd
new file mode 100644
index 0000000..58c50dd
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
+test2:x:4242:4243::/home/test2:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/shadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/shadow
new file mode 100644
index 0000000..4c40f47
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID.test b/tests/tests/usertools/01/04_useradd_specified_UID.test
new file mode 100755
index 0000000..240899b
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_specified_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_specified_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/group b/tests/tests/usertools/01/04_useradd_specified_UID/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/gshadow b/tests/tests/usertools/01/04_useradd_specified_UID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/passwd b/tests/tests/usertools/01/04_useradd_specified_UID/passwd
new file mode 100644
index 0000000..4b6c808
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/shadow b/tests/tests/usertools/01/04_useradd_specified_UID/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID.test b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID.test
new file mode 100755
index 0000000..1e11971
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified existing UID and GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 -g 4242 -o test2)..."
+useradd -u 4242 -g 4242 -o test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test1..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir /home/test2..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/group b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/gshadow b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/passwd b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/passwd
new file mode 100644
index 0000000..2603e1e
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
+test2:x:4242:4242::/home/test2:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/shadow b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/shadow
new file mode 100644
index 0000000..4c40f47
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID.test b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID.test
new file mode 100755
index 0000000..de2a189
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Remove an user with a duplicate ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 -o test2)..."
+useradd -u 4242 -o test2
+echo "OK"
+echo -n "Delete user test2 (userdel test2)..."
+userdel test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test1..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir /home/test2..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/group b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/gshadow b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/passwd b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/passwd
new file mode 100644
index 0000000..4b6c808
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/shadow b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group.test b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group.test
new file mode 100755
index 0000000..04b4bd0
--- /dev/null
+++ b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified unexisting GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -g 4242 test1)..."
+useradd -g 4242 test1 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "OK"
+echo "All right, useradd returned error $status."
+echo -n "Check returned status..."
+test "$status" = "6"
+echo "OK"
+
+echo "useradd displayed:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 05_useradd_invalid_numeric_primary_group/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group/useradd.err b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group/useradd.err
new file mode 100644
index 0000000..eb2629d
--- /dev/null
+++ b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group/useradd.err
@@ -0,0 +1 @@
+useradd: group '4242' does not exist
diff --git a/tests/tests/usertools/01/06_useradd_invalid_named_primary_group.test b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group.test
new file mode 100755
index 0000000..ea02d5f
--- /dev/null
+++ b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified unexisting GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1 -g nekral)..."
+useradd test1 -g nekral 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "OK"
+echo "All right, useradd returned error $status."
+echo -n "Check returned status..."
+test "$status" = "6"
+echo "OK"
+
+echo "useradd displayed:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 06_useradd_invalid_named_primary_group/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/06_useradd_invalid_named_primary_group/useradd.err b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group/useradd.err
new file mode 100644
index 0000000..2b201fe
--- /dev/null
+++ b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group/useradd.err
@@ -0,0 +1 @@
+useradd: group 'nekral' does not exist
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group.test b/tests/tests/usertools/01/07_useradd_numerical_primary_group.test
new file mode 100755
index 0000000..1f1f14c
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a numerical GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -g 1 test1)..."
+useradd -g 1 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/group b/tests/tests/usertools/01/07_useradd_numerical_primary_group/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/gshadow b/tests/tests/usertools/01/07_useradd_numerical_primary_group/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/passwd b/tests/tests/usertools/01/07_useradd_numerical_primary_group/passwd
new file mode 100644
index 0000000..902efbe
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/shadow b/tests/tests/usertools/01/07_useradd_numerical_primary_group/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group.test b/tests/tests/usertools/01/08_useradd_named_primary_group.test
new file mode 100755
index 0000000..d18acdf
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a named GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1 -g nogroup)..."
+useradd test1 -g nogroup
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/group b/tests/tests/usertools/01/08_useradd_named_primary_group/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/gshadow b/tests/tests/usertools/01/08_useradd_named_primary_group/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/passwd b/tests/tests/usertools/01/08_useradd_named_primary_group/passwd
new file mode 100644
index 0000000..42ef2e2
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:65534::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/shadow b/tests/tests/usertools/01/08_useradd_named_primary_group/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info.test b/tests/tests/usertools/01/09_usermod_change_user_info.test
new file mode 100755
index 0000000..75d00b2
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change user information with usermod"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user test1..."
+usermod -g 1 --comment "comment" -e 2000-09-01 -f 17 -s /bin/bash -d /tmp test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 09_usermod_change_user_info/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 09_usermod_change_user_info/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 09_usermod_change_user_info/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 09_usermod_change_user_info/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/group b/tests/tests/usertools/01/09_usermod_change_user_info/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/gshadow b/tests/tests/usertools/01/09_usermod_change_user_info/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/passwd b/tests/tests/usertools/01/09_usermod_change_user_info/passwd
new file mode 100644
index 0000000..60c8e45
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1:comment:/tmp:/bin/bash
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/shadow b/tests/tests/usertools/01/09_usermod_change_user_info/shadow
new file mode 100644
index 0000000..cf6bc25
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:17:11201:
diff --git a/tests/tests/usertools/01/10_usermod_rename_user.test b/tests/tests/usertools/01/10_usermod_rename_user.test
new file mode 100755
index 0000000..202e9b6
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Rename user test1 to test2 (usermod -l test2 test1)..."
+usermod -l test2 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 10_usermod_rename_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 10_usermod_rename_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 10_usermod_rename_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 10_usermod_rename_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir (/home/test2)..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/group b/tests/tests/usertools/01/10_usermod_rename_user/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/gshadow b/tests/tests/usertools/01/10_usermod_rename_user/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/passwd b/tests/tests/usertools/01/10_usermod_rename_user/passwd
new file mode 100644
index 0000000..0d1ab51
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test2:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/shadow b/tests/tests/usertools/01/10_usermod_rename_user/shadow
new file mode 100644
index 0000000..1ca61d8
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group.test b/tests/tests/usertools/01/10_usermod_rename_user_in_group.test
new file mode 100755
index 0000000..374acab
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 also in group daemon (useradd test1 -G daemon)..."
+useradd test1 -G daemon
+echo "OK"
+echo -n "Rename user test1 to test2 (usermod -l test2 test1)..."
+usermod -l test2 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir (/home/test2)..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/group b/tests/tests/usertools/01/10_usermod_rename_user_in_group/group
new file mode 100644
index 0000000..271a2c3
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test2
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/gshadow b/tests/tests/usertools/01/10_usermod_rename_user_in_group/gshadow
new file mode 100644
index 0000000..879d206
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test2
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/passwd b/tests/tests/usertools/01/10_usermod_rename_user_in_group/passwd
new file mode 100644
index 0000000..0d1ab51
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test2:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/shadow b/tests/tests/usertools/01/10_usermod_rename_user_in_group/shadow
new file mode 100644
index 0000000..1ca61d8
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_change_password.test b/tests/tests/usertools/01/11_usermod_change_password.test
new file mode 100755
index 0000000..a6e7ace
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's password..."
+usermod -p '$1$12345678$0jEt1CYOyE.5NxWFMZyZy1' test1
+# (test1F00barbaz)
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_change_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_change_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_change_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_change_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_change_password/group b/tests/tests/usertools/01/11_usermod_change_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_change_password/gshadow b/tests/tests/usertools/01/11_usermod_change_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_change_password/passwd b/tests/tests/usertools/01/11_usermod_change_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_change_password/shadow b/tests/tests/usertools/01/11_usermod_change_password/shadow
new file mode 100644
index 0000000..72025a2
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:$1$12345678$0jEt1CYOyE.5NxWFMZyZy1:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_lock_password.test b/tests/tests/usertools/01/11_usermod_lock_password.test
new file mode 100755
index 0000000..f5e6a9f
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's password..."
+usermod -p '$1$12345678$0jEt1CYOyE.5NxWFMZyZy1' test1
+# (test1F00barbaz)
+echo "OK"
+echo -n "Lock user's password..."
+usermod -L test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_lock_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_lock_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_lock_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_lock_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/group b/tests/tests/usertools/01/11_usermod_lock_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/gshadow b/tests/tests/usertools/01/11_usermod_lock_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/passwd b/tests/tests/usertools/01/11_usermod_lock_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/shadow b/tests/tests/usertools/01/11_usermod_lock_password/shadow
new file mode 100644
index 0000000..5a236b7
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!$1$12345678$0jEt1CYOyE.5NxWFMZyZy1:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password.test b/tests/tests/usertools/01/11_usermod_unlock_empty_password.test
new file mode 100755
index 0000000..d12dfd8
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Unlock user's password..."
+usermod -U test1 2>tmp/err
+echo "OK"
+
+echo "usermod displayed:"
+echo "======================================================================="
+cat tmp/err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 11_usermod_unlock_empty_password/usermod.err tmp/err
+echo "error message OK."
+rm -f tmp/err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/group b/tests/tests/usertools/01/11_usermod_unlock_empty_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/gshadow b/tests/tests/usertools/01/11_usermod_unlock_empty_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/passwd b/tests/tests/usertools/01/11_usermod_unlock_empty_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/shadow b/tests/tests/usertools/01/11_usermod_unlock_empty_password/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/usermod.err b/tests/tests/usertools/01/11_usermod_unlock_empty_password/usermod.err
new file mode 100644
index 0000000..2564dbf
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/usermod.err
@@ -0,0 +1,2 @@
+usermod: unlocking the user's password would result in a passwordless account.
+You should set a password with usermod -p to unlock this user's password.
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password.test b/tests/tests/usertools/01/11_usermod_unlock_password.test
new file mode 100755
index 0000000..905b2c0
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's password..."
+usermod -p '$1$12345678$0jEt1CYOyE.5NxWFMZyZy1' test1
+# (test1F00barbaz)
+echo "OK"
+echo -n "Lock user's password..."
+usermod -L test1
+echo "OK"
+echo -n "Unlock user's password..."
+usermod -U test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_unlock_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_unlock_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_unlock_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_unlock_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/group b/tests/tests/usertools/01/11_usermod_unlock_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/gshadow b/tests/tests/usertools/01/11_usermod_unlock_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/passwd b/tests/tests/usertools/01/11_usermod_unlock_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/shadow b/tests/tests/usertools/01/11_usermod_unlock_password/shadow
new file mode 100644
index 0000000..72025a2
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:$1$12345678$0jEt1CYOyE.5NxWFMZyZy1:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name.test b/tests/tests/usertools/01/12_usermod_change_gid_name.test
new file mode 100755
index 0000000..8148149
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's group..."
+usermod -g daemon test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/group b/tests/tests/usertools/01/12_usermod_change_gid_name/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/gshadow b/tests/tests/usertools/01/12_usermod_change_gid_name/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/passwd b/tests/tests/usertools/01/12_usermod_change_gid_name/passwd
new file mode 100644
index 0000000..902efbe
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/shadow b/tests/tests/usertools/01/12_usermod_change_gid_name/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number.test b/tests/tests/usertools/01/12_usermod_change_gid_number.test
new file mode 100755
index 0000000..e4172a8
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's group..."
+usermod -g 1 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/group b/tests/tests/usertools/01/12_usermod_change_gid_number/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/gshadow b/tests/tests/usertools/01/12_usermod_change_gid_number/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/passwd b/tests/tests/usertools/01/12_usermod_change_gid_number/passwd
new file mode 100644
index 0000000..902efbe
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/shadow b/tests/tests/usertools/01/12_usermod_change_gid_number/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID.test b/tests/tests/usertools/01/13_useradd_negative_UID.test
new file mode 100755
index 0000000..f049a91
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with a negative UID (useradd -u -1 test1)..."
+msg=$(useradd -u -1 test1 2>&1) && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "useradd returned status $status,"
+echo "and displayed \"$msg\""
+echo -n "The returned status should be 3..."
+test "$status" = "3"
+echo "OK"
+echo -n "Test the error message (should be \"useradd: invalid user ID '-1'\")..."
+test "$msg" = "useradd: invalid user ID '-1'"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 13_useradd_negative_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 13_useradd_negative_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 13_useradd_negative_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 13_useradd_negative_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/group b/tests/tests/usertools/01/13_useradd_negative_UID/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/gshadow b/tests/tests/usertools/01/13_useradd_negative_UID/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/passwd b/tests/tests/usertools/01/13_useradd_negative_UID/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/shadow b/tests/tests/usertools/01/13_useradd_negative_UID/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID.test b/tests/tests/usertools/01/14_useradd_out_of_range_UID.test
new file mode 100755
index 0000000..88cac26
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with UID 4294967296 (useradd -u 4294967296 test1)..."
+msg=$(useradd -u 4294967296 test1 2>&1) && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "useradd returned status $status,"
+echo "and displayed \"$msg\""
+echo -n "The returned status should be 3..."
+test "$status" = "3"
+echo "OK"
+echo -n "Test the error message (should be \"useradd: invalid user ID '4294967296'\")..."
+test "$msg" = "useradd: invalid user ID '4294967296'"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/group b/tests/tests/usertools/01/14_useradd_out_of_range_UID/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/gshadow b/tests/tests/usertools/01/14_useradd_out_of_range_UID/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/passwd b/tests/tests/usertools/01/14_useradd_out_of_range_UID/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/shadow b/tests/tests/usertools/01/14_useradd_out_of_range_UID/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID.test b/tests/tests/usertools/01/15_useradd_specified_large_UID.test
new file mode 100755
index 0000000..69fd5db
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 2147483647 test1)..."
+useradd -u 2147483647 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/group b/tests/tests/usertools/01/15_useradd_specified_large_UID/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/gshadow b/tests/tests/usertools/01/15_useradd_specified_large_UID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/passwd b/tests/tests/usertools/01/15_useradd_specified_large_UID/passwd
new file mode 100644
index 0000000..116c1c7
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:2147483647:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/shadow b/tests/tests/usertools/01/15_useradd_specified_large_UID/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups.test b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups.test
new file mode 100755
index 0000000..3e0323e
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1, and add it to group src (useradd test1 -g src)..."
+useradd test1 -g nogroup -G src,daemon,bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/group b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/group
new file mode 100644
index 0000000..04d5635
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:test1
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/gshadow b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/gshadow
new file mode 100644
index 0000000..1605ab6
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::test1
+bin:*::test1
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/passwd b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/passwd
new file mode 100644
index 0000000..42ef2e2
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:65534::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/shadow b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group.test b/tests/tests/usertools/01/16_useradd_add_user_to_one_group.test
new file mode 100755
index 0000000..38c0020
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1, and add it to group src (useradd test1 -g src)..."
+useradd test1 -G src
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/group b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/group
new file mode 100644
index 0000000..1c6668e
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/gshadow b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/gshadow
new file mode 100644
index 0000000..680a5dc
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/passwd b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/shadow b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir.test b/tests/tests/usertools/01/17_useradd_create_homedir.test
new file mode 100755
index 0000000..cf27140
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with homedir (useradd --create-home test1)..."
+useradd --create-home test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_useradd_add_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_useradd_add_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_useradd_add_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_useradd_add_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "homedir created..."
+test -d /home/test1
+echo "OK"
+echo -n "Check if skeleton files were added..."
+diff -rauN /etc/skel /home/test1
+echo "OK"
+rm -rf /home/test1
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/group b/tests/tests/usertools/01/17_useradd_create_homedir/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/gshadow b/tests/tests/usertools/01/17_useradd_create_homedir/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/passwd b/tests/tests/usertools/01/17_useradd_create_homedir/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/shadow b/tests/tests/usertools/01/17_useradd_create_homedir/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir.test b/tests/tests/usertools/01/18_userdel_remove_homedir.test
new file mode 100755
index 0000000..085381d
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with homedir (useradd --create-home test1)..."
+useradd --create-home test1
+echo "OK"
+echo -n "Delete user test1 with homedir (userdel --remove test1)..."
+userdel --remove test1 2>tmp/userdel.err
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check the userdel message..."
+diff -au 18_userdel_remove_homedir/userdel.err tmp/userdel.err
+echo "userdel message OK."
+rm -f tmp/userdel.err
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "homedir removed..."
+test ! -d /home/test1
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/group b/tests/tests/usertools/01/18_userdel_remove_homedir/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/gshadow b/tests/tests/usertools/01/18_userdel_remove_homedir/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/passwd b/tests/tests/usertools/01/18_userdel_remove_homedir/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/shadow b/tests/tests/usertools/01/18_userdel_remove_homedir/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/userdel.err b/tests/tests/usertools/01/18_userdel_remove_homedir/userdel.err
new file mode 100644
index 0000000..0b2f1ff
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/userdel.err
@@ -0,0 +1 @@
+userdel: test1 mail spool (/var/mail/test1) not found
diff --git a/tests/tests/usertools/01/19_userdel_delete_user_in_group.test b/tests/tests/usertools/01/19_userdel_delete_user_in_group.test
new file mode 100755
index 0000000..7787899
--- /dev/null
+++ b/tests/tests/usertools/01/19_userdel_delete_user_in_group.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and add it to groups daemon and bin (useradd test1 -G daemon,bin)..."
+useradd test1 -G daemon,bin
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/20_usermod_change_homedir.test b/tests/tests/usertools/01/20_usermod_change_homedir.test
new file mode 100755
index 0000000..6ef6e8f
--- /dev/null
+++ b/tests/tests/usertools/01/20_usermod_change_homedir.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and its homedir (useradd test1 -m)..."
+useradd test1 -m
+echo "OK"
+echo -n "Change the user's homedir (usermod --home /home/test1.new test1)..."
+usermod --home /home/test1.new test1
+echo "OK"
+echo -n "Test if the new homedir was not created..."
+test ! -d /home/test1.new
+echo "OK"
+echo -n "test if the old homedir was kept..."
+test -d /home/test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "old homedir kept (/home/test1)..."
+test -d /home/test1
+echo "OK"
+echo -n "no homedir (/home/test1.new)..."
+test ! -d /home/test1.new
+echo "OK"
+rm -rf /home/test1
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/21_usermod_change_and_move_homedir.test b/tests/tests/usertools/01/21_usermod_change_and_move_homedir.test
new file mode 100755
index 0000000..0f26920
--- /dev/null
+++ b/tests/tests/usertools/01/21_usermod_change_and_move_homedir.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and its homedir (useradd test1 -m)..."
+useradd test1 -m
+echo "OK"
+echo -n "Change the user's homedir (usermod -m --home /home/test1.new test1)..."
+usermod -m --home /home/test1.new test1
+echo "OK"
+echo -n "Test if the new homedir exists..."
+test -d /home/test1.new
+echo "OK"
+echo -n "test if the old homedir was removed..."
+test ! -d /home/test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1 --remove 2>tmp/userdel.err
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check the userdel message..."
+diff -au 18_userdel_remove_homedir/userdel.err tmp/userdel.err
+echo "userdel message OK."
+rm -f tmp/userdel.err
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test ! -d /home/test1
+echo "OK"
+echo -n "no homedir (/home/test1.new)..."
+test ! -d /home/test1.new
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/22_usermod_new_groups.test b/tests/tests/usertools/01/22_usermod_new_groups.test
new file mode 100755
index 0000000..2cbdfa2
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Add test1 to groups nogroup, daemon, and src..."
+usermod -G nogroup,daemon,src test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 22_usermod_new_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 22_usermod_new_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 22_usermod_new_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 22_usermod_new_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/group b/tests/tests/usertools/01/22_usermod_new_groups/group
new file mode 100644
index 0000000..e529520
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:test1
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/gshadow b/tests/tests/usertools/01/22_usermod_new_groups/gshadow
new file mode 100644
index 0000000..87749e3
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test1
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::test1
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/passwd b/tests/tests/usertools/01/22_usermod_new_groups/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/shadow b/tests/tests/usertools/01/22_usermod_new_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/23_usermod_add_groups.test b/tests/tests/usertools/01/23_usermod_add_groups.test
new file mode 100755
index 0000000..754bdd4
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and add it to group bin (useradd test1 -G bin)..."
+useradd test1 -G bin
+echo "OK"
+echo -n "Add test1 to the additional groups nogroup, daemon, and src..."
+usermod -a -G nogroup,daemon,src test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 23_usermod_add_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 23_usermod_add_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 23_usermod_add_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 23_usermod_add_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/group b/tests/tests/usertools/01/23_usermod_add_groups/group
new file mode 100644
index 0000000..09243dd
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:test1
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:test1
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/gshadow b/tests/tests/usertools/01/23_usermod_add_groups/gshadow
new file mode 100644
index 0000000..a572a19
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test1
+bin:*::test1
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::test1
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/passwd b/tests/tests/usertools/01/23_usermod_add_groups/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/shadow b/tests/tests/usertools/01/23_usermod_add_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups.test b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups.test
new file mode 100755
index 0000000..6b217c6
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and add it to group bin (useradd test1 -G bin)..."
+useradd test1 -G bin
+echo "OK"
+echo -n "Change the groups of test1 to nogroup, daemon, and src..."
+usermod -G nogroup,daemon,src test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/group b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/group
new file mode 100644
index 0000000..e529520
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:test1
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/gshadow b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/gshadow
new file mode 100644
index 0000000..87749e3
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test1
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::test1
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/passwd b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/shadow b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2.test b/tests/tests/usertools/01/25_useradd_specified_large_UID2.test
new file mode 100755
index 0000000..ed4858c
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4294967294 test1)..."
+useradd -u 4294967294 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/group b/tests/tests/usertools/01/25_useradd_specified_large_UID2/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/gshadow b/tests/tests/usertools/01/25_useradd_specified_large_UID2/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/passwd b/tests/tests/usertools/01/25_useradd_specified_large_UID2/passwd
new file mode 100644
index 0000000..cef4912
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4294967294:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/shadow b/tests/tests/usertools/01/25_useradd_specified_large_UID2/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1.test b/tests/tests/usertools/01/26_useradd_UID_-1.test
new file mode 100755
index 0000000..18bedb5
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with UID 4294967295 (useradd -u 4294967295 test1)..."
+msg=$(useradd -u 4294967295 test1 2>&1) && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "useradd returned status $status,"
+echo "and displayed \"$msg\""
+echo -n "The returned status should be 3..."
+test "$status" = "3"
+echo "OK"
+echo -n "Test the error message (should be \"useradd: invalid user ID '4294967295'\")..."
+test "$msg" = "useradd: invalid user ID '4294967295'"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 26_useradd_UID_-1/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 26_useradd_UID_-1/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 26_useradd_UID_-1/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 26_useradd_UID_-1/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/group b/tests/tests/usertools/01/26_useradd_UID_-1/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/gshadow b/tests/tests/usertools/01/26_useradd_UID_-1/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/passwd b/tests/tests/usertools/01/26_useradd_UID_-1/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/shadow b/tests/tests/usertools/01/26_useradd_UID_-1/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/01/config/etc/default/useradd b/tests/tests/usertools/01/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/01/config/etc/group b/tests/tests/usertools/01/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/config/etc/gshadow b/tests/tests/usertools/01/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/config/etc/passwd b/tests/tests/usertools/01/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/config/etc/shadow b/tests/tests/usertools/01/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/02/config.txt b/tests/tests/usertools/02/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/usertools/02/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/usertools/02/config/etc/default/useradd b/tests/tests/usertools/02/config/etc/default/useradd
new file mode 100644
index 0000000..a834fef
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/default/useradd
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
diff --git a/tests/tests/usertools/02/config/etc/group b/tests/tests/usertools/02/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/usertools/02/config/etc/gshadow b/tests/tests/usertools/02/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/usertools/02/config/etc/passwd b/tests/tests/usertools/02/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/usertools/02/config/etc/shadow b/tests/tests/usertools/02/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/usertools/02/data/useradd-D.out b/tests/tests/usertools/02/data/useradd-D.out
new file mode 100644
index 0000000..a3f48f3
--- /dev/null
+++ b/tests/tests/usertools/02/data/useradd-D.out
@@ -0,0 +1,7 @@
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/sh
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/data/useradd-D_default_values.out b/tests/tests/usertools/02/data/useradd-D_default_values.out
new file mode 100644
index 0000000..1eb58e2
--- /dev/null
+++ b/tests/tests/usertools/02/data/useradd-D_default_values.out
@@ -0,0 +1,7 @@
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_EXPIRE.test b/tests/tests/usertools/02/useradd_change_default_EXPIRE.test
new file mode 100755
index 0000000..6901603
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_EXPIRE.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --expiredate 1979-11-24)..."
+useradd -D --expiredate 1979-11-24
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_EXPIRE/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_EXPIRE/useradd.default b/tests/tests/usertools/02/useradd_change_default_EXPIRE/useradd.default
new file mode 100644
index 0000000..aa3cd2b
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_EXPIRE/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=1979-11-24
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_GROUP.test b/tests/tests/usertools/02/useradd_change_default_GROUP.test
new file mode 100755
index 0000000..07ea62b
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_GROUP.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --gid nogroup)..."
+useradd -D --gid nogroup
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_GROUP/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_GROUP/useradd.default b/tests/tests/usertools/02/useradd_change_default_GROUP/useradd.default
new file mode 100644
index 0000000..c26a28b
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_GROUP/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=65534
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_HOME.test b/tests/tests/usertools/02/useradd_change_default_HOME.test
new file mode 100755
index 0000000..8d8357c
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_HOME.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --base-dir /tmp)..."
+useradd -D --base-dir /tmp
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_HOME/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_HOME/useradd.default b/tests/tests/usertools/02/useradd_change_default_HOME/useradd.default
new file mode 100644
index 0000000..75953c6
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_HOME/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/tmp
+INACTIVE=-1
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_INACTIVE.test b/tests/tests/usertools/02/useradd_change_default_INACTIVE.test
new file mode 100755
index 0000000..7257439
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_INACTIVE.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --inactive 10)..."
+useradd -D --inactive 10
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_INACTIVE/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_INACTIVE/useradd.default b/tests/tests/usertools/02/useradd_change_default_INACTIVE/useradd.default
new file mode 100644
index 0000000..fc2f084
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_INACTIVE/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/home
+INACTIVE=10
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_SHELL.test b/tests/tests/usertools/02/useradd_change_default_SHELL.test
new file mode 100755
index 0000000..d6c22dc
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_SHELL.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --shell /bin/foobar)..."
+useradd -D --shell /bin/foobar
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_SHELL/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_SHELL/useradd.default b/tests/tests/usertools/02/useradd_change_default_SHELL/useradd.default
new file mode 100644
index 0000000..421f1a0
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_SHELL/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_defaults.test b/tests/tests/usertools/02/useradd_change_defaults.test
new file mode 100755
index 0000000..665a995
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_defaults.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: set all default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change useradd defaults..."
+useradd -D -b /var/tmp -e 1979-11-24 -f 12 -g 1 -s /usr/bin/foobar
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_defaults/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_defaults/useradd.default b/tests/tests/usertools/02/useradd_change_defaults/useradd.default
new file mode 100644
index 0000000..9edb781
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_defaults/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/usr/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=1
+HOME=/var/tmp
+INACTIVE=12
+EXPIRE=1979-11-24
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_default_default_values.test b/tests/tests/usertools/02/useradd_default_default_values.test
new file mode 100755
index 0000000..4c6cf0e
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_default_default_values.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/default/useradd..."
+rm -f /etc/default/useradd
+echo "OK"
+
+echo -n "Get default values: 'useradd -D > tmp/out'..."
+useradd -D > tmp/out
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au data/useradd-D_default_values.out tmp/out
+echo "OK"
+
+rm -f tmp/out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_get_default_values.test b/tests/tests/usertools/02/useradd_get_default_values.test
new file mode 100755
index 0000000..a18fb04
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_get_default_values.test
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get default values: 'useradd -D > tmp/out'..."
+useradd -D > tmp/out
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au data/useradd-D.out tmp/out
+echo "OK"
+
+rm -f tmp/out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/03/config.txt b/tests/tests/usertools/03/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/usertools/03/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/usertools/03/config/etc/default/useradd b/tests/tests/usertools/03/config/etc/default/useradd
new file mode 100644
index 0000000..f34b3ff
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+# SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/03/config/etc/group b/tests/tests/usertools/03/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/usertools/03/config/etc/gshadow b/tests/tests/usertools/03/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/usertools/03/config/etc/passwd b/tests/tests/usertools/03/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/usertools/03/config/etc/shadow b/tests/tests/usertools/03/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/usertools/03/useradd_change_defaults.test b/tests/tests/usertools/03/useradd_change_defaults.test
new file mode 100755
index 0000000..665a995
--- /dev/null
+++ b/tests/tests/usertools/03/useradd_change_defaults.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: set all default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change useradd defaults..."
+useradd -D -b /var/tmp -e 1979-11-24 -f 12 -g 1 -s /usr/bin/foobar
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_defaults/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/03/useradd_change_defaults/useradd.default b/tests/tests/usertools/03/useradd_change_defaults/useradd.default
new file mode 100644
index 0000000..7ef8db6
--- /dev/null
+++ b/tests/tests/usertools/03/useradd_change_defaults/useradd.default
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+# SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=1
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/var/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=1979-11-24
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=yes
+SHELL=/usr/bin/foobar
diff --git a/tests/tests/usertools/04/01_useradd_add_user.test b/tests/tests/usertools/04/01_useradd_add_user.test
new file mode 100755
index 0000000..47aea8a
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_useradd_add_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_useradd_add_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_useradd_add_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_useradd_add_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir (/tmp/test1)..."
+test -d /tmp/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/04/01_useradd_add_user/group b/tests/tests/usertools/04/01_useradd_add_user/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/04/01_useradd_add_user/gshadow b/tests/tests/usertools/04/01_useradd_add_user/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/04/01_useradd_add_user/passwd b/tests/tests/usertools/04/01_useradd_add_user/passwd
new file mode 100644
index 0000000..725e58b
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/tmp/test1:/bin/foobar
diff --git a/tests/tests/usertools/04/01_useradd_add_user/shadow b/tests/tests/usertools/04/01_useradd_add_user/shadow
new file mode 100644
index 0000000..116140f
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/04/config.txt b/tests/tests/usertools/04/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/usertools/04/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/usertools/04/config/etc/default/useradd b/tests/tests/usertools/04/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/04/config/etc/group b/tests/tests/usertools/04/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/04/config/etc/gshadow b/tests/tests/usertools/04/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/04/config/etc/passwd b/tests/tests/usertools/04/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/04/config/etc/shadow b/tests/tests/usertools/04/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config.txt b/tests/tests/usertools/05_userdel_del_from_group_members/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/default/useradd b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/group b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/gshadow b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/passwd b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/shadow b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/group b/tests/tests/usertools/05_userdel_del_from_group_members/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/gshadow b/tests/tests/usertools/05_userdel_del_from_group_members/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/passwd b/tests/tests/usertools/05_userdel_del_from_group_members/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/shadow b/tests/tests/usertools/05_userdel_del_from_group_members/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/userdel.test b/tests/tests/usertools/05_userdel_del_from_group_members/userdel.test
new file mode 100755
index 0000000..89e749b
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from the member lists of /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config.txt b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config.txt
new file mode 100644
index 0000000..73de400
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/gshadow only
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/default/useradd b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/group b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/group
new file mode 100644
index 0000000..0bf8d5d
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/gshadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/passwd b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/shadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/group b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/group
new file mode 100644
index 0000000..838b9b9
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/gshadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/passwd b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/shadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/userdel.test b/tests/tests/usertools/06_userdel_del_from_gshadow_members/userdel.test
new file mode 100755
index 0000000..dd502f3
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from the member lists of /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config.txt b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config.txt
new file mode 100644
index 0000000..56313e3
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config.txt
@@ -0,0 +1,2 @@
+user foo, admin of group users according to /etc/gshadow
+user foo in group users according to /etc/group
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/default/useradd b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/group b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/group
new file mode 100644
index 0000000..f60e18c
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/gshadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/gshadow
new file mode 100644
index 0000000..59e5042
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/passwd b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/shadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/group b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/group
new file mode 100644
index 0000000..838b9b9
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/gshadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/gshadow
new file mode 100644
index 0000000..0f3592a
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/passwd b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/shadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/userdel.test b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/userdel.test
new file mode 100755
index 0000000..b14aeb2
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from the admins lists of /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config.txt b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config.txt
new file mode 100644
index 0000000..d339d5a
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config.txt
@@ -0,0 +1,4 @@
+user foo, in group users and mail according to /etc/group
+user foo, in group disk and audio according to /etc/gshadow
+foo member and admin of group users according to /etc/gshadow
+root in group users
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/default/useradd b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/group b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/group
new file mode 100644
index 0000000..bb62de1
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:foo
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/gshadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..7556fcf
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::foo
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::foo
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,root:root,foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/passwd b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/shadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/group b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/group
new file mode 100644
index 0000000..838b9b9
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/gshadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/gshadow
new file mode 100644
index 0000000..f8384c9
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:root:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/passwd b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/shadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/userdel.test b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/userdel.test
new file mode 100755
index 0000000..db13fb4
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from lists in /etc/group and /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config.txt b/tests/tests/usertools/09_userdel_del_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/default/useradd b/tests/tests/usertools/09_userdel_del_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/group b/tests/tests/usertools/09_userdel_del_homedir/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/gshadow b/tests/tests/usertools/09_userdel_del_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/passwd b/tests/tests/usertools/09_userdel_del_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/shadow b/tests/tests/usertools/09_userdel_del_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/group b/tests/tests/usertools/09_userdel_del_homedir/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/gshadow b/tests/tests/usertools/09_userdel_del_homedir/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/passwd b/tests/tests/usertools/09_userdel_del_homedir/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/shadow b/tests/tests/usertools/09_userdel_del_homedir/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/userdel.test b/tests/tests/usertools/09_userdel_del_homedir/userdel.test
new file mode 100755
index 0000000..5d2a7aa
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/userdel.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+echo toto > /home/foo/toto
+touch /var/mail/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /var/mail/foo /home/foo' 0
+chown -R foo:foo /var/mail/foo /home/foo
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's mail spool was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config.txt b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/default/useradd b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/group b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/gshadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/passwd b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/shadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/group b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/gshadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/passwd b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/shadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/userdel.err b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/userdel.err
new file mode 100644
index 0000000..ca8e8ab
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/userdel.err
@@ -0,0 +1 @@
+userdel: /home/foo not owned by foo, not removing
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/userdel.test b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/userdel.test
new file mode 100755
index 0000000..37b1674
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/userdel.test
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel does not delete the user's home directory if it is not owned by the user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /var/mail/foo /home/foo' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+touch /var/mail/foo
+chown -R foo:foo /var/mail/foo
+chown -R root:root /home/foo
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo "The user should have been removed."
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was not removed..."
+test -d /home/foo
+echo "OK"
+echo -n "Check the user's mail spool was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+rm -rf /home/foo
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config.txt b/tests/tests/usertools/11_usermod_move_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/default/useradd b/tests/tests/usertools/11_usermod_move_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/group b/tests/tests/usertools/11_usermod_move_homedir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/gshadow b/tests/tests/usertools/11_usermod_move_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/passwd b/tests/tests/usertools/11_usermod_move_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/shadow b/tests/tests/usertools/11_usermod_move_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/11_usermod_move_homedir/data/home_ls-a b/tests/tests/usertools/11_usermod_move_homedir/data/home_ls-a
new file mode 100644
index 0000000..89bbbd9
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:foo `/home/foo2/toto'
+drwxr-xr-x foo:foo `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/11_usermod_move_homedir/data/passwd b/tests/tests/usertools/11_usermod_move_homedir/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/11_usermod_move_homedir/usermod.test b/tests/tests/usertools/11_usermod_move_homedir/usermod.test
new file mode 100755
index 0000000..b0ebf5c
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+chown -R foo:foo /home/foo
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config.txt b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config.txt
new file mode 100644
index 0000000..75f05ab
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config.txt
@@ -0,0 +1 @@
+user foo's home directory is /dev/null
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/default/useradd b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/group b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/gshadow b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/passwd b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/passwd
new file mode 100644
index 0000000..b1fd322
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/dev/null:/bin/false
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/shadow b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/passwd b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/usermod.err b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/usermod.err
new file mode 100644
index 0000000..f02fc5a
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/usermod.err
@@ -0,0 +1 @@
+usermod: The previous home directory (/dev/null) was not a directory. It is not removed and no home directories are created.
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/usermod.test b/tests/tests/usertools/12_usermod_move_homedir_dev_null/usermod.test
new file mode 100755
index 0000000..c0ce1c1
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/usermod.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# TBC: should usermod create the home directory?
+log_start "$0" "usermod does not move non-directory (/dev/null)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Make sure /dev/null was not removed..."
+test -c /dev/null
+echo "OK"
+echo -n "Make sure the user's home directory was not removed..."
+test ! -e /home/foo2
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config.txt b/tests/tests/usertools/13_usermod_move_homedir_file/config.txt
new file mode 100644
index 0000000..5e41c31
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config.txt
@@ -0,0 +1 @@
+user foo's home directory is /home/foo, which will be created by usermod.test as a regular file.
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/default/useradd b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/group b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/gshadow b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/passwd b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/shadow b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/data/passwd b/tests/tests/usertools/13_usermod_move_homedir_file/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/data/usermod.err b/tests/tests/usertools/13_usermod_move_homedir_file/data/usermod.err
new file mode 100644
index 0000000..d271507
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/data/usermod.err
@@ -0,0 +1 @@
+usermod: The previous home directory (/home/foo) was not a directory. It is not removed and no home directories are created.
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/usermod.test b/tests/tests/usertools/13_usermod_move_homedir_file/usermod.test
new file mode 100755
index 0000000..2df56e0
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/usermod.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# TBC: should usermod create the home directory?
+log_start "$0" "usermod does not move non-directory (regular file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /home/foo' 0
+
+change_config
+
+touch /home/foo
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check /home/foo was not removed..."
+test -f /home/foo
+echo "OK"
+echo -n "Check the user's home directory was not created..."
+test ! -e /home/foo2
+echo "OK"
+
+rm -f /home/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config.txt b/tests/tests/usertools/14_usermod_move_homedir_other_device/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/default/useradd b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/group b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/gshadow b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/passwd b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/shadow b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/data/home_ls-a b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/home_ls-a
new file mode 100644
index 0000000..f7abeaa
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/home_ls-a
@@ -0,0 +1,7 @@
+-rw-r--r-- foo:foo `/tmp/home/foo2/.tata'
+-rw-r--r-- foo:foo `/tmp/home/foo2/toto'
+crw-r--r-- foo:foo `/tmp/home/foo2/null'
+drwxr-xr-x foo:foo `/tmp/home/foo2/.'
+drwxr-xr-x foo:foo `/tmp/home/foo2/titi'
+drwxr-xr-x root:root `/tmp/home/foo2/..'
+lrwxrwxrwx foo:foo `/tmp/home/foo2/tutu' -> `/tmp/home/foo2/toto'
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/data/passwd b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/passwd
new file mode 100644
index 0000000..86c29de
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/home/foo2:/bin/false
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/usermod.test b/tests/tests/usertools/14_usermod_move_homedir_other_device/usermod.test
new file mode 100755
index 0000000..e595ed3
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/usermod.test
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod keeps links or devices when it moves the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2; umount /tmp/home; rmdir /tmp/home' 0
+
+change_config
+
+mkdir /home/foo
+mkdir /home/foo/titi
+echo toto > /home/foo/toto
+ln /home/foo/toto /home/foo/.tata
+ln -s /home/foo/toto /home/foo/tutu
+mknod /home/foo/null c 1 3
+chown -R foo:foo /home/foo
+
+mkdir /tmp/home
+mount --bind /home /tmp/home
+
+echo -n "Change the user's home directory (usermod -m -d /tmp/home/foo2 foo)..."
+usermod -m -d /tmp/home/foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/home/foo2/..."
+stat --printf "%A %U:%G %N\n" /tmp/home/foo2/* /tmp/home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /tmp/home/foo2
+echo "done"
+
+umount /tmp/home
+rmdir /tmp/home
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config.txt b/tests/tests/usertools/15_usermod_change_supplementary_groups/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/group b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/passwd b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/shadow b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/data/group b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/group
new file mode 100644
index 0000000..6de5fa5
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:foo
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/data/gshadow b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..8df27c9
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::foo
+sys:*::root
+adm:*::root
+tty:*::
+disk:*:foo:
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:
+voice:*::
+cdrom:*:foo:
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/usermod.test b/tests/tests/usertools/15_usermod_change_supplementary_groups/usermod.test
new file mode 100755
index 0000000..74d3ab7
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the list of supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin,daemon foo)..."
+usermod -G bin,daemon foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config.txt b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/group b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/passwd b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/shadow b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/group b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/gshadow b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..c152e93
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*:foo:
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:
+voice:*::
+cdrom:*:foo:
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/usermod.test b/tests/tests/usertools/16_usermod_clear_supplementary_groups/usermod.test
new file mode 100755
index 0000000..6965190
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can clear the list of supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G \"\" foo)..."
+usermod -G "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config.txt b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/default/useradd b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/group b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/gshadow b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/passwd b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/shadow b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/group b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/group
new file mode 100644
index 0000000..09dc6c1
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:root,foo
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:foo
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/gshadow b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/gshadow
new file mode 100644
index 0000000..f111ae2
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::root,foo
+adm:*::root
+tty:*::
+disk:*:foo:
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::foo
+kmem:*::
+dialout:*::
+fax:*:foo:
+voice:*::
+cdrom:*:foo:
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/usermod.test b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
new file mode 100755
index 0000000..ecd3a5f
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the list of supplementary groups, with numerical groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G 13,bin,3 foo)..."
+usermod -G 13,bin,3 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config.txt b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/default/useradd b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/group b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/gshadow b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/passwd b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/shadow b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/data/usermod.err b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/data/usermod.err
new file mode 100644
index 0000000..6cf0f1f
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/data/usermod.err
@@ -0,0 +1 @@
+usermod: group 'damon' does not exist
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
new file mode 100755
index 0000000..002bc53
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod fails if asked to add an user to an unknown named group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin,damon foo)..."
+usermod -G bin,damon foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config.txt b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/default/useradd b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/group b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/gshadow b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/passwd b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/shadow b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/data/usermod.err b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/data/usermod.err
new file mode 100644
index 0000000..5702177
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/data/usermod.err
@@ -0,0 +1 @@
+usermod: group '4242' does not exist
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
new file mode 100755
index 0000000..1915240
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod fails if asked to add an user to an unknown numerical group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin,4242,daemon foo)..."
+usermod -G bin,4242,daemon foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config.txt b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/default/useradd b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/group b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/gshadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/passwd b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/shadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/group b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/group
new file mode 100644
index 0000000..730e4dd
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/gshadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/gshadow
new file mode 100644
index 0000000..af81c09
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/passwd b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/shadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/usermod.test b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/usermod.test
new file mode 100755
index 0000000..8e0a2cd
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod rename the user in the lists of members, when an user is renamed with -l"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename user foo (usermod -l foo2 foo)..."
+usermod -l foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config.txt b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/group b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/passwd b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/shadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/group b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/group
new file mode 100644
index 0000000..99e54fa
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo2
+bin:x:2:foo2
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/gshadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..6ce4903
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo2
+bin:*::foo2
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/passwd b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/shadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
new file mode 100755
index 0000000..409b3ac
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod rename the user in the lists of members and uses the right username when adding the user to supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename the user and change the user's list of supplementary groups (usermod -l foo2 -a -G bin,daemon foo)..."
+usermod -l foo2 -a -G bin,daemon foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config.txt b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/default/useradd b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/group b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/gshadow b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/passwd b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/shadow b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/group b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/group
new file mode 100644
index 0000000..84c8697
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:foo
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/gshadow b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/gshadow
new file mode 100644
index 0000000..d0a61a3
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::foo
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/usermod.test b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/usermod.test
new file mode 100755
index 0000000..e83a3e0
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not fail when requested to add the user to a group it is already a member"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -a -G bin,daemon,floppy foo)..."
+usermod -a -G bin,daemon,floppy foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config.txt b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/default/useradd b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/group b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/gshadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/passwd b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/shadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/group b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/group
new file mode 100644
index 0000000..99e54fa
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo2
+bin:x:2:foo2
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/gshadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/gshadow
new file mode 100644
index 0000000..6ce4903
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo2
+bin:*::foo2
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/passwd b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/shadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
new file mode 100755
index 0000000..a2b74ae
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod renames the user when requested to add an user to a group it is already a member and to rename this user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename the user and change the its list of supplementary groups (usermod -l foo2 -a -G bin,daemon,floppy foo)..."
+usermod -l foo2 -a -G bin,daemon,floppy foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config.txt b/tests/tests/usertools/24_usermod_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config.txt
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/group b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/gshadow b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/passwd b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/shadow b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/data/usermod.err b/tests/tests/usertools/24_usermod_locked_passwd/data/usermod.err
new file mode 100644
index 0000000..b1d59ec
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/passwd.lock without a PID
+usermod: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/usermod.test b/tests/tests/usertools/24_usermod_locked_passwd/usermod.test
new file mode 100755
index 0000000..6348998
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config.txt b/tests/tests/usertools/25_usermod-G_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config.txt
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/default/useradd b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/group b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/gshadow b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/passwd b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/shadow b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/data/usermod.err b/tests/tests/usertools/25_usermod-G_locked_group/data/usermod.err
new file mode 100644
index 0000000..4b1d8f9
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/group.lock without a PID
+usermod: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/usermod.test b/tests/tests/usertools/25_usermod-G_locked_group/usermod.test
new file mode 100755
index 0000000..a29cfaa
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config.txt b/tests/tests/usertools/26_usermod_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config.txt
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/group b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/gshadow b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/passwd b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/shadow b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/data/usermod.err b/tests/tests/usertools/26_usermod_locked_shadow/data/usermod.err
new file mode 100644
index 0000000..f490717
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/shadow.lock without a PID
+usermod: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/usermod.test b/tests/tests/usertools/26_usermod_locked_shadow/usermod.test
new file mode 100755
index 0000000..b35c69b
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config.txt b/tests/tests/usertools/27_usermod-G_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config.txt
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/group b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/passwd b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/shadow b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/data/usermod.err b/tests/tests/usertools/27_usermod-G_locked_gshadow/data/usermod.err
new file mode 100644
index 0000000..d065cee
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/gshadow.lock without a PID
+usermod: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/usermod.test b/tests/tests/usertools/27_usermod-G_locked_gshadow/usermod.test
new file mode 100755
index 0000000..6709fbc
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config.txt b/tests/tests/usertools/28_usermod-c_locked_group/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/default/useradd b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/group b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/gshadow b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/passwd b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/shadow b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/data/passwd b/tests/tests/usertools/28_usermod-c_locked_group/data/passwd
new file mode 100644
index 0000000..c7bb997
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:new comment:/home/foo:/bin/false
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/usermod.test b/tests/tests/usertools/28_usermod-c_locked_group/usermod.test
new file mode 100755
index 0000000..9bb03a0
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -c does not check if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change the user's comment (usermod -c \"new comment\" foo)..."
+usermod -c "new comment" foo
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config.txt b/tests/tests/usertools/29_usermod-c_locked_gshadow/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/group b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/passwd b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/shadow b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/data/passwd b/tests/tests/usertools/29_usermod-c_locked_gshadow/data/passwd
new file mode 100644
index 0000000..c7bb997
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:new comment:/home/foo:/bin/false
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/usermod.test b/tests/tests/usertools/29_usermod-c_locked_gshadow/usermod.test
new file mode 100755
index 0000000..096b05f
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -c does not check if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change the user's comment (usermod -c \"new comment\" foo)..."
+usermod -c "new comment" foo
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config.txt b/tests/tests/usertools/30_usermod-l_locked_group/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/default/useradd b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/group b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/gshadow b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/passwd b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/shadow b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/data/usermod.err b/tests/tests/usertools/30_usermod-l_locked_group/data/usermod.err
new file mode 100644
index 0000000..4b1d8f9
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/group.lock without a PID
+usermod: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/usermod.test b/tests/tests/usertools/30_usermod-l_locked_group/usermod.test
new file mode 100755
index 0000000..8b3799c
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -l fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config.txt b/tests/tests/usertools/31_usermod-l_locked_gshadow/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/group b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/passwd b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/shadow b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/data/usermod.err b/tests/tests/usertools/31_usermod-l_locked_gshadow/data/usermod.err
new file mode 100644
index 0000000..d065cee
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/gshadow.lock without a PID
+usermod: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/usermod.test b/tests/tests/usertools/31_usermod-l_locked_gshadow/usermod.test
new file mode 100755
index 0000000..1e18287
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -l fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config.txt b/tests/tests/usertools/32_usermod-u_new_UID/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/default/useradd b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/group b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/gshadow b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/passwd b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/shadow b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/data/passwd b/tests/tests/usertools/32_usermod-u_new_UID/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/usermod.test b/tests/tests/usertools/32_usermod-u_new_UID/usermod.test
new file mode 100755
index 0000000..ca04c6f
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the user's UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config.txt b/tests/tests/usertools/33_usermod-u_existing_UID/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/default/useradd b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/group b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/gshadow b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/passwd b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/shadow b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/data/usermod.err b/tests/tests/usertools/33_usermod-u_existing_UID/data/usermod.err
new file mode 100644
index 0000000..dd2fa8a
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/data/usermod.err
@@ -0,0 +1 @@
+usermod: UID '1001' already exists
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/usermod.test b/tests/tests/usertools/33_usermod-u_existing_UID/usermod.test
new file mode 100755
index 0000000..10c1e28
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new user's UID is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 1001 foo)..."
+usermod -u 1001 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config.txt b/tests/tests/usertools/34_usermod-u-o_existing_UID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/default/useradd b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/group b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/gshadow b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/passwd b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/shadow b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/data/passwd b/tests/tests/usertools/34_usermod-u-o_existing_UID/data/passwd
new file mode 100644
index 0000000..28bc739
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1001:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/usermod.test b/tests/tests/usertools/34_usermod-u-o_existing_UID/usermod.test
new file mode 100755
index 0000000..5ea5210
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the user's UID to an existing UID (with -o)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -o -u 1001 foo)..."
+usermod -o -u 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config.txt b/tests/tests/usertools/35_usermod-u_invalid_UID/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/default/useradd b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/group b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/gshadow b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/passwd b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/shadow b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/data/usermod.err b/tests/tests/usertools/35_usermod-u_invalid_UID/data/usermod.err
new file mode 100644
index 0000000..2d5c5e9
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid user ID '100a1'
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/usermod.test b/tests/tests/usertools/35_usermod-u_invalid_UID/usermod.test
new file mode 100755
index 0000000..43f0daf
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the uid is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 100a1 foo)..."
+usermod -u 100a1 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config.txt b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config.txt
new file mode 100644
index 0000000..b337f3f
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000, home directory: /home/foo
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/default/useradd b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/group b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/gshadow b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/passwd b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/shadow b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/home_ls-a b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/home_ls-a
new file mode 100644
index 0000000..24c9573
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/home_ls-a
@@ -0,0 +1,7 @@
+-rw-r--r-- 1001:1000 `/home/foo2/.tata'
+-rw-r--r-- 1001:1000 `/home/foo2/toto'
+crw-r--r-- 1001:1000 `/home/foo2/null'
+drwxr-xr-x 0:0 `/home/foo2/..'
+drwxr-xr-x 1001:1000 `/home/foo2/.'
+drwxr-xr-x 1001:1000 `/home/foo2/titi'
+lrwxrwxrwx 1001:1000 `/home/foo2/tutu' -> `/tmp/home/foo2/toto'
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/passwd b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/passwd
new file mode 100644
index 0000000..9327c6d
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1001:1000::/tmp/home/foo2:/bin/false
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
new file mode 100755
index 0000000..6a8d708
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory, over a new device and changes the owner of the user's file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2; umount /tmp/home; rmdir /tmp/home' 0
+
+change_config
+
+mkdir /home/foo
+mkdir /home/foo/titi
+echo toto > /home/foo/toto
+ln /home/foo/toto /home/foo/.tata
+ln -s /home/foo/toto /home/foo/tutu
+mknod /home/foo/null c 1 3
+chown -R foo:foo /home/foo
+stat --printf "%A %u:%g %N\n" /home/foo/* /home/foo/.* 2>/dev/null | sort
+
+mkdir /tmp/home
+mount --bind /home /tmp/home
+
+echo -n "Change the user's home directory (usermod -m -d /tmp/home/foo2 -u 1001 foo ..."
+usermod -m -d /tmp/home/foo2 -u 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %u:%g %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+umount /tmp/home
+rmdir /tmp/home
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config.txt b/tests/tests/usertools/37_Debian_Bug_470745/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/default/useradd b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/group b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/gshadow b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/passwd b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/shadow b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/group b/tests/tests/usertools/37_Debian_Bug_470745/data/group
new file mode 100644
index 0000000..ad32c02
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
+tr:x:1002:
+rtr:x:1003:
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/gshadow b/tests/tests/usertools/37_Debian_Bug_470745/data/gshadow
new file mode 100644
index 0000000..01b3553
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
+tr:!::
+tr:!::
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/passwd b/tests/tests/usertools/37_Debian_Bug_470745/data/passwd
new file mode 100644
index 0000000..0e31259
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
+tr:x:1002:1002::/tmp/tr:/bin/foobar
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/shadow b/tests/tests/usertools/37_Debian_Bug_470745/data/shadow
new file mode 100644
index 0000000..ccbe580
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+tr:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/usermod.err b/tests/tests/usertools/37_Debian_Bug_470745/data/usermod.err
new file mode 100644
index 0000000..46df292
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/usermod.err
@@ -0,0 +1,2 @@
+Multiple entries named 'tr' in /etc/gshadow. Please fix this with pwck or grpck.
+usermod: failed to prepare the new /etc/gshadow entry 'tr'
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/usermod.test b/tests/tests/usertools/37_Debian_Bug_470745/usermod.test
new file mode 100755
index 0000000..8aa75ba
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/usermod.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new user's UID is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo add group tr
+groupadd tr
+echo add group rtr
+groupadd rtr
+echo add user tr to group tr
+useradd -g tr tr
+echo rename group rtr to tr in /etc/gshadow
+perl -pi -e 's/rtr/tr/g' /etc/gshadow
+echo add user tr to the member list of tr
+usermod -G tr tr 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config.txt b/tests/tests/usertools/38_usermod_invalid_user/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/default/useradd b/tests/tests/usertools/38_usermod_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/group b/tests/tests/usertools/38_usermod_invalid_user/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/gshadow b/tests/tests/usertools/38_usermod_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/passwd b/tests/tests/usertools/38_usermod_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/shadow b/tests/tests/usertools/38_usermod_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/38_usermod_invalid_user/data/usermod.err b/tests/tests/usertools/38_usermod_invalid_user/data/usermod.err
new file mode 100644
index 0000000..83a9183
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'fooinvalid' does not exist
diff --git a/tests/tests/usertools/38_usermod_invalid_user/usermod.test b/tests/tests/usertools/38_usermod_invalid_user/usermod.test
new file mode 100755
index 0000000..e88034d
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the user is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change an invalid user (usermod -u 100 fooinvalid)..."
+usermod -u 100 fooinvalid 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config.txt b/tests/tests/usertools/39_usermod_-c_invalid_comment/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/default/useradd b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/group b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/gshadow b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/passwd b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/shadow b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/data/usermod.err b/tests/tests/usertools/39_usermod_-c_invalid_comment/data/usermod.err
new file mode 100644
index 0000000..2cdfa7a
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid field 'com:ment'
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/usermod.test b/tests/tests/usertools/39_usermod_-c_invalid_comment/usermod.test
new file mode 100755
index 0000000..5a240ed
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks validity of -c argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid comment (usermod -c 'com:ment' foo)..."
+usermod -c 'com:ment' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config.txt b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/default/useradd b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/group b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/gshadow b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/passwd b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/shadow b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/data/usermod.err b/tests/tests/usertools/40_usermod_-d_invalid_homedir/data/usermod.err
new file mode 100644
index 0000000..0b376d6
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: invalid field 'home
+directory'
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/usermod.test b/tests/tests/usertools/40_usermod_-d_invalid_homedir/usermod.test
new file mode 100755
index 0000000..c510489
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/usermod.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks validity of -d argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid homedir (usermod -d 'home
+directory' foo)..."
+usermod -d 'home
+directory' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config.txt b/tests/tests/usertools/41_usermod_-d_invalid_shell/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/default/useradd b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/group b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/gshadow b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/passwd b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/shadow b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/data/usermod.err b/tests/tests/usertools/41_usermod_-d_invalid_shell/data/usermod.err
new file mode 100644
index 0000000..b105c0e
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid field 'sh:ell'
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/usermod.test b/tests/tests/usertools/41_usermod_-d_invalid_shell/usermod.test
new file mode 100755
index 0000000..44ce22b
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks validity of -s argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid shell (usermod -s 'sh:ell' foo)..."
+usermod -s 'sh:ell' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config.txt b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/default/useradd b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/group b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/gshadow b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/passwd b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/shadow b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/data/usermod.err b/tests/tests/usertools/42_usermod_-g_invalid_group_name/data/usermod.err
new file mode 100644
index 0000000..dbd9dc7
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/data/usermod.err
@@ -0,0 +1 @@
+usermod: group 'fooinvalid' does not exist
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/usermod.test b/tests/tests/usertools/42_usermod_-g_invalid_group_name/usermod.test
new file mode 100755
index 0000000..22fd107
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks existence of the specified primary group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid shell (usermod -g 'fooinvalid' foo)..."
+usermod -g 'fooinvalid' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config.txt b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/default/useradd b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/group b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/gshadow b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/passwd b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/shadow b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/data/usermod.err b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/data/usermod.err
new file mode 100644
index 0000000..82d3de6
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/data/usermod.err
@@ -0,0 +1 @@
+usermod: group '12345' does not exist
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/usermod.test b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/usermod.test
new file mode 100755
index 0000000..5d60cef
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks existence of the specified primary group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid shell (usermod -g 12345 foo)..."
+usermod -g 12345 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config.txt b/tests/tests/usertools/44_usermod-l_existing_username/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/default/useradd b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/group b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/gshadow b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/passwd b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/shadow b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/data/usermod.err b/tests/tests/usertools/44_usermod-l_existing_username/data/usermod.err
new file mode 100644
index 0000000..895463e
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'foo2' already exists
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/usermod.test b/tests/tests/usertools/44_usermod-l_existing_username/usermod.test
new file mode 100755
index 0000000..f3cbf15
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new username is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config.txt b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/default/useradd b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/group b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/gshadow b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/passwd b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/shadow b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/shadow
new file mode 100644
index 0000000..7d2cc65
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo3:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/data/usermod.err b/tests/tests/usertools/45_usermod-l_existing_username_passwd/data/usermod.err
new file mode 100644
index 0000000..895463e
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'foo2' already exists
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/usermod.test b/tests/tests/usertools/45_usermod-l_existing_username_passwd/usermod.test
new file mode 100755
index 0000000..f3cbf15
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new username is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config.txt b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/default/useradd b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/group b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/gshadow b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/passwd b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/passwd
new file mode 100644
index 0000000..92eddca
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo3:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/shadow b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/data/usermod.err b/tests/tests/usertools/46_usermod-l_existing_username_shadow/data/usermod.err
new file mode 100644
index 0000000..16ef5fc
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'foo2' already exists in /etc/shadow
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/usermod.test b/tests/tests/usertools/46_usermod-l_existing_username_shadow/usermod.test
new file mode 100755
index 0000000..f3cbf15
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new username is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config.txt b/tests/tests/usertools/47_usermod-l_no_shadow_file/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/group b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/passwd b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/shadow b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/data/group b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/group
new file mode 100644
index 0000000..730e4dd
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/data/gshadow b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..af81c09
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/data/passwd b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/passwd
new file mode 100644
index 0000000..f542fb0
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/usermod.test b/tests/tests/usertools/47_usermod-l_no_shadow_file/usermod.test
new file mode 100755
index 0000000..46bdc57
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config.txt b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/default/useradd b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/group b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/gshadow b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/passwd b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/passwd
new file mode 100644
index 0000000..9ae1f6f
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1000:::/bin/false
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/shadow b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/group b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/passwd b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/passwd
new file mode 100644
index 0000000..6b6522f
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1000:::/bin/false
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/shadow b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/userdel.err b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/userdel.err
new file mode 100644
index 0000000..157a8fc
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/userdel.err
@@ -0,0 +1 @@
+userdel: group foo is the primary group of another user and is not removed.
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/userdel.test b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
new file mode 100755
index 0000000..750780e
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it is still used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo 2>tmp/userdel.err
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config.txt b/tests/tests/usertools/49_userdel_delete_users_group/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/default/useradd b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/group b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/gshadow b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/passwd b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/shadow b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/group b/tests/tests/usertools/49_userdel_delete_users_group/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/gshadow b/tests/tests/usertools/49_userdel_delete_users_group/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/passwd b/tests/tests/usertools/49_userdel_delete_users_group/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/shadow b/tests/tests/usertools/49_userdel_delete_users_group/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/userdel.test b/tests/tests/usertools/49_userdel_delete_users_group/userdel.test
new file mode 100755
index 0000000..90e7afc
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it is still used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config.txt b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/default/useradd b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/group b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/gshadow b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9fdfaa0
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo3:*::
+foo2:*::
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/passwd b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/shadow b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/group b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/passwd b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/shadow b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
new file mode 100755
index 0000000..4293f27
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel remove the user's group even if it does not exist in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config.txt b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/default/useradd b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/group b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/gshadow b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9fdfaa0
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo3:*::
+foo2:*::
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/passwd b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/shadow b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/group b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/passwd b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/shadow b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
new file mode 100755
index 0000000..72cd32f
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel remove the user's group even if it does not exist in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/gshadow..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config.txt b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/group b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..2c64068
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo3:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/group b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/gshadow b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/passwd b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/userdel.test b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
new file mode 100755
index 0000000..244adc9
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel accepts when the user has no shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config.txt b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/group b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/passwd b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/shadow b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2c64068
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo3:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/group b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/gshadow b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/passwd b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/userdel.test b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/userdel.test
new file mode 100755
index 0000000..26bc485
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/userdel.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel accepts when the user is not is shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config.txt b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/default/useradd b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/group b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/gshadow b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/passwd b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/shadow b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/data/usermod.err b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/data/usermod.err
new file mode 100644
index 0000000..862ad44
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid user ID '4294967295'
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/usermod.test b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
new file mode 100755
index 0000000..0872846
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the uid is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 4294967295 foo)..."
+usermod -u 4294967295 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/55_userdel_busy_user/config.txt b/tests/tests/usertools/55_userdel_busy_user/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/default/useradd b/tests/tests/usertools/55_userdel_busy_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/group b/tests/tests/usertools/55_userdel_busy_user/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/gshadow b/tests/tests/usertools/55_userdel_busy_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/passwd b/tests/tests/usertools/55_userdel_busy_user/config/etc/passwd
new file mode 100644
index 0000000..82223ff
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/shadow b/tests/tests/usertools/55_userdel_busy_user/config/etc/shadow
new file mode 100644
index 0000000..23ff0c0
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12977:0:99999:7:::
diff --git a/tests/tests/usertools/55_userdel_busy_user/data/userdel.err b/tests/tests/usertools/55_userdel_busy_user/data/userdel.err
new file mode 100644
index 0000000..860d096
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/data/userdel.err
@@ -0,0 +1 @@
+userdel: user foo is currently used by process <PID>
diff --git a/tests/tests/usertools/55_userdel_busy_user/userdel.test b/tests/tests/usertools/55_userdel_busy_user/userdel.test
new file mode 100755
index 0000000..45d6e3f
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/userdel.test
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel accepts when the user is not is shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; kill $pid' 0
+
+change_config
+
+echo -n "Create a process for foo (su -l foo -c \"sleep 10\")..."
+su -l foo -c "sleep 10" 2>/dev/null &
+echo "OK"
+
+# Make sure su was started.
+sleep 1
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	ps=$(echo $! $?)
+	pid=$(echo $ps | cut -f1 -d' ')
+	status=$(echo $ps | cut -f2 -d' ')
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "8"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+sed -i -e "s/ [0-9]*$/ <PID>/" tmp/userdel.err
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+
+kill $pid || true
+wait || true
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config.txt b/tests/tests/usertools/56_userdel_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config.txt
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/group b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/gshadow b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/passwd b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/shadow b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/data/userdel.err b/tests/tests/usertools/56_userdel_locked_passwd/data/userdel.err
new file mode 100644
index 0000000..183acb4
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/passwd.lock without a PID
+userdel: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/userdel.test b/tests/tests/usertools/56_userdel_locked_passwd/userdel.test
new file mode 100755
index 0000000..af186a9
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/57_userdel_locked_group/config.txt b/tests/tests/usertools/57_userdel_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config.txt
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/default/useradd b/tests/tests/usertools/57_userdel_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/group b/tests/tests/usertools/57_userdel_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/gshadow b/tests/tests/usertools/57_userdel_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/passwd b/tests/tests/usertools/57_userdel_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/shadow b/tests/tests/usertools/57_userdel_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/57_userdel_locked_group/data/userdel.err b/tests/tests/usertools/57_userdel_locked_group/data/userdel.err
new file mode 100644
index 0000000..1e947b2
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/group.lock without a PID
+userdel: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/57_userdel_locked_group/userdel.test b/tests/tests/usertools/57_userdel_locked_group/userdel.test
new file mode 100755
index 0000000..01e8c8c
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config.txt b/tests/tests/usertools/58_userdel_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config.txt
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/group b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/gshadow b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/passwd b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/shadow b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/data/userdel.err b/tests/tests/usertools/58_userdel_locked_shadow/data/userdel.err
new file mode 100644
index 0000000..324b9ec
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/shadow.lock without a PID
+userdel: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/userdel.test b/tests/tests/usertools/58_userdel_locked_shadow/userdel.test
new file mode 100755
index 0000000..54acf61
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config.txt b/tests/tests/usertools/59_userdel_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config.txt
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/group b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/passwd b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/shadow b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/data/userdel.err b/tests/tests/usertools/59_userdel_locked_gshadow/data/userdel.err
new file mode 100644
index 0000000..7a56771
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/gshadow.lock without a PID
+userdel: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/userdel.test b/tests/tests/usertools/59_userdel_locked_gshadow/userdel.test
new file mode 100755
index 0000000..97993b9
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config.txt b/tests/tests/usertools/60_userdel_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config.txt
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/default/useradd b/tests/tests/usertools/60_userdel_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/group b/tests/tests/usertools/60_userdel_invalid_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/gshadow b/tests/tests/usertools/60_userdel_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/passwd b/tests/tests/usertools/60_userdel_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/shadow b/tests/tests/usertools/60_userdel_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/60_userdel_invalid_user/data/userdel.err b/tests/tests/usertools/60_userdel_invalid_user/data/userdel.err
new file mode 100644
index 0000000..97598b9
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/data/userdel.err
@@ -0,0 +1 @@
+userdel: user 'fooo' does not exist
diff --git a/tests/tests/usertools/60_userdel_invalid_user/userdel.test b/tests/tests/usertools/60_userdel_invalid_user/userdel.test
new file mode 100755
index 0000000..b070736
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the user exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user fooo (userdel fooo)..."
+userdel fooo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config.txt b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/default/useradd b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/group b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/gshadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/passwd b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/shadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/group b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/gshadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/passwd b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/shadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/userdel.err b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/userdel.err
new file mode 100644
index 0000000..5d7b44f
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/userdel.err
@@ -0,0 +1 @@
+userdel: foo mail spool (/var/mail/foo) not found
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/userdel.test b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/userdel.test
new file mode 100755
index 0000000..a123ccb
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/userdel.test
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel delete links, but not the pointed file/directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+mkdir /home/bar
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/bar' 0
+touch /home/baz
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/bar /home/baz' 0
+echo toto > /home/foo/toto
+ln -s /home/bar /home/foo/bar
+ln -s /home/baz /home/foo/baz
+chown -R foo:foo /home/foo /home/bar /home/baz
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo 2>tmp/userdel.err
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check the userdel message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "userdel message OK."
+rm -f tmp/userdel.err
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check that directory pointed from a foo's link is not removed..."
+test -d /home/bar
+echo "OK"
+echo -n "Check that file pointed from a foo's link is not removed..."
+test -f /home/baz
+echo "OK"
+rm -rf /home/bar /home/baz
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config.txt b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config.txt
new file mode 100644
index 0000000..15b78c6
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config.txt
@@ -0,0 +1,4 @@
+user foo, in group users (only in /etc/group)
+user bar, in group users (only in /etc/group)
+user foo, in group floppy
+user bar, in group fax
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/group b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..3115181
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:bar
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bar
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..c391b84
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::bar
+voice:*::
+cdrom:*::
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/passwd b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..d82d534
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+bar:x:1001:1001::/home/foo:/bin/false
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/shadow b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/group b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/group
new file mode 100644
index 0000000..4a52a21
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:bar
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bar
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/gshadow b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..57cdf94
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::bar
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/usermod.test b/tests/tests/usertools/62_usermod_remove_supplementary_groups/usermod.test
new file mode 100755
index 0000000..bfd70ad
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove users from supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo from the 'floppy' group (usermod -rG \"floppy\" foo)..."
+usermod -rG "floppy" foo
+echo "OK"
+
+echo -n "Remove user foo from the 'fax' group (usermod -rG \"fax\" foo)..."
+usermod -rG "fax" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
new file mode 100755
index 0000000..519d0a2
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody, lp, and foooo's password..."
+echo 'nobody:test
+lp:test2
+foooo:test3' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..8a3011f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user foooo) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 3, user foooo) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow
new file mode 100644
index 0000000..cb54856
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_MD5 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
new file mode 100755
index 0000000..c036205
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change the password of multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow
new file mode 100644
index 0000000..d69c00c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
new file mode 100755
index 0000000..fb915a1
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..bd03706
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:bar:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd
new file mode 100644
index 0000000..36fa602
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_MD5 test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:@PASS_MD5 test@:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
new file mode 100755
index 0000000..2660213
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
+# FIXME: The PAM and !PAM versions differs:
+# PAM will create a shadow entry if the shadow file exists
+# !PAM will update the passwd entry and leave the shadow file untouched
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..090d61a
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@::::::
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
new file mode 100755
index 0000000..5760ca5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if no password are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err
new file mode 100644
index 0000000..a02b7d6
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err
@@ -0,0 +1 @@
+chpasswd: line 2: missing new password
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
new file mode 100755
index 0000000..fda6230
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chpasswd usage (chpasswd -h)..."
+chpasswd -h >tmp/usage.out
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out
new file mode 100644
index 0000000..59c8b35
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out
@@ -0,0 +1,12 @@
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
new file mode 100755
index 0000000..f75e674
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd displays its usage message in case on non recognized option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chpasswd usage (chpasswd --foo)..."
+chpasswd --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..4e26b6d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: unrecognized option '--foo'
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
new file mode 100755
index 0000000..ecfbb20
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -e and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use md5 (chpasswd -m -e)..."
+echo 'nobody:test' | chpasswd -m -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out
new file mode 100644
index 0000000..799c8dd
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: the -c, -e, and -m flags are exclusive
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
new file mode 100755
index 0000000..ab5deec
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -e and -c are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use another method (chpasswd -c SHA512 -e)..."
+echo 'nobody:test' | chpasswd -c SHA512 -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out
new file mode 100644
index 0000000..799c8dd
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: the -c, -e, and -m flags are exclusive
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
new file mode 100755
index 0000000..fe2bbd7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -c and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd -m -c SHA256)..."
+echo 'nobody:test' | chpasswd -m -c SHA256 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out
new file mode 100644
index 0000000..799c8dd
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: the -c, -e, and -m flags are exclusive
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
new file mode 100755
index 0000000..29982fc
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -c is provided if -s is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd --sha-rounds 12)..."
+echo 'nobody:test' | chpasswd --sha-rounds 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out
new file mode 100644
index 0000000..ab133e2
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: -s flag is only allowed with the -c flag
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
new file mode 100755
index 0000000..1b478f9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks the -s argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd --sha-rounds 12foo -c SHA512)..."
+echo 'nobody:test' | chpasswd --sha-rounds 12foo -c SHA512 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out
new file mode 100644
index 0000000..bcfcf6d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: invalid numeric argument '12foo'
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
new file mode 100755
index 0000000..a2f653c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks the -c argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd --crypt-method SHA513)..."
+echo 'nobody:test' | chpasswd --crypt-method SHA513 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out
new file mode 100644
index 0000000..2c9e5aa
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: unsupported crypt method: SHA513
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
new file mode 100755
index 0000000..3591462
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow
new file mode 100644
index 0000000..269ee68
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
new file mode 100755
index 0000000..534fb6f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create md5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --md5)..."
+echo 'nobody:test
+lp:test2' | chpasswd --md5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow
new file mode 100644
index 0000000..cb54856
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_MD5 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
new file mode 100755
index 0000000..e7c1b4e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use encrypted passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd -c NONE)..."
+echo 'nobody:test
+lp:test2' | chpasswd -c NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow
new file mode 100644
index 0000000..269ee68
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
new file mode 100755
index 0000000..f7da2c6
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create MD5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method MD5)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow
new file mode 100644
index 0000000..cb54856
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_MD5 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
new file mode 100755
index 0000000..750b82f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create DES passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method DES)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow
new file mode 100644
index 0000000..d69c00c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
new file mode 100755
index 0000000..56c67bf
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA256 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow
new file mode 100644
index 0000000..2705a06
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
new file mode 100755
index 0000000..9a0b0d7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA256 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256 -s 900)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA256 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$5\$rounds=1000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow
new file mode 100644
index 0000000..2705a06
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
new file mode 100755
index 0000000..6f5f586
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA256 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256 -s 9000)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA256 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$5\$rounds=9000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow
new file mode 100644
index 0000000..2705a06
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
new file mode 100755
index 0000000..856665f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA512 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA512
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow
new file mode 100644
index 0000000..83bc0c9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
new file mode 100755
index 0000000..4382ab5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA512 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512 -s 900)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA512 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$6\$rounds=1000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow
new file mode 100644
index 0000000..83bc0c9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
new file mode 100755
index 0000000..f42c7be
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA512 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512 -s 9000)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA512 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$6\$rounds=9000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow
new file mode 100644
index 0000000..83bc0c9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
new file mode 100755
index 0000000..ce881e8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd
new file mode 100644
index 0000000..0489957
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:test2:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:test:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
new file mode 100755
index 0000000..7aa511e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err
new file mode 100644
index 0000000..498b5c8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err
@@ -0,0 +1,6 @@
+chpasswd: (user nobody) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 1, user nobody) password not changed
+chpasswd: (user lp) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user lp) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
new file mode 100755
index 0000000..0578c1f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd
new file mode 100644
index 0000000..0d29119
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err
new file mode 100644
index 0000000..1381d0e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user lp) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user lp) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd
new file mode 100644
index 0000000..9a44671
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:@PASS_MD5 test@:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
new file mode 100755
index 0000000..0578c1f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd
new file mode 100644
index 0000000..6ba390f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:bar:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err
new file mode 100644
index 0000000..9eb11ca
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user nobody) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 1, user nobody) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd
new file mode 100644
index 0000000..978ea44
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_MD5 test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
new file mode 100755
index 0000000..c341285
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
+# FIXME: The PAM and !PAM versions differs:
+# PAM will create a shadow entry if the shadow file exists
+# !PAM will update the passwd entry and leave the shadow file untouched
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..fcb19db
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
new file mode 100755
index 0000000..a18f912
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err
new file mode 100644
index 0000000..468b8b6
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: existing lock file /etc/passwd.lock without a PID
+chpasswd: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
new file mode 100755
index 0000000..3686758
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err
new file mode 100644
index 0000000..507310f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: existing lock file /etc/shadow.lock without a PID
+chpasswd: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
new file mode 100755
index 0000000..05bf394
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that users exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd)..."
+echo 'nobody:test
+bar:bar2
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..245a3b2
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user bar) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user bar) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow
new file mode 100644
index 0000000..958f25b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
new file mode 100755
index 0000000..05c6a31
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that users exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+bar:bar2
+lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..7182e70
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: line 2: user 'bar' does not exist
+chpasswd: error detected, changes ignored
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
new file mode 100755
index 0000000..5e3bc03
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd
new file mode 100644
index 0000000..5648ba0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:oldpass:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd
new file mode 100644
index 0000000..1ed98b3
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:test2:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow
new file mode 100644
index 0000000..269ee68
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
new file mode 100755
index 0000000..f1d09e9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody, lp, and foooo's password..."
+echo 'nobody:test
+lp:test2
+foooo:test3' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/login.defs b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..3478c55
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: line 3: user 'foooo' does not exist
+chpasswd: error detected, changes ignored
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
new file mode 100755
index 0000000..c036205
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change the password of multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/group b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/gshadow b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/login.defs b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/passwd b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/shadow b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/data/shadow b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/data/shadow
new file mode 100644
index 0000000..d69c00c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
new file mode 100755
index 0000000..fb915a1
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/group b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/login.defs b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/passwd b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/shadow b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/data/passwd b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/data/passwd
new file mode 100644
index 0000000..a9a8b92
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_DES test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:@PASS_DES test@:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
new file mode 100755
index 0000000..d97d8b5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
+# FIXME: The PAM and !PAM versions differs:
+# PAM will create a shadow entry if the shadow file exists
+# !PAM will update the passwd entry and leave the shadow file untouched
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/group b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/login.defs b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/passwd b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..e7f6c7b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_DES test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/shadow b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..8e10590
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
new file mode 100755
index 0000000..005b7ba
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if no password are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/group b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/gshadow b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/login.defs b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/passwd b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/shadow b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/data/chpasswd.err b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/data/chpasswd.err
new file mode 100644
index 0000000..afeef27
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: line 2: missing new password
+chpasswd: error detected, changes ignored
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config.txt b/tests/tests/usertools/useradd/01_useradd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/default/useradd b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/group b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/gshadow b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/passwd b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/shadow b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/data/usage.out b/tests/tests/usertools/useradd/01_useradd_usage/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/useradd.test b/tests/tests/usertools/useradd/01_useradd_usage/useradd.test
new file mode 100755
index 0000000..a7fe046
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get useradd usage (useradd -h)..."
+useradd -h >tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config.txt b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/default/useradd b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/group b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/gshadow b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/passwd b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/shadow b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/data/usage.out b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..2efa134
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/data/usage.out
@@ -0,0 +1,36 @@
+useradd: unrecognized option '--foo'
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/useradd.test b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/useradd.test
new file mode 100755
index 0000000..6711b26
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid option (useradd --foo)..."
+useradd --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config.txt b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/default/useradd b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/group b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/gshadow b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/passwd b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/shadow b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/data/usage.out b/tests/tests/usertools/useradd/03_useradd_usage_no_users/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/useradd.test b/tests/tests/usertools/useradd/03_useradd_usage_no_users/useradd.test
new file mode 100755
index 0000000..fe178eb
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd without an user (useradd -f 12)..."
+useradd -f 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config.txt b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/default/useradd b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/group b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/gshadow b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/passwd b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/shadow b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/data/usage.out b/tests/tests/usertools/useradd/04_useradd_usage_2_users/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/useradd.test b/tests/tests/usertools/useradd/04_useradd_usage_2_users/useradd.test
new file mode 100755
index 0000000..c51e8bc
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with 2 users (useradd -f 12 bin nobody)..."
+useradd -f 12 bin nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config.txt b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/group b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/data/usage.out b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/data/usage.out
new file mode 100644
index 0000000..6f4cd08
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid base directory '/home/no:body'
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/useradd.test b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
new file mode 100755
index 0000000..a880dde
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -b '/home/no:body' nobody)..."
+useradd -b '/home/no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config.txt b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/group b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/data/usage.out b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/data/usage.out
new file mode 100644
index 0000000..22a5df8
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid base directory '/home/no
+body'
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/useradd.test b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
new file mode 100755
index 0000000..37f27c0
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -b '/home/no
+body' nobody)..."
+useradd -b '/home/no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config.txt b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/default/useradd b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/group b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/gshadow b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/passwd b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/shadow b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/data/usage.out b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/data/usage.out
new file mode 100644
index 0000000..de930e6
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid base directory 'home/nobody'
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/useradd.test b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
new file mode 100755
index 0000000..a0ff227
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -b 'home/nobody' nobody)..."
+useradd -b 'home/nobody' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config.txt b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/group b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/data/usage.out b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/data/usage.out
new file mode 100644
index 0000000..ec0e2ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid comment 'comm:ent'
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/useradd.test b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
new file mode 100755
index 0000000..6cd2262
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -c 'comm:ent' nobody)..."
+useradd -c 'comm:ent' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config.txt b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/group b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/data/usage.out b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/data/usage.out
new file mode 100644
index 0000000..30daaab
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid comment 'comm
+ent'
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/useradd.test b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
new file mode 100755
index 0000000..98f6420
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -c 'comm
+ent' nobody)..."
+useradd -c 'comm
+ent' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config.txt b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/group b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/data/usage.out b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/data/usage.out
new file mode 100644
index 0000000..34b6e40
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid home directory '/home/no:body'
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/useradd.test b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
new file mode 100755
index 0000000..3f3b81e
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -d '/home/no:body' nobody)..."
+useradd -d '/home/no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config.txt b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/group b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/data/usage.out b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/data/usage.out
new file mode 100644
index 0000000..0ac0eed
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid home directory '/home/no
+body'
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/useradd.test b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
new file mode 100755
index 0000000..12569b5
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -d '/home/no
+body' nobody)..."
+useradd -d '/home/no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config.txt b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/default/useradd b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/group b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/gshadow b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/passwd b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/shadow b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/data/usage.out b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/data/usage.out
new file mode 100644
index 0000000..722cb57
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid home directory 'home/nobody'
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/useradd.test b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
new file mode 100755
index 0000000..3b624c1
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -d 'home/nobody' nobody)..."
+useradd -d 'home/nobody' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config.txt b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/group b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/data/usage.out b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/data/usage.out
new file mode 100644
index 0000000..02f2e40
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid date '2011-09-09-11'
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/useradd.test b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
new file mode 100755
index 0000000..15acb22
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -e '2011-09-09-11' nobody)..."
+useradd -e '2011-09-09-11' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config.txt b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/group b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/data/usage.out b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/data/usage.out
new file mode 100644
index 0000000..c0d25cb
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid date '1900-09-11'
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/useradd.test b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
new file mode 100755
index 0000000..c5642f0
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -e '1900-09-11' nobody)..."
+useradd -e '1900-09-11' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config.txt b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/data/usage.out b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..f148d91
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+useradd: shadow passwords required for -e
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
new file mode 100755
index 0000000..255a799
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Call useradd with the -e option (useradd -e '2011-09-11' nobody)..."
+useradd -e '2011-09-11' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config.txt b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/group b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/data/usage.out b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/data/usage.out
new file mode 100644
index 0000000..40d8d93
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid numeric argument '2011f'
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/useradd.test b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
new file mode 100755
index 0000000..ad948d5
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -f '2011f' nobody)..."
+useradd -f '2011f' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config.txt b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/group b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/data/usage.out b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/data/usage.out
new file mode 100644
index 0000000..add36d3
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid numeric argument '-2'
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/useradd.test b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
new file mode 100755
index 0000000..2f5a385
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -f '-2' nobody)..."
+useradd -f '-2' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config.txt b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/data/usage.out b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..f5095a5
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+useradd: shadow passwords required for -f
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
new file mode 100755
index 0000000..aa5b54e
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Call useradd with the -f option (useradd -f '12' nobody)..."
+useradd -f '12' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config.txt b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/group b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/data/usage.out b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/data/usage.out
new file mode 100644
index 0000000..9eaa315
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: -K requires KEY=VALUE
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/useradd.test b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
new file mode 100755
index 0000000..bef12a6
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -K 'VALUE' nobody)..."
+useradd -K 'VALUE' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config.txt b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/group b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/data/usage.out b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/data/usage.out
new file mode 100644
index 0000000..cb3b31a
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/data/usage.out
@@ -0,0 +1 @@
+configuration error - unknown item 'KEY' (notify administrator)
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/useradd.test b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
new file mode 100755
index 0000000..883eac5
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -O 'KEY=VALUE' nobody)..."
+useradd -O 'KEY=VALUE' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config.txt b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/group b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/data/usage.out b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/data/usage.out
new file mode 100644
index 0000000..6e06315
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid field 'no:body'
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/useradd.test b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
new file mode 100755
index 0000000..86e99ff
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -p 'no:body' nobody)..."
+useradd -p 'no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config.txt b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/group b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/data/usage.out b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/data/usage.out
new file mode 100644
index 0000000..19f477e
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid field 'no
+body'
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/useradd.test b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
new file mode 100755
index 0000000..9888c75
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -p 'no
+body' nobody)..."
+useradd -p 'no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config.txt b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/group b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/data/usage.out b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/data/usage.out
new file mode 100644
index 0000000..2b9b157
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid shell '/home/no:body'
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/useradd.test b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
new file mode 100755
index 0000000..9864e42
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -s '/home/no:body' nobody)..."
+useradd -s '/home/no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config.txt b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/group b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/data/usage.out b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/data/usage.out
new file mode 100644
index 0000000..e2891b2
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid shell '/home/no
+body'
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/useradd.test b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
new file mode 100755
index 0000000..4704ed5
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -s '/home/no
+body' nobody)..."
+useradd -s '/home/no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config.txt b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/default/useradd b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/group b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/gshadow b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/passwd b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/shadow b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/data/usage.out b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/data/usage.out
new file mode 100644
index 0000000..9fb467e
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid shell 'home/nobody'
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/useradd.test b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
new file mode 100755
index 0000000..ea1ada3
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -s 'home/nobody' nobody)..."
+useradd -s 'home/nobody' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config.txt b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/default/useradd b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/group b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/gshadow b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/passwd b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/shadow b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/data/usage.out b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/data/usage.out
new file mode 100644
index 0000000..f0e24c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/data/usage.out
@@ -0,0 +1,36 @@
+useradd: -o flag is only allowed with the -u flag
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/useradd.test b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/useradd.test
new file mode 100755
index 0000000..36498ce
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -o without -u"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Allow duplicate UID without UID (useradd -o foo)..."
+useradd -o foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config.txt b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/default/useradd b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/group b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/gshadow b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/passwd b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/shadow b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/data/usage.out b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/data/usage.out
new file mode 100644
index 0000000..e27e5b6
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/data/usage.out
@@ -0,0 +1,36 @@
+useradd: -k flag is only allowed with the -m flag
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/useradd.test b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/useradd.test
new file mode 100755
index 0000000..c64af4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -k without -m"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy skeleton without creating home dir (useradd -k foo)..."
+useradd -k foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config.txt b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/default/useradd b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/group b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/gshadow b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/passwd b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/shadow b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/data/usage.out b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/data/usage.out
new file mode 100644
index 0000000..3b030c3
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/data/usage.out
@@ -0,0 +1,36 @@
+useradd: options -U and -g conflict
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/useradd.test b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/useradd.test
new file mode 100755
index 0000000..2a7b381
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -U with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Usergroup and fixed group (useradd -U -g 100 foo)..."
+useradd -U -g 100 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config.txt b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/default/useradd b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/group b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/gshadow b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/passwd b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/shadow b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/data/usage.out b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/data/usage.out
new file mode 100644
index 0000000..7a7bc5d
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/data/usage.out
@@ -0,0 +1,36 @@
+useradd: options -U and -N conflict
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/useradd.test b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/useradd.test
new file mode 100755
index 0000000..57eabd3
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -U with -N"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Usergroup and no usergroup (useradd -U -N foo)..."
+useradd -U -N foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config.txt b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/default/useradd b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/group b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/gshadow b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/passwd b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/shadow b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/data/usage.out b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/data/usage.out
new file mode 100644
index 0000000..37a90dc
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/data/usage.out
@@ -0,0 +1,36 @@
+useradd: options -m and -M conflict
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/useradd.test b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/useradd.test
new file mode 100755
index 0000000..80d7a5a
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -m with -M"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create and do not create home directory (useradd -M -m foo)..."
+useradd -M -m foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config.txt b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/default/useradd b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/group b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/gshadow b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/passwd b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/shadow b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/data/usage.out b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/useradd.test b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/useradd.test
new file mode 100755
index 0000000..f5f5f4b
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set default with useradd and specify an user (useradd -D nobody)..."
+useradd -D nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config.txt b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/default/useradd b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/group b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/gshadow b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/passwd b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/shadow b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/data/usage.out b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/useradd.test b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/useradd.test
new file mode 100755
index 0000000..c3aacfb
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/useradd.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -m with -M"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-u 1010" "-G nogroup" "-d /home/foo" "-c comment" "-m"
+do
+	echo -n "Call useradd -D with option $opt (useradd -D $opt)..."
+	useradd -D $opt 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "useradd reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config.txt b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/default/useradd b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/group b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/gshadow b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/passwd b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/shadow b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/data/usage.out b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/data/usage.out
new file mode 100644
index 0000000..c1c58fa
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid user name 'user:name'
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/useradd.test b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/useradd.test
new file mode 100755
index 0000000..8024f7d
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd checks the username validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid username (useradd user:name)..."
+useradd user:name 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config.txt b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/default/useradd b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/group b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/gshadow b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/passwd b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/shadow b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/passwd b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/shadow b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/useradd.test b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
new file mode 100755
index 0000000..df98f82
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config.txt b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/default/useradd b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/default/useradd
new file mode 100644
index 0000000..487e328
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=nogroup
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/group b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/gshadow b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/passwd b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/shadow b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/passwd b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/passwd
new file mode 100644
index 0000000..4e481a1
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:65534::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/shadow b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/useradd.test b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/useradd.test
new file mode 100755
index 0000000..df98f82
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config.txt b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/default/useradd b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/default/useradd
new file mode 100644
index 0000000..4da665d
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=3000
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/group b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/gshadow b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/passwd b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/shadow b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/passwd b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/passwd
new file mode 100644
index 0000000..db82966
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:100::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/shadow b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/usage.out b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/usage.out
new file mode 100644
index 0000000..6e4920f
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/usage.out
@@ -0,0 +1,2 @@
+useradd: group '3000' does not exist
+useradd: the GROUP= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config.txt b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/default/useradd b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/default/useradd
new file mode 100644
index 0000000..3d298ac
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=invalidgroup
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/group b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/gshadow b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/passwd b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/shadow b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/passwd b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/passwd
new file mode 100644
index 0000000..db82966
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:100::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/shadow b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/usage.out b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/usage.out
new file mode 100644
index 0000000..06f5b8c
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/usage.out
@@ -0,0 +1,2 @@
+useradd: group 'invalidgroup' does not exist
+useradd: the GROUP= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config.txt b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/default/useradd b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/default/useradd
new file mode 100644
index 0000000..095cf3d
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/group b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/gshadow b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/passwd b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/shadow b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/passwd b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/shadow b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/shadow
new file mode 100644
index 0000000..b8db0a7
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:42:13849:
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/useradd.test b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/useradd.test
new file mode 100755
index 0000000..dbee2ad
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the INACT default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config.txt b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..e7513e4
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=1a
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/group b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/passwd b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/shadow b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/shadow
new file mode 100644
index 0000000..39849f5
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7::13849:
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/usage.out b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/usage.out
new file mode 100644
index 0000000..d27941e
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid numeric argument '1a'
+useradd: the INACTIVE= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config.txt b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..b3f265e
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-2
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/group b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/passwd b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/shadow b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/shadow
new file mode 100644
index 0000000..39849f5
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7::13849:
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/usage.out b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/usage.out
new file mode 100644
index 0000000..d301073
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid numeric argument '-2'
+useradd: the INACTIVE= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config.txt b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/default/useradd b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/default/useradd
new file mode 100644
index 0000000..3fca45b
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/group b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/gshadow b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/passwd b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/shadow b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/data/defaults b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/data/defaults
new file mode 100644
index 0000000..90cfe79
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/data/defaults
@@ -0,0 +1,7 @@
+GROUP=10
+HOME=/tmp
+INACTIVE=42
+EXPIRE=2007-12-02
+SHELL=/bin/foobar
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/useradd.test b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/useradd.test
new file mode 100755
index 0000000..41ffb2b
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the default SKEL value is SKEL is set to empty"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get default value (useradd -D)..."
+useradd -D >tmp/defaults
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/defaults
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/defaults tmp/defaults
+echo "usage message OK."
+rm -f tmp/defaults
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config.txt b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/default/useradd b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/default/useradd
new file mode 100644
index 0000000..bbb85b4
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/group b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/gshadow b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/passwd b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/shadow b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/data/defaults b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/data/defaults
new file mode 100644
index 0000000..90cfe79
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/data/defaults
@@ -0,0 +1,7 @@
+GROUP=10
+HOME=/tmp
+INACTIVE=42
+EXPIRE=2007-12-02
+SHELL=/bin/foobar
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
new file mode 100755
index 0000000..41ffb2b
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the default SKEL value is SKEL is set to empty"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get default value (useradd -D)..."
+useradd -D >tmp/defaults
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/defaults
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/defaults tmp/defaults
+echo "usage message OK."
+rm -f tmp/defaults
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config.txt b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/default/useradd b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/default/useradd
new file mode 100644
index 0000000..b85eaf3
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/default/useradd
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=
+# 
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/group b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/gshadow b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/passwd b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/shadow b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/data/useradd b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/data/useradd
new file mode 100644
index 0000000..15084f0
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/data/useradd
@@ -0,0 +1,38 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/toto
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
+# 
+SKEL=/etc/skel
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/useradd.test b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/useradd.test
new file mode 100755
index 0000000..110e3ae
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts a line with no eol at eof"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set a default value (useradd -D -b /toto)..."
+useradd -D -b /toto
+echo "OK"
+
+echo -n "Check the default file..."
+diff -Nau data/useradd /etc/default/useradd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config.txt b/tests/tests/usertools/useradd/44_useradd_default_no_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/default/useradd b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/default/useradd
new file mode 100644
index 0000000..b85eaf3
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/default/useradd
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=
+# 
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/group b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/gshadow b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/passwd b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/shadow b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/data/useradd b/tests/tests/usertools/useradd/44_useradd_default_no_file/data/useradd
new file mode 100644
index 0000000..796e8dd
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/data/useradd
@@ -0,0 +1,8 @@
+# useradd defaults file
+GROUP=100
+HOME=/toto
+INACTIVE=-1
+EXPIRE=
+SHELL=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/useradd.test b/tests/tests/usertools/useradd/44_useradd_default_no_file/useradd.test
new file mode 100755
index 0000000..0bc2804
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/useradd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can create a defaults file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete the defaults file..."
+rm -f /etc/default/useradd
+echo "OK"
+
+echo -n "Set a default value (useradd -D -b /toto)..."
+useradd -D -b /toto
+echo "OK"
+
+echo -n "Check the default file..."
+diff -Nau data/useradd /etc/default/useradd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config.txt b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/default/useradd b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/group b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/gshadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/passwd b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/shadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/group b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/gshadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/passwd b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/shadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/useradd.test b/tests/tests/usertools/useradd/45_useradd-G_UID_name/useradd.test
new file mode 100755
index 0000000..480c4a3
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config.txt b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/default/useradd b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/group b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/gshadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/passwd b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/shadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/group b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/gshadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/passwd b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/shadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/useradd.test b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
new file mode 100755
index 0000000..1de8138
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups (once)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom,12 foo)..."
+useradd -G bin,adm,12,cdrom,12 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config.txt b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/default/useradd b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/group b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/gshadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/passwd b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/shadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/group b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/gshadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/passwd b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/shadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
new file mode 100755
index 0000000..cb7bed8
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups (once)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom,man foo)..."
+useradd -G bin,adm,12,cdrom,man foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config.txt b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/default/useradd b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/group b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/gshadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/passwd b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/shadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/group b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/gshadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/passwd b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/shadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/useradd.test b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/useradd.test
new file mode 100755
index 0000000..44f63c1
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups (once)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom,adm foo)..."
+useradd -G bin,adm,12,cdrom,adm foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config.txt b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/default/useradd b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/group b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/gshadow b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/passwd b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/shadow b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/data/usage.out b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/data/usage.out
new file mode 100644
index 0000000..23ea5dd
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/data/usage.out
@@ -0,0 +1 @@
+useradd: group 'cdromm' does not exist
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/useradd.test b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/useradd.test
new file mode 100755
index 0000000..5d16073
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd check the validity of groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups with an invalid group (useradd -G bin,adm,12,cdromm,adm foo)..."
+useradd -G bin,adm,12,cdromm,adm foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config.txt b/tests/tests/usertools/useradd/50_useradd-r/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/default/useradd b/tests/tests/usertools/useradd/50_useradd-r/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/group b/tests/tests/usertools/useradd/50_useradd-r/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/gshadow b/tests/tests/usertools/useradd/50_useradd-r/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/passwd b/tests/tests/usertools/useradd/50_useradd-r/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/shadow b/tests/tests/usertools/useradd/50_useradd-r/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/group b/tests/tests/usertools/useradd/50_useradd-r/data/group
new file mode 100644
index 0000000..b5b6ce2
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/gshadow b/tests/tests/usertools/useradd/50_useradd-r/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/passwd b/tests/tests/usertools/useradd/50_useradd-r/data/passwd
new file mode 100644
index 0000000..640a0cc
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:101:999::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/shadow b/tests/tests/usertools/useradd/50_useradd-r/data/shadow
new file mode 100644
index 0000000..823c4c0
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@::::::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/useradd.test b/tests/tests/usertools/useradd/50_useradd-r/useradd.test
new file mode 100755
index 0000000..0eacc6a
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can create system users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create system user foo (useradd -r foo)..."
+useradd -r foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config.txt b/tests/tests/usertools/useradd/51_useradd_already_exist/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/default/useradd b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/group b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/gshadow b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/passwd b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/shadow b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/shadow
new file mode 100644
index 0000000..498ef86
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:*:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/data/usage.out b/tests/tests/usertools/useradd/51_useradd_already_exist/data/usage.out
new file mode 100644
index 0000000..5d12530
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/data/usage.out
@@ -0,0 +1 @@
+useradd: user 'foo' already exists
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/useradd.test b/tests/tests/usertools/useradd/51_useradd_already_exist/useradd.test
new file mode 100755
index 0000000..910828f
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd checks if the requested new user already exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an existing user (useradd foo)..."
+useradd foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config.txt b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/default/useradd b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/group b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/gshadow b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/passwd b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/shadow b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/data/usage.out b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/data/usage.out
new file mode 100644
index 0000000..c000a60
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/data/usage.out
@@ -0,0 +1 @@
+useradd: group foo exists - if you want to add this user to that group, use -g.
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/useradd.test b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/useradd.test
new file mode 100755
index 0000000..7fe651d
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -U checks if a group with the same name already exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd -U with an existing group (useradd -U foo)..."
+useradd -U foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config.txt b/tests/tests/usertools/useradd/53_useradd-G_empty/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/default/useradd b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/group b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/gshadow b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/passwd b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/shadow b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/group b/tests/tests/usertools/useradd/53_useradd-G_empty/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/gshadow b/tests/tests/usertools/useradd/53_useradd-G_empty/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/passwd b/tests/tests/usertools/useradd/53_useradd-G_empty/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/shadow b/tests/tests/usertools/useradd/53_useradd-G_empty/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/useradd.test b/tests/tests/usertools/useradd/53_useradd-G_empty/useradd.test
new file mode 100755
index 0000000..8eac65e
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts empty list of groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo with empty group list (useradd -G "" foo)..."
+useradd -G "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config.txt b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/group b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/gshadow b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/passwd b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/passwd
new file mode 100644
index 0000000..e2c466a
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/useradd.test
new file mode 100755
index 0000000..c7ab56b
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user even if /etc/shadow is missing"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config.txt b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/group b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/passwd b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/shadow b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/group b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/group
new file mode 100644
index 0000000..eb2e1b5
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:!:1000:
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/passwd b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/shadow b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/useradd.test b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/useradd.test
new file mode 100755
index 0000000..b5519b9
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user and groups even if /etc/gshadow is missing"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config.txt b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/default/useradd b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/group b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/gshadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/gshadow
new file mode 100644
index 0000000..3c9bae9
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test:x::
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/passwd b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/shadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/group b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/gshadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/gshadow
new file mode 100644
index 0000000..fd939a3
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/passwd b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/shadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
new file mode 100755
index 0000000..c8a6666
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user and groups even if /etc/gshadow is missing"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config.txt b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/default/useradd b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/group b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/gshadow b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/passwd b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/shadow b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/data/usage.out b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
new file mode 100755
index 0000000..97e011d
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with -D as second option (useradd -f 12 -D)..."
+useradd -f 12 -D 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config.txt b/tests/tests/usertools/useradd/58_useradd-e_empty/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/default/useradd b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/group b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/gshadow b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/passwd b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/shadow b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/group b/tests/tests/usertools/useradd/58_useradd-e_empty/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/gshadow b/tests/tests/usertools/useradd/58_useradd-e_empty/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/passwd b/tests/tests/usertools/useradd/58_useradd-e_empty/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/shadow b/tests/tests/usertools/useradd/58_useradd-e_empty/data/shadow
new file mode 100644
index 0000000..949c978
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/useradd.test b/tests/tests/usertools/useradd/58_useradd-e_empty/useradd.test
new file mode 100755
index 0000000..ab90d67
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts empty list of groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo without expiry (useradd -e "" foo)..."
+useradd -e "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config.txt b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/default/useradd b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/group b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/gshadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/passwd b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/shadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/group b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/gshadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/passwd b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/shadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/shadow
new file mode 100644
index 0000000..602bef5
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/useradd.test b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/useradd.test
new file mode 100755
index 0000000..ff5233c
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts -1 as expiry and inactivity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo without expiry (useradd -e -1 -f -1 foo)..."
+useradd -e -1 -f -1 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config.txt b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/group b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/gshadow b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/passwd b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/passwd
new file mode 100644
index 0000000..e2c466a
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
new file mode 100755
index 0000000..0170ef8
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts -1 as expiry and inactivity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Create user foo without expiry (useradd -e -1 -f -1 foo)..."
+useradd -e -1 -f -1 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config.txt b/tests/tests/usertools/useradd/61_useradd-K/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/default/useradd b/tests/tests/usertools/useradd/61_useradd-K/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/group b/tests/tests/usertools/useradd/61_useradd-K/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/gshadow b/tests/tests/usertools/useradd/61_useradd-K/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/passwd b/tests/tests/usertools/useradd/61_useradd-K/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/shadow b/tests/tests/usertools/useradd/61_useradd-K/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/group b/tests/tests/usertools/useradd/61_useradd-K/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/gshadow b/tests/tests/usertools/useradd/61_useradd-K/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/passwd b/tests/tests/usertools/useradd/61_useradd-K/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/shadow b/tests/tests/usertools/useradd/61_useradd-K/data/shadow
new file mode 100644
index 0000000..bfd9ffa
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:42:7:12:13849:
diff --git a/tests/tests/usertools/useradd/61_useradd-K/useradd.test b/tests/tests/usertools/useradd/61_useradd-K/useradd.test
new file mode 100755
index 0000000..3a8ee29
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses -K options"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set option with -K (useradd -K PASS_MAX_DAYS=42 foo)..."
+useradd -K PASS_MAX_DAYS=42 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config.txt b/tests/tests/usertools/useradd/62_useradd-p/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/default/useradd b/tests/tests/usertools/useradd/62_useradd-p/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/group b/tests/tests/usertools/useradd/62_useradd-p/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/gshadow b/tests/tests/usertools/useradd/62_useradd-p/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/passwd b/tests/tests/usertools/useradd/62_useradd-p/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/shadow b/tests/tests/usertools/useradd/62_useradd-p/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/group b/tests/tests/usertools/useradd/62_useradd-p/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/gshadow b/tests/tests/usertools/useradd/62_useradd-p/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/passwd b/tests/tests/usertools/useradd/62_useradd-p/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/shadow b/tests/tests/usertools/useradd/62_useradd-p/data/shadow
new file mode 100644
index 0000000..4abac0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooPass:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/62_useradd-p/useradd.test b/tests/tests/usertools/useradd/62_useradd-p/useradd.test
new file mode 100755
index 0000000..655f871
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "The -p option can set the password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set password (useradd -p fooPass foo)..."
+useradd -p fooPass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config.txt b/tests/tests/usertools/useradd/63_useradd-s/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/default/useradd b/tests/tests/usertools/useradd/63_useradd-s/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/group b/tests/tests/usertools/useradd/63_useradd-s/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/gshadow b/tests/tests/usertools/useradd/63_useradd-s/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/passwd b/tests/tests/usertools/useradd/63_useradd-s/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/shadow b/tests/tests/usertools/useradd/63_useradd-s/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/group b/tests/tests/usertools/useradd/63_useradd-s/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/gshadow b/tests/tests/usertools/useradd/63_useradd-s/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/passwd b/tests/tests/usertools/useradd/63_useradd-s/data/passwd
new file mode 100644
index 0000000..5c7dfc4
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:*/bin/dash
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/shadow b/tests/tests/usertools/useradd/63_useradd-s/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/63_useradd-s/useradd.test b/tests/tests/usertools/useradd/63_useradd-s/useradd.test
new file mode 100755
index 0000000..99e783b
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "The -s option can change the default shell"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set shell (useradd -s \"*/bin/dash\" foo)..."
+useradd -s "*/bin/dash" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config.txt b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config.txt
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/group b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/gshadow b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/passwd b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/shadow b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/data/useradd.err b/tests/tests/usertools/useradd/64_useradd_locked_passwd/data/useradd.err
new file mode 100644
index 0000000..c4b6ed3
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/passwd.lock without a PID
+useradd: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/useradd.test b/tests/tests/usertools/useradd/64_useradd_locked_passwd/useradd.test
new file mode 100755
index 0000000..8dde325
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config.txt b/tests/tests/usertools/useradd/65_useradd_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config.txt
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/default/useradd b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/group b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/gshadow b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/passwd b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/shadow b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/data/useradd.err b/tests/tests/usertools/useradd/65_useradd_locked_group/data/useradd.err
new file mode 100644
index 0000000..b36210f
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/group.lock without a PID
+useradd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/useradd.test b/tests/tests/usertools/useradd/65_useradd_locked_group/useradd.test
new file mode 100755
index 0000000..e6583ba
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config.txt b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config.txt
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/group b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/gshadow b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/passwd b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/shadow b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/data/useradd.err b/tests/tests/usertools/useradd/66_useradd_locked_shadow/data/useradd.err
new file mode 100644
index 0000000..a29346a
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/shadow.lock without a PID
+useradd: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/useradd.test b/tests/tests/usertools/useradd/66_useradd_locked_shadow/useradd.test
new file mode 100755
index 0000000..24ef14f
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config.txt b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config.txt
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/group b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/passwd b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/shadow b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/data/useradd.err b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/data/useradd.err
new file mode 100644
index 0000000..9155bfd
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/gshadow.lock without a PID
+useradd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/useradd.test b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/useradd.test
new file mode 100755
index 0000000..71f7dc0
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config.txt b/tests/tests/usertools/useradd/68_useradd-s_empty/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/default/useradd b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/group b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/gshadow b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/passwd b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/shadow b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/group b/tests/tests/usertools/useradd/68_useradd-s_empty/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/gshadow b/tests/tests/usertools/useradd/68_useradd-s_empty/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/passwd b/tests/tests/usertools/useradd/68_useradd-s_empty/data/passwd
new file mode 100644
index 0000000..8a4ebe5
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/shadow b/tests/tests/usertools/useradd/68_useradd-s_empty/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/useradd.test b/tests/tests/usertools/useradd/68_useradd-s_empty/useradd.test
new file mode 100755
index 0000000..448000c
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "The -s option can set an empty shell"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set empty shell (useradd -s \"\" foo)..."
+useradd -s "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt
new file mode 100644
index 0000000..74c5907
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt
@@ -0,0 +1,8 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group bin
+user foo, in group adm
+user foo, in group man
+user foo, in group cdrom
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd
new file mode 100644
index 0000000..9e75e54
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd
@@ -0,0 +1,40 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# Addional supplementary groups for users
+GROUPS=bin,adm,man,cdrom
+#
+# The default home directory. Same as DHOME for adduser
+#
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group
new file mode 100644
index 0000000..773c93b
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group
new file mode 100644
index 0000000..02214e6
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group
@@ -0,0 +1,42 @@
+ root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
new file mode 100755
index 0000000..9446830
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname $0)"
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds supplementary groups based on the GROUPS field in /etc/deault/useradd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+printf "Create user foo, with group associations with bin,adm,man,cdrom..."
+useradd foo
+printf "OK\n"
+
+printf "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+printf "OK\n"
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config.txt b/tests/tests/usertools/userdel/01_userdel_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/default/useradd b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/group b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/gshadow b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/passwd b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/shadow b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/data/usage.out b/tests/tests/usertools/userdel/01_userdel_usage/data/usage.out
new file mode 100644
index 0000000..955c793
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/data/usage.out
@@ -0,0 +1,10 @@
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/userdel.test b/tests/tests/usertools/userdel/01_userdel_usage/userdel.test
new file mode 100755
index 0000000..6d2b9e8
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get userdel usage (userdel -h)..."
+userdel -h >tmp/usage.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config.txt b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/default/useradd b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/group b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/gshadow b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/passwd b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/shadow b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/data/usage.out b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..a0dcbf8
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/data/usage.out
@@ -0,0 +1,11 @@
+userdel: unrecognized option '--foo'
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/userdel.test b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/userdel.test
new file mode 100755
index 0000000..7d134f0
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call userdel with an invalid option (userdel --foo)..."
+userdel --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config.txt b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/default/useradd b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/group b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/gshadow b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/passwd b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/shadow b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/data/usage.out b/tests/tests/usertools/userdel/03_userdel_usage_no_users/data/usage.out
new file mode 100644
index 0000000..955c793
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/data/usage.out
@@ -0,0 +1,10 @@
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/userdel.test b/tests/tests/usertools/userdel/03_userdel_usage_no_users/userdel.test
new file mode 100755
index 0000000..9bf3685
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call userdel without an user (userdel -f)..."
+userdel -f 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config.txt b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/default/useradd b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/group b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/gshadow b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/passwd b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/shadow b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/data/usage.out b/tests/tests/usertools/userdel/04_userdel_usage_2_users/data/usage.out
new file mode 100644
index 0000000..955c793
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/data/usage.out
@@ -0,0 +1,10 @@
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/userdel.test b/tests/tests/usertools/userdel/04_userdel_usage_2_users/userdel.test
new file mode 100755
index 0000000..6788240
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call userdel with 2 users (userdel -f bin nobody)..."
+userdel -f bin nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config.txt b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/default/useradd b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/group b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/gshadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/login.defs b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/login.defs
new file mode 100644
index 0000000..ec8ac1f
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB no
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/passwd b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/shadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/group b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/group
new file mode 100644
index 0000000..c60d727
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/gshadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/passwd b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/shadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
new file mode 100755
index 0000000..83e801f
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if USERGROUPS_ENAB is disabled"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config.txt b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/default/useradd b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/group b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/group
new file mode 100644
index 0000000..d5d74e2
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/gshadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/login.defs b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/passwd b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/shadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/group b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/group
new file mode 100644
index 0000000..15f4c27
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/gshadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/passwd b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/shadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/userdel.test b/tests/tests/usertools/userdel/06_userdel_no_usergroup/userdel.test
new file mode 100755
index 0000000..f0907c6
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it has a different name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config.txt b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/default/useradd b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/group b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/group
new file mode 100644
index 0000000..c39e02c
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/gshadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/gshadow
new file mode 100644
index 0000000..75ecdfe
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/login.defs b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/passwd b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/shadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/group b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/group
new file mode 100644
index 0000000..3aa5282
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/gshadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/gshadow
new file mode 100644
index 0000000..75ecdfe
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/passwd b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/shadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/userdel.out b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/userdel.out
new file mode 100644
index 0000000..0ccbef6
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/userdel.out
@@ -0,0 +1 @@
+userdel: group foo not removed because it is not the primary group of user foo.
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/userdel.test b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
new file mode 100755
index 0000000..9ff44d4
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it has a different name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/userdel.out tmp/userdel.out
+echo "usage message OK."
+rm -f tmp/userdel.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config.txt b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/default/useradd b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/group b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/group
new file mode 100644
index 0000000..ff15b82
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/gshadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/gshadow
new file mode 100644
index 0000000..50ca6ce
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo2
+foo2:*::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/login.defs b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/passwd b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/shadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/group b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/group
new file mode 100644
index 0000000..5e4034b
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/gshadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/gshadow
new file mode 100644
index 0000000..50ca6ce
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo2
+foo2:*::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/passwd b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/shadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/userdel.out b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/userdel.out
new file mode 100644
index 0000000..2dc27c8
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/userdel.out
@@ -0,0 +1 @@
+userdel: group foo not removed because it has other members.
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
new file mode 100755
index 0000000..69fc339
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if is has other members"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/userdel.out tmp/userdel.out
+echo "usage message OK."
+rm -f tmp/userdel.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config.txt b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/default/useradd b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/group b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/group
new file mode 100644
index 0000000..ff15b82
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/gshadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/login.defs b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/passwd b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/shadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/group b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/group
new file mode 100644
index 0000000..5e4034b
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/gshadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/passwd b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/shadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/userdel.out b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/userdel.out
new file mode 100644
index 0000000..2dc27c8
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/userdel.out
@@ -0,0 +1 @@
+userdel: group foo not removed because it has other members.
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
new file mode 100755
index 0000000..2387401
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group from gshadow if there were no additional members in gshadow but there were in group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/userdel.out tmp/userdel.out
+echo "usage message OK."
+rm -f tmp/userdel.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config.txt b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/default/useradd b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/group b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/gshadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/passwd b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/shadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/group b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/gshadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/passwd b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/shadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/userdel.err b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/userdel.err
new file mode 100644
index 0000000..893b416
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/userdel.err
@@ -0,0 +1 @@
+userdel: /home/foo is a symbolic link, not removing
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/userdel.test b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
new file mode 100755
index 0000000..eb9c6fe
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not delete the user's home directory as symlink"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /var/mail/foo /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo2
+touch /home/foo2/file
+chown -R foo:foo /home/foo2
+ln -s foo2 /home/foo
+touch /var/mail/foo
+chown --no-dereference foo:foo /var/mail/foo /home/foo
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo "The user should have been removed."
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was not removed..."
+test -L /home/foo
+test -d /home/foo2
+test -f /home/foo2/file
+echo "OK"
+echo -n "Check the user's mail spool was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+rm -rf /home/foo /home/foo2
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config.txt b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/group b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/passwd b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/shadow b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/data/passwd b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/data/passwd
new file mode 100644
index 0000000..d9798a6
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/usermod.test b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
new file mode 100755
index 0000000..e272fc8
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+usermod -p foopass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config.txt b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/group b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/data/passwd b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9798a6
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
new file mode 100755
index 0000000..a5231c5
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+usermod -p foopass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config.txt b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/default/useradd b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/group b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/gshadow b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/passwd b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/shadow b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/data/shadow b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/data/shadow
new file mode 100644
index 0000000..0c6770f
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:foopass:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
new file mode 100755
index 0000000..3cdfabc
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+usermod -p foopass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config.txt b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/default/useradd b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/group b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/gshadow b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/passwd b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/shadow b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/shadow
new file mode 100644
index 0000000..151547d
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!oldpass:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
new file mode 100755
index 0000000..9f4907f
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to lock an already locked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (usermod -L foo)..."
+usermod -L foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config.txt b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/default/useradd b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/group b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/gshadow b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/passwd b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/passwd
new file mode 100644
index 0000000..9abcbc4
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/shadow b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/shadow
new file mode 100644
index 0000000..6e9fa8e
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/data/shadow b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/data/shadow
new file mode 100644
index 0000000..18b71a2
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!blahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
new file mode 100755
index 0000000..bd8e338
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to lock an already locked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (usermod -L foo)..."
+usermod -L foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config.txt b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/default/useradd b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/group b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/gshadow b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/passwd b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/passwd
new file mode 100644
index 0000000..9abcbc4
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/shadow b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
new file mode 100755
index 0000000..9f4907f
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to lock an already locked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (usermod -L foo)..."
+usermod -L foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config.txt b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/default/useradd b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/group b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/gshadow b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/passwd b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/shadow b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/shadow
new file mode 100644
index 0000000..6e9fa8e
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
new file mode 100755
index 0000000..68c6d4c
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to unlock an already unlocked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (usermod -U foo)..."
+usermod -U foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config.txt b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/default/useradd b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/group b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/gshadow b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/passwd b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/shadow b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/shadow
new file mode 100644
index 0000000..3d01e1a
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!unusedblahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/data/shadow b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/data/shadow
new file mode 100644
index 0000000..646a9a5
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:unusedblahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
new file mode 100755
index 0000000..a845677
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to unlock an already unlocked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (usermod -U foo)..."
+usermod -U foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config.txt b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/default/useradd b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/group b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/gshadow b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/passwd b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/shadow b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
new file mode 100755
index 0000000..68c6d4c
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to unlock an already unlocked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (usermod -U foo)..."
+usermod -U foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config.txt b/tests/tests/usertools/usermod/10_usermod_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/default/useradd b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/group b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/gshadow b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/passwd b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/shadow b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/data/usage.out b/tests/tests/usertools/usermod/10_usermod_usage/data/usage.out
new file mode 100644
index 0000000..a877447
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/data/usage.out
@@ -0,0 +1,30 @@
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/usermod.test b/tests/tests/usertools/usermod/10_usermod_usage/usermod.test
new file mode 100755
index 0000000..2f96442
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get usermod usage (usermod -h)..."
+usermod -h >tmp/usage.out
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config.txt b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/default/useradd b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/group b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/gshadow b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/passwd b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/shadow b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/data/usage.out b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..8e4ad3f
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/data/usage.out
@@ -0,0 +1,31 @@
+usermod: unrecognized option '--foo'
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/usermod.test b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/usermod.test
new file mode 100755
index 0000000..a5ebf49
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod displays its usage message in case on non recognized option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get usermod usage (usermod --foo)..."
+usermod --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config.txt b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/default/useradd b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/group b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/gshadow b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/passwd b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/shadow b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/data/usermod.err b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/data/usermod.err
new file mode 100644
index 0000000..e5438f4
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid numeric argument 'bar'
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/usermod.test b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/usermod.test
new file mode 100755
index 0000000..68a6563
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the number of inactive days is a number"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use -f without a number (usermod -f bar foo)..."
+usermod -f bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config.txt b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/default/useradd b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/group b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/gshadow b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/passwd b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/shadow b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/data/usermod.err b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/data/usermod.err
new file mode 100644
index 0000000..4e80b68
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid numeric argument '-2'
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
new file mode 100755
index 0000000..b7655a3
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod displays its usage message in case when -f receive a wrong number"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set number of inactive days to -2 (usermod -f -2)..."
+usermod -f -2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config.txt b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/default/useradd b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/group b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/gshadow b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/passwd b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/shadow b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/data/usage.out b/tests/tests/usertools/usermod/14_usermod_usage_no_options/data/usage.out
new file mode 100644
index 0000000..336b216
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/data/usage.out
@@ -0,0 +1,31 @@
+usermod: no options
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/usermod.test b/tests/tests/usertools/usermod/14_usermod_usage_no_options/usermod.test
new file mode 100755
index 0000000..caa9de7
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that there is actually something to change"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod foo)..."
+usermod foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config.txt b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/default/useradd b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/group b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/gshadow b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/passwd b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/shadow b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/data/usage.out b/tests/tests/usertools/usermod/15_usermod_usage_no_user/data/usage.out
new file mode 100644
index 0000000..a877447
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/data/usage.out
@@ -0,0 +1,30 @@
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/usermod.test b/tests/tests/usertools/usermod/15_usermod_usage_no_user/usermod.test
new file mode 100755
index 0000000..98e8c09
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the user to be changed is provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change a user name (usermod -l bar)..."
+usermod -l bar 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config.txt b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/group b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/passwd b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/shadow b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/data/usage.out b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..4068a75
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+usermod: shadow passwords required for -e and -f
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
new file mode 100755
index 0000000..1cf05f5
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the shadow file exist for option -e"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change expire date (usermod -e 10 foo)..."
+usermod -e 10 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config.txt b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/group b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/passwd b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/shadow b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/data/usage.out b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..4068a75
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+usermod: shadow passwords required for -e and -f
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
new file mode 100755
index 0000000..f62a292
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the shadow file exist for option -f"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change number of inactive days (usermod -f 10 foo)..."
+usermod -f 10 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config.txt b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/default/useradd b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/group b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/gshadow b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/passwd b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/shadow b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/data/usage.out b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/data/usage.out
new file mode 100644
index 0000000..fe37c40
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/data/usage.out
@@ -0,0 +1,31 @@
+usermod: the -L, -p, and -U flags are exclusive
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
new file mode 100755
index 0000000..3886f26
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that -L and -p are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change an lock password (usermod -L -p newpass foo)..."
+usermod -L -p newpass foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config.txt b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/default/useradd b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/group b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/gshadow b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/passwd b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/shadow b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/data/usage.out b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/data/usage.out
new file mode 100644
index 0000000..fe37c40
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/data/usage.out
@@ -0,0 +1,31 @@
+usermod: the -L, -p, and -U flags are exclusive
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
new file mode 100755
index 0000000..5ab2270
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that -L and -U are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock an unlock password (usermod -L -U foo)..."
+usermod -L -U foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config.txt b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/default/useradd b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/group b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/gshadow b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/passwd b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/shadow b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/data/usage.out b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/data/usage.out
new file mode 100644
index 0000000..fe37c40
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/data/usage.out
@@ -0,0 +1,31 @@
+usermod: the -L, -p, and -U flags are exclusive
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
new file mode 100755
index 0000000..0dc1ea4
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that -U and -p are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change an unlock password (usermod -U -p newpass foo)..."
+usermod -U -p newpass foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config.txt b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/group b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/passwd b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/shadow b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/group b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/group
new file mode 100644
index 0000000..730e4dd
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/passwd b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/shadow b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
new file mode 100755
index 0000000..5ad5bf9
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rename the user in the lists of members, when an user is renamed with -l"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Rename user foo (usermod -l foo2 foo)..."
+usermod -l foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config.txt b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/default/useradd b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/group b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/gshadow b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/passwd b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/shadow b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/data/usage.out b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/data/usage.out
new file mode 100644
index 0000000..5a96e57
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/data/usage.out
@@ -0,0 +1 @@
+usermod: invalid user name '2:bar'
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
new file mode 100755
index 0000000..66ff45a
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the validity of a new username"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename with invalid username (usermod -l 2bar foo)..."
+usermod -l 2:bar foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config.txt b/tests/tests/usertools/usermod/23_usermod-e_date/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/default/useradd b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/group b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/gshadow b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/passwd b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/shadow b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/data/shadow b/tests/tests/usertools/usermod/23_usermod-e_date/data/shadow
new file mode 100644
index 0000000..af98956
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::15320:
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/usermod.test b/tests/tests/usertools/usermod/23_usermod-e_date/usermod.test
new file mode 100755
index 0000000..5ab527f
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can set the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's expiry date (usermod -e 2011-12-12 foo)..."
+usermod -e 2011-12-12 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config.txt b/tests/tests/usertools/usermod/24_usermod-e_date/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/default/useradd b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/group b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/gshadow b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/passwd b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/shadow b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/shadow
new file mode 100644
index 0000000..ae79ac5
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::42:
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/data/shadow b/tests/tests/usertools/usermod/24_usermod-e_date/data/shadow
new file mode 100644
index 0000000..a1923b5
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::42424:
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/usermod.test b/tests/tests/usertools/usermod/24_usermod-e_date/usermod.test
new file mode 100755
index 0000000..a2ae15a
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can set the expiry date (number of days)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's expiry date (usermod -e 42424 foo)..."
+usermod -e 42424 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config.txt b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/default/useradd b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/group b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/gshadow b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/passwd b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/shadow b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/data/shadow b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/data/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/usermod.test b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/usermod.test
new file mode 100755
index 0000000..997d51a
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can disable the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e '' foo)..."
+usermod -e '' foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config.txt b/tests/tests/usertools/usermod/26_usermod-e-1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/default/useradd b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/group b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/gshadow b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/passwd b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/shadow b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/data/shadow b/tests/tests/usertools/usermod/26_usermod-e-1/data/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/usermod.test b/tests/tests/usertools/usermod/26_usermod-e-1/usermod.test
new file mode 100755
index 0000000..c15ddc6
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can disable the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e -1 foo)..."
+usermod -e -1 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config.txt b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/default/useradd b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/group b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/gshadow b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/passwd b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/shadow b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/data/usermod.err b/tests/tests/usertools/usermod/27_usermod-e_invalid1/data/usermod.err
new file mode 100644
index 0000000..3de424e
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid date '-2'
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/usermod.test b/tests/tests/usertools/usermod/27_usermod-e_invalid1/usermod.test
new file mode 100755
index 0000000..c564197
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the validity of the expiry argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e -2 foo)..."
+usermod -e -2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config.txt b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/default/useradd b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/group b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/gshadow b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/passwd b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/shadow b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/data/usermod.err b/tests/tests/usertools/usermod/28_usermod-e_invalid2/data/usermod.err
new file mode 100644
index 0000000..43494b0
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid date 'bar'
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/usermod.test b/tests/tests/usertools/usermod/28_usermod-e_invalid2/usermod.test
new file mode 100755
index 0000000..fa761b2
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the validity of the expiry argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e bar foo)..."
+usermod -e bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config.txt b/tests/tests/usertools/usermod/29_usermod_no_changes/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/default/useradd b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/group b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/gshadow b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/passwd b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/passwd
new file mode 100644
index 0000000..7c90a9b
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:GeCoS:/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/shadow b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/shadow
new file mode 100644
index 0000000..0a24422
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:oldpass:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/data/usermod.err b/tests/tests/usertools/usermod/29_usermod_no_changes/data/usermod.err
new file mode 100644
index 0000000..ea8edd6
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/data/usermod.err
@@ -0,0 +1 @@
+usermod: no changes
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/usermod.test b/tests/tests/usertools/usermod/29_usermod_no_changes/usermod.test
new file mode 100755
index 0000000..5d70329
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod detects when no real changes are requested"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Perform non changes (usermod -l foo -c GeCoS -e -1 -f -1 -u 1000 -d /nonexistent -s /bin/sh foo)..."
+usermod -l foo -c GeCoS -e -1 -f -1 -u 1000 -d /nonexistent -s /bin/sh foo 2>tmp/usermod.err
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config.txt b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/default/useradd b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/group b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/gshadow b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/passwd b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/shadow b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/data/usage.out b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/data/usage.out
new file mode 100644
index 0000000..90d3384
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/data/usage.out
@@ -0,0 +1,31 @@
+usermod: -a flag is only allowed with the -G flag
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/usermod.test b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/usermod.test
new file mode 100755
index 0000000..6e30cfd
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rejects -a without -G"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Append groups without groups (usermod -a foo)..."
+usermod -a foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config.txt b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/default/useradd b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/group b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/gshadow b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/passwd b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/shadow b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/data/usage.out b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/data/usage.out
new file mode 100644
index 0000000..d8baae8
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/data/usage.out
@@ -0,0 +1,31 @@
+usermod: -o flag is only allowed with the -u flag
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/usermod.test b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/usermod.test
new file mode 100755
index 0000000..bf57aa7
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/usermod.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rejects -o without -u"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Append groups without groups (usermod -o foo)..."
+usermod -o foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config.txt b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/default/useradd b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/group b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/gshadow b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/passwd b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/shadow b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/data/usage.out b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/data/usage.out
new file mode 100644
index 0000000..3d86d0a
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/data/usage.out
@@ -0,0 +1,31 @@
+usermod: -m flag is only allowed with the -d flag
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/usermod.test b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/usermod.test
new file mode 100755
index 0000000..407dc32
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rejects -m without -d"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Move home without new home (usermod -m foo)..."
+usermod -m foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config.txt b/tests/tests/usertools/usermod/33_usermod_change_shell/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/default/useradd b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/group b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/gshadow b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/passwd b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/shadow b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/data/passwd b/tests/tests/usertools/usermod/33_usermod_change_shell/data/passwd
new file mode 100644
index 0000000..57c4cf3
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/bash
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/usermod.test b/tests/tests/usertools/usermod/33_usermod_change_shell/usermod.test
new file mode 100755
index 0000000..81145df
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can change the shell"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's shell (usermod -s /bin/bash foo)..."
+usermod -s /bin/bash foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config.txt b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/group b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..0175ffc
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:oldpass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/data/shadow b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..64ee844
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:oldpass:@TODAY@:0:99999:7::15320:
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
new file mode 100755
index 0000000..fa2e567
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod create a shadow entry to set the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's expiry date (usermod -e 2011-12-12 foo)..."
+usermod -e 2011-12-12 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config.txt b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/group b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..0175ffc
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:oldpass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/data/shadow b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..43a9175
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:oldpass:@TODAY@:0:99999:7:42::
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
new file mode 100755
index 0000000..0c1d293
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod create a shadow entry to set the number of inactive days"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's number of inactive days (usermod -f 42 foo)..."
+usermod -f 42 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config.txt b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/default/useradd b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/group b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/gshadow b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/passwd b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/shadow b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a
new file mode 100644
index 0000000..62a6381
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:foo `/home/foo/toto'
+drwxr-xr-x foo:foo `/home/foo/.'
+drwxr-xr-x root:root `/home/foo/..'
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a2 b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a2
new file mode 100644
index 0000000..e69e95d
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a2
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/passwd b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/usermod.err b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/usermod.err
new file mode 100644
index 0000000..64b72d1
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/usermod.err
@@ -0,0 +1 @@
+usermod: directory /home/foo2 exists
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
new file mode 100755
index 0000000..0821c02
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+chown -R foo:foo /home/foo
+
+echo -n "Create /home/foo2"...
+mkdir /home/foo2
+echo "OK"
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was not removed..."
+test -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was not moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /home/foo/..."
+stat --printf "%A %U:%G %N\n" /home/foo/* /home/foo/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+echo -n "Check content of /home/foo2/..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a2
+diff -rauN data/home_ls-a2 tmp/home_ls-a2
+echo "OK"
+rm -f tmp/home_ls-a2
+
+echo -n "Remove the home directories..."
+rm -rf /home/foo /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config.txt b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/default/useradd b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/group b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/gshadow b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/passwd b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/shadow b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/data/passwd b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
new file mode 100755
index 0000000..3b3ba6f
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+# Do not create the user's /home/foo home directory
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the old user's home directory was not created..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the new user's home directory was not created..."
+test ! -d /home/foo2
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config.txt b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/default/useradd b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/group b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/gshadow b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/passwd b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/shadow b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/data/passwd b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
new file mode 100755
index 0000000..b232d9e
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/lastlog' 0
+
+change_config
+
+echo -n "Remove /var/log/lastlog (it will not be restored)..."
+rm -f /var/log/lastlog
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the /var/log/lastlog file was not created"...
+test ! -f /var/log/lastlog
+echo "OK"
+
+touch /var/log/lastlog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config.txt b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/group b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/passwd b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/shadow b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/data/passwd b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/data/passwd
new file mode 100644
index 0000000..137b91d
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/login.exp b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/login.exp
new file mode 100755
index 0000000..e534fe5
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/login.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f foo\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
new file mode 100755
index 0000000..8b4f43f
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+touch /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+lastlog > tmp/lastlog.out
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+lastlog > tmp/lastlog.out2
+
+echo "lastlog:"
+echo "======================================================================="
+cat tmp/lastlog.out2
+echo "======================================================================="
+
+echo -n "Check the lastlog message..."
+diff -au tmp/lastlog.out tmp/lastlog.out2
+echo "lastlog message OK."
+rm -f tmp/lastlog.out tmp/lastlog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config.txt b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/group b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/group
new file mode 100644
index 0000000..6470be5
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/gshadow
new file mode 100644
index 0000000..e982c7c
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/passwd b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/passwd
new file mode 100644
index 0000000..5173c28
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+bar:x:10000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/shadow b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/group b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/group
new file mode 100644
index 0000000..d972111
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/passwd b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/passwd
new file mode 100644
index 0000000..1cfb31f
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/shadow b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/login.exp b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/login.exp
new file mode 100755
index 0000000..e534fe5
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/login.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f foo\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
new file mode 100755
index 0000000..5efc96f
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+touch /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+lastlog > tmp/lastlog.out
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Manually delete the user foo (to keep the lastlog entry)..."
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^foo:/d' -i /etc/group
+sed -e '/^foo:/d' -i /etc/gshadow
+echo "OK"
+
+echo -n "Change the user's UID to reuse foo's (usermod -u 1000 bar)..."
+usermod -u 1000 bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+lastlog > tmp/lastlog.out2
+
+echo "lastlog:"
+echo "======================================================================="
+cat tmp/lastlog.out2
+echo "======================================================================="
+
+echo -n "Check the lastlog message..."
+sed -e '/^foo /d' -i tmp/lastlog.out
+diff -au tmp/lastlog.out tmp/lastlog.out2
+echo "lastlog message OK."
+rm -f tmp/lastlog.out tmp/lastlog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config.txt b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/default/useradd b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/group b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/gshadow b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/passwd b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/shadow b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/data/passwd b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/usermod.test b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
new file mode 100755
index 0000000..2122a87
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/faillog' 0
+
+change_config
+
+echo -n "Remove /var/log/faillog (it will not be restored)..."
+rm -f /var/log/faillog
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the /var/log/faillog file was not created"...
+test ! -f /var/log/faillog
+echo "OK"
+
+touch /var/log/faillog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config.txt b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/group b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/pam.d/login b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/passwd b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/shadow b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/shadow
new file mode 100644
index 0000000..9b99f4d
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/data/passwd b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/data/passwd
new file mode 100644
index 0000000..137b91d
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/login.exp b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/login.exp
new file mode 100755
index 0000000..4226743
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/login.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login foo\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
new file mode 100755
index 0000000..769e5dc
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+faillog > tmp/faillog.out
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+faillog > tmp/faillog.out2
+
+echo "faillog:"
+echo "======================================================================="
+cat tmp/faillog.out2
+echo "======================================================================="
+
+echo -n "Check the faillog message..."
+diff -au tmp/faillog.out tmp/faillog.out2
+echo "faillog message OK."
+rm -f tmp/faillog.out tmp/faillog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config.txt b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/group b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/group
new file mode 100644
index 0000000..6470be5
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/gshadow
new file mode 100644
index 0000000..e982c7c
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/pam.d/login b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/passwd b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/passwd
new file mode 100644
index 0000000..5173c28
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+bar:x:10000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/shadow b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/group b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/group
new file mode 100644
index 0000000..d972111
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/passwd b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/passwd
new file mode 100644
index 0000000..1cfb31f
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/shadow b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/login.exp b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/login.exp
new file mode 100755
index 0000000..4226743
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/login.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login foo\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
new file mode 100755
index 0000000..ee262b6
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+touch /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+faillog > tmp/faillog.out
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+rm -f tmp/faillog.out
+
+echo -n "Manually delete the user foo (to keep the faillog entry)..."
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^foo:/d' -i /etc/group
+sed -e '/^foo:/d' -i /etc/gshadow
+echo "OK"
+
+echo -n "Change the user's UID to reuse foo's (usermod -u 1000 bar)..."
+usermod -u 1000 bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+faillog > tmp/faillog.out2
+
+echo "faillog:"
+echo "======================================================================="
+cat tmp/faillog.out2
+echo "======================================================================="
+
+echo -n "Check the faillog message..."
+c=$(cat tmp/faillog.out2 | wc -c)
+test $c = "0"
+echo "empty faillog OK."
+rm -f tmp/faillog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config.txt b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/default/useradd b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/group b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/gshadow b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/passwd b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/shadow b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/mailbox.perms b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/mailbox.perms
new file mode 100644
index 0000000..92d36ea
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/mailbox.perms
@@ -0,0 +1 @@
+7 -rw-r--r-- bar:mail `/var/mail/bar'
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/passwd b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/shadow b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/test b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/test
new file mode 100644
index 0000000..fbcf12d
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/test
@@ -0,0 +1 @@
+toto
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/usermod.test b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/usermod.test
new file mode 100755
index 0000000..dfd0ef9
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/usermod.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod move the mailbox if it exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo /var/mail/bar' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+echo foobar > /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's name (usermod -l bar foo)..."
+usermod -l bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the new mailbox was created..."
+test -f /var/mail/bar
+echo "OK"
+echo -n "Check that the old mailbox was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%s %A %U:%G %N\n" /var/mail/bar | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/bar
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config.txt b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/default/useradd b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/group b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/gshadow b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/passwd b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/shadow b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/mailbox.perms b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/mailbox.perms
new file mode 100644
index 0000000..52233be
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/mailbox.perms
@@ -0,0 +1 @@
+-rw-r--r-- foo:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/passwd b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
new file mode 100755
index 0000000..3fb509b
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod changes the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+touch /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config.txt b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/default/useradd b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/group b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/group
new file mode 100644
index 0000000..7fca720
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/gshadow b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/gshadow
new file mode 100644
index 0000000..f735fda
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/passwd b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/passwd
new file mode 100644
index 0000000..6082b5f
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+bar:x:1001:1001::/home/bar:/bin/false
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/shadow b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/mailbox.perms b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/mailbox.perms
new file mode 100644
index 0000000..2c8f112
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/mailbox.perms
@@ -0,0 +1 @@
+7 -rw-r--r-- bar:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/passwd b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/passwd
new file mode 100644
index 0000000..138adcc
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
+bar:x:1001:1001::/home/bar:/bin/false
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/usermod.err b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/usermod.err
new file mode 100644
index 0000000..8f67460
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/usermod.err
@@ -0,0 +1 @@
+usermod: warning: /var/mail/foo not owned by foo
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
new file mode 100755
index 0000000..ab57a79
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+echo foobar> /var/mail/foo
+chown bar:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo 2>tmp/usermod.err
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%s %A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config.txt b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/default/useradd b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/group b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/gshadow b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/login.defs b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/login.defs
new file mode 100644
index 0000000..1ff03b9
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+#MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/passwd b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/shadow b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/mailbox.perms b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/mailbox.perms
new file mode 100644
index 0000000..52233be
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/mailbox.perms
@@ -0,0 +1 @@
+-rw-r--r-- foo:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/passwd b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/usermod.test b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/usermod.test
new file mode 100755
index 0000000..3fb509b
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod changes the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+touch /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config.txt b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/default/useradd b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/group b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/gshadow b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/login.defs b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/login.defs
new file mode 100644
index 0000000..f87a841
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+#MAIL_DIR        /var/mail
+MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/passwd b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/shadow b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/mailbox.perms b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/mailbox.perms
new file mode 100644
index 0000000..9e78a91
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/mailbox.perms
@@ -0,0 +1 @@
+-rw-r--r-- UNKNOWN:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/passwd b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
new file mode 100755
index 0000000..3fb509b
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod changes the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+touch /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config.txt b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config.txt
new file mode 100644
index 0000000..b337f3f
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000, home directory: /home/foo
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/default/useradd b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/group b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/group
new file mode 100644
index 0000000..65ffe60
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/gshadow b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/passwd b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/shadow b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/home_ls-a b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/home_ls-a
new file mode 100644
index 0000000..654c2be
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/home_ls-a
@@ -0,0 +1,12 @@
+-rw-r--r-- 0:1001 `/home/foo2/uroot'
+-rw-r--r-- 1000:0 `/home/foo2/groot'
+-rw-r--r-- 1000:1001 `/home/foo2/.tata'
+-rw-r--r-- 1000:1001 `/home/foo2/.tyty'
+-rw-r--r-- 1000:1001 `/home/foo2/profile2'
+-rw-r--r-- 1000:1001 `/home/foo2/toto'
+-rw-r--r-- 1000:1001 `/home/foo2/tyty'
+crw-r--r-- 1000:1001 `/home/foo2/null'
+drwxr-xr-x 0:0 `/home/foo2/..'
+drwxr-xr-x 1000:1001 `/home/foo2/.'
+drwxr-xr-x 1000:1001 `/home/foo2/titi'
+lrwxrwxrwx 1000:1001 `/home/foo2/tutu' -> `/tmp/home/foo2/toto'
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/passwd b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/passwd
new file mode 100644
index 0000000..b966e61
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001::/tmp/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
new file mode 100755
index 0000000..9a42e8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory, over a new device and changes the owner of the user's file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2; umount /tmp/home; rmdir /tmp/home' 0
+
+change_config
+
+mkdir /home/foo
+mkdir /home/foo/titi
+echo toto > /home/foo/toto
+echo tyty > /home/foo/tyty
+ln /home/foo/toto /home/foo/.tata
+ln /home/foo/tyty /home/foo/.tyty
+ln -s /home/foo/toto /home/foo/tutu
+mknod /home/foo/null c 1 3
+ln /etc/profile /home/foo/profile2
+echo root > /home/foo/uroot
+echo root > /home/foo/groot
+chown -R foo:foo /home/foo
+chown root /home/foo/uroot
+chgrp root /home/foo/groot
+stat --printf "%A %u:%g %N\n" /home/foo/* /home/foo/.* 2>/dev/null | sort
+
+mkdir /tmp/home
+mount --bind /home /tmp/home
+
+echo -n "Change the user's home directory (usermod -m -d /tmp/home/foo2 -g 1001 foo ..."
+usermod -m -d /tmp/home/foo2 -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %u:%g %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+echo -n "Check that hardlink to another homedir file remains a hardlink..."
+dev_ino=$(stat --printf "%d-%i" /home/foo2/toto)
+dev_ino2=$(stat --printf "%d-%i" /home/foo2/.tata)
+test "$dev_ino" = "$dev_ino2"
+echo "OK"
+echo -n "Check hardlink to outside the homedir..."
+dev_ino=$(stat --printf "%d-%i" /etc/profile)
+dev_ino2=$(stat --printf "%d-%i" /home/foo2/profile2)
+echo "$dev_ino" != "$dev_ino2"
+#test "$dev_ino" = "$dev_ino2"
+echo "NOT IMPLEMENTED"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+umount /tmp/home
+rmdir /tmp/home
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config.txt b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/default/useradd b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/group b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/gshadow b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/passwd b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/shadow b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/home_ls-a b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/home_ls-a
new file mode 100644
index 0000000..161c30f
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/home_ls-a
@@ -0,0 +1,5 @@
+-rw-r--r-- foo:foo `/home/foo2/toto'
+-rw-r--r-- foo:root `/home/foo2/groot'
+-rw-r--r-- root:foo `/home/foo2/uroot'
+drwxr-xr-x foo:foo `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/passwd b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/passwd
new file mode 100644
index 0000000..6074624
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1001:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
new file mode 100755
index 0000000..6ac347c
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+echo root > /home/foo/uroot
+echo root > /home/foo/groot
+chown -R foo:foo /home/foo
+chown root /home/foo/uroot
+chgrp root /home/foo/groot
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 -u 1001 foo)..."
+usermod -m -d /home/foo2 -u 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config.txt b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/default/useradd b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/group b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/group
new file mode 100644
index 0000000..65ffe60
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/gshadow b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/passwd b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/shadow b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/home_ls-a b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/home_ls-a
new file mode 100644
index 0000000..74d7ab0
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:bar `/home/foo2/toto'
+drwxr-xr-x foo:bar `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/passwd b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/passwd
new file mode 100644
index 0000000..676b112
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
new file mode 100755
index 0000000..6bc87f3
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory and change the group permissions"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+chown -R foo:foo /home/foo
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 -g 1001 foo)..."
+usermod -m -d /home/foo2 -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config.txt b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/default/useradd b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/group b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/gshadow b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/passwd b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/shadow b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a
new file mode 100644
index 0000000..62a6381
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:foo `/home/foo/toto'
+drwxr-xr-x foo:foo `/home/foo/.'
+drwxr-xr-x root:root `/home/foo/..'
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a2 b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a2
new file mode 100644
index 0000000..e69e95d
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a2
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/passwd b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/passwd
new file mode 100644
index 0000000..9da880b
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo3:/bin/false
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/usermod.err b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/usermod.err
new file mode 100644
index 0000000..c8f9de2
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/usermod.err
@@ -0,0 +1 @@
+usermod: directory /home/foo could not be moved
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/usermod.test b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
new file mode 100755
index 0000000..8bd0fd0
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can't move the user's home directory when it's a symlink"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2/file /home/foo2' 0
+
+change_config
+
+mkdir /home/foo2
+echo toto > /home/foo2/file
+ln -s foo2 /home/foo
+chown -R foo:foo /home/foo /home/foo2
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo3 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that /home/foo is still a symlink..."
+test -L /home/foo
+echo "OK"
+echo -n "Check that /home/foo2 was not removed..."
+test -d /home/foo2
+test -f /home/foo2/file
+echo "OK"
+echo -n "Check that /home/foo3 was not created..."
+test ! -f /home/foo3
+echo "OK"
+
+echo -n "Remove the home directories..."
+rm -rf /home/foo /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/unit/Makefile.am b/tests/unit/Makefile.am
new file mode 100644
index 0000000..d89367a
--- /dev/null
+++ b/tests/unit/Makefile.am
@@ -0,0 +1,145 @@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+
+if HAVE_CMOCKA
+TESTS = $(check_PROGRAMS)
+
+check_PROGRAMS = \
+    test_adds \
+    test_atoi_strtoi \
+    test_chkname \
+    test_sprintf \
+    test_strncpy \
+    test_strtcpy \
+    test_xasprintf \
+    test_zustr2stp
+
+if ENABLE_LOGIND
+check_PROGRAMS += \
+    test_logind
+endif # ENABLE_LOGIND
+
+check_PROGRAMS += \
+    $(NULL)
+
+test_adds_SOURCES = \
+    ../../lib/adds.c \
+    test_adds.c \
+    $(NULL)
+test_adds_CFLAGS = \
+    $(AM_FLAGS) \
+    $(NULL)
+test_adds_LDFLAGS = \
+    $(NULL)
+test_adds_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_atoi_strtoi_SOURCES = \
+    ../../lib/atoi/strtoi.c \
+    test_atoi_strtoi.c \
+    $(NULL)
+test_atoi_strtoi_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_atoi_strtoi_LDFLAGS = \
+    $(NULL)
+test_atoi_strtoi_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_chkname_SOURCES = \
+    ../../lib/chkname.c \
+    test_chkname.c \
+    $(NULL)
+test_chkname_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_chkname_LDFLAGS = \
+    $(NULL)
+test_chkname_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_logind_SOURCES = \
+    ../../lib/logind.c \
+    test_logind.c \
+    $(NULL)
+test_logind_CFLAGS = \
+    $(AM_CFLAGS) \
+    -lsystemd \
+    $(NULL)
+test_logind_LDFLAGS = \
+    -Wl,-wrap,prefix_getpwnam \
+    -Wl,-wrap,sd_uid_get_sessions \
+    $(NULL)
+test_logind_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(LIBSYSTEMD) \
+    $(NULL)
+
+test_sprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_sprintf.c \
+    $(NULL)
+test_sprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_sprintf_LDFLAGS = \
+    $(NULL)
+test_sprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strncpy_SOURCES = \
+    test_strncpy.c \
+    $(NULL)
+test_strncpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strncpy_LDFLAGS = \
+    $(NULL)
+test_strncpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strtcpy_SOURCES = \
+    ../../lib/string/strtcpy.c \
+    test_strtcpy.c \
+    $(NULL)
+test_strtcpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strtcpy_LDFLAGS = \
+    $(NULL)
+test_strtcpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_xasprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_xasprintf.c \
+    $(NULL)
+test_xasprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_xasprintf_LDFLAGS = \
+    -Wl,-wrap,vasprintf \
+    -Wl,-wrap,exit \
+    $(NULL)
+test_xasprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_zustr2stp_SOURCES = \
+    test_zustr2stp.c \
+    $(NULL)
+test_zustr2stp_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_zustr2stp_LDFLAGS = \
+    $(NULL)
+test_zustr2stp_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+endif # HAVE_CMOCKA
diff --git a/tests/unit/Makefile.in b/tests/unit/Makefile.in
new file mode 100644
index 0000000..108070c
--- /dev/null
+++ b/tests/unit/Makefile.in
@@ -0,0 +1,1702 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_CMOCKA_TRUE@check_PROGRAMS = test_adds$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname$(EXEEXT) test_sprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_strncpy$(EXEEXT) test_strtcpy$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp$(EXEEXT) $(am__EXEEXT_1)
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__append_1 = \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@    test_logind
+
+subdir = tests/unit
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__EXEEXT_1 =  \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@	test_logind$(EXEEXT)
+am__test_adds_SOURCES_DIST = ../../lib/adds.c test_adds.c
+am__dirstamp = $(am__leading_dot)dirstamp
+@HAVE_CMOCKA_TRUE@am_test_adds_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_adds-adds.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_adds-test_adds.$(OBJEXT)
+test_adds_OBJECTS = $(am_test_adds_OBJECTS)
+am__DEPENDENCIES_1 =
+@HAVE_CMOCKA_TRUE@test_adds_DEPENDENCIES = $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+test_adds_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_adds_CFLAGS) \
+	$(CFLAGS) $(test_adds_LDFLAGS) $(LDFLAGS) -o $@
+am__test_atoi_strtoi_SOURCES_DIST = ../../lib/atoi/strtoi.c \
+	test_atoi_strtoi.c
+@HAVE_CMOCKA_TRUE@am_test_atoi_strtoi_OBJECTS = ../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi-test_atoi_strtoi.$(OBJEXT)
+test_atoi_strtoi_OBJECTS = $(am_test_atoi_strtoi_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_DEPENDENCIES =  \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_atoi_strtoi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_atoi_strtoi_CFLAGS) $(CFLAGS) \
+	$(test_atoi_strtoi_LDFLAGS) $(LDFLAGS) -o $@
+am__test_chkname_SOURCES_DIST = ../../lib/chkname.c test_chkname.c
+@HAVE_CMOCKA_TRUE@am_test_chkname_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_chkname-chkname.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname-test_chkname.$(OBJEXT)
+test_chkname_OBJECTS = $(am_test_chkname_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_chkname_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_chkname_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_chkname_CFLAGS) \
+	$(CFLAGS) $(test_chkname_LDFLAGS) $(LDFLAGS) -o $@
+am__test_logind_SOURCES_DIST = ../../lib/logind.c test_logind.c
+@HAVE_CMOCKA_TRUE@am_test_logind_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_logind-logind.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_logind-test_logind.$(OBJEXT)
+test_logind_OBJECTS = $(am_test_logind_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_logind_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_logind_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_logind_CFLAGS) \
+	$(CFLAGS) $(test_logind_LDFLAGS) $(LDFLAGS) -o $@
+am__test_sprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_sprintf.c
+@HAVE_CMOCKA_TRUE@am_test_sprintf_OBJECTS = ../../lib/string/test_sprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_sprintf-test_sprintf.$(OBJEXT)
+test_sprintf_OBJECTS = $(am_test_sprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_sprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_sprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_sprintf_CFLAGS) \
+	$(CFLAGS) $(test_sprintf_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strncpy_SOURCES_DIST = test_strncpy.c
+@HAVE_CMOCKA_TRUE@am_test_strncpy_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_strncpy-test_strncpy.$(OBJEXT)
+test_strncpy_OBJECTS = $(am_test_strncpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strncpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strncpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strncpy_CFLAGS) \
+	$(CFLAGS) $(test_strncpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strtcpy_SOURCES_DIST = ../../lib/string/strtcpy.c \
+	test_strtcpy.c
+@HAVE_CMOCKA_TRUE@am_test_strtcpy_OBJECTS = ../../lib/string/test_strtcpy-strtcpy.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_strtcpy-test_strtcpy.$(OBJEXT)
+test_strtcpy_OBJECTS = $(am_test_strtcpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strtcpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strtcpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strtcpy_CFLAGS) \
+	$(CFLAGS) $(test_strtcpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_xasprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_xasprintf.c
+@HAVE_CMOCKA_TRUE@am_test_xasprintf_OBJECTS = ../../lib/string/test_xasprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf-test_xasprintf.$(OBJEXT)
+test_xasprintf_OBJECTS = $(am_test_xasprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_xasprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_xasprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_xasprintf_CFLAGS) $(CFLAGS) $(test_xasprintf_LDFLAGS) \
+	$(LDFLAGS) -o $@
+am__test_zustr2stp_SOURCES_DIST = test_zustr2stp.c
+@HAVE_CMOCKA_TRUE@am_test_zustr2stp_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp-test_zustr2stp.$(OBJEXT)
+test_zustr2stp_OBJECTS = $(am_test_zustr2stp_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_zustr2stp_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_zustr2stp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_zustr2stp_CFLAGS) $(CFLAGS) $(test_zustr2stp_LDFLAGS) \
+	$(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ../../lib/$(DEPDIR)/test_adds-adds.Po \
+	../../lib/$(DEPDIR)/test_chkname-chkname.Po \
+	../../lib/$(DEPDIR)/test_logind-logind.Po \
+	../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po \
+	../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po \
+	../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po \
+	../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po \
+	./$(DEPDIR)/test_adds-test_adds.Po \
+	./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po \
+	./$(DEPDIR)/test_chkname-test_chkname.Po \
+	./$(DEPDIR)/test_logind-test_logind.Po \
+	./$(DEPDIR)/test_sprintf-test_sprintf.Po \
+	./$(DEPDIR)/test_strncpy-test_strncpy.Po \
+	./$(DEPDIR)/test_strtcpy-test_strtcpy.Po \
+	./$(DEPDIR)/test_xasprintf-test_xasprintf.Po \
+	./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(test_adds_SOURCES) $(test_atoi_strtoi_SOURCES) \
+	$(test_chkname_SOURCES) $(test_logind_SOURCES) \
+	$(test_sprintf_SOURCES) $(test_strncpy_SOURCES) \
+	$(test_strtcpy_SOURCES) $(test_xasprintf_SOURCES) \
+	$(test_zustr2stp_SOURCES)
+DIST_SOURCES = $(am__test_adds_SOURCES_DIST) \
+	$(am__test_atoi_strtoi_SOURCES_DIST) \
+	$(am__test_chkname_SOURCES_DIST) \
+	$(am__test_logind_SOURCES_DIST) \
+	$(am__test_sprintf_SOURCES_DIST) \
+	$(am__test_strncpy_SOURCES_DIST) \
+	$(am__test_strtcpy_SOURCES_DIST) \
+	$(am__test_xasprintf_SOURCES_DIST) \
+	$(am__test_zustr2stp_SOURCES_DIST)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+	$(top_srcdir)/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
+EGREP = @EGREP@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
+LIBCRYPT = @LIBCRYPT@
+LIBECONF = @LIBECONF@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBSUBID_ABI = @LIBSUBID_ABI@
+LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
+LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
+LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LIYESCRYPT = @LIYESCRYPT@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VENDORDIR = @VENDORDIR@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+capcmd = @capcmd@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+@HAVE_CMOCKA_TRUE@TESTS = $(check_PROGRAMS)
+@HAVE_CMOCKA_TRUE@test_adds_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/adds.c \
+@HAVE_CMOCKA_TRUE@    test_adds.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_FLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/atoi/strtoi.c \
+@HAVE_CMOCKA_TRUE@    test_atoi_strtoi.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/chkname.c \
+@HAVE_CMOCKA_TRUE@    test_chkname.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/logind.c \
+@HAVE_CMOCKA_TRUE@    test_logind.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    -lsystemd \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,prefix_getpwnam \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,sd_uid_get_sessions \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(LIBSYSTEMD) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_sprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_strncpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/strtcpy.c \
+@HAVE_CMOCKA_TRUE@    test_strtcpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_xasprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,vasprintf \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,exit \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_zustr2stp.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/unit/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign tests/unit/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+../../lib/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib
+	@: > ../../lib/$(am__dirstamp)
+../../lib/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/$(DEPDIR)
+	@: > ../../lib/$(DEPDIR)/$(am__dirstamp)
+../../lib/test_adds-adds.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_adds$(EXEEXT): $(test_adds_OBJECTS) $(test_adds_DEPENDENCIES) $(EXTRA_test_adds_DEPENDENCIES) 
+	@rm -f test_adds$(EXEEXT)
+	$(AM_V_CCLD)$(test_adds_LINK) $(test_adds_OBJECTS) $(test_adds_LDADD) $(LIBS)
+../../lib/atoi/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi
+	@: > ../../lib/atoi/$(am__dirstamp)
+../../lib/atoi/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi/$(DEPDIR)
+	@: > ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT):  \
+	../../lib/atoi/$(am__dirstamp) \
+	../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+
+test_atoi_strtoi$(EXEEXT): $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_DEPENDENCIES) $(EXTRA_test_atoi_strtoi_DEPENDENCIES) 
+	@rm -f test_atoi_strtoi$(EXEEXT)
+	$(AM_V_CCLD)$(test_atoi_strtoi_LINK) $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_LDADD) $(LIBS)
+../../lib/test_chkname-chkname.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_chkname$(EXEEXT): $(test_chkname_OBJECTS) $(test_chkname_DEPENDENCIES) $(EXTRA_test_chkname_DEPENDENCIES) 
+	@rm -f test_chkname$(EXEEXT)
+	$(AM_V_CCLD)$(test_chkname_LINK) $(test_chkname_OBJECTS) $(test_chkname_LDADD) $(LIBS)
+../../lib/test_logind-logind.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_logind$(EXEEXT): $(test_logind_OBJECTS) $(test_logind_DEPENDENCIES) $(EXTRA_test_logind_DEPENDENCIES) 
+	@rm -f test_logind$(EXEEXT)
+	$(AM_V_CCLD)$(test_logind_LINK) $(test_logind_OBJECTS) $(test_logind_LDADD) $(LIBS)
+../../lib/string/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string
+	@: > ../../lib/string/$(am__dirstamp)
+../../lib/string/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string/$(DEPDIR)
+	@: > ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+../../lib/string/test_sprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_sprintf$(EXEEXT): $(test_sprintf_OBJECTS) $(test_sprintf_DEPENDENCIES) $(EXTRA_test_sprintf_DEPENDENCIES) 
+	@rm -f test_sprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_sprintf_LINK) $(test_sprintf_OBJECTS) $(test_sprintf_LDADD) $(LIBS)
+
+test_strncpy$(EXEEXT): $(test_strncpy_OBJECTS) $(test_strncpy_DEPENDENCIES) $(EXTRA_test_strncpy_DEPENDENCIES) 
+	@rm -f test_strncpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strncpy_LINK) $(test_strncpy_OBJECTS) $(test_strncpy_LDADD) $(LIBS)
+../../lib/string/test_strtcpy-strtcpy.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_strtcpy$(EXEEXT): $(test_strtcpy_OBJECTS) $(test_strtcpy_DEPENDENCIES) $(EXTRA_test_strtcpy_DEPENDENCIES) 
+	@rm -f test_strtcpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strtcpy_LINK) $(test_strtcpy_OBJECTS) $(test_strtcpy_LDADD) $(LIBS)
+../../lib/string/test_xasprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_xasprintf$(EXEEXT): $(test_xasprintf_OBJECTS) $(test_xasprintf_DEPENDENCIES) $(EXTRA_test_xasprintf_DEPENDENCIES) 
+	@rm -f test_xasprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_xasprintf_LINK) $(test_xasprintf_OBJECTS) $(test_xasprintf_LDADD) $(LIBS)
+
+test_zustr2stp$(EXEEXT): $(test_zustr2stp_OBJECTS) $(test_zustr2stp_DEPENDENCIES) $(EXTRA_test_zustr2stp_DEPENDENCIES) 
+	@rm -f test_zustr2stp$(EXEEXT)
+	$(AM_V_CCLD)$(test_zustr2stp_LINK) $(test_zustr2stp_OBJECTS) $(test_zustr2stp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f ../../lib/*.$(OBJEXT)
+	-rm -f ../../lib/atoi/*.$(OBJEXT)
+	-rm -f ../../lib/string/*.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_adds-adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_chkname-chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_logind-logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_adds-test_adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_chkname-test_chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_logind-test_logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_sprintf-test_sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strncpy-test_strncpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strtcpy-test_strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_xasprintf-test_xasprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+../../lib/test_adds-adds.o: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.o -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+
+../../lib/test_adds-adds.obj: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+
+test_adds-test_adds.o: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.o -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+
+test_adds-test_adds.obj: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.obj -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+
+../../lib/atoi/test_atoi_strtoi-strtoi.o: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.o -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+
+../../lib/atoi/test_atoi_strtoi-strtoi.obj: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.obj -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+
+test_atoi_strtoi-test_atoi_strtoi.o: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.o -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+
+test_atoi_strtoi-test_atoi_strtoi.obj: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.obj -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+
+../../lib/test_chkname-chkname.o: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.o -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+
+../../lib/test_chkname-chkname.obj: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+
+test_chkname-test_chkname.o: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.o -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+
+test_chkname-test_chkname.obj: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.obj -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+
+../../lib/test_logind-logind.o: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.o -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+
+../../lib/test_logind-logind.obj: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+
+test_logind-test_logind.o: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.o -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+
+test_logind-test_logind.obj: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.obj -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+
+../../lib/string/test_sprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_sprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_sprintf-test_sprintf.o: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.o -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+
+test_sprintf-test_sprintf.obj: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.obj -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+
+test_strncpy-test_strncpy.o: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.o -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+
+test_strncpy-test_strncpy.obj: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.obj -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+
+../../lib/string/test_strtcpy-strtcpy.o: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+
+../../lib/string/test_strtcpy-strtcpy.obj: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+
+test_strtcpy-test_strtcpy.o: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.o -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+
+test_strtcpy-test_strtcpy.obj: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.obj -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+
+../../lib/string/test_xasprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_xasprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_xasprintf-test_xasprintf.o: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.o -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+
+test_xasprintf-test_xasprintf.obj: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.obj -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+
+test_zustr2stp-test_zustr2stp.o: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.o -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+
+test_zustr2stp-test_zustr2stp.obj: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.obj -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(check_PROGRAMS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(check_PROGRAMS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+test_adds.log: test_adds$(EXEEXT)
+	@p='test_adds$(EXEEXT)'; \
+	b='test_adds'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_atoi_strtoi.log: test_atoi_strtoi$(EXEEXT)
+	@p='test_atoi_strtoi$(EXEEXT)'; \
+	b='test_atoi_strtoi'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_chkname.log: test_chkname$(EXEEXT)
+	@p='test_chkname$(EXEEXT)'; \
+	b='test_chkname'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_sprintf.log: test_sprintf$(EXEEXT)
+	@p='test_sprintf$(EXEEXT)'; \
+	b='test_sprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strncpy.log: test_strncpy$(EXEEXT)
+	@p='test_strncpy$(EXEEXT)'; \
+	b='test_strncpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strtcpy.log: test_strtcpy$(EXEEXT)
+	@p='test_strtcpy$(EXEEXT)'; \
+	b='test_strtcpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_xasprintf.log: test_xasprintf$(EXEEXT)
+	@p='test_xasprintf$(EXEEXT)'; \
+	b='test_xasprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_zustr2stp.log: test_zustr2stp$(EXEEXT)
+	@p='test_zustr2stp$(EXEEXT)'; \
+	b='test_zustr2stp'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_logind.log: test_logind$(EXEEXT)
+	@p='test_logind$(EXEEXT)'; \
+	b='test_logind'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f ../../lib/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(am__dirstamp)
+	-rm -f ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/string/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/unit/test_adds.c b/tests/unit/test_adds.c
new file mode 100644
index 0000000..fdc671f
--- /dev/null
+++ b/tests/unit/test_adds.c
@@ -0,0 +1,105 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <limits.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "adds.h"
+
+
+static void test_addsl_2_ok(void **state);
+static void test_addsl_2_underflow(void **state);
+static void test_addsl_2_overflow(void **state);
+static void test_addsl_3_ok(void **state);
+static void test_addsl_3_underflow(void **state);
+static void test_addsl_3_overflow(void **state);
+static void test_addsl_5_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_addsl_2_ok),
+        cmocka_unit_test(test_addsl_2_underflow),
+        cmocka_unit_test(test_addsl_2_overflow),
+        cmocka_unit_test(test_addsl_3_ok),
+        cmocka_unit_test(test_addsl_3_underflow),
+        cmocka_unit_test(test_addsl_3_overflow),
+        cmocka_unit_test(test_addsl_5_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_addsl_2_ok(void **state)
+{
+	assert_true(addsl(1, 3)			== 1 + 3);
+	assert_true(addsl(-4321, 7)		== -4321 + 7);
+	assert_true(addsl(1, 1)			== 1 + 1);
+	assert_true(addsl(-1, -2)		== -1 - 2);
+	assert_true(addsl(LONG_MAX, -1)		== LONG_MAX - 1);
+	assert_true(addsl(LONG_MIN, 1)		== LONG_MIN + 1);
+	assert_true(addsl(LONG_MIN, LONG_MAX)	== LONG_MIN + LONG_MAX);
+	assert_true(addsl(0, 0)			== 0);
+}
+
+
+static void
+test_addsl_2_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, -1)		== LONG_MIN);
+	assert_true(addsl(LONG_MIN + 3, -7)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, LONG_MIN)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_2_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, 1)		== LONG_MAX);
+	assert_true(addsl(LONG_MAX - 3, 7)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX)	== LONG_MAX);
+}
+
+
+static void
+test_addsl_3_ok(void **state)
+{
+	assert_true(addsl(1, 2, 3)		== 1 + 2 + 3);
+	assert_true(addsl(LONG_MIN, -3, 4)	== LONG_MIN + 4 - 3);
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN)
+						== LONG_MAX + LONG_MIN + LONG_MAX);
+}
+
+
+static void
+test_addsl_3_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, 2, -3)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, -1, 0)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_3_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, -1, 2)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, +1, 0)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX, 0)== LONG_MAX);
+}
+
+
+static void
+test_addsl_5_ok(void **state)
+{
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN, LONG_MIN, 44) == 42);
+}
diff --git a/tests/unit/test_atoi_strtoi.c b/tests/unit/test_atoi_strtoi.c
new file mode 100644
index 0000000..535b6ab
--- /dev/null
+++ b/tests/unit/test_atoi_strtoi.c
@@ -0,0 +1,157 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "atoi/strtoi.h"
+#include "atoi/strtou_noneg.h"
+
+
+static void test_strtoi(void **state);
+static void test_strtou(void **state);
+static void test_strtou_noneg(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_strtoi),
+        cmocka_unit_test(test_strtou),
+        cmocka_unit_test(test_strtou_noneg),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_strtoi(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtoi_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtoi_("40", &end, 5, INTMAX_MIN, INTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("-40", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == -40);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_("40", &end, 5, 0, UINTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("-40", &end, 0, 0, UINTMAX_MAX, &status) == -40ull);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("z", &end, 0, 0, UINTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, UINTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou_noneg(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_noneg("42", NULL, -1, 1, 2, &status)
+	            == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_noneg("40", &end, 5, 0, UINTMAX_MAX, &status)
+	            == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("-40", &end, 0, 2, UINTMAX_MAX, &status)
+	            == 2);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg(" 5", &end, 0, 3, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
diff --git a/tests/unit/test_chkname.c b/tests/unit/test_chkname.c
new file mode 100644
index 0000000..e0f9f84
--- /dev/null
+++ b/tests/unit/test_chkname.c
@@ -0,0 +1,149 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "alloc.h"
+#include "chkname.h"
+
+
+static void test_is_valid_user_name_ok(void **state);
+static void test_is_valid_user_name_ok_dollar(void **state);
+static void test_is_valid_user_name_nok_dash(void **state);
+static void test_is_valid_user_name_nok_dir(void **state);
+static void test_is_valid_user_name_nok_dollar(void **state);
+static void test_is_valid_user_name_nok_empty(void **state);
+static void test_is_valid_user_name_nok_numeric(void **state);
+static void test_is_valid_user_name_nok_otherchars(void **state);
+static void test_is_valid_user_name_long(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_is_valid_user_name_ok),
+        cmocka_unit_test(test_is_valid_user_name_ok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_dash),
+        cmocka_unit_test(test_is_valid_user_name_nok_dir),
+        cmocka_unit_test(test_is_valid_user_name_nok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_empty),
+        cmocka_unit_test(test_is_valid_user_name_nok_numeric),
+        cmocka_unit_test(test_is_valid_user_name_nok_otherchars),
+        cmocka_unit_test(test_is_valid_user_name_long),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_is_valid_user_name_ok(void **state)
+{
+	assert_true(is_valid_user_name("alx"));
+	assert_true(is_valid_user_name("u-ser"));
+	assert_true(is_valid_user_name("u"));
+	assert_true(is_valid_user_name("I"));
+	assert_true(is_valid_user_name("_"));
+	assert_true(is_valid_user_name("_.-"));
+	assert_true(is_valid_user_name(".007"));
+	assert_true(is_valid_user_name("0_0"));
+	assert_true(is_valid_user_name("some_longish_user_name_sHould_also_be_valid.wHY_not"));
+}
+
+
+static void
+test_is_valid_user_name_ok_dollar(void **state)
+{
+	// Non-POSIX extension for Samba 3.x "add machine script".
+	assert_true(is_valid_user_name("dollar$"));
+	assert_true(is_valid_user_name("SSS$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dash(void **state)
+{
+	assert_true(false == is_valid_user_name("-"));
+	assert_true(false == is_valid_user_name("-not-valid"));
+	assert_true(false == is_valid_user_name("--C"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dir(void **state)
+{
+	assert_true(false == is_valid_user_name("."));
+	assert_true(false == is_valid_user_name(".."));
+}
+
+
+static void
+test_is_valid_user_name_nok_dollar(void **state)
+{
+	assert_true(false == is_valid_user_name("$"));
+	assert_true(false == is_valid_user_name("$dollar"));
+	assert_true(false == is_valid_user_name("mo$ney"));
+	assert_true(false == is_valid_user_name("do$$ar"));
+	assert_true(false == is_valid_user_name("foo$bar$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_empty(void **state)
+{
+	assert_true(false == is_valid_user_name(""));
+}
+
+
+static void
+test_is_valid_user_name_nok_numeric(void **state)
+{
+	assert_true(false == is_valid_user_name("6"));
+	assert_true(false == is_valid_user_name("42"));
+}
+
+
+static void
+test_is_valid_user_name_nok_otherchars(void **state)
+{
+	assert_true(false == is_valid_user_name("no spaces"));
+	assert_true(false == is_valid_user_name("no,"));
+	assert_true(false == is_valid_user_name("no;"));
+	assert_true(false == is_valid_user_name("no:"));
+}
+
+
+static void
+test_is_valid_user_name_long(void **state)
+{
+	size_t  max;
+	char    *name;
+
+	max = sysconf(_SC_LOGIN_NAME_MAX);
+	name = MALLOC(max + 1, char);
+	assert_true(name != NULL);
+
+	memset(name, '_', max);
+
+	name[max] = '\0';
+	assert_true(false == is_valid_user_name(name));
+
+	name[max - 1] = '\0';
+	assert_true(is_valid_user_name(name));
+
+	free(name);
+}
diff --git a/tests/unit/test_logind.c b/tests/unit/test_logind.c
new file mode 100644
index 0000000..f91782c
--- /dev/null
+++ b/tests/unit/test_logind.c
@@ -0,0 +1,69 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <pwd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#include "prototypes.h"
+
+/***********************
+ * WRAPPERS
+ **********************/
+struct passwd *
+__wrap_prefix_getpwnam(uid_t uid)
+{
+    return (struct passwd*) mock();
+}
+
+int
+__wrap_sd_uid_get_sessions(uid_t uid, int require_active, char ***sessions)
+{
+    return mock();
+}
+
+/***********************
+ * TEST
+ **********************/
+static void test_active_sessions_count_return_ok(void **state)
+{
+    int count;
+    struct passwd *pw = malloc(sizeof(struct passwd));
+
+    will_return(__wrap_prefix_getpwnam, pw);
+    will_return(__wrap_sd_uid_get_sessions, 1);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 1);
+}
+
+static void test_active_sessions_count_prefix_getpwnam_failure(void **state)
+{
+    int count;
+    struct passwd *pw = NULL;
+
+    will_return(__wrap_prefix_getpwnam, pw);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 0);
+}
+
+int main(void)
+{
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test(test_active_sessions_count_return_ok),
+        cmocka_unit_test(test_active_sessions_count_prefix_getpwnam_failure),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/unit/test_sprintf.c b/tests/unit/test_sprintf.c
new file mode 100644
index 0000000..bedcff6
--- /dev/null
+++ b/tests/unit/test_sprintf.c
@@ -0,0 +1,66 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/sprintf.h"
+
+
+static void test_SNPRINTF_trunc(void **state);
+static void test_SNPRINTF_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_SNPRINTF_trunc),
+        cmocka_unit_test(test_SNPRINTF_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_SNPRINTF_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(SNPRINTF(buf, "f%su", "oo") < 0);
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "barbaz") == -1);
+	assert_true(strcmp(buf, "bar") == 0);
+}
+
+
+static void
+test_SNPRINTF_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_true(SNPRINTF(buf, "%s", "foo") == strlen("foo"));
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "%do", 1) == strlen("1o"));
+	assert_true(strcmp(buf, "1o") == 0);
+
+	assert_true(SNPRINTF(buf, "f") == strlen("f"));
+	assert_true(strcmp(buf, "f") == 0);
+
+	assert_true(SNPRINTF(buf, "") == strlen(""));
+	assert_true(strcmp(buf, "") == 0);
+}
diff --git a/tests/unit/test_strncpy.c b/tests/unit/test_strncpy.c
new file mode 100644
index 0000000..968765b
--- /dev/null
+++ b/tests/unit/test_strncpy.c
@@ -0,0 +1,85 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strncpy.h"
+
+
+static void test_STRNCPY_trunc(void **state);
+static void test_STRNCPY_fit(void **state);
+static void test_STRNCPY_pad(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRNCPY_trunc),
+        cmocka_unit_test(test_STRNCPY_fit),
+        cmocka_unit_test(test_STRNCPY_pad),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRNCPY_trunc(void **state)
+{
+	char  buf[3];
+
+	char  src1[4] = {'f', 'o', 'o', 'o'};
+	char  res1[3] = {'f', 'o', 'o'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[5] = "barb";
+	char  res2[3] = {'b', 'a', 'r'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_fit(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = {'b', 'a', 'z'};
+	char  res1[3] = {'b', 'a', 'z'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[4] = "qwe";
+	char  res2[3] = {'q', 'w', 'e'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_pad(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = "as";
+	char  res1[3] = {'a', 's', 0};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[3] = "";
+	char  res2[3] = {0, 0, 0};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+
+	char  src3[3] = {'a', 0, 'b'};
+	char  res3[3] = {'a', 0, 0};
+	assert_true(memcmp(res3, STRNCPY(buf, src3), sizeof(buf)) == 0);
+}
diff --git a/tests/unit/test_strtcpy.c b/tests/unit/test_strtcpy.c
new file mode 100644
index 0000000..12351a5
--- /dev/null
+++ b/tests/unit/test_strtcpy.c
@@ -0,0 +1,67 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strtcpy.h"
+
+
+static void test_STRTCPY_trunc(void **state);
+static void test_STRTCPY_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRTCPY_trunc),
+        cmocka_unit_test(test_STRTCPY_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRTCPY_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(STRTCPY(buf, "fooo") < 0);
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "barbaz"), -1);
+	assert_string_equal(buf, "bar");
+}
+
+
+static void
+test_STRTCPY_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_int_equal(STRTCPY(buf, "foo"), strlen("foo"));
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "fo"), strlen("fo"));
+	assert_string_equal(buf, "fo");
+
+	assert_int_equal(STRTCPY(buf, "f"), strlen("f"));
+	assert_string_equal(buf, "f");
+
+	assert_int_equal(STRTCPY(buf, ""), strlen(""));
+	assert_string_equal(buf, "");
+}
diff --git a/tests/unit/test_xasprintf.c b/tests/unit/test_xasprintf.c
new file mode 100644
index 0000000..4b5d093
--- /dev/null
+++ b/tests/unit/test_xasprintf.c
@@ -0,0 +1,114 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <setjmp.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/sprintf.h"
+
+
+#define assert_unreachable()  assert_true(0)
+
+#define XASPRINTF_CALLED  (-36)
+#define EXIT_CALLED       (42)
+#define TEST_OK           (-6)
+
+
+static jmp_buf  jmpb;
+
+
+/**********************
+ * WRAPPERS
+ **********************/
+int __real_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+int __wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+void __wrap_exit(int status);
+
+
+int
+__wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap)
+{
+	return mock() == -1 ? -1 : __real_vasprintf(p, fmt, ap);
+}
+
+
+void
+__wrap_exit(int status)
+{
+	longjmp(jmpb, EXIT_CALLED);
+}
+
+
+/**********************
+ * TEST
+ **********************/
+static void test_xasprintf_exit(void **state);
+static void test_xasprintf_ok(void **state);
+
+
+static void
+test_xasprintf_exit(void **state)
+{
+	volatile int    len;
+	char *volatile  p;
+
+	will_return(__wrap_vasprintf, -1);
+
+	len = 0;
+
+	switch (setjmp(jmpb)) {
+	case 0:
+		len = XASPRINTF_CALLED;
+		len = xasprintf(&p, "foo%s", "bar");
+		assert_unreachable();
+		break;
+	case EXIT_CALLED:
+		assert_int_equal(len, XASPRINTF_CALLED);
+		len = TEST_OK;
+		break;
+	default:
+		assert_unreachable();
+		break;
+	}
+
+	assert_int_equal(len, TEST_OK);
+}
+
+
+static void
+test_xasprintf_ok(void **state)
+{
+	int   len;
+	char  *p;
+
+	// Trick: it will actually return the length, not 0.
+	will_return(__wrap_vasprintf, 0);
+
+	len = xasprintf(&p, "foo%d%s", 1, "bar");
+	assert_int_equal(len, strlen("foo1bar"));
+	assert_string_equal(p, "foo1bar");
+	free(p);
+}
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_xasprintf_exit),
+        cmocka_unit_test(test_xasprintf_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/unit/test_zustr2stp.c b/tests/unit/test_zustr2stp.c
new file mode 100644
index 0000000..198d2eb
--- /dev/null
+++ b/tests/unit/test_zustr2stp.c
@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/zustr2stp.h"
+
+
+static void test_ZUSTR2STP(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_ZUSTR2STP),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_ZUSTR2STP(void **state)
+{
+	char  src[3] = {'1', '2', '3'};
+	char  dst[4];
+
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("123"));
+	assert_true(strcmp("123", dst) == 0);
+
+	src[2] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("12"));
+	assert_true(strcmp("12", dst) == 0);
+
+	src[1] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("1"));
+	assert_true(strcmp("1", dst) == 0);
+
+	src[0] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen(""));
+	assert_true(strcmp("", dst) == 0);
+}